Quiz questions

Question 1

The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function.

Answer 1

true

Question 2

A firewall can serve as the platform for IPSec.

Answer 2

true

Question 3

A packet filtering firewall is typically configured to filter packets going in both directions.

Answer 3

true

Question 4

A prime disadvantage of an application-level gateway is the additional processing overhead on each connection.

Answer 4

true

Question 5

A DMZ is one of the internal firewalls protecting the bulk of the enterprise network.

Answer 5

false

Question 6

The _______ defines the transport protocol.A. destination IP address B. source IP address C. interface D. IP protocol field

Answer 6

D

Question 7

A _________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.

Answer 7

circuit-level

Question 8

Typically the systems in the ________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server.

Answer 8

DMZ

Question 9

A _______ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.

Answer 9

Distributed firewall

Question 10

The ________ attack is designed to circumvent filtering rules that depend on TCP header information.

Answer 10

tiny fragment

Question 11

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

Answer 11

true

Question 12

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

Answer 12

true

Question 13

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

Answer 13

false

Question 14

A common location for a NIDS sensor is just inside the external firewall.

Answer 14

true

Question 15

Network-based intrusion detection makes use of signature detection and anomaly detection.

Answer 15

true

Question 16

Symmetric encryption is used primarily to provide confidentiality.

Answer 16

true

Question 17

Two of the most important applications of public-key encryption are digital signatures and key management.

Answer 17

true

Question 18

The secret key is one of the inputs to a symmetric-key encryption algorithm.

Answer 18

true

Question 19

The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.

Answer 19

true

Question 20

Public-key algorithms are based on simple operations on bit patterns.

Answer 20

false

Question 21

A _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.

Answer 21

host-based IDS

Question 22

_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

Answer 22

Signature detection

Question 23

_______ involves the collection of data relating to the behavior of legitimate users over a period of time.

Answer 23

Anomaly detection

Question 24

A(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

Answer 24

inline-sensor

Question 25

The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

Answer 25

analyzer

Question 26

On average, ________ of all possible keys must be tried in order to achieve success with a brute-force attack.

Answer 26

half

Question 27

If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to ________ .

Answer 27

use longer keys

Question 28

________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.

Answer 28

message authentication

Question 29

The purpose of a ________ is to produce a ?fingerprint? of a file, message, or other block of data.

Answer 29

hash function

Question 30

A _________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.

Answer 30

digital signature

Question 31

Symmetric encryption is also referred to as secret-key or single-key encryption.

Answer 31

true

Question 32

The ciphertext-only attack is the easiest to defend against.

Answer 32

true

Question 33

A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.

Answer 33

true

Question 34

AES uses a Feistel structure.

Answer 34

false

Question 35

Each block of 64 plaintext bits is encoded independently using the same key? is a description of the CBC mode of operation.

Answer 35

false

Question 36

Timing attacks are only applicable to RSA.

Answer 36

false

Question 37

Using PKCS (public-key cryptography standard), when RSA encrypts the same message twice, different ciphertexts will be produced.

Answer 37

true

Question 38

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms

Answer 38

true

Question 39

A key exchange protocol is vulnerable to a man-in-the-middle attack if it does not authenticate the participants.

Answer 39

true

Question 40

Just like RSA can be used for signature as well as encryption, Digital Signature Standard can also be used for encryption

Answer 40

false

Question 41

In general, public key based encryption is much slower than symmetric key based encryption.

Answer 41

true

Question 42

________ is the original message or data that is fed into the encryption process as input.

Answer 42

plaintext

Question 43

Which of the following would allow an attack that to know the (plaintext of) current message must be the same as one previously transmitted because their ciphtertexts are the same?A. CBC B. ECB C. CFB D. OFB

Answer 43

B

Question 44

________ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.

Answer 44

Key distribution technique

Question 45

Which of the following feature can only be provided by public-key cryptography?A. Confidentiality protection B. Integrity protection C. Non-repudiation D. None of the above

Answer 45

C

Question 46

Cryptographic systems are generically classified by _______.A. the type of operations used for transforming plaintext to ciphertext B. the number of keys used C. the way in which the plaintext is processed D. all of the above

Answer 46

D

Question 47

________ attacks have several approaches, all equivalent in effort to factoring the product of two primes.

Answer 47

mathematical

Question 48

________ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number.

Answer 48

timing attacks

Question 49

_________ was the first published public-key algorithm.

Answer 49

Diffie-helman

Question 50

The principal attraction of ________ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead.

Answer 50

ECC

Question 51

SHA is perhaps the most widely used family of hash functions.

Answer 51

true

Question 52

SHA-1 is considered to be very secure.

Answer 52

false

Question 53

HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strengths.

Answer 53

true

Question 54

The additive constant numbers used in SHA-512 are random-looking and are hardcoded in the algorithm.

Answer 54

true

Question 55

The strong collision resistance property subsumes the weak collision resistance property.

Answer 55

true

Question 56

Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES and AES.

Answer 56

true

Question 57

A hash function such as SHA-1 was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key.

Answer 57

true

Question 58

It is a good idea to use sequentially increasing numbers as challenges in security protocols.

Answer 58

false

Question 59

Assuming that Alice and Bob have each other?s public key. In order to establish a shared session key, Alice just needs to generate a random k, encrypt k using Bob?s public key, and send the encrypted k to Bob and then Bob will know he has a key shared with Alice.

Answer 59

false

Question 60

In security protocol, an obvious security risk is that of impersonation.

Answer 60

true

Question 61

In Kerberos, the authentication server shares a unique secret key with each authorized computer on the network.

Answer 61

true

Question 62

In Kerberos, each human user has a master key shared with the authentication server, and the key is usually derived from the user's password.

Answer 62

true

Question 63

In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user?s master key.

Answer 63

true

Question 64

Kerberos ticket-granting ticket is never expired.

Answer 64

false

Question 65

Kerberos does not support inter-realm authentication.

Answer 65

false

Question 66

SHA-1 produces a hash value of _______ bits.

Answer 66

160

Question 67

Issued as RFC 2104, _______ has been chosen as the mandatory-to-implement MAC for IP Security.

Answer 67

HMAC

Question 68

The DSS makes use of the _______ and presents a new digital signature technique, the Digital Signature Algorithm (DSA).

Answer 68

SHA-1

Question 69

The purposes of a security protocol include:A. Authentication B. Key-exchange C. Negotiate crypto algorithms and parameters D. All the above

Answer 69

D

Question 70

Which of the following scenario requires a security protocol:A. log in to mail.google.com B. connecting to work from home using a VPN C. Both A and B

Answer 70

C

Question 71

In IPSec, packets can be protected using ESP or AH but not both at the same time.

Answer 71

false

Question 72

In IPSec, if A uses DES for traffic from A to B, then B must also use DES for traffic from B to A.

Answer 72

false

Question 73

In IPSec, the sequence number is used for preventing replay attacks.

Answer 73

true

Question 74

Most browsers come equipped with SSL and most Web servers have implemented the protocol.

Answer 74

true

Question 75

Even web searches have (often) been in HTTPS.

Answer 75

true

Question 76

In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic.

Answer 76

true

Question 77

Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes.

Answer 77

true

Question 78

iOS has no vulnerability.

Answer 78

false

Question 79

In iOS, each file is encrypted using a unique, per-file key.

Answer 79

true

Question 80

In iOS, an app can run its own dynamic, run-time generated code.

Answer 80

false

Question 81

The App Store review process can guarantee that no malicious iOS app is allowed into the store for download.

Answer 81

false

Question 82

In iOS, each app runs in its own sandbox.

Answer 82

true

Question 83

In Android, all apps have to be reviewed and signed by Google.

Answer 83

false

Question 84

In Android, an app will never be able to get more permission than what the user has approved.

Answer 84

false

Question 85

Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates).

Answer 85

false

Question 86

The most complex and important part of TLS is the ________.

Answer 86

handshake protocol

Question 87

_______ is a list that contains the combinations of cryptographic algorithms supported by the client.

Answer 87

CipherSuite

Question 88

ESP supports two modes of use: transport and ________.

Answer 88

tunnel

Question 89

A benefit of IPsec is ________.A. that it is below the transport layer and transparent to applications B. there is no need to revoke keying material when users leave the organization C. it can provide security for individual users if needed D. all of the above

Answer 89

D

Question 90

The ______ field in the outer IP header indicates whether the association is an AH or ESP security association.

Answer 90

protocol identifier

Question 91

A cookie can be used to authenticate a user to a web site so that the user does not have to type in his password for each connection to the site.

Answer 91

true

Question 92

Malicious JavaScripts is a major threat to browser security.

Answer 92

true

Question 93

XSS is possible when a web site does not check user input properly and use the input in an outgoing html page.

Answer 93

true

Question 94

XSS can perform many types of malicious actions because a malicious script is executed at user?s browser.

Answer 94

true

Question 95

XSRF is possible when a user has a connection to a malicious site while a connection to a legitimate site is still alive.

Answer 95

true

Question 96

In XSRF, the malicious site can send malicious script to execute in the user?s browser by embedding the script in a hidden iframe.

Answer 96

true

Question 97

It is easy for the legitimate site to know if a request is really from the (human) user.

Answer 97

false

Question 98

SQL injection attacks only lead to information disclosure.

Answer 98

false

Question 99

Using an input filter to block certain characters is an effective way to prevent SQL injection attacks.

Answer 99

false

Question 100

SQL injection is yet another example that illustrates the importance of input validation.

Answer 100

true

Question 101

Organizational security objectives identify what IT security outcomes should be achieved.

Answer 101

true

Question 102

Since the responsibility for IT security is shared across the organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

Answer 102

true

Question 103

Legal and regulatory constraints may require specific approaches to risk assessment.

Answer 103

true

Question 104

One asset may have multiple threats and a single threat may target multiple assets.

Answer 104

true

Question 105

It is likely that an organization will not have the resources to implement all the recommended controls.

Answer 105

true

Question 106

The IT security management process ends with the implementation of controls and the training of personnel.

Answer 106

false

Question 107

The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations.

Answer 107

true

Question 108

The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users.

Answer 108

true

Question 109

An IT security plan should include details of ________.A. risks B. recommended controls C. responsible personnel D. all of the above

Answer 109

D

Question 110

______ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries.

Answer 110

Anonymization