Chapter 89 · Quiz

Firewalls — Quiz

Six multiple-choice questions and four matching questions. Submit for instant scoring and explanations.

Question 1 of 6
A security engineer needs to block a specific cloud storage application used for unauthorized data exfiltration. The application runs over HTTPS (TCP/443). Other HTTPS-based business applications must continue working. Which firewall type can accomplish this, and which cannot?
Question 2 of 6
A firewall ACL has three rules: (1) Allow TCP from any to any port; (2) Allow TCP/22 from 10.0.1.0/24; (3) Deny TCP/22 from any. An attacker from 203.0.113.5 successfully connects via SSH. What is the cause, and how should the rules be corrected?
Question 3 of 6
An organization places its public web server and its internal HR database server on the same network segment. An attacker compromises the web server and immediately begins scanning internal systems. Which architectural change would have most directly limited the attacker's post-compromise access?
Question 4 of 6
An IPS triggers on a new malware variant the same day the variant is first observed in the wild, even though no vendor signature for it yet exists. Which detection method is responsible?
Question 5 of 6
A security administrator enables an IPS policy that blocks all traffic matching any rule in the "database injection" rule group. The next day, the application development team reports that their legitimate database testing tool is being blocked. What is this situation an example of, and what should the administrator do?
Question 6 of 6
A firewall rule base ends with: (Rule 10) Allow UDP/123 from any; and no further explicit rules. An employee tries to use FTP (TCP/21) to transfer files to an external server. What happens to the FTP traffic, and why?

Matching

Match each description to the correct firewall or IPS concept.

1. A firewall that identifies the specific application in network traffic rather than just the port number, enabling per-application policy decisions at OSI Layer 7
2. A network zone positioned between the internet and the internal network that hosts publicly accessible services while preventing internet traffic from reaching internal systems
3. An IPS detection method that compares traffic against a database of known attack patterns and triggers when an exact match is found; effective against known threats but blind to novel attacks
4. A default-deny rule enforced at the bottom of a firewall rule base that drops all traffic not explicitly matched by any earlier rule
A. NGFW
B. Screened Subnet / DMZ
C. Signature-Based Detection
D. Implicit Deny