| 1: | What restrictions are typically placed on clients inside a corporate network, in terms of what Internet-based servers they are allowed to use? |
| A1: | Answer: Although the answer is somewhat subjective, most of the time, clients inside a company can connect to any Internet servers that they want to connect to. |
| 2: | What restrictions are typically placed on clients on the Internet who want to connect to servers inside a corporate network, assuming that corporation uses a firewall? |
| A2: | Answer: The corporate firewall typically prevents Internet-based clients from connecting to servers inside the corporate network, except for those servers that are intended specifically for use by the general public. |
| 3: | How does a firewall figure out the IP address of a host that is trying to initiate a new TCP connection? |
| A3: | Answer: The firewall looks at TCP segments that have the TCP SYN flag set, and only that flag. That segment is the first segment in a new TCP connection. The firewall then simply looks at the source IP address of the packet. |
| 4: | How does a firewall figure out what application protocol is being used? |
| A4: | Answer: The firewall looks at TCP segments that have the TCP SYN flag set, and only that flag. That segment is the first segment in a new TCP connection. The firewall looks at the destination TCP port number, which is the well-known port that particular application protocol uses. |
| 5: | What term does a firewall typically use to refer to the corporate network? |
| A5: | Answer: The inside network |
| 6: | What term does a firewall typically use to refer to a small LAN that is less secure than the internal corporate network, but more secure than the Internet connection? |
| A6: | Answer: The DMZ |
| 7: | Consider the following statement: "Firewalls let packets go from the corporate network to the Internet, but they do not let packets go from the Internet back to the corporate network." State whether you agree or disagree, and explain why. |
| A7: | Answer: Disagree. Firewalls let packets through in both directions because packets must flow in both directions for an application to be useful. Firewalls allow packets in both directions, but only for packets that meet the rules configured on the firewall. |
| 8: | What does IDS stand for? |
| A8: | Answer: Intrusion detection system |
| 9: | Comparing network-based IDS devices and firewalls, which one is typically in the path through which packets are forwarded? |
| A9: | Answer: Firewall |
| 10: | Define "signature" in terms of use with IDS and anti-virus software. |
| A10: | Answer: The word "signature" refers to the description of which packets and files look like attempts by a cracker to deny service or to put a virus on a computer. |
| 11: | Which two TCP/IP applications most often allow the transfer of files to a computer, with those files possibly containing a computer virus? |
| A11: | Answer: Web (HTTP) and e-mail (POP3) |
