SRM INSTITUTE OF SCIENCE AND TECHNOLOGY

Ramapuram Campus
Department Of Computer Science and Engineering
18CSE354T- NETWORK SECURITY
QUESTION BANK
UNIT 1
Part-A
(Correct answer is in bold)
1. Firewalls are often configured to block ___________
a)UDPtraffic
b)TCPtraffic
c)Sensitive Traffic
d) Best-effort traffic
2. In a network, If P is the only packet being transmitted and there was no earlier
transmission, which of the following delays could be zero?
a)Propagation Delay
b)Queuing Delay
c)Transmission Delay
d) Processing delay
3. Which technologies are increasingly used today instead of IDS?
a) IPS
b) SIEM
c) Data loss prevention
d) All of the above
4. Which is true of signature-based IDS?
a) It cannot work with an IPS.
b) It only identifies on known signatures.
c) It detects never-before-seen anomalies.
d) It works best in large enterprises.
5. When discussing IDS/IPS, what is a signature?
a) An electronic signature used to authenticate the identity of a user on the network
b) Patterns of activity or code corresponding to attacks
c) "Normal," baseline network behavior
d) None of the above
6. Which of the following provides a baseline measurement for comparison of IDSes?
a)Crossover error rate
b)False negative rate
c)False positive rate
d) Bit error rate
7. A false positive can be defined as:
a)An alert that indicates nefarious activity on a system that, upon further inspection,
turns out to represent legitimate network traffic or behavior
b) An alert that indicates nefarious activity on a system that, upon further inspection, turns
out to truly be nefarious activity
c) The lack of an alert for nefarious activity
d)All of the above
8. Where is an IPS commonly placed in a network?
a) In front of the firewall
b) In line with the firewall
c)Behind the firewall
d)On the end users' device
9. If it detects a threat, an IPS can:
a) Record the details of the threat
b) Report the threat to security admins
c) Take preventative action to stop the threat
d) All of the above
10. How does machine learning benefit IDSes/IPSes?
a) By lowering the volume of attacks analyzed
b) By adding heuristic anomaly detection capabilities
c) By searching for similar patterns to known attacks
d) By helping identify signatures more quickly
11. A list or table stored by a router (or switch) that controls access to and from a
network.
a) State Table
b)Access Control List (ACL)
c) Session Splicing
d)Packet Filter
12. An analysis method used by some IDS that looks for instances that are not considered
normal behavior.
a) Stateful Inspection
b)Anomaly Detection
c) Evasion
d)Pattern Matching
13. Bypassing a device, or performing another action, to attack or place malware on a
target network without being detected.
a)Packet Filter
b) State Table
c) Evasion
d) Honeypot
14. A type of firewall closely related to a packet filter that can track the status of a
connection through use of a state table that keeps track of connection activities.
a)Anomaly Detection
b)Protocol Decoding
c)Stateful Inspection
d) State Table
15. A tool that uses the monitoring of network traffic, detection of unauthorized access
attempts, and notification of unauthorized access attempts to network administrator.
a)Anomaly Detection
b)Access Control List (ACL)
c)Intrusion Detection System (IDS)
d) Session Splicing
16. A type of stateless inspection used in some routers and firewalls to limit flow of
traffic to what is on the ACL.
a) Packet Filter
b)Proxy Server
c)Evasion
d)State Table
17. Something set up on a separate network (or in DMZ) to attract hackers and lure them
away from the real network; it logs keystrokes, provides other information about an attacker,
and also provides warning that someone is trying to attack your network.
a)Proxy Server
b)State Table
c) Evasion
d) Honeypot
18. A way to change network address information in IP packet headers with a router by
connecting multiple computers using one IP address connected to the Internet (or IP network)
to convert many private addresses into one public address.
a)Access Control List (ACL)
b)Network Address Translation (NAT)
c) Anomaly Detection
d)Intrusion Detection System (IDS)
19. The protocol data unit(PDU) for the application layer in the Internet stack is
(A) Segment (B) Datagram (C) Message (D) Frame
20. The network layer concerns with
a.bits b.frames c.packets d.none of the mentioned
21. Which direction access cannot happen using DMZ zone by default ?
a.Company computer to DMZ
b.Internet to DMZ
c.Internet to company computer
d.Company computer to internet
22. What is the Demilitarized Zone?
A.The area between firewall & connection to an external network
B.The area between ISP to Military area            
C.The area surrounded by secured servers
D. The area surrounded by the Military
23. Which of the following is/are Protocols of Application?
A.FTP
B.DNS
C.Telnet
D. All of above
24. Which of the following protocol is/are defined in Transport layer?
A.FTP
B.TCP
C.UDP
D. B & C
25. A firewall needs to be ____ so that it can grow with the network it protects.
A. Robust
B. Expensive
C. Fast
D. Scalable
26. What is one advantage of setting up a DMZ with two firewalls?
A. You can control where traffic goes in the three networks
B. You can do stateful packet filtering
C. You can do load balancing
D. Improved network performance
27. A system that monitors traffic into and out of a network and automatically alerts
personnel when suspicious traffic patterns occur, indicating a possible unauthorized intrusion
attempt is called a(n) __________________.
A. IDS B. Firewall C. Router D. Anti-virus software
28. In an IP packet header, the ____ is the address of the computer or device that is to
receive the packet.
A. Source address
B. Flag
C. Destination address
D. Total length
29. In an IP packet header, the ____ is the address of the computer or device that is to
receive the packet.
A. Source address
B. Flag
C. Destination address
D. Total length
30. What is the most effective security approach for a stateless packet filter?
A. Deny all except specified hosts
B. Allow all except specified hosts
C. Allow access to only specified destination servers
D. Deny access to all destinations except specified servers
31. Some ____ firewalls are able to examine the contents of packets as well as the
headers for signs that they are legitimate.
A. Boundary
B. Stateful
C. Stateless
D. Personal
32. A stateful firewall maintains a ___________, which is a list of active connections.
A. Routing table
B. Bridging table
C. State table
D. Connection table
33. Which malicious program cannot do anything until actions are taken to activate the
file attached by the malware.
A. Trojan Horse
B. Worm
C. Virus
D. Bots
34. What is an antivirus?
A. A bigger and more dangerous virus
B. Software used to duplicate viruses
C. Computer software used to prevent, detect and remove malicious software
D. A biological agent that reproduces itself inside the cells of living things
35. Which of the following malware do not replicate or reproduce through infection?
A. Worms
B. Trojans
C. Viruses
D. Rootkits