UGC NET Questions (Paper – 1)

A firewall enforces a security policy by examining incoming and outgoing packets and deciding whether to allow or block them. It can be configured to restrict access to certain ports, addresses or protocols, thereby reducing exposure to attacks. Firewalls are a key component of network perimeter defence in organisations. Thus the protective mechanism described in the stem is a firewall.

Option A:
Option A, router, primarily handles routing packets between networks and may include some filtering features, but routing is its main purpose. Without specific security configurations, it does not offer comprehensive protection.

Option B:
Option B, gateway, refers to a device or software that connects networks using different protocols and is focused on translation and connectivity rather than security enforcement alone.

Option C:
Option C, antivirus scanner, inspects files and memory for malicious code on individual hosts rather than controlling network traffic flows across a boundary. Its scope is different from that of a firewall.

Option D:
Option D is correct because firewalls are explicitly defined as systems that monitor and regulate network connections according to configured rules, matching the wording in the question.

A firewall acts as a barrier between trusted internal networks and external networks such as the Internet. It filters incoming and outgoing packets according to defined policies, blocking suspicious or prohibited connections. This reduces the risk of intrusions, data theft and malware spread. The option explains this traffic filtering function accurately.

Option A:
This option correctly highlights inspection and rule based control as the main tasks. It shows that firewalls are preventive measures designed to enforce organisational security policies at network boundaries.

Option B:
Processing speed depends on hardware and system configuration and is not directly increased by installing a firewall. In some cases, heavy filtering may even introduce slight delays.

Option C:
Automated writing of research papers is outside the scope of any security device. Firewalls are concerned with access, not content creation.

Option D:
Converting digital data into printed books is a documentation strategy and has nothing to do with network packet filtering.

A firewall acts as a barrier between a trusted internal network and untrusted external networks such as the internet. It inspects traffic according to predefined rules and decides whether to allow or block specific packets. This helps prevent unauthorised access and reduces the exposure of internal systems to external threats. Therefore, the mechanism described is a firewall.

Option A:
Option A is correct because firewalls are explicitly defined as security systems that enforce an access control policy between networks, matching the role outlined in the stem. They can be implemented in hardware, software or a combination of both.

Option B:
Option B, gateway, is a broader term for a device or software that connects networks using different protocols and may not necessarily enforce detailed security rules.

Option C:
Option C, bridge, connects network segments at the data link layer and forwards frames based on physical addresses, without usually providing extensive security filtering.

Option D:
Option D, proxy server, can add some security by mediating requests but is primarily designed for caching and content control rather than acting as the main perimeter filter.

A proxy server receives client requests, forwards them to other servers and then returns the responses to the clients. It can cache frequently accessed resources to improve performance and reduce bandwidth usage. Proxies also help conceal internal IP addresses and can enforce access policies. Thus, the type of server described is a proxy server.

Option A:
Option A, switch, forwards frames within a local network segment and does not act as an application level intermediary between clients and external web servers.

Option B:
Option B is correct because a proxy server is specifically designed to act on behalf of clients when accessing other servers, providing functions such as caching and address hiding.

Option C:
Option C, bridge, connects two network segments and forwards traffic based on hardware addresses without engaging with application level requests.

Option D:
Option D, scanner, usually refers to an input device for images or security software that scans for vulnerabilities, neither of which matches the intermediary server role.

A firewall sits between a trusted internal network and untrusted external networks (like the Internet) and filters packets using security rules. Its main job is to allow legitimate traffic and block suspicious or unauthorised connections.

Option A:
This option correctly describes the core function of a firewall: inspecting traffic and enforcing access-control policies to protect campus systems.

Option B:
CPU speed is determined by hardware design and clock frequency; a firewall does not exist to “speed up” processors.

Option C:
Automatically deleting all user files would be destructive, not protective; this is not a firewall’s role.

Option D:
Converting analogue to digital signals is done by codecs or related devices in multimedia systems, not by firewalls.

A firewall acts as a barrier between a trusted internal network and untrusted external networks, inspecting traffic according to security policies. It can block unauthorised access while permitting legitimate communication, thereby reducing the risk of attacks. Firewalls may be hardware, software or a combination of both. Hence, the protective system described is a firewall.

Option A:
Option A is correct because firewall is the established term in ICT security for systems that filter network traffic based on rules.

Option B:
Option B, gateway, is a broader term for devices that connect networks and may or may not enforce security policies.

Option C:
Option C, modem, modulates and demodulates signals for communication over telephone lines or cable and is not primarily a security device.

Option D:
Option D, router, forwards packets between networks based on IP addresses but does not automatically apply security rules unless combined with firewall features.

Statements A, B, D and E describe fundamental components of a layered security strategy. Firewalls and intrusion detection systems protect network perimeters and internal traffic, two-factor authentication strengthens access control and audits reveal vulnerabilities. Statement C is false because shared administrator passwords reduce accountability and increase risk. Statement F is false since unencrypted internal traffic can be intercepted or leaked, so all true statements are A, B, D and E.

Option A:
Option A is correct because it reflects a defence-in-depth approach where prevention, monitoring and assessment work together. It correctly rejects password-sharing and the assumption that unencrypted internal networks are always safe, aligning with best practices in security management.

Option B:
Option B is incomplete because it omits E, and thus ignores the importance of regular security audits and vulnerability assessments. While A, B and D are true, they do not cover the continual improvement cycle needed to maintain security posture.

Option C:
Option C is incorrect because it includes F and omits A. Accepting F would leave internal traffic exposed, and leaving out A fails to mention basic firewall protection, so B, D, E and F do not form a complete or fully accurate set.

Option D:
Option D is incomplete because it excludes B and therefore fails to mention intrusion detection or prevention as a monitoring layer. Although A, D and E are correct, this omission means the combination does not include all true statements.

Statements A, B and D correctly characterise typical roles of firewalls and IDS in network security, whereas C is an unrealistic claim. Firewalls enforce access control policies and IDS tools generate alerts, but no single device can guarantee perfect security. Defence-in-depth recognises the need for multiple layers of protection, procedures and monitoring. Consequently, the combination that includes A, B and D but not C is the only accurate choice.

Option A:
Option A is incomplete because it lists only A and B and omits D. Without mentioning defence-in-depth, one might wrongly assume that firewalls and IDS alone are sufficient, ignoring the multi-layered strategies recommended in practice.

Option B:
Option B is incorrect because it includes A, B and C and thereby accepts C. The assertion that a firewall always guarantees safety ignores new threats, misconfigurations and insider risks, so this combination cannot be accepted.

Option C:
Option C is correct because it captures the complementary functions of firewalls and IDS and acknowledges that they must be part of a broader security architecture. By excluding C, it rejects the mistaken belief in absolute protection through a single device.

Option D:
Option D is incomplete because it groups B and D only and leaves out A. Statement A provides the basic definition of what a firewall does, and its omission makes the combination conceptually incomplete.