BISM 2600 Ch 2 and 3 test
Which layer(s) of the hybrid TCP/IP—OSI standards architecture normally use(s) OSI standards?
Data link
Which of the following can spread more rapidly?
Directly-propagating worms.
________ is the reestablishment of information technology operations after a disaster.
Disaster recovery
________ is placing a message in the data field of another message.
Encapsulation
B7-22-DD-6F-C8-AB is an ________ address.
Ethernet
The side wishing to close a TCP segment sends a(n) ________ segment.
FIN
A compromise is an attempted attack.
False
A corporate network can use either OSI standards at all layers or TCP/IP standards at all layers, but cannot use OSI standards at some layers and TCP/IP standards at other layers.
False
A password that can be broken by a dictionary attack or a dictionary attack in hybrid mode can be adequately strong if it is very long.
False
Antivirus programs can usually stop directly-propagating worms.
False
Binary counting usually begins at 1.
False
Firewalls can usually stop viruses.
False
Hacking is defined as intentionally using a computer resource without authorization.
False
IP is reliable.
False
If you have a field with N bits, you can represent N2 items.
False
In HTTP, a server may initiate an interaction with the client.
False
In HTTP, most response message header fields consist of a keyword, an equal sign, and the value for the keyword.
False
In identity theft, the attacker steals credit card numbers, which he or she will use to make unauthorized purchases.
False
It is still hacking if a person breaks into a computer accidentally.
False
Messages always have data fields.
False
Most hackers today are driven by curiosity, a sense of power, and, sometimes, a desire to increase their reputation among peers.
False
Most or all messages have trailers.
False
Nearly all application standards are simple, like HTTP.
False
Passwords are widely used because they offer very strong authentication.
False
Scripts are normally bad.
False
The application layer standard always is HTTP.
False
The goal of security is to eliminate risk.
False
The last stage in a hacking attack is the break-in.
False
Universal malware requires a vulnerability to succeed.
False
In general, people who receive access to a resource should be given maximum permissions so that they can do their jobs with few restrictions.
False.
Which of the following can thwart directly-propagating worms?
Firewalls
________ is lying to get victims to do something against their financial self interest.
Fraud
Which of the following is true?
Guidelines must be considered.
Which of the following is the standards agency for TCP/IP?
IETF.
217.42.18.248 is an ________ address
IP
Which of the following is a standard?
IP
Hackers send probe packets to identify ________.
IP addresses with active hosts and hosts running certain applications
Which has stronger security?
IPsec.
What are the most dangerous types of employees?
IT and IT security staff members.
CSIRTs should include ________.
IT personnel and Senior Managers
Which of the following is a standards agency for OSI?
ITU-T.
Which of the following tends to be more damaging?
Identity Theft
Which of the following is NOT an OSI layer?
Internet
Which of the following has port numbers in its header?
Both -- UDP and TCP
Port fields are found in ________.
Both -- UDP and TCP headers
In HTTP, the end of a header field is indicated by a ________.
CRLF
Which of the following is a criteria by which biometrics can be judged?
Cost and Susceptibility to deception
________ is the general name for proofs of identity in authentication.
Credentials
What type of attacker are most attackers today?
Criminals
Which type of attack is made by national governments?
Cyberwar attacks
What type of attacker can do the most damage?
National governments.
Which of the following is an architecture?
Neither IP or TCP
Which standards architecture is dominant at the application layer?
Neither OSI or TCP/IP
What is the dominant network standards architecture in most real firms today?
Neither TCP/IP or OSI
Which of the following is a network standards architecture?
TCP/IP
After the side wishing to close a TCP connection sends a FIN segment, it will ________.
only send ACK segments
UDP checks messages for errors but does not correct them. UDP is ________.
unreliable
Viruses most commonly spread from one computer to another ________.
via e-mail
Trojan horses get onto computers by ________.
viruses and hackers
A ________ is a flaw in a program that permits a specific attack or set of attacks against this problem.
vulnerability
Attacking your own firm occurs in ________.
vulnerability testing
Oversight activities include ________.
vulnerability testing
Which of the following sometimes uses direct propagation between computers?
worms
The fact that two processes other than physical layer processes cannot communicate directly requires the use of encapsulation.
True
The header is defined as everything that comes before the data field.
True
To handle internetwork transmission control tasks that IP cannot handle, the IETF created TCP.
True
Viruses propagate within a computer by infecting other programs in that computer.
True
Which of the following attach themselves to other programs?
Viruses
Which of the following layers has the most standards?
Application
Scripts are likely to be dangerous only if a computer has a vulnerability.
True
Scripts may execute software when a webpage is downloaded.
True
Malware programs that masquerade as system files are called ________.
trojan horses
Which layer has more standards?
Application
If someone says that a 1-bit flag is set, this means that it is given the value ________.
1
In two-way dialogues using symmetric key encryption, how many keys are used for encryption and decryption?
1
In binary, 13 is 1101. What is 14?
1110
A 7-bit field can represent ________ alternatives.
128
What is (are) the well-known port number(s) for FTP?
20 and 21
What is (are) the well-known port number(s) for SMTP?
25
In symmetric key encryption, a key must be ________ bits long or longer to be considered strong. (Choose the choice closet to the correct answer)
256
A 5-bit field can represent ________ alternatives.
32
In an IP header, the first bit in the second row is bit ________.
32
How long are IP addresses?
32 bits
Ethernet addresses are ________.
48 bits long
In OSI, the presentation layer is Layer ________.
6
Ethernet addresses are ________.
6 octets long
To represent 65 alternatives, your alternatives field would have to be ________ bits long.
7
With complex passwords, adding a single character increases the number of passwords that must be tried in brute force guessing by a factor of about ________.
70
According to the book, passwords should be at least ________ characters long.
8
What is (are) the well-known port number(s) for HTTP?
80
Which of the following is NOT one of the three general parts of messages?
Address field
Which of the following is not one of the four response phases for when attacks occur?
All of the above are response phases -- Detecting the attack, Stopping the attack, Repairing the damage, Punishing the attacker.
At which layer would you find file transfer protocol standards for downloading files?
Application
At which layer would you find standards for requesting videos from a video sharing site such as YouTube?
Application
How many bytes will it take to transmit "Can you hear me now?" without the quotation marks?
None of the Above
In digital certificate authentication, the verifier gets the key it needs from the ________.
None of the above -- supplicant, verifier, and true party
A host will retransmit a TCP segment if ________.
None of the above -- transmit an ACK segment, a NAC segment, an RSND segment.
If the destination host does not receive a segment, it will ________.
None of the above -- transmit an ACK segment, a NAC segment, an RSND segment.
If the destination host receives a segment that is incorrect, it will ________.
None of the above -- transmit an ACK segment, a NAC segment, an RSND segment.
Novell NetWare servers traditionally used ________ standards.
OSI
Switched WAN transmission is governed by ________ standards.
OSI
Which of the following is a network standards architecture?
OSI
Which of the following is more dominant in its layers of dominance?
OSI
Wireless LAN transmission normally is governed by ________ standards.
OSI
Which of the following is NOT one of the four major security planning principles?
Perimeter defense.
Which layer process does NOT do encapsulation when an application layer process transmits a message?
Physical
Which of the following specifies what should be done?
Policies.
Which phase of the plan-protect-respond cycle takes the largest amount of work?
Protect
Most IETF documents are called ________.
RFCs
IBM mainframes traditionally used ________ internetworking standards.
SNA
Which is less expensive to implement?
SSL/TLS.
Host P transmits a SYN to Host Q. If host Q is willing to open the connection, it will transmit a(n) ________ segment.
SYN/ACK
Which of the following must be followed?
Standards
________ is the dominant firewall filtering method used on main border firewalls today.
Stateful packet inspection
In what order are standards and standards architectures developed?
The standards architecture is developed first.
Which layer(s) of the hybrid TCP/IP—OSI standards architecture normally use(s) TCP/IP standards?
Transport
A firewall drops a packet if it probably is an attack packet.
True
Almost all applications, regardless of what standards architecture they come from, can run over TCP/IP standards at the internet and transport layers.
True
An attack that occurs before a patch is available is called a zero-day attack.
True
Biometrics is the use of body measurements to authenticate you.
True
Fingerprint scanning may be an acceptable access control method for ordinary laptops.
True
Forensic procedures are ways to capture and safeguard data in ways that fit rules of evidence in court proceedings.
True
Headers usually are divided into fields.
True
If the ACK bit is set, the acknowledgement number field MUST have a value.
True
Implementation guidance is less specific than implementation.
True
Increasing an alternatives field length by one bit always doubles the number of alternatives it can represent.
True
Malware is a generic name for evil software.
True
Network standards architectures break the standards functionality needed for communication into layers and define the functions of each layer.
True
Network standards are also called protocols.
True
Oversight helps ensure that a policy is implemented faithfully.
True
Passwords are widely used because they can be used at no additional cost.
True
Rehearsing response during planning makes actual response faster and more effective.
True
SSL/TLS is a cryptographic system standard.
True
A Trojan horse that sorts through files on the victim's computer to look for useable information is called ________.
a data mining software
A program that can capture passwords as you type them is ________.
a keystroke logger
Which of the following can be a type of backdoor?
a new account or a trojan horse
Well-known port numbers are associated with ________.
applications
Authentication should be ________.
appropriate for risks to the resource
The OSI presentation layer is actually used ________.
as a category for data file standards used by multiple applications
When a firewall identifies an attack packet, it ________.
discards the packet and copies information about the packet into a log file
The threat environment includes ________.
attackers and attacks
Requiring someone requesting to use a resource to prove his or her identity is ________.
authentication
Electronic signatures provide message-by-message ________.
authentication and integrity
A way back into a system that an attacker can use to get into the compromised computer later is called a ________. (Choose the most specific answer.)
backdoor
Attack programs that can be remotely controlled by an attacker are ________.
bots
In distributed DoS attacks, the attacker sends messages directly to ________.
bots
Which of the following can be upgraded after it is installed on a victim computer?
bots
Compromises also are called ________.
breaches and incidents
A password cracking attack that tries all combinations of keyboard characters is called a ________.
brute-force attack
The password 7u3ab& can be defeated most quickly by a ________.
brute-force attack
"Octet" is the same as ________.
byte
Credit card number thieves are called ________. (Pick the most precise answer.)
carders
A specific encryption method is called a ________.
cipher
Using encryption, you make it impossible for attackers to read your messages even if they intercept them. This is ________.
confidentiality
Cryptographic systems provide ________.
confidentiality and message integrity
ACLs are used for packets in the ________ state.
connection-opening
In an Ethernet frame, the IP packet is carried in the ________ field.
data
An HTTP response message has a ________.
data field
The ________ contains the content being delivered by a message.
data field
After the internet layer process does encapsulation, it passes the IP packet to the ________ layer process.
data link
OSI is dominant at the ________ layer.
data link
An attacker must break through two firewalls to get to a host. This illustrates the principle called ________. (Select the most specific answer.)
defense in depth
Routers make packet forwarding decisions based on a packet's ________.
destination IP address
A user picks the password tiger. This is likely to be cracked most quickly by a(n) ________.
dictionary attack
Prepare2 can be cracked most quickly by a(n) ________.
dictionary attack in hybrid mode
After a break-in, the first step usually is to ________.
download a hacker toolkit
When a packet that is not part of an ongoing connection and that does not attempt to open a connection arrives at a stateful inspection firewall, the firewall ________. (Read this question carefully)
drops the packet
Which of the following is a propagation vector for some worms?
e-mail and direct propogation
Converting application messages into bits is called ________.
encoding
Ethernet does ________.
error detection
Firewall log files should be read ________.
every day
Methods that hackers use to break into computers are ________.
exploits
Ethernet detects errors but does not correct them. Therefore, Ethernet is reliable.
false
IP detects errors but does not correct them. Therefore, IP is reliable.
false
It is generally illegal to write malware.
false
Routers make forward decisions based on a packet's source IP address.
false
One-bit fields are called ________ fields.
flag
Trojan horses can get onto computers by ________.
hackers
Attackers only need to find a single weakness to break in. Consequently, companies must ________.
have comprehensive security
Vulnerabilities are occasionally found in even the best security products. Consequently, companies must ________. (Select the best answer.)
have defense in depth
An HTTP request message usually has a ________.
header
The password Security7 can be defeated most quickly by a ________.
hybrid mode dictionary attack
Spam can be used to ________.
implement a fraud and cause the reader to go to a website that will download malware to the victim's computer
Policies should drive ________.
implementation and oversight
Policies are separated by implementation to take advantage of ________.
implementer knowledge
Users typically can eliminate a vulnerability in one of their programs by ________.
installing a patch
TCP/IP is dominant at the ________ layer(s).
internet
TCP/IP became dominant in corporations primarily because of ________.
its relatively simple standards
Egress filtering examines packets ________.
leaving to the outside
Stateful firewalls are most attractive because of their ________.
low cost
Iris scanning is attractive because of its ________.
low susceptibility to deception
Computer security incident response teams (CSIRTs) are used in ________.
major incidents
Security is primarily a ________ issue.
management
OSI is dominant at the ________ layer.
neither transport or internet
Mobile code is another name for ________.
neither worm or virus
What does a hacker usually do IMMEDIATELY after downloading a hacker toolkit?
none of the above - Install a Trojan horse, Create a backdoor, and Execute the exploit.
When a packet that is part of an ongoing connection arrives at a stateful inspection firewall, the firewall usually ________.
passes the packet
Pieces of code that are executed after the virus or worm has spread are called ________.
payload
Actions that people are allowed to take on a resource comes under the heading of ________.
permissions
An attack in which an authentic-looking e-mail or website entices a user to enter his or her username, password, or other sensitive information is called ________. (Select the most specific answer.)
phishing
After the data link layer process does encapsulation, it passes the IP packet to the ________ layer process.
physical
OSI is dominant at the ________ layer.
physical
The OSI ________ layer is designed to handle compression and encryption for applications.
presentation
The OSI ________ layer is designed to handle data formatting differences between two computers.
presentation
Hackers identify possible victim computers by sending ________.
probe packets
The digital certificate provides the ________.
public key of the true party
DoS attacks attempt to ________.
reduce the availability of a computer
Balancing threats against protection costs is called ________.
risk analysis
TCP messages are called ________.
segments
The meaning of a message is referred to as the message's ________.
semantics
Standards govern ________.
semantics and syntax
The OSI ________ layer allows application communication to be restarted at the last rollback point.
session
Tricking users into doing something against their interests is ________.
social engineering
Unsolicited commercial e-mail is better known as ________.
spam
The general name for malware on a user's PC that collects sensitive information and sends this information to an attacker is ________.
spyware
In authentication, the ________ is the party trying to prove his or her identity.
supplicant
How a message is organized is its ________.
syntax
In digital certificate authentication, the supplicant does a calculation with ________.
the supplicant's private key
In digital certificate authentication, the verifier uses ________.
the true party's public key
An action that will stop many viruses is ________.
the use of an antivirus program
Passwords are widely used because ________.
they can be used at no additional cost
TCP/IP is dominant at the ________ layer(s).
transport
TCP/IP is dominant at the ________ layer(s).
transport and internet