E5

Question 1

Exam Question 201 (p.269)Why are weak passwords a significant problem in networks?

Answer 1

Because hackers get in and cause trouble.

Question 2

Exam Question 202 (p.269):

List three true measures of password quality.

Answer 2

Is it easy for you to remember? Is it dicult to guess? Is it difficult for
others to remember

Question 3

Exam Question 203 (p.269):

What is a dictionary attack?

Answer 3

It is using a long list of likely passwords in hopes of finding one that works

Question 4

Exam Question 204 (p.269):

List two types of bad passwords.

Answer 4

a) anything short, (b) anything in a dictionary.

Question 5

Exam Question 205 (p.269):

What do I recommend for a password?

Answer 5

initials of a familiar phrase

Question 6

Exam Question 206 (p.269):

What is a high-value password?

Answer 6

A password to protect a high-value asset.

Question 7

Exam Question 207 (p.269):

What is a low-value password?

Answer 7

A password to protect a low-value asset.

Question 8

Exam Question 208 (p.269):

Does it matter if a low-value password is easy to guess?

Answer 8

Not much.

Question 9

Exam Question 209 (p.269):

List four ways to prove identity.

Answer 9

What you have. What you know. What you are. What you can do.

Question 10

Exam Question 210 (p.269):

What is multi-factor authentication?

Answer 10

Several UNRELATED factors must be presented.

Question 11

Exam Question 211 (p.269):

What is single sign-on?

Answer 11

You authenticate once and then receive credentials that are (a) used on
related websites (b) in place of authenticating again.

Question 12

Exam Question 212 (p.269):

What is a hacker?

Answer 12

Someone that goes beyond the routine ways of using a tool.

Question 13

Exam Question 213 (p.269):

Is hacking bad?

Answer 13

no

Question 14

Exam Question 214 (p.269):

What does black hat mean?

Answer 14

It means a bad-guy hacker

Question 15

Exam Question 215 (p.269):

What does white hat mean?

Answer 15

It means a good-guy (ethical) hacker.

Question 16

Exam Question 216 (p.269):

What is pen testing?

Answer 16

penetration testing

Question 17

Exam Question 217 (p.269):

What are symmetric keys?

Answer 17

Encryption keys that cancel each other out are symmetric.

Question 18

Exam Question 218 (p.269):

What does rot13 stand for?

Answer 18

rotate thirteen

Question 19

Exam Question 219 (p.269):

How does rot13 work?

Answer 19

Each letter is replaced by the one 13 places away.

Question 20

Exam Question 220 (p.270):

Who knows Alice’s public key?

Answer 20

everybody

Question 21

Exam Question 221 (p.270):

Who knows Alice’s private key?

Answer 21

Alice

Question 22

Exam Question 222 (p.270):

How do you send a private message to Bob?

Answer 22

Encrypt it with Bob’s public key.

Question 23

Exam Question 223 (p.270):

What is the purpose of encrypting a message?

Answer 23

Prevent others from understanding it.

Question 24

Exam Question 224 (p.270):

What is the purpose of signing a message?

Answer 24

Prove authorship.

Question 25

Exam Question 225 (p.270): | How do you sign a message?

Answer 25

Encrypt it with your private key.

Question 26

Exam Question 226 (p.270): | How does signing prove authorship?

Answer 26

Only the person with the private key could have encrypted it. They must be the source.

Question 27

Exam Question 227 (p.270): | How can Bob send a private, authenticated message to Alice?

Answer 27

First, encrypt it with Bob's private key to prove authorship. Second, encrypt the result with Alice's public key to provide privacy.

Question 28

Exam Question 228 (p.270): | Why are public-key systems special?

Answer 28

They let us create a shared secret between parties that did not already know each other

Question 29

Exam Question 229 (p.270): | Why is RSA special?

Answer 29

It easily creates good public keys.

Question 30

Exam Question 230 (p.270): | What is a prime number?

Answer 30

A number with no proper factors.

Question 31

Exam Question 231 (p.270): | Why are prime numbers used in encryption?

Answer 31

It is easy to multiply two large prime numbers, but it is dicult to nd the original numbers.

Question 32

Exam Question 232 (p.270): | What does the RSA private key consist of?

Answer 32

Two large prime numbers are chosen. They are the private key.

Question 33

Exam Question 233 (p.270): | What does the RSA public key consist of?

Answer 33

The large prime numbers of the private key are multiplied together. The result is the public key.

Question 34

Exam Question 234 (p.270): | If RSA is so great, why are other things used?

Answer 34

other things are faster

Question 35

Exam Question 235 (p.270): | Is http considered to be secure? Why?

Answer 35

No. Traffic (data) is not encrypted.

Question 36

Exam Question 236 (p.270): | Is https considered to be secure? Why?

Answer 36

Yes. Traffic (data) is encrypted.

Question 37

Exam Question 237 (p.270): | What does SSL stand for?

Answer 37

secure sockets layer

Question 38

Exam Question 238 (p.270): | What does TLS stand for?

Answer 38

transport layer security

Question 39

Exam Question 239 (p.270): | How does SSL protect confidentiality of a TCP connection?

Answer 39

Traffic (data) is (a) encrypted to (b) hide its meaning.

Question 40

Exam Question 240 (p.270): | What is an Outside Threat?

Answer 40

A threat by a machine outside of your LAN.

Question 41

Exam Question 241 (p.271): | What is a botnet?

Answer 41

A network of computers controlled by a hacker, usually without the knowledge of their real owners.

Question 42

Exam Question 242 (p.271): | For what two things are botnets commonly used?

Answer 42

Sending spam. Doing attacks.

Question 43

Exam Question 243 (p.271): | What does DDOS stand for?

Answer 43

distributed denial of service (attack)

Question 44

Exam Question 244 (p.271): | What is a zombie?

Answer 44

A computer that is part of a botnet.

Question 45

Exam Question 245 (p.271): | What does PWN stand for?

Answer 45

own | Pwn means you have been owned by a hacker. They control your computer.

Question 46

Exam Question 246 (p.271): | What is an Inside Threat?

Answer 46

A threat by a machine inside your LAN.

Question 47

Exam Question 247 (p.271): | What two things does server mean?

Answer 47

(a) a program (software) that provides a service, (b) a computer (hard- ware) where such a program runs

Question 48

Exam Question 248 (p.271): | How can firewalls mitigate network attacks against servers?

Answer 48

They can control the number of incoming requests based on IP address.

Question 49

Exam Question 249 (p.271): | How can firewalls mitigate network attacks against clients?

Answer 49

They can prevent all uninvited access from outside the LAN.

Question 50

Exam Question 250 (p.271): | What does DMZ stand for?

Answer 50

demilitarized zone

Question 51

Exam Question 251 (p.271): | What service does DMZ provide?

Answer 51

It directs unexpected network trac on all ports to one designated ma- chine.

Question 52

Exam Question 252 (p.271): | What service does port forwarding provide?

Answer 52

It directs unexpected network trac on a few ports to a designated ma- chine.

Question 53

Exam Question 253 (p.271): | How can sharing your Wi-Fi be dangerous?

Answer 53

Bad people might get directly into your LAN. This bypasses your main firewall.