CMSY-163 Final

Checking authentication, checking authorization and access control, auditing systems, and verifying firewalls and other filters should all be included on which of the following? A physical security checklist A whitelist A response plan A logical security checklist

A logical security checklist

Which of the following describes an access control list (ACL)? A mechanism that defines traffic or an event to apply an authorization control of allow or deny against An intrusion detection system/intrusion prevention system (IDS/ IPS) based on a defined normal, often defined using rules similar to firewall rules An event that does not trigger an alarm but should have, due to the traffic or event actually being abnormal and/or malicious A form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on

A mechanism that defines traffic or an event to apply an authorization control of allow or deny against

What is a business continuity plan? A plan explaining the use of only a single element of validation or verification to prove the identity of a subject. A plan outlining the failure response that results in open and unrestricted access or communication. A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline. A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event.

A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline.

Which of the following characteristics relates to the term algorithm? A hardware VPN device A VPN created between two individual hosts across a local or intermediary network Used to connect a remote or mobile host into office network workstation A set of rules and procedures—usually mathematical in nature—that can define how the encryption and decryption processes operate

A set of rules and procedures—usually mathematical in nature—that can define how the encryption and decryption processes operate

Which of the following describes a blacklist? A security mechanism to detect and prevent attempts to breach security A type of filtering in which all activities or entities are permitted except those identified A list of the hosts and servers on the network A list that describes the steps to lock down a host against threats and attacks

A type of filtering in which all activities or entities are permitted except those identified

Which of the following characteristics relates to a demilitarized zone (DMZ)? Confidence in the expectation that others will act in your best interest or that a resource is authentic A type of perimeter network used to host resources designated as accessible by the public from the Internet A form of networking where each computer is a peer A host on a network

A type of perimeter network used to host resources designated as accessible by the public from the Internet

Which of the following is given to a notification from a firewall that a specific event or packet was detected? Management interface Rules Alert Anomaly-based Detection

Alert

Which of the following describes a dedicated leased line? A set of rules and procedures, usually mathematical in nature. A hardware VPN device. An electronic proof of identity issued by a certificate authority (CA). Allows communication between one site and another

Allows communication between one site and another

Which of the following describes separation of duties? A security stance that allows all communications except those prohibited by specific deny exceptions A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event A security guideline, procedure, or recommendation manual An administrative rule whereby no single individual possesses sufficient rights to perform certain actions

An administrative rule whereby no single individual possesses sufficient rights to perform certain actions

When conducting an audit, the auditor should be which of the following? An internal employee who can be trusted An external person capable of hacking An internal employee capable of encasing one protocol or packet inside another protocol or packet An external person who is independent of the organization under audit

An internal employee who can be trusted

Which term describes an object, computer, program, piece of data, or other logical or physical component that you use in a business process to accomplish a business task? Asset Client Appliance Trust

Asset

Which of the following refers to encoding and decoding information using related but different keys for each process? Digital certificate Asymmetric cryptography Ciphertext Algorithm

Asymmetric cryptography

Which term describes portions of a software system that unauthenticated users can run? Internet Assigned Numbers Authority (IANA) File Transfer Protocol (FTP) Attack surface Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)

Attack surface

Which term/s describes programs used to control access to computer resources, enforce policies, audit usage, and provide billing information? Traffic congestion Certificate authority (CA) Authentication, authorization, and accounting (AAA) services Trusted roots list

Authentication, authorization, and accounting (AAA) services

Which term describes when a system is usable for its intended purpose? Authorization Auditing Encryption Availability

Availability

Which of the following is the name given to unauthorized access to a system unofficially with no bad intent? Hijacking Backdoor Tunneling Exploit

Backdoor

Which of the following creates copies of data on other storage media? Fail-Open Honeynets Backups Security Technical Implementation Guide (STIGS)

Backups

Which term describes a network device that forwards traffic between networks based on the MAC address of the Ethernet frame? Domain Bottleneck Bridge Node

Bridge

What attack cracks a password or encryption key by trying all possible valid combinations from a defined set of possibilities (a set of characters or hex values)? Brute-force attack Hybrid attack Dictionary password attack Modeling

Brute-force attack

Which term describes the seemingly random and unusable output from a cryptographic function applied to original data? Dedicated leased line Ciphertext Identity proofing Host VPN

Ciphertext

Which of the following determines the available vendor patches that are installed or missing? Vulnerability scan Configuration scan Penetration test Post-mortem assessment

Configuration scan

Which term describes the process of converting ciphertext back into plaintext? Decryption Hashing Avalanche effect Symmetric cryptography

Decryption

A security stance that blocks access to all resources until a valid authorized explicit exception is defined? Fail-secure Fail-open Default deny Default allow

Default deny

Which of the following refers to a form of attack that attempts to compromise availability? Zero day exploits Man-in-the-middle (mitm) Denial of service (DoS) Sniffer

Denial of service (DoS)

Which attack uses a pre-constructed list of potential passwords or encryption keys? Piloting Dictionary password attack Brute-force attack Hybrid attack

Dictionary password attack

By what mechanism do VPNs securely exchange session keys between endpoints? Digital signature Digital forensics Digital envelope Digital certificate

Digital envelope

Which of the following refers to filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations? Router Egress filtering Auditing Whitelist

Egress Filtering

Which of the following is not a step in an incident response solution? Evasion Containment Eradication Recovery

Evasion

Which of the following refers to a failure response resulting in open and unrestricted access or communication? Fail-open Mission-critical Default allow Fail-secure

Fail-open

A VPN appliance cannot be placed inside and outside the corporate firewall.

False

A one-way function refers to a mathematical operation performed in one direction; reversing the operation is easy.

False

A personal firewall is an appliance firewall placed on the border or edge of an organization's network.

False

Intranet access allows businesses, partners, vendors, suppliers, and so on to gain access to resources.

False

Multifactor authentication is significantly less secure than any single factor form of authentication.

False

Symmetric cryptography encodes and decodes information using different keys for each process.

False

The WAN Domain refers to the hardware, operating system software, database software, client-server applications, and data that are typically housed in the organization's data center and/or computer rooms.

False

The term monitoring refers to the act of creating or recording events into a log.

False

When too much data crosses a network segment, throughput and latency are increased.

False

Which protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, but which is unencrypted and performs authentication and data transfer in plaintext? Post Office Protocol (POP) AppleTalk File Transfer Protocol (FTP) Hyper Text Transfer Protocol Secure(HTTPS)

File Transfer Protocol (FTP)

Which term is used to describe a network security device or host software that filters communications, usually network traffic, based on a set of predefined rules? Sniffer Auditor Hacker Firewall

Firewall

Which of the following terms refers to the process of securing or locking down a host against threats and attacks? Auditing Redundancy Authorization Hardening

Hardening

Which term describes a VPN created between two individual hosts across a local or intermediary network? VPN appliance Host-to-host VPN Hash Site-to-site VPN

Host-to-host VPN

Which of the following describes a predefined first phase procedure that will limit damage, contain the spread of malicious content, stop the compromise of information, and promptly restore the environment to a normal state? Separation of duties Incident response plan Business continuity plan Disaster recovery plan

Incident response plan

Which term describes a network, network link, or channel located between the endpoints of a VPN? One-way function Host-to-host network Host-to-site network Intermediary network

Intermediary network

Which of the following refers to the entity responsible for global coordination of IP addressing, DNS root, and other Internet protocol resources? Afrinic RIPE Internet Assigned Numbers Authority (IANA) ARIN

Internet Assigned Numbers Authority (IANA)

Which of the following is not a characteristic of security education? Its purpose is to obtain knowledge that leads to career advancement. It is usually obtained inside of the organization. It is broad and not necessarily focused on specific job tasks or assignments. It is more rigorous than awareness or training.

It is usually obtained inside of the organization.

Which of the following refers to the process of simulating and testing a new concept, design, programming technique, and so on before deployment into a production environment? Eavesdropping Modeling AppleTalk Piloting

Modeling

Which of the following refers to a specialized host used to place an attacker into a system where the intruder cannot do any harm? Incident response plan Padded cell Principle of least privilege Default allow

Padded cell

Which of the following is given to an Application Layer protocol used by e-mail clients to receive messages from an e-mail server? Simple Mail Transfer Protocol (SMTP) Post Office Protocol (POP) Transmission Control Protocol/Internet Protocol (TCP/IP) File Transfer Protocol (FTP)

Post Office Protocol (POP)

Which of the following is defined as the act of avoiding single points of failure by building in multiple elements, pathways, or methods of accomplishing each mission-critical task? Preparedness Redundancy Endpoint security Encryption

Redundancy

What is compression? A VPN used to grant outside entities access into a perimeter network; used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public A subset of asymmetric cryptography based on the use of key pair sets The art and science of hiding information from unauthorized third parties Removal of redundant or superfluous data or space to reduce the size of a data set

Removal of redundant or superfluous data or space to reduce the size of a data set

Which of the following describes caching? A network service that acts as a "middle man" between a client and server Retention of Internet content by a proxy server Filtering traffic as it attempts to enter a network A mechanism to establish a secure remote access connection across an intermediary network

Retention of Internet content by a proxy server

Which term describes a form of security based on hiding details of a system, or creating convolutions that are difficult to understand? Firewall Bring Your Own Device (BYOD) Modeling Security through obscurity

Security through obscurity

Which of the following refers to the hardware, operating system software, database software, client-server applications, and data that are typically housed in the organization's data center and/or computer rooms? Remote Access Domain WAN Domain System/Application Domain LAN Domain

System/Application Domain

Which term describes the act of working from a home, remote, or mobile location while connecting into the employer's private network, often using a VPN? Public key cryptography User-to-site VPN Telecommuting Scalability

Telecommuting

Which of the following characteristics describes an edge router? The last device owned and controlled by an organization before an ISP or telco connection A form of VPN establishing a secure VPN over trusted VPN connections A form of cryptography in which each encryption key is used once before being discarded A security service that ensures that a sender cannot deny sending a message

The last device owned and controlled by an organization before an ISP or telco connection

Which of the following describes authentication? The process of confirming the identity of a user Confidence in the expectation that others will act in your best interest or that a resource is authentic A small network, workgroup, or client/server, deployed by a small business, a home-based business, or just a family network in a home A stated purpose or target for network security activity

The process of confirming the identity of a user

Which of the following characteristics relates to access control? The feature of network design that ensures the existence of multiple pathways of communication. An attack that occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters The process or mechanism of granting or denying use of resources; typically applied to users or generic network traffic The process of confirming the identity of a user

The process or mechanism of granting or denying use of resources; typically applied to users or generic network traffic

Which of the following is not a characteristic of a private address? They are leased to users and businesses. They require translation. They can be mixed with public addresses. They are isolated from the Internet.

They are leased to users and businesses.

Which of the following is not true of VLANs? They control traffic. They are cost-effective. VLAN configuration takes place in the switch. They require a change of IP address or re-cabling.

They require a change of IP address or re-cabling.

A chokepoint is a form of bottleneck and is a single, controlled pathway between two different levels of network trust where a firewall or other filtering devices block or allow traffic based on a set of rules.

True

A digital envelope is a secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient.

True

A private key is kept secret and used only by the intended entity.

True

A split tunnel is a VPN connection that allows simultaneous access to the secured VPN link and unsecured access to the Internet across the same connection.

True

Hashing verifies data integrity by using algorithms to produce unique numbers from datasets known as hash values.

True

Integrity prevents unauthorized changes to data.

True

Intrusion Detection System (IDS) is a security mechanism that detects unauthorized user activities, attacks, and network compromises.

True

Node security focuses on the tasks for each type of networking device to improve its security; it takes the generic recommendations of system hardening and expands them with additional node/host specific improvements.

True

Nonrepudiation ensures that a sender cannot deny sending a message.

True

SMTP is an Application Layer protocol used by e-mail clients to send messages to an e-mail server and is also used to relay messages between e-mail servers.

True

Telnet is a protocol and a service used to remotely control or administer a host through a plaintext command-line interface.

True

The best defenses against covert channels include IDS and intrusion prevention system (IPS) and thoroughly watching all aspects of an IT infrastructure for aberrant or abnormal events of any type.

True

The principle of least privilege states that you should grant users the fewest capabilities, permissions, and privileges possible to complete their assigned work, without additional capabilities.

True

The term zero day exploit describes a new and previously unknown attack for which there is not a current specific defense.

True

Transport mode encryption protects only the original IP packet's payload, which retains its original IP header.

True

Which term describes encryption that protects the entire original IP packet's header and payload? Tunnel mode encryption Transport mode encryption Cryptography IP headers

Tunnel mode encryption

Which form of investigation aims at checking whether or not a target system is subject to attack based on a database of tests, scripts, and simulated exploits? Incident response plan Fail-open Vulnerability scanning Separation of duties

Vulnerability scanning

What prevents a hard drive from being read by another system if it is stolen? Whole hard drive encryption Host firewall Antivirus scanner Intrusion detection system (IDS)

Whole hard drive encryption

A security policy is important for all of the following reasons except which one? It establishes goals. It helps with planning. With it, you cannot trust the network's security. It helps respond, contain, and repair.

With it, you cannot trust the network's security.

Which of the following refers to the end user's desktop devices such as a desktop computer, laptop, VoIP telephone, or other endpoint device? LAN Domain Workstation Domain WAN Domain Remote Access Domain

Workstation Domain

A firewall is designed to allow what type of traffic to traverse its interfaces? a. authorized b. non-benign c. unknown d. abnormal e. malicious

a. authorized

What technique determines if a firewall is the best countermeasure choice for a particular threat against a specific asset? a. conducting a risk assessment b. reading blogs c. buying the least expensive option d. only using open-source products e. using products from a single vendor

a. conducting a risk assessment

Content filtering can focus on the following aspects of traffic except: a. source or destination IP address b. keywords in the payload c. URLs d. file extensions e. domain names

a. source or destination IP address

What form of filtering allows communications regardless of content once the session is established? a. dynamic packet filtering b. circuit proxy c. stateful inspection d. application proxy e. deep packet inspection

b. circuit proxy

What is another term for the individual rules in a firewall rule set? a. states b. exceptions c. policies d. referrals e. sentries

b. exceptions

A border firewall cannot protect against which of the following? a. flooding attacks b. insider attacking another internal target c. protocol abuses d. unauthorized inbound service requests e. port scans

b. insider attacking another internal target

What form of filtering focuses on source or destination IP address and requires separate rules for inbound and outbound communications? a. stateful inspection b. static packet filtering c. application proxy d. circuit proxy e. dynamic packet filtering

b. static packet filtering

What is the primary reason a firewall is an essential security product? a. low cast of deployment b. threats exist c. high ROI d. native protocol encryption e. interoperability

b. threats exist

Which of the following is not associated with a firewall? a. fail-secure b. sentry device c. fail-open d. chokepoint e. filtering service

c. fail-open

Dynamic packet filtering is also known as: a. static packet filtering b. application proxy c. stateful inspection d. circuit proxy e. deep packet inspection

c. stateful inspection

All of the following are mistakes in firewall security except: a. managing security poorly b. deploying too many firewalls c. using firewalls to provide filtering for networks and hosts d. not writing a security policy e. failing to keep current with updates and patches

c. using firewalls to provide filtering for networks and hosts

Which of the following is the best description of a firewall? a. an authentication service b. a remote access server c. a resource host d. a sentry device e. a malicious code scanner

d. a sentry device

Which of the following is not a valid method for determining whether a source address is spoofed? a. comparing against a use table b. verifying the route of reception c. checking the DHCP logs d. checking against RFC 1918 e. performing ingress filtering

d. checking against RFC 1918

What method of filtering automatically keeps track of sessions on a limited timeout basis to allow responses to queries to reach internal clients? a. deep packet inspection b. static packet filtering c. application proxy d. dynamic packet filtering e. circuit proxy

d. dynamic packet filtering

Which of the following will prevent firewall filtering from blocking malicious content? a. speed of the network b. user permissions c. not being positioned at a chokepoint d. encrypted traffic e. cable type

d. encrypted traffic

What is ingress filtering? a. restricting traffic to a specific subnet b. preventing traffic from leaving a network c. limiting host activities to that host d. monitoring traffic on its way inbound e. blocking access to external resource sockets

d. monitoring traffic on its way inbound

When a one-way or sieve firewall protecting your network allows external initiations of communications to occur over a specific socket, this is known as: a. static NAT b. traffic forwarding c. port forwarding d. reverse proxy e. all of the above

e. all of the above

Which of the following statements are true? a. a firewall can be deployed as a bastion host b. firewalls protect resources c. firewalls are often the first line of defense for a network d. firewalls are part of an overall security strategy e. all of the above

e. all of the above

Which of the following is not a common zone of risk? a. an extranet b. a DMZ c. a private LAN d. the Internet e. department subnets

e. department subnets

What is the first step in deploying a firewall? a. determining the filtering process b. defining rules c. selecting a security stance d. purchasing a license e. writing a security policy

e. writing a security policy