CMGT 400 Week 3
What size key does a DES system use?
56 bit
Which of the following types of information would be a likely target for industrial espionage?
All of these
Why might you wish to limit the number of company CD burners and control access to them in your organization?
An employee could use such media to take sensitive data
What method do most IDS software implementations use?
Anomaly detection
What is the name for scanning that depends on complex rules to define what is and is not a virus
Heuristic scanning
what is the term for a fake system designed to lure intruders?
Honey pot
What should you be most careful of when looking for an encryption method to use
How long the algorithm had been around
Many classic ciphers are easy to understand but not secure. What is the main problem with simple substitution?
It is too simple
Which of the following is a likely reason that an organization might be reluctant to admit it has been a victim of corporate espionage?
It might cause stock value to decline
Which of the following is a disadvantage of using an application gateway firewall
It uses a great deal of resources
What is one way of checking emails for virus infection?
Look for subject lines that are from known virus attacks
Classic ciphers were improved with the addition of multiple shifts (multiple substitution alphabets). Which of the following is an encryption method that uses two or more different shifts?
Multi-alphabet encryption
what is the difference between corporate and industrial espionage
None, they are interchangeable terms
What is the term for blocking an IP address that has been the source of suspicious activity
Preemptive blocking
What is the term for a firewall that is software installed on and existing server?
Screened host
Which of the following is the most basic type of firewall?
Screening firewall
Which of the following is the best definition for spyware
Software that monitors activity on a computer
What are TSR Programs
Terminate and stay resident programs, which stay in memory after you shut them down
If a company purchases a high-end UNIX server to use for its research and development departments, what is probably the most valuable part of the system?
The information on the server
Which of the following is most true regarding certified encryption methods
There is no such thing as certified encryption
Why would you want to scan an employee's computer when he leaves the organization?
To check for signs of corporate espionage
Which of the following is the most common way for a virus scanner to recognize a virus?
To compare a file to known virus attributes
what is the highest level of security you can expect to obtain?
A level of security that makes the effort required to get information more costly than the value of the information
Which of the following methods uses a variable-length symmetric key?
Blowfish
It is important to understand the concepts and application of cryptography. Which of the following most accurately defines encryption?
Changing a message so it can only be easily read by the intended recipient
Which of the following is a symmetric key system that uses 64-bin blocks?
DES
What is the greatest security risk to any company?
Disgruntled employees
What is the usual motivating factor for corporate/ industrial espionage?
Economic
which of the following is the correct term for making a system less attractive to intruders?
Intrusion deterrence
Why is binary mathematical encryption not secure?
It does not change letter or word frequency.
What is the advantage of a symmetric key system using 64-bit blocks?
It is fast
which of the following is most likely to be true of an encryption method that is advertised as unbreakable
It is likely to be exaggerated
What is a major weakness with a network host-based firewall?
Its security depends of the underlying operating system
Which of the following is most true regarding new encryption methods
Never use them until they have been proven
Which of the following methods is available as an add-in for most email clients?
PGP
What is PGP?
Pretty Good Privacy, a public key encryption method
What type of encryption uses different keys to encrypt and decrypt the message?
Public key
What formula can you use to calculate the value of information?
Resources needed to produce the information plus resources gained from the information.
Which of the following is most true regarding binary operations and encryption?
They can form a part of viable encryption methods
Terrance is trying to explain industrial espionage to a group of new security techs. What is the ultimate goal of espionage?
To obtain information not otherwise available
What is the best outcome for a spy attempting an espionage activity?
To obtain information without the target even realizing he did so
What is the reason for encrypting hard drives on laptop computers?
To prevent a thief from getting data off of a stolen laptop.
Which binary mathematical operation can be used for a simple encryption method?
XOR
What does SPI stand for?
stateful packet inspection
How do most antispyware packages work?
By looking for known spyware
Which of the following is the oldest encryption method?
Caesar cipher
Information is an asset to your company if it:
Costs any sum of money to produce
Which of the following is not one of the basic types of firewalls
Heuristic firewall
