chapter 11 (2) Flashcards by Moon Le

What is the primary motivation for casual intruders?
a) Espionage
b) Financial gain
c) The thrill of the hunt; to show off
d) Professional advancement

How well did you know this?

Not at all

Perfectly

Who are script kiddies?
a) Novice attackers using hacking tools
b) Experts in security
c) Organization employees
d) Professional hackers

How well did you know this?

Not at all

Perfectly

What distinguishes crackers from other types of intruders?
a) They have limited knowledge
b) They use hacking tools for fun
c) They cause damage
d) They are motivated by financial gain

How well did you know this?

Not at all

Perfectly

What is a common characteristic of insider threats?
a) They have limited knowledge about hacking
b) They are motivated by the thrill of the hunt
c) They have legitimate access to the network
d) They primarily engage in espionage activities

How well did you know this?

Not at all

Perfectly

Crackers are casual hackers with a limited knowledge of computer security

f. Experts in security (hackers)

How well did you know this?

Not at all

Perfectly

Which of the following is not a type of intruder who attempts to gain intrusion to
computer networks?
a. Delphi team member
b. script kiddies
c. crackers
d. professional hackers
e. organization employees

How well did you know this?

Not at all

Perfectly

What is the best rule for maintaining high security with sensitive data?
a) Keeping sensitive data online but encrypted
b) Storing sensitive data in computers isolated from the network
c) Sharing sensitive data with trusted third parties
d) Deleting sensitive data permanently

How well did you know this?

Not at all

Perfectly

hich of the following is NOT considered an important control for detecting, preventing, or recovering from intrusion?
a) Security policy
b) Server and client protection
c) Encryption
d) Employee breakroom access control

How well did you know this?

Not at all

Perfectly

Which of the following is NOT listed as an important control for detecting, preventing, or recovering from intrusion?
a) Security policy
b) Intrusion Detection Systems (IDSs)
c) Encryption
d) Intrusion recovery

b. Intrusion Protection System (IPSs)

How well did you know this?

Not at all

Perfectly

What is the primary purpose of a security policy?
a) To increase company profits
b) To control risk due to intrusion
c) To reduce employee productivity
d) To promote employee creativity

How well did you know this?

Not at all

Perfectly

According to the security policy, what should be clearly defined?
a) Employee vacation days
b) Company lunch hours
c) Important assets to be safeguarded and necessary controls
d) Preferred office attire

How well did you know this?

Not at all

Perfectly

Which of the following is NOT a component that a security policy should clearly define?
a) Important assets to be safeguarded
b) Procedures for filing expense reports
c) Controls needed to protect assets
d) What employees should and should not do

How well did you know this?

Not at all

Perfectly

How often should employees receive security training according to the security policy?
a) Once a year
b) Every five years
c) Whenever they feel like it
d) Routinely

How well did you know this?

Not at all

Perfectly

Who is typically responsible for decision-making regarding security, according to the security policy?
a) The CEO
b) The IT department
c) The decision-making manager designated in the policy
d) External security consultants

How well did you know this?

Not at all

Perfectly

What is an essential component of the security policy for responding to security breaches?
a) Sending a company-wide email
b) Contacting law enforcement immediately
c) Having an incident reporting system and a rapid-response team
d) Ignoring the breach and hoping it resolves itself

How well did you know this?

Not at all

Perfectly

What does the security policy prioritize in its risk assessment?
a) Least important assets
b) Most convenient access points
c) Important assets
d) Non-critical user activities

How well did you know this?

Not at all

Perfectly

What is the purpose of having effective controls at major access points into the network?
a) To welcome external agents
b) To deter access by internal users
c) To prevent access by external agents
d) To provide entertainment for users

How well did you know this?

Not at all

Perfectly

The most common access point used by attackers to gain access to an organization’s
network is the Internet connection.

How well did you know this?

Not at all

Perfectly

Why are effective controls within the network necessary?
a) To ensure users exceed their authorized access
b) To enhance management time
c) To minimize inconvenience to users
d) To prevent internal users from exceeding their authorized access

How well did you know this?

Not at all

Perfectly

According to the security policy, what is the recommended approach regarding the number of controls?
a) Maximize controls for better security
b) Use as few controls as possible
c) Use a moderate number of controls for balance
d) Allow users to set their own controls

b. using just enough security measures to keep things safe without making them too complicated or annoying for users

How well did you know this?

Not at all

Perfectly

What does the acceptable use policy outline?
a) Guidelines for users to do whatever they want
b) Guidelines for accessing others’ accounts
c) Guidelines for avoiding password security
d) Guidelines for ignoring email rules

b. An acceptable use policy that explains to users what they can and cannot do, including guidelines for accessing others’ accounts, password security, email rules, and so on

How well did you know this?

Not at all

Perfectly

What procedure does the security policy recommend for monitoring changes to important network components?
a) Routine coffee breaks
b) Annual team-building retreats
c) Regular monitoring of network components
d) Ignoring changes altogether

How well did you know this?

Not at all

Perfectly

What is the purpose of routinely training users regarding security policies?
a) To decrease security awareness
b) To increase the likelihood of security breaches
c) To build awareness of security risks
d) To waste company resources

How well did you know this?

Not at all

Perfectly

How often should the security practices be audited and reviewed according to the policy?
a) Weekly
b) Quarterly
c) Annually
d) Never, as audits are unnecessary

How well did you know this?

Not at all

Perfectly

A __________ is a router or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization’s network. a. firewall b. token system c. ANI d. call-back modem e. firefighter

What is a common purpose of a firewall in an organization's network security strategy? a) To provide physical security for servers b) To secure internal communications c) To manage employee schedules d) To help secure the organization's Internet connection

What additional function can some firewalls perform besides restricting access? a) Generating daily reports on office activities b) Scheduling employee meetings c) Identifying and preventing denial-of-service attacks d) Ordering office snacks

Where are firewalls typically placed within an organization's network architecture? a) Only within the company cafeteria b) At every network connection between the organization and the Internet c) Inside individual employees' desks d) At the entrance of the CEO's office

Which of the following is NOT a typical feature of a firewall? a) Identifying and preventing denial-of-service attacks b) Filtering and monitoring network traffic c) Arranging company picnics d) Restricting access to the organization's network

. A(n) ____________ examines the source and destination address of every network packet that passes through it. a. packet level firewall b. mullion server c. ANI system d. IP spoofing system e. network switch

Which layer of the OSI model do packet-level firewalls inspect packets at? a) Physical layer b) Data link layer c) Network protocol level d) Application layer

c. Examines IP addresses and TCP port addresses only

What is a characteristic of application-level firewalls? a) They only operate at the physical layer of the OSI model b) They offer less control over traffic compared to other types of firewalls c) They operate at the application layer of the OSI model d) They are not concerned with inspecting packets

What is the primary function of NAT firewalls? a) Inspecting packets at the network protocol level b) Offering granular control over traffic c) Translating private IP addresses into public ones d) Preventing unauthorized access to the network

How does a packet-level firewall determine whether to allow or deny packets? a) By inspecting packet contents b) By analyzing packet behavior c) By examining source and destination addresses d) By monitoring packet history

Why is a packet-level firewall considered to operate on a "stateless" basis? a) Because it maintains detailed records of packet history b) Because it lacks awareness of packet history c) Because it can detect packet tampering d) Because it focuses solely on application-layer data

What type of inspection do packet-level firewalls typically use? a) Deep packet inspection b) Stateless inspection c) Stateful inspection d) Application-layer inspection

What is the purpose of an Access Control List (ACL) in packet-level firewalls? a) To allow only packets with specific content b) To restrict access based on packet history c) To create rules for permitting or denying packets d) To identify all applications within the network

What do IP packets contain that ACLs may rely on for access control? a) Source and destination MAC addresses b) Source and destination IP addresses c) Application-layer data d) Packet payloads

Why might ACLs not heavily rely on source IP addresses? a) Due to the limited capabilities of packet-level firewalls b) Because source IP addresses can be easily spoofed c) Because source IP addresses are always trustworthy d) Because ACLs primarily focus on packet contents

An intruder uses TCP spoofing to send packets to a target computer requesting certain privileges be granted to some user

F. IP spoofing

A packet-level firewall examines the source and destination address of every network packet that passes though the firewall.

IP spoofing means to: a. fool the target computer and any intervening firewall into believing that messages from the intruder’s computer are actually coming from an authorized user inside the organization’s network b. clad or cover the internal processing (IP) lines with insulating material to shield the IP lines from excess heat or radiation c. illegally tape or listen in on telephone conversations d. detect and prevent denial-of-service attacks e. act as an intermediate host computer between the Internet and the rest of the organization’s networks

A(n) ____________ can use stateful inspection to monitor and record the status of each connection and can use this information in making decisions about what packets to discard as security threats. a. application level firewall b. bullion server c. ANI system d. IP spoofing systems e. packet level firewall

What is a key feature of Application-Level Firewalls? a) They only inspect packet headers b) They operate exclusively at the network layer c) They examine contents of application layer packets d) They lack rules for processing applications

What action do many Application-Level Firewalls take regarding external users and executable files? a) They encourage external users to upload executable files b) They prohibit external users from uploading executable files c) They modify executable files on behalf of external users d) They do not interact with executable files

How are software modifications to Application-Level Firewalls typically managed? a) Remotely via the network b) Through a web-based interface c) Via physical access to the firewall d) Through email requests

With application level firewalls, any access that has not been explicitly denied is automatically permitted.

What is the primary function of Network Address Translation (NAT) firewalls? a) Deep packet inspection b) Packet filtering c) Address translation between public and private IP addresses d) Application-layer inspection

How does NAT operate in terms of the translation process? a) It operates visibly, alerting computers to the translation process b) It operates transparently, meaning computers are unaware of the translation process c) It operates sporadically, causing disruptions in network traffic d) It operates randomly, assigning IP addresses without a specific pattern

What are the primary purposes of NAT? a) To increase the complexity of network configurations b) To conserve IPv6 addresses c) To conserve IPv4 addresses and enhance security d) To facilitate direct targeting of internal computers by external intruders

Where is NAT commonly integrated? a) Only in high-end enterprise-grade firewalls b) Only in specialized network appliances c) Only in routers intended for corporate use d) In routers and firewalls, including low-cost routers for home use

How does NAT contribute to security? a) By exposing private IP addresses to external entities b) By enhancing the visibility of internal computers on the Internet c) By hiding private IP addresses, making it difficult for external intruders to target internal computers directly d) By randomly assigning IP addresses to external entities

A NAT firewall uses an address table to translate private IP addresses used inside the organization into proxy IP addresses used on the Internet.

__________ refers to the process of translating between one set of private IP addresses inside a network and a set of public addresses outside the network. a. Translation b. Conversion c. Network Address Translation d. Proxy translation e. IP conversion.

A ______ uses an address table to translate the private IP addresses used inside the organization into proxy IP addresses used on the Internet. a. NAT proxy server b. virtual server c. DNS server d. privacy server e. anomaly server

RAID1 writes duplicate copies of all data on at least two different disks; this means that if one disk in the RAID array fails, there is no data loss because there is a second copy of the data stored on a different disk. This is referred to as _____. a. disk backup b. hard drive duplication c. cloud backups d. disk duplication e. disk mirroring

How does a NAT firewall handle outgoing IP packets from internal computers? a) It changes the destination IP address to the firewall's address b) It changes the source IP address to the firewall's address c) It changes the source IP address to a publicly illegal IP address d) It changes the source IP address to a unique number

What does a NAT firewall use as an index to the original source IP address? a) Destination IP address b) Source port number c) Destination port number d) Firewall's IP address

When external computers respond to outgoing messages, to which IP address do they address their messages? a) Destination IP address b) Source IP address c) Firewall's IP address d) Unique number

What does the NAT firewall do upon receiving incoming messages from external computers? a) It discards the messages b) It forwards the messages without any changes c) It changes the destination IP address to the private IP address of the internal computer and adjusts the TCP port number d) It changes the destination IP address to the firewall's address

What range of IP addresses is reserved for private networks, according to the information provided? a) 128.192.55.x b) 10.x.x.x c) 192.168.x.x d) 172.16.x.x to 172.31.x.x

b. 10.x.x.x is reserved for private networks (never used on Internet)

What benefit does NAT provide in terms of internal IP addresses for an organization? a) It decreases the number of available internal IP addresses b) It increases the likelihood of IP conflicts c) It limits the number of internal IP addresses to conserve network resources d) It allows for more internal IP addresses to be used within the organization

Which type of firewall typically performs initial screening from the Internet? a) Application-level firewall b) NAT firewall c) Packet-level firewall d) Stateful inspection firewall

What is typically found behind a packet-level firewall? a) Private internal networks b) Public access servers such as Web servers and public DNS servers c) DMZ network d) Application-level firewalls

b,c

What is the primary purpose of a DMZ in network architecture? a) To facilitate internal communication within a network b) To provide a secure environment for public access servers c) To isolate critical servers from external access d) To serve as a backup for internal network resources

A(n) _______ is a screened subnet devoted solely to public access servers such as Web servers and public DNS servers. a. intranet b. DMZ c. zone of authority d. VLAN e. smart hub

What types of access does the packet-level firewall permit and deny according to the provided information? a) It permits FTP access but denies HTTP and SMTP access b) It permits HTTP and SMTP access but denies FTP access c) It permits FTP and SMTP access but denies HTTP access d) It permits FTP and HTTP access but denies SMTP access

b. HTTP (web browsing), SMTP (email), and others

What role does a NAT firewall play in address translation for packets destined for internal computers? a) It changes the destination address to its own address b) It changes the source address to its own address c) It changes both the source and destination addresses to its own address d) It forwards packets without any address translation

What does the NAT firewall change in the IP packet when it receives a packet from a client computer inside the internal network? a) Source address and destination port number b) Destination address and source port number c) Source address and source port number d) Destination address and destination port number

What is the purpose of an application-level firewall? a) To protect individual applications on servers b) To provide access to public servers c) To manage network traffic routing d) To perform address translation for internal networks

What does physical security aim to prevent? a) Unauthorized access to internal LANs b) Unauthorized access to external websites c) Unauthorized software installations d) Unauthorized access to email accounts

What is a recommended practice to control access to areas where network equipment is located? a) Allowing unrestricted access to all personnel b) Implementing proper access controls and allowing only authorized personnel access c) Posting access codes on public bulletin boards d) Installing surveillance cameras without access controls

What is the purpose of implementing locks on power switches and passwords to disable keyboard and screens? a) To increase network bandwidth b) To enhance system performance c) To prevent unauthorized access to network equipment d) To facilitate remote access for all personnel

Why should organizations be careful about distributed backup and servers? a) Because it improves network performance b) Because it increases the risk of unauthorized access c) Because it reduces network complexity d) Because it simplifies network management

What is a potential drawback of having a dispersed base of servers? a) Reduced network bandwidth b) Increased risk of unauthorized access c) Enhanced network security d) Improved network scalability

b. but good for continuity

How can a well-backed-up, centralized data center potentially enhance security? a) By reducing the need for security education b) By increasing the number of access points c) By simplifying physical security measures d) By inherently providing better security than a dispersed base of servers

In addition to physical security measures, what other factors are important to consider? a) Network bandwidth optimization b) Proper security education, background checks, and error and fraud controls c) Software licensing agreements d) Employee training on network protocols

Why is physical security important in reducing the possibility of attackers posing as employees? a) To increase network bandwidth b) To simplify network management c) To prevent unauthorized access and eavesdropping d) To enhance system performance

Which area is considered the easiest target for eavesdropping due to signals often extending beyond physical walls? a) Wired LANs b) Network devices c) Wireless LANs d) Fiber-optic cables

What makes wireless LANs vulnerable to eavesdropping? a) Signals extending beyond physical walls b) Encryption protocols c) Regular checking for tampering d) Locked wiring closets

What type of network cables are susceptible to eavesdropping, especially when running long distances? a) Armored cables b) Fiber-optic cables c) Pressurized cables d) Unsecured cables

D. Network cable

What is recommended to secure network devices such as switches and routers? a) Keeping them in open areas for easy access b) Storing them in unlocked wiring closets c) Securing them in locked wiring closets to prevent unauthorized access d) Regularly checking for tampering without locking them

Why are local cables considered easier targets for eavesdropping? a) They are regularly checked for tampering b) They are harder to tap into c) They often run short distances d) They usually run long distances and are not regularly checked

What is a notable feature of armored cable regarding cutting attempts? a) It generates alarms when cut b) It is virtually impossible to cut c) It is easier to tap into d) It is regularly checked for tamperin

Which type of cable is effective in generating alarms when cut? a) Pressurized cable b) Armored cable c) Fiber-optic cable d) Unsecured cable

Which type of network devices are considered more vulnerable? a) Wireless access points b) LAN devices such as switches and routers c) Modems d) Servers

A sniffer program is a _____. a. type of macro-virus b. small peep-hole in a door or wall to allow a security guard to sniff the area with his or her nose before entering a secure area or location c. used in a call-back modem d. a program that records all LAN messages received for later analysis e. secure hub program

How can authorization codes for switch access help improve network security? a) By increasing network bandwidth b) By simplifying network management c) By preventing unauthorized access and recording message traffic d) By reducing network latency

What feature does a secure switch typically have? a) It automatically connects new computers without requiring any action b) It requires a special code before new computers are connected c) It restricts access to authorized personnel only d) It disables all network connections

What are security holes typically caused by? a) Physical damage to network hardware b) Unauthorized access to network devices c) Flaws in network software d) Overloading network bandwidth

A software solution to correct a security hole is often referred to as a patch or update

A security hole is a bug or vulnerability that permits intrusion to a computer.

A security hole is a(n) _____. a. malfunction or bug in an application program that allows data to be seen or accessed by unauthorized users b. small peep-hole in a door or wall to allow a security guard to examine an individual before allowing that individual access to a secure area or location c. packet-level firewall d. missing or absent protected mode addressing restrictions on user programs during multitasking or multithreaded program execution e. ANI system

What is the primary role of CERT (Computer Emergency Response Team)? a) Developing new network protocols b) Providing technical support for software issues c) Acting as a central clearing house for Internet-related security holes d) Managing network infrastructure

What is a "zero-day attack" in the context of network security? a) An attack that occurs only during the day b) An attack that exploits vulnerabilities before a patch is available c) An attack that targets networks with zero security measures d) An attack that occurs every day at the same time

What is a common challenge faced by network managers regarding security patches? a) Overloading network bandwidth b) Forgetting to regularly update systems with new patches c) Excessive use of encryption protocols d) Lack of access to security resources

Microsoft’s Windows operating system meets the US government’s A1 level security

What was Windows originally designed for? a) Multiple users with different levels of access b) Maximum security with restricted user control c) One user on one computer with full control d) Compatibility with various hardware architectures

What advantage does Windows offer in terms of applications? a) Limited functionality to prevent hostile takeovers b) More powerful applications without requiring users to understand internals c) Minimalistic design to enhance security d) Compatibility only with Microsoft products

What disadvantage is associated with Windows operating systems? a) Limited application compatibility b) Difficulty in understanding system internals c) Hostile applications taking over the system d) Higher security levels compared to Linux

What security level does Microsoft's Windows operating system provide at least? a) A1 b) B2 c) C2 d) D3

How was Linux designed in terms of user access? a) One user with full control b) Multiple users with equal levels of access c) Multiple users with different levels of access d) Limited access for security purposes

A Trojan horse may allow an unauthorized user to access a computer from a remote location.

How do attackers typically disguise Trojan horses? a) As physical objects b) As legitimate software c) As hardware components d) As network protocols

How do Trojan horses often gain access to a user's computer? a) By physically connecting to the computer b) By exploiting vulnerabilities in antivirus software c) By silently installing when users download and play infected files d) By using encryption to bypass security measures

Which of the following was one of the first major Trojans targeting Windows servers? a) Back Scatter b) Back Orifice c) Back End d) Back Tracker

Spyware, adware and DDOS agents are three types of _____. a. IP spoofing attacks b. Denial-of-service attacks c. Trojans d. Physical security threats e. Intrusion prevention detection approaches

What is a characteristic feature of spyware? a) It displays pop-up advertisements b) It redirects browsers to competitor websites c) It monitors activities on the target computer, recording keystrokes d) It launches Distributed Denial of Service (DDoS) attacks

What is the primary purpose of adware? a) To steal user credentials b) To monitor user actions c) To display pop-up advertisements or redirect browsers d) To enhance network security

What is plaintext in a cryptographic system? a) Encrypted message b) The encryption algorithm c) Unencrypted, cleartext message d) Decryption algorithm

What role does the encryption algorithm play in a cryptographic system? a) It works like the safe's combination b) It works like the unlocking mechanism c) It works like the locking mechanism to a safe d) It works like the key to a safe

What is ciphertext in a cryptographic system? a) Unencrypted, cleartext message b) Encrypted, scrambled message produced from the plaintext message c) The encryption algorithm d) The decryption algorithm

What is the primary difference between symmetric and asymmetric encryption? a) Symmetric encryption uses different keys for encryption and decryption, while asymmetric encryption uses the same key for both b) Symmetric encryption is more secure than asymmetric encryption c) Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses different keys d) Asymmetric encryption is faster than symmetric encryption

What is another name for asymmetric encryption? a) Private-key cryptography b) Secret-key cryptography c) Public-key cryptography d) Shared-key cryptography

What is another name for symmetric encryption? a) Double-Key Encryption b) Public-Key Encryption c) Single-Key Encryption d) Triple-Key Encryption

How does symmetric encryption work for outgoing messages? a) Sender uses different keys for encryption and decryption b) Sender uses a single key to encrypt the message c) Sender uses a public key to encrypt the message d) Sender uses a private key to encrypt the message

What role does the key play in symmetric encryption? a) It ensures the uniqueness of the algorithm b) It encrypts and decrypts the message c) It personalizes the algorithm, ensuring unique data transformation d) It provides secure communication over the internet

What is one vulnerability of symmetric encryption? a) The encryption algorithm is publicly known b) The keys must be securely shared among communicating parties c) Interception of the key while being sent from sender to receiver d) The need for separate keys for communication with different entities

What is a key management challenge associated with symmetric encryption? a) Ensuring the uniqueness of the algorithm b) Recording and securely storing the keys to prevent theft or unauthorized access c) Using different keys for communication with each company d) Keeping the encryption algorithm secret

What happens when identical information is encrypted with the same algorithm but different keys? a) The encryption fails b) The ciphertext remains the same c) Completely different ciphertexts are produced d) The decryption becomes impossible

What are the two components of symmetric encryption? a) The sender and the receiver b) The plaintext and the ciphertext c) The algorithm and the encryption key d) The encryption key and the decryption key

What factor contributes to the strength of encryption? a) Length of the ciphertext b) Complexity of the algorithm c) Length of the secret key d) Speed of the decryption process

Why are longer keys preferred in encryption? a) They make the encryption process faster b) They ensure the secrecy of the algorithm c) They make it easier to crack the encryption d) They make it more difficult to crack the encryption

What needs to be kept secure to maintain the security of encryption? a) The algorithm b) The ciphertext c) The decryption process d) The keys

What is brute force in the context of breaking encryption? a) A method of guessing the correct password by trying every possible key b) A method of analyzing ciphertext for patterns c) A method of decrypting the message without the key d) A method of intercepting encrypted messages

a. Symmetric encryption requires a large number of possible keys to resist exhaustive brute-force attacks

What is Data Encryption Standard (DES)? a) A symmetric encryption algorithm developed by IBM in the mid-1970s b) A symmetric encryption algorithm developed by the US government and IBM in the mid-1970s c) An asymmetric encryption algorithm standardized by NIST d) An encryption standard established by AES

What is the key length of the most common version of DES? a) 40 bits b) 56 bits c) 128 bits d) 168 bits

Network cables are the easiest target for eavesdropping.

DES is a commonly used symmetric encryption algorithm, developed in the mid1990s by the American government in conjunction with IBM, and is the recommended encryption algorithm for highly sensitive data.

Why is DES not recommended for data needing high security? a) Because it is too complex to implement b) Because it can be broken by brute force (in less than a day) c) Because it requires too much computational power d) Because it is too slow

What is Triple DES (3DES)? a) An encryption standard established by AES b) An encryption technique that applies DES three times, effectively giving it a 168-bit key c) An encryption technique that combines DES with AES d) An encryption technique that uses a 256-bit key

What is the purpose of Advanced Encryption Standard (AES)? a) To replace DES b) To enhance the security of RC4 c) To establish a new encryption algorithm by IBM d) To standardize asymmetric encryption techniques

What key lengths does AES use? a) 40, 56, and 168 bits b) 56, 128, 192, and 256 bits c) 128, 192, and 256 bits d) 256 bits only

What is RC4? a) An encryption standard established by AES b) An encryption technique developed by the US government c) An encryption technique that uses a 40-bit key d) An encryption technique that applies DES three times

What vulnerability does RC4 suffer from? a) Vulnerabilities similar to DES, particularly with its longer key lengths b) Vulnerabilities similar to DES, particularly with its shorter key lengths c) Vulnerabilities related to its complexity d) Vulnerabilities related to its speed

Triple DES uses a total of 512 bits as the key.

f. 168

What is another name for asymmetric encryption? a) Secret key encryption b) Private key encryption c) Public key encryption (PKE) d) Single key encryption

How many keys does asymmetric encryption operate with? a) One key b) Two keys c) Three keys d) Four keys

Who invented the most popular form of asymmetric encryption, RSA? a) Alan Turing b) Edward Snowden c) Rivest, Shamir, and Adelman d) Bill Gates

What is the typical length of keys used in the public key in asymmetric encryption? a) 128 bits b) 256 bits c) 512 bits, 1,024 bits, or 2,048 bits d) 64 bits

How is the public key in asymmetric encryption distributed? a) It is kept secret b) It is exchanged between sender and recipient c) It is easily accessible in a public directory d) It is never used

How is the private key in asymmetric encryption handled? a) It is shared publicly b) It is distributed to all users c) It is never distributed and kept secret d) It is used for encryption

What is the role of the recipient's public key in asymmetric encryption? a) Encrypting the message b) Decrypting the message c) Both encrypting and decrypting the message d) Verifying the authenticity of the message

What enables the use of digital signatures for authentication purposes? a) Symmetric encryption b) Asymmetric encryption c) Triple DES d) RC4

What does a digital signature provide proof of? a) The recipient's identity b) The encryption algorithm used c) The sender's identity d) The decryption key

When using a digital signature for the process of authentication, the sender encrypts the message with their private key and the recipient decrypts the message with the sender’s public key

__________ provide authentication which can legally prove who sent a message over a network. a. Digital signatures b. DES keys c. Directory keys d. Screen names e. User Ids

How does public key encryption enable digital signatures? a) By encrypting the message with the recipient's private key b) By encrypting the message with the recipient's public key c) By encrypting the message with the sender's private key d) By encrypting the message with the sender's public key

How can a recipient verify a digital signature? a) By decrypting the message with the sender's public key b) By decrypting the message with the sender's private key c) By decrypting the message with the recipient's public key d) By decrypting the message with the recipient's private key

What does a "digital signature" computer file typically include? a) Only the name of the signing party b) Only the date and time of signing c) Name of the signing party and other key contents such as date and time d) Encrypted message contents

What is the role of Public Key Infrastructure (PKI) in public key encryption on the Internet? a) Encrypting messages with the recipient's public key b) Verifying the authenticity of users c) Decrypting messages with the sender's private key d) Issuing digital certificates containing the user's private key

What does a Certificate Authority (CA) do in PKI? a) Encrypts messages with the recipient's public key b) Decrypts messages with the sender's private key c) Vouches for the authenticity of users using authentication d) Issues digital certificates containing the user's private key

What is the main requirement for a merchant to register with a Certificate Authority (CA)? a) Providing proof of identity b) Paying a registration fee c) Encrypting all communication with customers d) Obtaining a digital certificate from another merchant

What are the levels of certification provided by a Certificate Authority (CA)? a) Simple confirmation of an email address b) Complete police-style background check c) Both a and b d) Neither a nor b

What information does a digital certificate issued by a CA contain? a) The user's private key b) The CA's private key c) The user's public key encrypted with the CA's private key d) The CA's public key encrypted with the user's private key

. A certificate authority is a trusted organization that can vouch for the authenticity of a person or organization

A __________ is a trusted organization that can vouch for the authenticity of the person or the organization using the authentication. a. disaster recovery firm b. DES company c. directory company d. certificate authority e. fingerprint advisory board

What is the purpose of a digital certificate? a) To encrypt messages b) To verify the identity of a digital signature's source c) To create a secure connection between devices d) To generate unique fingerprints for messages

How does the recipient verify a digital certificate? a) By encrypting it with the sender's public key b) By decrypting it with the Certificate Authority's (CA) public key c) By comparing it with the sender's private key d) By verifying it with the recipient's public key

What additional step might the recipient take to ensure the validity of a digital certificate? a) Compare it with the sender's private key b) Decrypt it with the sender's public key c) Check with the Certificate Authority (CA) for revocation status d) Encrypt it with the CA's private key

In higher security certifications, what does the Certificate Authority (CA) issue for each message sent by the user? a) Digital signature b) Unique fingerprint c) Encryption key d) Authentication token

How is a unique fingerprint for a message created in higher security certifications? a) By combining the sender's private key with the message's contents b) By encrypting the message with the CA's public key c) By hashing the combination of the CA's private key and the message's authentication key contents d) By decrypting the message with the recipient's public key

Secure Sockets Layer is an encryption standard designed for use on the Web.

Where does SSL operate in the network protocol stack? a) Between the network and data link layers b) Between the application and transport layers c) Between the transport and network layers d) Between the data link and physical layers

What is the purpose of SSL negotiation for PKI? a) To encrypt outbound packets b) To decrypt inbound packets c) To establish a secure connection between server and client d) To compress data transmission

What does the server send during SSL negotiation for PKI? a) Its private key b) Its public key and symmetric encryption technique c) A digital certificate d) A hash of the data to be transmitted

What does the browser do during SSL negotiation for PKI? a) Decrypts the server's public key b) Generates a symmetric encryption key c) Sends its private key to the server d) Verifies the server's identity using a digital certificate

How does the browser encrypt the symmetric encryption key during SSL negotiation? a) With the server's private key b) With the server's public key c) With the browser's private key d) With the browser's public key

How are messages encrypted between the server and browser in SSL? a) Using the server's public key b) Using the browser's public key c) Using a symmetric key generated by the browser d) Using a symmetric key generated by the server

Where does IP Security Protocol (IPSec) sit in the network protocol stack? a) Between the network and data link layers b) Between the application and transport layers c) Between IP at the network layer and TCP/UDP at the transport layer d) Between the transport and network layers

What is a key feature of IPSec? a) It encrypts outbound packets from the application layer b) It operates only with web applications c) It can be used with other application layer protocols d) It negotiates PKI for server authentication

How do A and B establish a symmetric key in IPSec using Internet Key Exchange (IKE)? a) They share their public keys b) They generate and exchange random numbers c) They decrypt packets from the application layer d) They negotiate with the Certificate Authority (CA

Which mode of IPSec encrypts only the IP payload and adds an Authentication Header (AH) or an Encapsulating Security Payload (ESP) packet? a) Transport mode b) Tunnel mode c) Key Exchange mode d) Encryption mode

In which mode of IPSec does the entire IP packet get encrypted and a new header for routing is added? a) Transport mode b) Tunnel mode c) Key Exchange mode d) Encryption mode

What is a benefit of Tunnel mode in IPSec? a) Allows easy routing through the Internet b) Encrypts only the IP payload c) Requires the IPSec agent at the next destination to decrypt the data d) Allows attackers to learn the ultimate source and destination of the packets

In transport mode, IPSec encrypts the entire IP packet.

Which of the following is a mode that is used by IPSec? a. exchange b. sniffer c. tunnel d. creeper e. firefighter

What is the primary purpose of a user profile in a network? a) To assign IP addresses to users b) To determine the limits of user access on the network c) To regulate network bandwidth usage d) To monitor network traffic

Who typically assigns user profiles to user accounts? a) Network users b) System administrators or network managers c) Security auditors d) Software developers

What does a user profile specify regarding log-in access? a) User's email address b) User's password strength c) Allowable log-in day and time of day d) Network speed for the user

What aspect of user access does a user profile control in terms of physical locations? a) User's workstation hardware b) User's favorite websites c) Allowable physical locations for log-in d) User's software preferences

What action might be taken if a user exceeds the allowable number of incorrect log-in attempts specified in their profile? a) Automatic account deletion b) Automatic password reset c) Notification to network security d) Automatic log-out of the user

What could trigger an automatic logout according to a user profile? a) User inactivity b) User exceeding bandwidth limits c) User accessing unauthorized websites d) User changing network settings

Which of the following is not a method for deterring intrusion? a. training end users not to divulge passwords b. using a smart card in conjunction with a password to gain access to a computer system c. using biometric devices to gain access to a computer system d. using a security software package that logs out users if that user is ‘idle’ for a certain amount of time e. performing social engineering

. Which of the following is not true about one-time passwords? a. Users’ pagers or smart phones (via text messaging) can receive them. b. They can be used in conjunction with a token system. c. The user must enter the one-time password to gain access or the connection is terminated. d. This is a good security solution for users who travel frequently and who must have secure dial-in access. e. They create a packet level firewall on the system.

A ______________ is a browser add-in or app that stores website passwords. a. password collaborator b. password manager c. script manager d. security envelope e. security manager

What protects all passwords in a password manager? a) Two-factor authentication b) A master password c) Biometric authentication d) Security questions

Biometric systems scan the user to ensure that the user is the sole individual authorized to access the network account.

The most commonly used central authentication protocol used today is Kerberos.

What problem does Central Authentication aim to solve? a) Slow internet connection b) Users forgetting their passwords c) Managing multiple user profiles and passwords across different computers d) System crashes

What is another name for Central Authentication? a) Multi-factor authentication b) Network encryption c) Single sign-on (SSO) d) Two-step verification

What does the authentication server do upon successful user authentication? a) Assigns a random password to the user b) Issues a certificate (credentials) c) Deletes the user's account d) Redirects the user to another server

How do users access restricted services or resources in Central Authentication? a) By entering a new password b) By presenting the certificate to the authentication server c) By bypassing authentication d) By logging in to individual servers

What is the primary purpose of Intrusion Prevention Systems (IPS)? a) To increase network speed b) To detect and prevent intrusions into computer systems or networks c) To provide antivirus protection d) To improve network connectivity

What are the two general types of IPS? a) Internet-based IPS and server-based IPS b) Network-based IPS and host-based IPS c) Software-based IPS and hardware-based IPS d) Firewall-based IPS and antivirus-based IPS

How does a network-based IPS function? a) It installs software on individual hosts or servers b) It utilizes IPS sensors on key network circuits to monitor network packets c) It scans emails for malicious content d) It encrypts all network traffic

How does a host-based IPS operate? a) It installs sensors on key network circuits b) It monitors activity on a server or host c) It scans emails for malicious content d) It encrypts all network traffic

What does the host-based IPS report intrusions to? a) The host's operating system b) An IPS management console c) An antivirus software d) The network firewall

A host based intrusion prevention system (IPS) monitors activity on the server and reports intrusions to the IPS management console.

What is the primary function of misuse detection in Intrusion Prevention Systems (IPSs)? a) Monitoring network traffic b) Comparing monitored activities with signatures of known attacks c) Generating random alerts d) Analyzing failed logins

What is a challenge associated with the use of misuse detection in IPSs? a) Keeping database records organized b) Ensuring stable network operation c) Maintaining an up-to-date database of attack signatures d) Managing network bandwidth

What is the primary objective of anomaly detection in IPSs? a) Comparing monitored activities with signatures of known attacks b) Identifying major deviations from normal network operation c) Generating random alerts d) Analyzing successful logins

In what type of computing environments does anomaly detection typically operate? a) Dynamic environments b) Unstable environments c) Stable environments d) Isolated environments

What triggers an alert in anomaly detection? a) The presence of known attack signatures b) Minor fluctuations in network traffic c) Major deviations from normal parameters of network operation d) Successful logins

A fundamental technique to determine if an intrusion is in progress in a stable network is: a. anomaly detection b. armoring cable c. RSA algorithm d. patching e. scanning a user’s fingerprint

To snare intruders, many organizations now use _________ techniques. a. entrapment b. hacker c. Trojan horse d. cracker e. DES

The use of computer analysis techniques to gather evidence for criminal and/or civil trials is known as _____. a. Trojan horse b. sniffing c. tunneling d. computer forensics e. misuse detection

chapter 11 (2) Flashcards

(207 cards)