Firewalls and Intrusion Detection Systems (IDS) MCQs

Detection Systems (IDS) along with their answers: Firewalls and Intrusion Detection Systems (IDS) MCQs What is the primary function of a firewall? a) To detect viruses b) To block unauthorized access c) To manage network speed d) To compress data Answer: b) To block unauthorized access Which type of firewall filters traffic based on packet headers? a) Proxy firewall b) Packet-filtering firewall c) Stateful inspection firewall d) Application firewall Answer: b) Packet-filtering firewall What is the main purpose of an Intrusion Detection System (IDS)? a) To block network traffic b) To detect and alert on potential security breaches c) To encrypt data d) To speed up network performance Answer: b) To detect and alert on potential security breaches Which of the following is a characteristic of a stateful inspection firewall? a) It examines each packet independently b) It tracks the state of active connections c) It only filters traffic based on application data d) It does not maintain any state information Answer: b) It tracks the state of active connections What does the term “false positive” mean in the context of IDS? a) A legitimate action flagged as malicious b) A malicious action that goes undetected c) A correct detection of a malicious activity d) A legitimate activity that goes undetected Answer: a) A legitimate action flagged as malicious Which type of IDS attempts to stop an attack once it is detected? a) Passive IDS b) Network-based IDS c) Host-based IDS d) Intrusion Prevention System (IPS) Answer: d) Intrusion Prevention System (IPS) What is a DMZ in the context of network security? a) A type of firewall b) A separate network segment that acts as a buffer zone between the internal network and the public internet c) A type of IDS d) A secure method of encrypting data Answer: b) A separate network segment that acts as a buffer zone between the internal network and the public internet Which type of firewall operates at the application layer of the OSI model? a) Packet-filtering firewall b) Stateful inspection firewall c) Application firewall d) Network-based firewall Answer: c) Application firewall What does a signature-based IDS rely on to detect intrusions? a) Anomalies in network traffic b) Predefined patterns of known attacks c) User behavior analysis d) Random sampling of packets Answer: b) Predefined patterns of known attacks Which firewall technology combines aspects of packet filtering and application proxies? a) Stateful inspection firewall b) Circuit-level gateway c) Application firewall d) Proxy firewall Answer: a) Stateful inspection firewall What is a honeypot used for in network security? a) To filter network traffic b) To lure and analyze attacks c) To encrypt sensitive data d) To increase network speed Answer: b) To lure and analyze attacks Which type of IDS is installed on individual hosts and monitors local activities? a) Network-based IDS (NIDS) b) Host-based IDS (HIDS) c) Signature-based IDS d) Anomaly-based IDS Answer: b) Host-based IDS (HIDS) Which of the following is an example of a firewall rule action? a) Encrypt b) Deny c) Scan d) Authenticate Answer: b) Deny What is a common challenge associated with IDS? a) High cost of implementation b) Difficulty in detecting encrypted traffic c) Slowing down network speed d) Easy to bypass Answer: b) Difficulty in detecting encrypted traffic What does the term “false negative” mean in the context of IDS? a) A legitimate action flagged as malicious b) A malicious action that goes undetected c) A correct detection of a malicious activity d) A legitimate activity that goes undetected Answer: b) A malicious action that goes undetected Which firewall type is most suitable for filtering web traffic? a) Packet-filtering firewall b) Stateful inspection firewall c) Application firewall d) Network-based firewall Answer: c) Application firewall Which of the following is a disadvantage of a host-based IDS? a) It cannot detect internal attacks b) It requires significant resources on the host system c) It is unable to monitor encrypted traffic d) It cannot track user behavior Answer: b) It requires significant resources on the host system What does NAT stand for in firewall technology? a) Network Access Transmission b) Network Address Translation c) Network Authentication Technology d) Network Application Tunneling Answer: b) Network Address Translation Which type of IDS uses statistical models to detect intrusions? a) Signature-based IDS b) Anomaly-based IDS c) Host-based IDS d) Network-based IDS Answer: b) Anomaly-based IDS Which of the following is not a common feature of a firewall? a) Packet filtering b) Stateful inspection c) Content caching d) Proxying Answer: c) Content caching What is the primary advantage of a network-based IDS? a) It can monitor encrypted traffic b) It is easy to deploy on multiple hosts c) It provides a broad view of the network traffic d) It does not require updates Answer: c) It provides a broad view of the network traffic Which of the following is an example of an anomaly that an IDS might detect? a) Normal user login b) Regular file access patterns c) Sudden large data transfers at unusual times d) Routine email communication Answer: c) Sudden large data transfers at unusual times What is a common limitation of packet-filtering firewalls? a) They cannot inspect the payload of packets b) They are very slow c) They cannot be updated d) They require a lot of resources Answer: a) They cannot inspect the payload of packets Which type of IDS can be integrated into a network switch or router? a) Host-based IDS (HIDS) b) Network-based IDS (NIDS) c) Signature-based IDS d) Anomaly-based IDS Answer: b) Network-based IDS (NIDS) What is the primary function of a firewall rule set? a) To encrypt data b) To define the traffic that is allowed or denied c) To monitor user behavior d) To compress data Answer: b) To define the traffic that is allowed or denied What is the main difference between IDS and IPS? a) IDS is preventive, IPS is detective b) IDS is detective, IPS is preventive c) IDS and IPS are the same d) IDS operates at the physical layer, IPS at the application layer Answer: b) IDS is detective, IPS is preventive Which firewall architecture involves placing a firewall on the boundary of a network segment? a) Host-based firewall b) Network perimeter firewall c) Application firewall d) Circuit-level gateway Answer: b) Network perimeter firewall What is a potential drawback of a signature-based IDS? a) High rate of false positives b) Cannot detect known attacks c) Cannot detect new or unknown attacks d) High resource usage Answer: c) Cannot detect new or unknown attacks Which type of firewall is best for protecting web servers? a) Packet-filtering firewall b) Stateful inspection firewall c) Application firewall d) Network-based firewall Answer: c) Application firewallWhich firewall technology provides a more secure method for handling FTP and HTTP traffic? a) Packet-filtering firewall b) Stateful inspection firewall c) Application firewall d) Proxy firewall Answer: d) Proxy firewall What is the primary purpose of a circuit-level gateway? a) To filter based on application data b) To filter based on packet headers c) To authenticate users d) To ensure session-level security Answer: d) To ensure session-level security Which type of firewall is commonly used to protect internal networks from external threats? a) Host-based firewall b) Network perimeter firewall c) Application firewall d) Stateful inspection firewall Answer: b) Network perimeter firewall What is a common disadvantage of a proxy firewall? a) It cannot filter based on packet headers b) It slows down network performance c) It is difficult to configure d) It cannot handle encrypted traffic Answer: b) It slows down network performance Which IDS detection method focuses on identifying deviations from normal behavior? a) Signature-based detection b) Anomaly-based detection c) Host-based detection d) Network-based detection Answer: b) Anomaly-based detection What is a drawback of anomaly-based IDS? a) High rate of false positives b) Inability to detect known attacks c) Limited to specific network segments d) Requires constant updates Answer: a) High rate of false positives Which type of IDS is more effective in detecting complex attacks that span multiple systems? a) Network-based IDS (NIDS) b) Host-based IDS (HIDS) c) Signature-based IDS d) Anomaly-based IDS Answer: a) Network-based IDS (NIDS) What is the role of a firewall administrator? a) To develop encryption algorithms b) To monitor and manage firewall rules c) To analyze network traffic patterns d) To configure network hardware Answer: b) To monitor and manage firewall rules Which firewall feature allows or denies traffic based on the application data contained in the packet? a) Packet filtering b) Stateful inspection c) Application-layer filtering d) Proxying Answer: c) Application-layer filtering What is a limitation of a network-based IDS (NIDS)? a) It cannot detect insider threats b) It requires host resources to function c) It is ineffective against known attacks d) It cannot monitor encrypted traffic Answer: d) It cannot monitor encrypted traffic Which of the following is a benefit of using a stateful inspection firewall over a packet-filtering firewall? a) Higher throughput b) Ability to filter based on application data c) Lower cost d) Greater flexibility in rule configuration Answer: b) Ability to filter based on application data Which firewall type is most effective in protecting against application-layer attacks? a) Packet-filtering firewall b) Stateful inspection firewall c) Proxy firewall d) Network-based firewall Answer: c) Proxy firewall What is the primary function of a DMZ in a network architecture? a) To filter outgoing traffic b) To host internal network services accessible to the internet c) To encrypt all traffic d) To increase network bandwidth Answer: b) To host internal network services accessible to the internet Which of the following is a characteristic of a stateful inspection firewall? a) Filters traffic based on packet headers b) Maintains state information about active connections c) Operates at the application layer d) Uses proxy servers for traffic filtering Answer: b) Maintains state information about active connections What is the main advantage of using a proxy firewall? a) High speed performance b) Low cost implementation c) Ability to handle encrypted traffic d) Easy configuration Answer: c) Ability to handle encrypted traffic Which type of IDS is more likely to detect attacks that originate from within the network? a) Network-based IDS (NIDS) b) Host-based IDS (HIDS) c) Signature-based IDS d) Anomaly-based IDS Answer: b) Host-based IDS (HIDS) What is a disadvantage of using a host-based IDS (HIDS)? a) It requires specialized hardware b) It is ineffective against insider threats c) It can consume significant system resources d) It cannot detect external attacks Answer: c) It can consume significant system resources Which type of firewall inspects each packet individually and does not maintain session information? a) Stateful inspection firewall b) Packet-filtering firewall c) Proxy firewall d) Application firewall Answer: b) Packet-filtering firewall What does the term “single point of failure” mean in the context of network security? a) A vulnerability in a network device b) A firewall configuration error c) A system that, if it fails, can bring down the entire network d) A weak password used by multiple users Answer: c) A system that, if it fails, can bring down the entire network Which type of IDS is more likely to generate false positives? a) Network-based IDS (NIDS) b) Host-based IDS (HIDS) c) Signature-based IDS d) Anomaly-based IDS Answer: d) Anomaly-based IDS