IT Security Architecture
Exam Review
Course Introduction
IT Security Architecture explores the principles, frameworks, and methodologies for designing secure information systems within organizational environments. The course covers essential topics such as threat modeling, security controls, defense-in-depth strategies, network segmentation, identity and access management, and secure system life cycle. Students examine common security architectures, standards, and best practices, applying them to create robust security solutions that align with business and compliance requirements. Through practical case studies and design exercises, learners develop skills to assess existing infrastructures, identify vulnerabilities, and architect resilient IT environments capable of withstanding evolving cyber threats.
Recommended Textbook Guide to Firewalls and VPNs 3rd Edition by
Michael E. Whitman
Available Study Resources on Quizplus
10 Chapters
496 Verified Questions
496 Flashcards
Source URL: https://quizplus.com/study-set/2181 Page 2
Chapter 1: Introduction to Information Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/43454
Sample Questions
Q1) Brute force attacks are often successful against systems that have adopted the usual security practices recommended by manufacturers.
A)True
B)False
Answer: False
Q2) Describe the difference between direct and indirect attacks.
Answer: A direct attack is when a hacker uses a personal computer to break into a system.An indirect attack is when a system is compromised and used to attack other systems, such as in a botnet (a collection of software programs that operate autonomously to attack systems and steal user information) or other distributed denial-of-service attack.Direct attacks originate from the threat itself.Indirect attacks originate from a system or resource that itself has been attacked and is malfunctioning or working under the control of a threat.
Q3) ____ refers to multiple layers of security controls and safeguards is called.
A) A DMZ
B) A security perimeter
C) Defense in depth
D) Layered redundancy
Answer: C
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Security Policies and Standards
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/43455
Sample Questions
Q1) A(n) ____ plan addresses the identification, classification, response, and recovery from an incident.
A) incident response
B) disaster recovery
C) attack profile
D) business impact analysis
Answer: A
Q2) Ensures that critical business functions continue if a catastrophic incident or disaster occurs.
A)managerial guidance SysSP document
B)security training
C)incident response
D)business continuity plan
E)information security policy
F)de jure
G)de facto
H)security blueprint
I)business impact analysis
Answer: D
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: Authenticating Users
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/43456
Sample Questions
Q1) Implemented at the discretion of the data user.
A)authentication
B)least privilege
C)discretionary access controls
D)authorization
E)separation of duties
F)identification
G)need to know
H)nondiscretionary access controls
I)accountability
Answer: C
Q2) ____ use(s) a challenge-response system.
A) Local authentication
B) Biometrics
C) Synchronous tokens
D) Asynchronous tokens
Answer: D
Q3) In ____________________-based access controls, access is granted based on a set of rules specified by the central authority.
Answer: rule
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Introduction to Firewalls
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/43457
Sample Questions
Q1) Application gateways function at the ____ layer of the OSI model.
A) presentation
B) transport
C) network
D) data link
Q2) The combination of a sender's full address (network address plus port) and receiver's address (network address plus port) makes up a ____.
A) socket
B) packet
C) bastion
D) DMZ
Q3) A properly configured firewall only allows authorized connection attempts to the ports on the network it protects.
A)True
B)False
Q4) ____________________ inspection blocks packets that are sent from an external computer that does not have a currently active connection to an internal computer.
Q5) "____________________" refers to the era of technology a firewall evolved in.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Packet Filtering
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/43458
Sample Questions
Q1) Describe how a firewall can enable Web access.
Q2) One of the first IP header criteria you can filter on is the packet's ____.
A) length
B) ACK flag
C) source IP address
D) type of service
Q3) ____ packet filters are useful for completely blocking traffic from a subnet or other network.
A) Stateless
B) Stateful
C) Personal
D) IP
Q4) The ____ is a structure for organizing Internet names associated with IP addresses.
A) Domain Name System (DNS)
B) Transport Control Protocol (TCP)
C) Hypertext Transfer Protocol (HTTP)
D) Simple Mail Transfer Protocol (SMTP)
Q5) Describe best practices for testing firewall rules.
Q6) Explain the process of packet filtering by TCP or UDP port number.
Page 7
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Firewall Configuration and Administration
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/43459
Sample Questions
Q1) List the critical resources for a firewall's successful operation.
Q2) What is IP forwarding?
Q3) A(n) ____________________ interface is software that enables you to configure and monitor one or more firewalls that are located at different network locations.
Q4) Password you need to enter to make your screen saver vanish so you can return to your desktop and resume working.
A)boot-up password
B)firewall rules
C)bastion host
D)screen saver password
E)restrictive
F)IP forwarding
G)permissive
H)supervisor password
I)caching
Q5) One of the disadvantages of a load-sharing setup is that total network performance declines.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Working With Proxy Servers and
Application-Level Firewalls
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/43460
Sample Questions
Q1) The only reason you should place a proxy server directly on the Internet is if the proxy is intended to serve as a transparent proxy.
A)True
B)False
Q2) Squid is a full-featured Windows-based firewall that performs access control and filtering and is especially good at quickly serving cached files..
A)True
B)False
Q3) Configured so that they are totally invisible to end users.
A)dual-homed host
B)URL redirection
C)nontransparent proxies
D)log files
E)parameters
F)SOCKS
G)WinGate
H)proxy servers
I)transparent proxies
Q4) What is SOCKS?
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Implementing the Bastion Host
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/43461
Sample Questions
Q1) A ____ is a level of performance that you consider acceptable and against which the system can be compared.
a.log file
b.system audit
c.quality assurance test
d.baseline
Q2) Why is it a good idea to disable user accounts on the bastion host?
Q3) In general, where should bastion hosts be located on the network?
A) within the internal LAN
B) DMZ
C) before the router
D) between the router and firewall
Q4) Where should a bastion host be located?
Q5) Describe the RAM needs of a bastion host.
Q6) A ____ server is a machine that is placed in the DMZ to attract hackers and direct them away from the servers being protected.
A) flytrap
B) DNS server
C) honeypot
D) bastion host
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Encryption - The Foundation for the Virtual
Private
Network
Available Study Resources on Quizplus for this Chatper
48 Verified Questions
48 Flashcards
Source URL: https://quizplus.com/quiz/43462
Sample Questions
Q1) The transformation of the individual components (characters, bytes, or bits) of an unencrypted message into encrypted components.
A)cipher
B)keyspace
C)encipher
D)cryptosystem
E)ciphertext
F)work factor
G)decipher
H)algorithm
I)cryptovariable
Q2) ____ was developed as an improvement to DES and uses as many as three keys in succession.
A) Triple DES
B) AES
C) Vernam
D) Rijndael
Q3) Firewalls have always performed encryption-related functions.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Setting up a Virtual Private Network
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/43463
Sample Questions
Q1) Some VPNs use the term encryption ____ to describe everything in the protected network and behind the gateway.
A) network
B) trust
C) sector
D) domain
Q2) Communications path that makes use of Internet-based hosts and servers to conduct data from one network station to another.
A)encapsulation
B)tunnel
C)client-to-site
D)transport mode
E)gateway
F)private leased lines
G)tunnel mode
H)site-to-site
I)Point-to-Point Tunneling Protocol
Q3) List some devices that can form the endpoints of the VPN.
Q4) What should be specified in a VPN security policy?
Q5) Describe the mesh configuration for a VPN.
To view all questions and flashcards with answers, click on the resource link above. Page 12