Chapter 13: Network Security and Protective Technologies (Set-6)
A firewall is mainly used to control
A Network traffic flow
B Screen display size
C Battery charging speed
D File naming rules
A firewall checks network connections using rules and decides what to allow or block. It helps protect computers and networks from unauthorized access and many common network-based attacks.
Packet filtering firewalls usually check
A Monitor pixels
B File content only
C IP and port
D Keyboard settings
Packet filtering looks at packet headers such as source IP, destination IP, protocol, and port numbers. It allows or blocks traffic based on these header values, not by reading full content.
A stateful firewall is better because it
A Deletes all viruses
B Repairs broken cables
C Encrypts every file
D Tracks session state
Stateful firewalls remember active connections. They allow return traffic only if it belongs to a valid session, blocking many unsolicited packets and improving protection compared to simple packet filtering.
A proxy firewall works as a
A Middleman server
B Power supply unit
C Disk partition tool
D Keyboard driver
A proxy firewall sits between client and server and forwards requests on behalf of the client. It can inspect application data and hide internal device details from external networks.
A hardware firewall is typically a
A Spreadsheet file
B Dedicated device
C Mobile wallpaper
D Printer plugin
Hardware firewalls are standalone appliances used to protect a whole network. They are placed near the internet connection and can handle high traffic with centralized security controls.
A software firewall is usually installed on
A Ethernet cable
B Monitor screen
C Single computer
D Router antenna
Software firewalls run on individual devices like PCs or servers. They control traffic for that device and are useful for endpoint protection, especially when users move between networks.
Inbound rules mainly control
A Incoming traffic
B Outgoing backups
C Screen recording
D Keyboard shortcuts
Inbound firewall rules decide which external connection attempts can reach internal devices. They help block unauthorized access while still allowing needed services, such as web access to a public server.
Outbound rules mainly control
A Printer toner level
B Monitor brightness
C USB file copy
D Outgoing traffic
Outbound rules restrict what applications can send data out. This helps stop malware from contacting command servers and reduces the chance of sensitive data being sent outside without permission.
A network port identifies a
A Keyboard key
B Disk sector
C Service endpoint
D Screen corner
Ports are logical numbers that identify services on a device, like HTTP on 80 or HTTPS on 443. Firewalls often allow or block traffic based on these port numbers.
A DMZ is mainly used for
A Public-facing servers
B Storing passwords
C Printing documents
D Changing DNS
A DMZ is a separate network zone for servers that must be accessible from the internet. It adds isolation so an attacked server does not directly expose the internal LAN.
Firewall logging helps by
A Increasing Wi-Fi
B Recording connections
C Cleaning malware
D Speeding downloads
Logging saves records of allowed and blocked traffic, including IPs and ports. These logs help troubleshooting, detecting attacks, and investigating incidents by showing what happened and when.
IDS mainly provides
A Disk encryption
B Faster internet
C Attack alerts
D Auto patching
An IDS monitors traffic or system activity and raises alerts when it detects suspicious patterns. It is mainly for detection and reporting, not for automatically blocking traffic in most setups.
IPS is designed to
A Block attacks
B Print logs
C Replace VPN
D Change passwords
IPS sits inline and can actively stop malicious traffic. It may drop packets, block IPs, or reset connections to prevent known attacks from reaching targets.
Encryption converts data into
A Folder structure
B Disk partitions
C Screen pixels
D Ciphertext form
Encryption changes readable data (plaintext) into unreadable ciphertext using an algorithm and key. Only someone with the correct key can decrypt it back into readable form.
Decryption converts data into
A Zip archives
B System logs
C Plaintext form
D Browser cache
Decryption reverses encryption. It uses the correct key to convert ciphertext back to plaintext, allowing authorized users to read the original information safely.
Symmetric encryption uses
A One shared key
B Two public keys
C No key needed
D Only passwords
Symmetric encryption uses the same secret key to encrypt and decrypt. It is fast for large data, but the shared key must be protected and exchanged securely.
Asymmetric encryption uses
A Single key
B Key pair
C No algorithm
D Same PIN always
Asymmetric encryption uses a public key and a private key. Data encrypted with one key can be decrypted with the other, supporting secure key exchange and digital signatures.
SSL/TLS mainly provides
A File compression
B Faster typing
C Encrypted connection
D Disk formatting
SSL/TLS encrypts data between client and server, such as in HTTPS. It protects against eavesdropping and tampering and uses certificates to help confirm the server identity.
A digital certificate links
A Mouse to USB
B Screen to GPU
C Printer to Wi-Fi
D Identity to key
A digital certificate binds an identity like a website domain to a public key. Browsers use certificates to trust HTTPS connections and reduce risk of connecting to fake servers.
A hash function output is
A Fixed digest
B Reversible text
C Larger file
D Random password
Hash functions produce a fixed-length digest from input data. Any small change in data changes the digest greatly, so hashes are used to verify integrity and detect tampering.
A digital signature helps ensure
A Screen privacy
B Printer speed
C Integrity proof
D Cable strength
Digital signatures help confirm that data was not changed and that it came from the expected sender. Verification uses the sender’s public key, supporting trust and tamper detection.
A VPN is best described as a
A Secure tunnel
B Local printer
C File explorer
D USB driver
A VPN creates an encrypted tunnel between a device and a VPN server. It protects traffic on unsafe networks, supports remote access, and can hide the user’s IP from websites.
VPN tunneling means
A Deleting cookies
B Encapsulating traffic
C Speeding CPU
D Resetting routers
Tunneling wraps network traffic inside another protocol so it can travel securely. When combined with encryption, it protects data while moving across the public internet.
A VPN client runs on
A Network switch
B Printer cable
C Power adapter
D User device
A VPN client is software on a phone or computer that connects to a VPN server. It authenticates, sets up the tunnel, and routes selected traffic through the encrypted connection.
A remote-access VPN is used when
A User connects remotely
B Two offices connect
C Printer shares ink
D Monitor shows error
Remote-access VPN allows an individual user to securely access a private network over the internet. It is common for work-from-home access to internal systems and resources.
A site-to-site VPN connects
A Two keyboards
B Two screens
C Two networks
D Two printers
Site-to-site VPN connects two locations like head office and branch office. It creates an encrypted link between gateways so devices at both sites communicate privately across the internet.
Split tunneling allows
A Some traffic bypass
B All traffic blocked
C No encryption used
D Only email tunnels
With split tunneling, selected traffic goes through the VPN while other traffic goes directly to the internet. It may improve speed but can reduce security if sensitive traffic leaks outside.
SIEM is used for
A Disk cleaning
B Cable repair
C Keyboard mapping
D Log correlation
SIEM collects logs from many sources and correlates events to detect threats. It helps security teams monitor alerts, investigate incidents, and spot patterns across systems.
Log monitoring helps detect
A Faster downloads
B New wallpapers
C Unusual activity
D Battery status
Log monitoring can reveal suspicious login attempts, unusual network access, and policy violations. Early detection helps reduce damage by allowing quick investigation and response.
A packet sniffer can
A Capture packets
B Patch systems
C Encrypt files
D Create VLANs
Packet sniffers capture and analyze network traffic. They are useful for troubleshooting and security analysis, but they must be controlled because captured packets can include sensitive information.
Vulnerability scanning aims to
A Speed up CPU
B Find weaknesses
C Increase RAM
D Change DNS zone
Vulnerability scans check devices and software for known security flaws and misconfigurations. Results help teams patch vulnerabilities, close risky ports, and improve overall security posture.
Patch management focuses on
A Applying updates
B Removing backups
C Printing reports
D Changing icons
Patch management ensures security updates are tested and applied regularly. It reduces risk by fixing known vulnerabilities that attackers often exploit on operating systems, apps, and network devices.
Authentication checks
A Disk errors
B Wi-Fi speed
C User identity
D Screen size
Authentication verifies who a user is using passwords, OTPs, biometrics, or certificates. It is the first step before access is granted to systems, networks, or applications.
Authorization decides
A User identity
B VPN protocol
C Hash length
D Allowed actions
Authorization determines what an authenticated user is permitted to do, such as reading files or using admin tools. It is based on roles and permissions and supports least privilege.
Auditing helps by
A Reviewing records
B Increasing storage
C Blocking all ports
D Reducing latency
Auditing is reviewing security logs and access records to detect misuse and meet compliance needs. It provides accountability and helps investigate incidents by showing who did what and when.
A full backup stores
A Only changed files
B Only system logs
C All selected data
D Only cloud files
Full backup copies all chosen files each time. It is simple to restore from but needs more time and storage compared to incremental or differential backups.
Incremental backup stores
A Changes since last
B All files always
C Only old versions
D Only media files
Incremental backups save only changes made since the previous backup. They are fast and small, but restoring may need multiple backup sets, so verification is important.
Differential backup stores
A Only system drivers
B Changes since full
C Only deleted files
D All data always
Differential backups store all changes made since the last full backup. They are larger than incremental backups but usually easier to restore because fewer backup sets are needed.
3-2-1 rule means
A 3 keys, 2 users, 1 admin
B 3 routers, 2 switches, 1 hub
C 3 backups, 2 deletes, 1 keep
D 3 copies, 2 media, 1 offsite
The 3-2-1 rule improves backup safety by keeping three copies of data, on two different storage types, with one copy stored offsite to protect against local disasters.
Cloud backup provides
A Offsite storage
B Screen security
C Faster typing
D Router firmware
Cloud backups store copies away from the local site, protecting against theft, fire, and hardware failure. Strong access control and encryption are still needed to keep cloud backups safe.
Backup verification means
A Delete old backups
B Rename backup folder
C Test restore works
D Disable scheduling
Verification confirms backups are usable. It includes checking integrity and performing test restores. Without verification, backups might be corrupted or incomplete, causing failure during real recovery.
Disaster recovery focuses on
A Restore services
B Change passwords
C Install games
D Clean keyboard
Disaster recovery aims to restore important systems and services after major disruptions like ransomware or hardware loss. It includes recovery steps, priorities, backups, and communication plans.
Network segmentation reduces
A Printer ink use
B Screen glare
C Disk size
D Attack spread
Segmentation divides a network into separate zones. If one area is compromised, it limits attacker movement to other segments, reducing the chance of critical systems being reached.
A VLAN is used for
A Faster CPU
B Logical segmentation
C File encryption
D Disk cleanup
VLANs separate networks logically on the same physical switches. They help isolate departments or device groups and support better access control and security policies.
Secure router passwords should be
A Strong unique
B Default factory
C Same everywhere
D Written publicly
Strong unique router admin passwords prevent easy takeover. Default passwords are widely known. Combining strong passwords with firmware updates and limited remote admin access improves network security.
Firmware updates help to
A Increase storage
B Remove backups
C Fix vulnerabilities
D Stop encryption
Firmware updates patch security flaws in routers, firewalls, and other devices. Attackers often exploit known firmware bugs, so regular updates are important for safe network operation.
MFA improves security by
A Adding second factor
B Removing passwords
C Disabling logs
D Opening all ports
MFA requires another proof like OTP or authenticator app in addition to a password. Even if a password is stolen, attackers usually cannot log in without the second factor.
HTTPS enforcement ensures
A Faster CPU speed
B Bigger hard disk
C Better keyboard feel
D Encrypted web traffic
Enforcing HTTPS ensures browser-to-website traffic is encrypted and protected from interception. It reduces risk of stolen credentials and helps prevent tampering on public or shared networks.
Endpoint security mainly protects
A Power cables
B Screen pixels
C User devices
D Printer trays
Endpoint security protects laptops, desktops, and mobiles using antivirus/EDR, firewalls, patching, and encryption. Endpoints are common attack targets due to browsing, email, and downloads.
First incident handling step is
A Share passwords
B Identify incident
C Delete evidence
D Ignore alerts
Incident response starts by confirming what happened and which systems are affected. Correct identification helps choose proper containment and recovery actions and prevents mistakes during stressful situations.