Chapter 10 Practice Test Answers 1. A and D. Firewalls function either as Network layer actions or Application layer actions. 2. B. A firewall is a system of software and hardware components that either allow or deny packet access to or from the private network. 3. B, D, and F. A private network is not exposed in any way to the public infrastructure. 4. A. A packet-filtering firewall allows the administrator to provide only those services to users that are considered acceptable under the security risk documents designed for the business. 5. C. A proxy server is a firewall. Firewalls protect private network resources. 6. B. Firewalls do not read any part of the packet except the source and destination addresses and the source and destination port configurations. 7. B and C. Firewalls can only decide to allow or deny a packet. 8. C. Risk assessment is the first step to determine whether the network must be protected by a firewall. 9. E. Proxy servers generally allow extended services like content caching, NAT, site blocking, and of course, packet filtering. 10. D. User subversion of the security environment is considered an internal threat. 11. C. The access control list identifies allowable traffic. 12. A, B, D, and G. The packet filtering firewall uses address, port, and status information to decide whether or not to allow a packet into the network. 13. B. Firewalls cannot protect against viruses. 14. B and C. The two actions a firewall can take are dropping the packet without an error message and dropping the packet with an error message returned to the source address host. 15. D. Screened host protection often uses a bastion host. 16. B. The extranet is similar to a screened subnetwork, but with an extranet the resources are for specific groups of users. 17. B and D. Caching is a feature of proxy services (if the operating system and software can support this). 18. C. The demilitarized zone will allow the administrator to manage the public resources while preventing unwanted traffic from entering the private network. 19. C. A denial of service attack will cause the server to stall or reboot. 20. D. It is the large ICMP packet that floods the buffer and causes the server to stall.