Chapter 13: Network Security and Protective Technologies (Set-7)
In a firewall rule, “protocol” commonly means
A Screen refresh rate
B TCP or UDP
C File folder type
D Keyboard language
Firewall rules often specify protocol like TCP, UDP, or ICMP. This helps control which types of traffic are allowed. For example, web browsing typically uses TCP, while many DNS queries use UDP.
Blocking unused ports is important because open ports
A Improve Wi-Fi speed
B Reduce backup size
C Increase attack surface
D Fix malware automatically
Each open port can expose a service. Attackers scan for open ports to find vulnerable services. Closing unused ports reduces entry points and makes it harder for attackers to find targets.
An “allow list” firewall policy means
A Block only needed
B Allow all traffic
C Disable all rules
D Allow only needed
Allow listing permits only known required traffic and blocks everything else. This is safer than blocking only known bad traffic, because unknown or unexpected services remain blocked by default.
A host-based firewall is best described as
A On internet cable
B On one device
C On Wi-Fi tower
D On cloud only
Host-based (software) firewalls run on individual computers or servers. They control inbound and outbound traffic for that endpoint, which is useful even when the device moves between networks.
The main benefit of a DMZ is
A Extra isolation layer
B Faster internet speed
C Bigger storage space
D Better screen quality
A DMZ separates public-facing servers from the internal LAN. If a DMZ server is attacked, network isolation helps prevent attackers from directly reaching internal systems and sensitive data.
Firewall “egress filtering” mainly controls
A Incoming print jobs
B Screen capture tools
C Outgoing connections
D Router fan speed
Egress filtering restricts outbound traffic from internal devices. It can stop unauthorized apps and malware from sending data out, reduce data leakage, and improve visibility into unusual outbound behavior.
IDS is commonly used to
A Encrypt email messages
B Detect suspicious traffic
C Create VPN tunnels
D Replace firewall rules
IDS monitors network or host activity to detect possible attacks or policy violations. It usually generates alerts for administrators, helping early detection and investigation of threats.
IPS is commonly used to
A Store backup copies
B Increase router range
C Manage user accounts
D Stop malicious traffic
IPS is placed inline and can block threats automatically. It may drop packets, reset connections, or block suspicious sources, helping prevent attacks from reaching systems.
A firewall is NOT primarily meant to
A Control network access
B Block unwanted ports
C Scan files for viruses
D Enforce traffic rules
Firewalls control network traffic, while antivirus tools scan files and processes for malware. Firewalls reduce unauthorized access, but endpoint security tools are needed for malware detection and removal.
Plaintext refers to
A Encrypted message text
B Original readable data
C Random hash output
D VPN tunnel header
Plaintext is data in a readable form before encryption. After encryption it becomes ciphertext. Protecting plaintext during storage and transmission is a key goal of encryption technologies.
Ciphertext refers to
A Encrypted unreadable data
B Router login page
C DNS query result
D Backup schedule file
Ciphertext is the encrypted form of data. It is designed to be unreadable without a key. Decryption with the correct key restores it back to plaintext.
Symmetric encryption is fast because it uses
A Two separate keys
B Simple shared key
C No key at all
D Only certificates
Symmetric encryption uses one shared secret key and efficient algorithms, making it faster for large data. Because key sharing is difficult, secure systems often combine it with asymmetric key exchange.
Asymmetric encryption is useful for
A Faster bulk storage
B Battery saving mode
C Secure key exchange
D Screen color tuning
Asymmetric encryption uses public/private keys, allowing secure key exchange and identity checks. It is slower than symmetric encryption, so it is usually used to set up a session key.
A public key is usually
A Kept secret always
B Stored only offline
C Same as password
D Shared openly
Public keys are meant to be shared so others can encrypt data for you or verify your signature. The paired private key must remain secret to keep the system secure.
A private key must be
A Posted on website
B Kept confidential
C Shared with friends
D Printed on router
Private keys can decrypt data or create digital signatures. If exposed, attackers may impersonate the owner or access protected information. Good key protection is essential for secure communication.
TLS is widely used in
A Offline spreadsheets
B Printer cable setup
C HTTPS websites
D Battery calibration
TLS secures web traffic in HTTPS by encrypting data between browser and server. It also verifies server identity using certificates, helping prevent interception and fake website attacks.
A digital certificate helps users trust
A Server identity
B Keyboard layout
C Screen brightness
D File compression
Certificates bind a domain identity to a public key and are issued by trusted authorities. Browsers validate certificates to confirm they are connecting to the correct server securely.
A hash is mainly used for
A Hiding IP address
B Integrity checking
C Creating VPN tunnel
D Increasing bandwidth
Hash functions create a fixed-size digest. If data changes, the digest changes. This helps detect tampering, verify downloads, and support secure systems like password storage and signatures.
A digital signature provides
A Faster download speed
B Larger disk space
C Better Wi-Fi signal
D Integrity and proof
Digital signatures confirm that data is unchanged and was signed by the key owner. Verification uses the signer’s public key, giving integrity assurance and supporting authenticity in secure communication.
A VPN helps most when using
A Offline desktop apps
B Local file copying
C Public Wi-Fi hotspots
D Printer test page
Public Wi-Fi is often insecure. A VPN encrypts traffic between your device and the VPN server, reducing eavesdropping and improving privacy while accessing internet services.
VPN “tunneling” means
A Deleting browsing history
B Wrapping traffic inside
C Sharing admin password
D Clearing system cache
Tunneling encapsulates traffic inside another protocol to travel across the internet. When encrypted, it forms a secure path that protects data from interception on untrusted networks.
A VPN server is the
A Printer controller
B Screen driver
C USB adapter
D Tunnel endpoint
The VPN server terminates the encrypted tunnel and routes traffic onward. It also enforces authentication and policies, enabling secure remote access to resources or secure browsing on risky networks.
IDS vs IPS difference is that IPS
A Only alerts
B Blocks automatically
C Prints reports
D Encrypts backups
IDS mainly detects and alerts, while IPS can actively block malicious traffic in real time. IPS often drops packets or resets connections, reducing attack impact without waiting for manual action.
SIEM tools mainly collect
A Security event logs
B Keyboard driver files
C Screen saver themes
D Printer ink levels
SIEM gathers logs from servers, firewalls, IDS/IPS, and endpoints. It correlates events and creates alerts, helping detect complex attacks and support investigation from one central platform.
Patch management reduces risk of
A Faster typing
B Printer errors
C Known exploits
D Screen flicker
Attackers often use known vulnerabilities with available patches. Patch management ensures updates are applied in time, reducing exposure and preventing easy exploitation of outdated operating systems and applications.
Vulnerability scanning is useful before
A Buying new keyboard
B Security hardening work
C Changing wallpapers
D Printing certificates
Scans identify missing patches, weak configurations, and exposed services. This information helps prioritize fixes and hardening steps, reducing security gaps before attackers can exploit them.
Authentication checks
A What user can do
B How fast internet
C Which VPN protocol
D Who the user is
Authentication verifies identity using passwords, OTPs, biometrics, or certificates. After identity is confirmed, authorization decides the permissions the user receives within systems or networks.
Authorization decides
A User identity
B Backup timing
C Allowed permissions
D DNS server choice
Authorization controls access rights after authentication. It determines which files, applications, or network resources a user can access, supporting least privilege and reducing damage from compromised accounts.
Auditing in security means
A Speeding downloads
B Reviewing access records
C Creating new VLAN
D Changing encryption key
Auditing reviews logs and access records to detect misuse and confirm policies are followed. It helps accountability and compliance, and it provides evidence during incident investigations.
A full backup includes
A Entire selected data
B Only changed files
C Only system settings
D Only cloud emails
Full backups copy all selected files and folders each time. They are easiest to restore from, but take the most time and storage compared to incremental and differential backups.
Incremental backup saves
A All files always
B Only deleted items
C Only old versions
D Recent changes only
Incremental backups store changes since the last backup, making them fast and small. Restoring typically needs the last full backup plus each incremental in order, so integrity matters.
Differential backup saves
A Changes since last
B Only system files
C Changes since full
D Only media files
Differential backups record all changes since the last full backup. They grow over time but restore is simpler than incremental because it usually needs only the full backup and latest differential.
The 3-2-1 rule improves
A Screen sharpness
B Backup reliability
C Keyboard comfort
D Router speed
3-2-1 means three copies of data, two different media types, and one copy offsite. This reduces risk from local failures, theft, disasters, and ransomware attacks.
Backup scheduling should match
A RPO requirement
B Monitor settings
C Printer toner
D Browser cache
RPO is how much data loss is acceptable. Backup frequency must be enough to meet that target, ensuring you can restore data to an acceptable point after an incident or failure.
Backup verification ensures
A Less storage used
B Faster internet speed
C Better Wi-Fi signal
D Restore actually works
Verification checks that backups are complete and usable. Test restores and integrity checks reduce the risk of discovering corrupted or incomplete backups only during an emergency.
Disaster recovery planning includes
A New wallpapers
B Recovery steps
C Screen calibration
D Mouse sensitivity
Disaster recovery planning defines how to restore critical systems after events like ransomware, hardware loss, or natural disasters. It includes roles, priorities, backup use, and communication procedures.
Network segmentation helps by
A Increasing ink saving
B Enlarging screen text
C Limiting attacker movement
D Fixing power issues
Segmentation separates networks into zones. If one segment is compromised, rules limit access to others, reducing lateral movement and protecting critical servers from being easily reached.
VLANs are mainly used for
A Faster CPU clock
B Disk file recovery
C Email encryption
D Logical separation
VLANs create separate logical networks on the same switching hardware. They help isolate departments or devices and allow different access control policies between segments for better security.
Firmware updates are important because they
A Increase screen size
B Fix device flaws
C Remove backups
D Block all emails
Firmware updates patch vulnerabilities in routers, firewalls, and switches. Attackers often exploit known device flaws, so keeping firmware updated helps prevent takeovers and network compromise.
Strong router passwords help prevent
A Screen freezing
B Printer paper jam
C Device takeover
D File duplication
Routers control network traffic and DNS settings. Weak or default admin passwords can allow attackers to change configurations, spy on traffic, or open ports, so strong unique passwords are essential.
MFA is most useful against
A Password compromise
B Power failure
C Disk fragmentation
D Screen scratches
MFA adds a second proof, like OTP or authenticator. If a password is stolen, attackers usually still cannot log in without the second factor, reducing account takeovers.
Secure DNS practices help reduce
A Mouse lag
B DNS spoofing risk
C Screen glare
D Printer noise
Attackers can poison or spoof DNS to redirect users to fake sites. Using trusted resolvers and secure DNS methods helps prevent wrong DNS answers and reduces phishing redirection risk.
Enforcing HTTPS helps protect
A CPU temperature
B Printer ink level
C Monitor refresh
D Login data in transit
HTTPS uses TLS to encrypt traffic and protect credentials and session cookies from interception. It also helps prevent tampering during transmission, which is important on shared or public networks.
Endpoint security usually includes
A Printer toner checks
B File renaming tools
C Antivirus and patching
D Keyboard remapping
Endpoint security protects devices from malware and exploits using antivirus/EDR, patch updates, firewall, and safe policies. Endpoints are common entry points due to email links and downloads.
Device encryption mainly protects
A Faster internet speed
B Lost device data
C Screen resolution
D Printer sharing
If a laptop or phone is lost, encryption prevents attackers from reading stored files without keys. This reduces data theft risk when physical security fails.
Secure remote desktop should use
A VPN plus MFA
B Open internet port
C Default credentials
D No lockout policy
Remote desktop exposed to the internet is heavily attacked. Restricting access through VPN and adding MFA reduces scanning and brute-force risk. Logging and strong policies further improve security.
A security policy should define
A Monitor brightness rules
B Acceptable user actions
C Printer paper size
D Mouse DPI settings
Security policies set rules for passwords, updates, backups, and reporting incidents. They reduce confusion, guide safe behavior, and support consistent security practices across the organization.
First incident response step is
A Delete all logs
B Share admin access
C Identify and confirm
D Ignore warnings
Incident response starts by confirming the incident and understanding scope. Accurate identification prevents wrong actions and helps plan containment, eradication, and recovery with less disruption.
Containment means
A Increase internet speed
B Remove all backups
C Reset wallpapers
D Limit further damage
Containment stops an incident from spreading by isolating systems, blocking malicious traffic, or disabling accounts. Quick containment reduces data loss and prevents malware from infecting more devices.
Recovery step includes
A Disable all patches
B Restore clean services
C Open every port
D Share private keys
Recovery restores systems safely by removing threats, patching weaknesses, restoring verified backups, and monitoring for reinfection. The goal is stable normal operations with reduced chance of repeat attacks.