Firewall Concepts MCQs
Firewall Concepts MCQs
These Firewall Concepts multiple-choice questions and their answers will help you strengthen your grip on the subject of Firewall Concepts. You can prepare for an upcoming exam or job interview with these 100 Firewall Concepts MCQs.
So scroll down and start answering.
1: What firewall based technology would you use to create a secure tunnel connection from a corporate headquarters to a remote branch office?
A. Tunnel
B. VPN
C. HTTPS
D. Radius
2: The basic concept of a SYN flooding attack lies in the design of what handshake that begins a TCP connection?
A. TCP
B. 3-way
C. 2-way
D. 4-way
3: What kind of firewall is the integrated Microsoft Windows firewall application?
A. Zone Based
B. Stateless
C. Stateful
D. Connection oriented firewall
4: Which of the following firewall's filtering process can be either Stateful, Stateless or both ?
A. Packet Filtering
B. MAC layer firewalls
C. Application Gateways
D. Circuit Gateways
5: Which of the following are the most common restrictions implemented in packet filtering firewalls?
A. Inbound Direction
B. Outbound Direction
C. All of the given options are valid
D. IP source and destination address
6: Ports up to which of the following are called well-known ports?
A. 1500
B. 1023
C. 255
D. 1025
7: Which particular firewall usually consists of two separate firewall devices?
A. MAC layer firewalls
B. Dynamic Filtering
C. Hybrid Firewall
D. Application –level firewall
8: What port do most DDOS DNS attacks occur on?
A. 443
B. 53
C. 80
D. 161
9: Zone Alarm is an example of which type of firewall?
A. corporate
B. proxy
C. personal
D. IDS
10: True/False: Application proxy firewalls are faster than Stateful Packet Inspection firewalls.
A. False
B. True
11: When configuring a firewall to deny port 3389 to a RDP server that is to receive the SYN packet, what is the address?
A. Connected
B. Source
C. Destination
D. Flag
12: When troubleshooting the flow of packets through a firewall, a datagram is called what at the network layer of the OSI model?
A. Bits
B. Frames
C. Packets
D. Segments
13: Which type of firewall involves firewall software installation directly on the user's system?
A. Commercial –Grade Firewall
B. Fourth Generation
C. Third Generation
D. Residential –Grade Firewall
14: When packets are being processed by a hardware firewall, one of the several steps in processing the packets is an error-checking procedure that is performed in the trailer section of an IP Packet, this is called what?
A. IFG
B. IPC (IP Check)
C. FQDN
D. CRC
15: Which of the following valid OSI layer are covered by packet filtering firewall operation ?
A. At the Application layer
B. Both Transport layer and Network layer
C. Network layer
D. Transport layer
16: Which of the following is not a VALID basic criteria for rule in the firewall policy?
A. Service
B. Source
C. User
D. Destination
17: Which of the following is another term for a packet of digital information?
A. header
B. datagram
C. data
D. footer
18: What main attributes are used at layer 4 of the OSI model to filter traffic on a firewall?
A. Frames and packets
B. Source and/or destination IP Addresses
C. Source and/or destination TCP/UDP ports
D. ICMP and IP
19: What types of firewalls are able to analyze the contents of packets and the IP headers for signs that the traffic is legitimate?
A. Software
B. Boundary
C. Stateless
D. Stateful
20: The practice of designing operational aspects of a system to work with a minimal amount of system privilege is called:
A. access denied
B. least privilege
C. failover firewall
D. IP forwarding
21: When referring to firewalls, what does SPI Stand for?
A. Source Packet Information
B. Stateful Packet Inspection
C. Shared Packet Interconnection
D. Stateless Packet Inspection
22: Which of the folllowing firewalls keeps track of the state of network connections ?
A. Dynamic Filtering
B. Stateful inspection
C. Static filtering
D. Stateless inspection
23: When designing a network that consists of a firewall, the firewall design needs to be "BLANK" so that it can grow with the network it protects.
A. Cost effective
B. Robust
C. Expensive
D. Scalable
24: You are a network administrator and you have been asked to add a deny all ICMP firewall stated that is sourced from the Internet; you add a deny all for ICMP, what common command would you use to test your newly added rule?
A. MTR
B. PING
C. ICMP
D. Traceroute
25: The Windows based program, ZoneAlarm is an example of a "BLANK" firewall?
A. IDS
B. Software
C. Corporate
D. Business
26: When referring to firewall concepts, what are application level gateways?
A. IP Servers
B. Proxy servers
C. HTTP servers
D. HTTP servers
27: What application controls what information is transmitted or received from an external source destined to a server, workstation, or computer that is based on a preset of rules and/or user preferences?
A. Firewall
B. Server
C. Repeater
D. Router
28: Some firewalls deploy a technology that allows monitoring of traffic in and out of a network and alerts network staff when suspicious traffic patterns occur.
A. IDS
B. Switch
C. Router
D. Hub
29: Packets contain an 8-bit value that determines the maximum time the packet can remain the CPU, Memory, and Buffer circuits of a firewall before it is dropped or discarded, what is this called?
A. Time To Live
B. Checksum
C. Protocol
D. Fragment
30: What is a host based firewall?
A. A device that is installed by your Internet Service Provider
B. Software firewall installed on a server/workstation/desktop
C. A proxy server configured to handle http requests
D. A Firewall connected directly to the Network Interface Card of a Computer
31: Which of the following firewalls keeps track of the connection state?
A. Application layer firewall
B. Router enhanced firewall
C. Stateful packet filtering firewall
D. Packet filtering firewall
32: Which port does secure HTTP use?
A. 443
B. 441
C. 442
D. 8080
33: What port does FTP use for the control port?
A. 23
B. 21
C. 20
D. 22
34: In an IP packet header, which of the following is the address of the computer or device that is to receive the packet?
A. total length
B. flag
C. destination address
D. source address
35: You want to filter all traffic going to an internal web server from the Internet side of the firewall, what port will you filter on the firewall?
A. 25
B. 21
C. 80
D. 8080
36: Which of the following firewalls works at the application level?
A. application-level firewalls
B. circuit firewall
C. MAC layer firewalls
D. Packet filtering firewal
37: What device logically filters traffic at the edge of a computer network and the Internet?
A. Hub
B. Firewall
C. Switch
D. Router
38: Which of the following is TRUE?
A. All of the given options are correct
B. Firewalls can be categorized by processing mode, development era, or structure
C. Firewalls categorized by which level of technology they employ are identified by generation, with the later generations being more complex and more recently developed
D. The firewall may be a separate computer system, a software service running on an existing router or server, or a separate network containing a number of supporting devices
39: Which of the following 8-bit values identifies the maximum time the packet can remain in the system before it is dropped?
A. fragment
B. checksum
C. protocol
D. time to live
40: What is a DMZ zone?
A. Dedicated Master Zone
B. Donor Master Zone
C. Dual Master Zone
D. DeMilitarized Zone
41: Which of the following is not a recognized generation of Firewall?
A. Second generation
B. DMZ
C. Third Generation
D. First Generation
42: Which TCP port is used by Telnet?
A. 72
B. 110
C. 80
D. 23
43: FTP uses which of the following port as control port?
A. 22
B. 21
C. 23
D. 20
44: Your client asks you to create a rule for FTP access, what port(s) will you add on the firewall?
A. 8021
B. 20 and 21
C. 20
D. 2121
45: Your customer asks you to allow ALL hosts from the Internet to company's secure webserver (Secure HTTP), what port do you open on the firewall?
A. 22
B. 43
C. 443
D. 23
46: What is the primary purpose of a firewall?
A. Enables fast forwarding
B. Route hot packets
C. Route frames
D. Inspect packets
47: Which of the following server creates a secure tunnel connection?
A. authentication
B. RADIUS
C. tunnel
D. VPN
48: What happens when a packet arrives on an interface and a route exists in the local routing table and the firewall routes the packet back out the same interface the packet arrived on?
A. The Packet is allowed, but marked as low priority
B. The Packet is dropped
C. Interface will get disabled due to a routing conflict
D. Poison reverse routing is disabled and the packet is allowed
49: What it is called when a packet arrives at a firewall, gets analyzed and determines that no connection exists and the packet is dropped?
A. Connection Oriented Inspection
B. Stateful Packet Inspection
C. Stateless Packet Inspection
D. Stateful Frame Inspection
50: Which of the following firewall makes the filtering decision based on the media access control address of the source/destination of a packet ?
A. Packet Filtering
B. MAC layer Firewalls
C. Circuit Gateways
D. Application Gateways
51: A stateful firewall maintains which of the following?
A. state table
B. routing table
C. connection table
D. bridging table
52: What specific chip design allows firewalls to accelerate packet processing to analyze and filter packets between an untrusted and trusted network?
A. RISC
B. Intel X86
C. ASIC
D. MIPS
53: What kind of firewall is the opensource IPtables firewall commonly found on Linux Distros?
A. Stateless
B. Zone Based
C. Connection oriented firewall
D. Stateful
54: What technology is used on firewalls that process stateful packet inspections at the hardware level and as close to the line rate as possible?
A. ASIC
B. Intel
C. SPI
D. ACL
55: A Stateful Packet Inspection firewall maintains a "BLANK", which is also just a list of active connections.
A. Routing Table
B. Connection Table
C. NAT Table
D. State Table
56: What device should be the front line defense in your network?
A. Packet Filtering Firewalls
B. Stateful Packet Inspection firewall
C. Network Layer Firewalls
D. Application Based Firewalls
57: Ports up to "BLANK" are considered well known ports.
A. 1024
B. 1023
C. 65536
D. 65524
58: Which particular generation firewall are stateless in nature ?
A. Fourth Generation
B. Second generation
C. First Generation
D. Third Generation
59: True/False: NAT is considered as a firewall technology.
A. True
B. False
60: A "BLANK" flowing through a firewall is another term for a packet of digital information.
A. Datagram
B. Packet
C. Frame
D. Data
61: Network-based firewalls and Host-based firewalls are valid categories of which of the following firewall ?
A. Application –level firewall
B. Hybrids
C. MAC layer firewalls
D. Circuit Gateways
62: What do circuit layer Firewalls monitor?
A. TCP Handshaking
B. UDP Handshaking
C. IP Handshaking
D. Transport Handshaking
63: Which of the following is not a VALID subset of packet filtering firewalls?
A. Static filtering
B. Stateless inspection
C. Dynamic Filtering
D. Stateful inspection
64: A dynamic or Stateful Packet Inspection firewall maintains active "BLANK" sessions and "BLANK" pseudo sessions.
A. Stateful and Stateless
B. Server and Host
C. TCP and UDP
D. IP and ICMP
65: Which of the following is not a VALID processing –mode category of firewalls?
A. Proxy firewalls
B. Packet filtering Firewalls
C. Circuit gateways
D. Application gateways
66: What is a Cisco Access Control List (ACL) considered as?
A. NAT
B. Stateful
C. Controlled
D. Stateless
67: Which of the following servers in the DMZ needs only list a limited number of public IP addresses?
A. DNS
B. firewall
C. NAT
D. proxy
68: Which of the following is a mechanism designed into operating system kernel ?
A. First Generation
B. Second generation
C. Third Generation
D. Fifth Generation
69: Which generation firewalls are stateful inspection firewalls?
A. Third Generation
B. Second generation
C. First Generation
D. Fourth Generation
70: Which of the following is FALSE about Circuit Gateways?
A. Firewall operates at the transport layer
B. Circuit gateways firewalls DO NOT look at data traffic flowing between one network and another
C. Circuit Gateway firewalls provide a unique access mechanism based on the destination application
D. Circuit Gateway firewalls provide a common access mechanism which is not dependent on the destination application
71: In an IP packet header, which of the following describes the length of the header in 32-bit words and is a 4-bit value?
A. total length
B. fragment offset
C. header checksum
D. Internet header length
72: What layer(s) does an SPI firewall generally operate at?
A. D and F
B. Network
C. Application
D. Data Link
73: Which of the following can have different components of the firewall for different systems?
A. screened subnet firewall
B. packet filtering routers
C. dual-homed firewalls
D. Screened Host Firewalls
74: Which of the following host is sometimes called a dual-homed gateway or bastion host?
A. blocked
B. stub
C. proxy
D. sceened
75: Which level proxy provides protection at the session layer of OSI?
A. application
B. proxy
C. server
D. circuit
76: Which of the following is not a vaild categorization of Firewall based on structure?
A. hardware-based
B. application-based
C. residential grade
D. commercial-grade
77: What layer of the OSI model do Circuit Layer Firewalls operate at?
A. Session Layer
B. Application Layer
C. Transport Layer
D. Network Layer
78: Which of the following is not a vaild categorization of Firewall based on processing mode?
A. Application gateway
B. Packet filtering Firewalls
C. Application filtering
D. Circuit gateway
79: Which generation firewalls are either application-level firewalls or proxy servers?
A. First Generation
B. Third Generation
C. Second generation
D. Fourth Generation
80: Which of the following is an INVALID common architectural implementation of firewall?
A. packet filtering routers
B. dual-homed firewalls
C. Dynamic Filtering
D. screened host firewalls
81: Which of the following is helped by Logging?
A. Health of the Firewalls
B. Status of the Firewalls
C. Troubleshooting the issues
D. Monitoring the Firewalls
82: Which of the protocols listed below will you scan at the Gateway to block the Spam Mails?
A. HTTP
B. SMTP
C. POP3
D. IMAP
83: Which of the following are Encryption algorithms?
A. SHA1
B. AES
C. MD5
D. 3DES
E. DES
F. CAST
84: Digital Certificates are used for___________.
A. Encryption
B. Verification
C. Attacking
D. Authentication
85: Which of the following tools can be used to monitor the Packets?
A. Wireshark
B. Nessus
C. TCPDUMP
D. Snort
86: Which of the sources listed below are secured by Desktop Firewalls?
A. Personal Desktop
B. Scanners
C. Printers
D. Personal Files and folders
87: Port-Scanning tools helps the administrator in which of the following?
A. Finding the vulnerabilities
B. Crashing the Firewall.
C. Building a strong security policy.
D. To test the Firewalls configuration.
88: Which of the reasons listed below lead to common attacks?
A. Un-authorized mail relaying
B. Application bugs
C. Operating System bugs
D. Spoofing
89: Which of the following can lead to the denial of service attacks?
A. Unplugging the cable of the main switch
B. Spoofing the Packets
C. Sending SYN Packets using the Zombies
D. Shutting down the server being accessed
90: Which protocol is used by the DNS?
A. TCP
B. UDP
C. IP
D. IPX
91: Which of the following are hash algorithms?
A. MD5
B. AES
C. SHA 1
D. AES-128
E. AES-256
92: What is the mode of operation of Firewalls?
A. Bridge mode
B. Route mode
C. Hybrid Mode
D. VPN Mode
93: The______________ TCP flag can launch a DoS attack.
A. ACK
B. FIN
C. SYN
D. SYN/ACK
E. URG
94: Which layer of the OSI model is used by Packet filtering?
A. Transport Layer
B. Network Layer
C. Session layer
D. Application Layer
95: What exactly is a DoS?
A. It is a type of Attack
B. It is a type of Virus
C. It is a type of Firewalls
D. It is a Security Policy
96: What exactly is spoofing?
A. Sending a lot of mails on the same email address
B. Sending a lot of SYN Packets
C. Pretending to be someone you are not
D. Sending spam mails
97: Which of the following things should be kept in mind while troubleshooting the Firewall problems?
A. Verification of the problem
B. Status of the Firewall
C. Firewall Logs
D. Firewall Configuration
E. All of the above
98:
A. Ethereal
B. Nessus
C. TCPDUMP
D. SNORT
99: Over which of the following can a VPN be established?
A. WAN Link
B. Internet Link
C. Wireless connectivity
D. All of the above
100: What are the functions of a Desktop Firewall?
A. It blocks the worms replicating in the Network
B. It Controls the Access
C. It blocks the attacks on a Desktop machine
D. It scans the system for viruses
List of Firewall Concepts MCQs...
Available in:
Firewall Concepts MCQs
Вопросы по концепциям брандмауэра на русском языке
Preguntas de Firewall Concepts en español
ファイアウォールの概念に関する日本語の質問
Firewall Concepts domande in lingua italiana
Questions Firewall Concepts en français
Questões de Conceitos de Firewall em Língua Portuguesa
Fragen zu Firewall-Konzepten in deutscher Sprache
中文防火墙概念问题
جدار الحماية يصور الأسئلة باللغات العربية
Soal-soal Konsep Firewall dalam bahasa Indonesia
Pertanyaan Konsep Firewall dalam bahasa Turki
