Computer Security Fundamentals Final

¡Supera tus tareas y exámenes ahora con Quizwiz!

Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?

Application Proxying

A private key cipher is also called an asymmetric key cipher.

False (private is symmetric)

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.

False (theyre un/structured instead of un/planned)

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic

The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.

True

What is the only unbreakable cipher when it is used properly?

Vernam

What is NOT a valid encryption key length for use with the Blowfish algorithm?

512(Has to be between 32 and 448)

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?

800

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alice's private

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?

Presentation

What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?

RFC

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?

SCADA

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL injection

Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information?

W3C

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Warm site

Gary is configuring a smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?

Wi-Fi

Which element is NOT a core component of the ISO 27002 standard

cryptography

What is NOT one of the four main purposes of an attack?

data import

All request for comments (RFC) originate from the Internet Engineering Task Force (IETF).

false

The National Institute of Standards and Technology (NIST) is a nongovernmental organization whose goal is to develop and publish international standards.

false

The Institute of Electrical and Electronics Engineers (IEEE) publishes or sponsors more than 13,000 standards and projects.

false(its 1300)

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Diffie-Hellman

You must always use the same algorithm to encrypt information and decrypt the same information.

False

Risk refers to the amount of harm a threat exploiting a vulnerability can cause.

False (its impact)

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

Incident

What is NOT a symmetric encryption algorithm

RSA

What program, released in 2013, is an example of ransomware?

crypt0l0cker

Which type of virus targets computer hardware and software startup functions?

System infector

Purchasing an insurance policy is an example of the ____________ risk management strategy.

Transfer

A salt value is a set of random characters you can combine with an actual input key to create the encryption key.

True

In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.

True

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act?

Publicly traded

Which approach to cryptography provides the strongest theoretical protection?

quantum

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?

reduce

Which set of characteristics describes the Caesar cipher accurately?

symmetric, stream, substitution

Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?

Bob's public

Federal agencies are required to name a senior official in charge of information security. What title is normally given to these individuals?

CISO

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

Captive Portal

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?

Chosen plaintext

A packet-filtering firewall remembers information about the status of a network communication.

False

A subnet mask is a partition of a network based on IP addresses.

False

Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.

False ( it is when you deny something that you don't explicitly allow)

A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure.

False (its a checklist test)

What is the ALE?

Single loss * chance

What type of firewall security feature limits the volume of traffic from individual hosts?

Flood Guard

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Session hijacking


Conjuntos de estudio relacionados

Human Resource Management Chapters 1 - 4

View Set

Ch. 11: Anger, Hostility, and Aggression (Videbeck)

View Set

business managment mid ter review

View Set

Chapter 6 - Thinking and Intelligence

View Set

Chapter 68: spinal cord injuries

View Set

Chapter 32 Environmental Emergencies EMT

View Set

CISSP Domain 7: Security Operations

View Set