Final Exam MC
A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity. A. network-based IDS B. host-based IDS C. intrusion detection D. security intrusion
A
A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key. A. digital signature B. keystream C. secret key D. one way hash function
A
A characteristic of reflection attacks is the lack of _______ traffic. A. backscatter B. network C. three-way D. botnet
A
A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor. A. inline sensor B. analysis sensor C. LAN sensor D. passive sensor
A
A(n) __________ is a user who has administrative responsibility for part or all of the database. A. administrator B. end user other than application owner C. database relations manager D. application owner
A
Also referred to as single-key encryption, the universal technique for providing confidentiality for transmitted or stored data is __________ . A. symmetric encryption B. Asymmetric encryption C. Public key encryption D. Message Digest
A
In both direct flooding attacks and ______ the use of spoofed source addresses results in response packets being scattered across the Internet and thus detectable. A. SYN spoofing attacks B. indirect flooding attacks C. ICMP attacks D. system address spoofing
A
In relational database parlance, the basic building block is a __________, which is a flat table. A. relation B. attribute C. primary key D. tuple
A
On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack. A. half B. one-fourth C. two-thirds D. three-fourths
A
The ________ is responsible for determining if an intrusion has occurred. A. analyzer B. sensor C. host D. user interface
A
The __________ is the encryption algorithm run in reverse. A. decryption algorithm B. plaintext C. ciphertext D. encryption algorithm
A
Transmitted data stored locally are referred to as __________ . A. data at rest B. ECC C. DES D. ciphertext
A
Using forged source addresses is known as _________. A. source address spoofing B. a three-way address C. random dropping D. directed broadcast
A
When a DoS attack is detected, the first step is to _______. A. identify the attack B. analyze the response C. design blocking filters D. shut down the network
A
_________ are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes. A. Activists B. State-sponsored organizations C. Others D. Cyber criminals
A
_________ involves the collection of data relating to the behavior of legitimate users over a period of time. A. Anomaly detection B. Signature detection C. Threshold detection D. Profile based detection
A
Issued as RFC 2104, __________ has been chosen as the mandatory-to-implement MAC for IP Security. A.HMAC B.DSS C.RSA D.SHA-3
A. HMAC
__________ allows an issuer to access regional and national networks that connect point of sale devices and bank teller machines worldwide. A.EFT B.ATF C.BTM D.POS
A.EFT
The _________ scheme has reigned supreme as the most widely accepted and implemented approach to public-key encryption. A.RSA B.HMAC C.SHA-1 D.MD5
A.RSA
The DSS makes use of the _________ and presents a new digital signature technique, the Digital Signature Algorithm (DSA). A.SHA-1 B.HMAC C.RSA D.XOR
A.SHA-1
_________ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number. A.Timing attacks B.Digital standards C.Ciphers D.Mathematical attacks
A.Timing attacks
A __________ type of attack exploits properties of the RSA algorithm. A.chosen ciphertext B.mathematical C.timing D.brute-force
A.chosen ciphertext
A __________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path. A.client attack B.Trojan horse attack C.host attack D.eavesdropping attack
A.client attack
Although the _________ attack is a serious threat, there are simple countermeasures that can be used such as constant time calcs, random delays or blinding computations. A.timing B.mathematical C.none of the above D.chosen ciphertext
A.timing
A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so. A. intrusion detection B. security intrusion C. IDS D. criminal enterprise
B
A _________ is a virtual table. A. DBMS B. view C. query D. tuple
B
A _________ is defined to be a portion of a row used to uniquely identify a row in a table. A. foreign key B. primary key C. query D. data perturbation
B
A _________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity. A. security intrusion B. host-based IDS C. intrusion detection D. network-based IDS
B
A __________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. A. ping-attack B. cryptanalytic C. malware D. brute-force
B
A(n) __________ is a structured collection of data stored for use by one or more applications. A. inference B. database C. attribute D. tuple
B
Bots starting from a given HTTP link and then following all links on the provided Web site in a recursive way is called _______. A. trailing B. spidering C. spoofing D. crowding
B
Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator. A. digital signature B. keystream C. secure hash D. message authentication code
B
In a _______ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system. A. SYN flood B. SYN flood C. poison packet D. poison packet
B
In a relational database rows are referred to as _________. A. views B. tuples C. attributes D. relations
B
The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections. A. DNS amplification attack B. SYN spoofing attack C. basic flooding attack D. poison packet attack
B
The basic building block of a __________ is a table of data, consisting of rows and columns, similar to a spreadsheet. A. query set B. relational database C. perturbation D. DBMS
B
The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________. A. SHA B. AES C. RSA D. DSS
B
The process of converting a ciphertext into plaintext. A. encryption B. decryption C. plaintext D. cryptography
B
The purpose of a __________ is to produce a "fingerprint" of a file, message, or other block of data. A. digital signature B. hash function C. secret key D. keystream
B
Which of the followings are drawbacks of OTP: A. Or modern high data-rate systems, a one-time pad cipher is totally impractical B. Pad must be securely transmitted to the recipient before the ciphertext can be decrypted. C. A pad (key) consisting of a randomly selected string of bits that is the same length as the message. D. The pad (key) is the same length as the message
B
______ relates to the capacity of the network links connecting a server to the wider Internet. A. Application resource B. Network bandwidth C. System payload D. System payload
B
_________ is a document that describes the application level protocol for exchanging data between intrusion detection entities. A. RFC 4766 B. RFC 4767 C. RFC 4764 D. RFC 4765
B
_________ is an organization that produces data to be made available for controlled release, either within the organization or to external users. A. Client B. Data owner C. Server D. User
B
__________ houses cross-connects and active equipment for distributing cable to the equipment distribution area. A. Zone distribution area B. Horizontal distribution area C. Main distribution area D. Equipment distribution area
B
__________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n. A. SHA B. RSA C. AES D. DSS
B
__________ is the scrambled message produced as output. A. Secret key B. Ciphertext C. Plaintext D. Cryptanalysis
B
SHA-1 produces a hash value of _______ bits. A. 256 B. 160 C. 384 D. 180
B. 160
The National Institute of Standards and Technology has published Federal Information Processing Standard FIPS PUB 186, known as the __________. A.MAC B.DSS C.MD5 D.XOR
B.DSS
__________ systems identify features of the hand, including shape, and lengths and widths of fingers. A.Palm print B.Hand geometry C.Fingerprint D.Signature
B.Hand geometry
_________ attacks have several approaches, all equivalent in effort to factoring the product of two primes. A.Timing B.Mathematical C.Brute-force D.Chosen ciphertext
B.Mathematical
__________ defines user authentication as "the process of verifying an identity claimed by or for a system entity". A.RFC 2493 B.RFC 4949 C.RFC 2328 D.RFC 2298
B.RFC 4949
A ________ attack involves trying all possible private keys. A.chosen ciphertext B.brute-force C.timing D.mathematical
B.brute-force
Each individual who is to be included in the database of authorized users must first be __________ in the system. A.identified B.enrolled C.verified D.authenticated
B.enrolled
A __________ attack involves an adversary repeating a previously captured user response. A.Trojan horse B.replay C.client D.eavesdropping
B.replay
Recognition by fingerprint, retina, and face are examples of __________. A.token authentication B.static biometrics C.face recognition D.dynamic biometrics
B.static biometrics
The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords. A.proactive password checking B.user education C.reactive password checking D.computer-generated password
B.user education
A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits. A. Journeyman B. Activist C. Apprentice D. Master
C
A ______ triggers a bug in the system's network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded. A. echo B. reflection C. Answer poison packet D. flash flood
C
A _________ protects against an attack in which one party generates a message for another party to sign. A. data authenticator B. weak hash function C. strong hash function D. digital signature
C
A ___________ is the portion of the data center that houses data processing equipment. A. main distribution area B. horizontal distribution area C. computer room D. entrance room
C
A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way. A. IDME B. IDEP C. DDI D. PEP
C
Encrypt the word alphabet using a Caesar cipher with a shift of 3 A. DVSDULQV B. DOOFOHDU C. DOSKDEHW D. DORQHBHV
C
It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code. A. three-way handshake B. UDP flood C. SYN spoofing attack D. flash crowd
C
The _________ module analyzes LAN traffic and reports the results to the central manager. A. host agent B. architecture agent C. LAN monitor agent D. central manager agent
C
The key in one-time pad encryption _____ from session to session. A. remains constant B. is lengthened C. is replaced D. None of the answers are correct.
C
The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager. A. central manager agent B. architecture agent C. host agent D. LAN monitor agent
C
The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria. A. protocol B. protocol C. action D. destination port
C
_______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server. A. Application-based B. System-based C. Random D. Amplification
C
_______ is a text-based protocol with a syntax similar to that of HTTP. A. RIP B. DIP C. SIP D. HIP
C
__________ is an organization that receives the encrypted data from a data owner and makes them available for distribution to clients. A. Client B. Data owner C. Server D. User
C
__________ is the process of performing authorized queries and deducing unauthorized information from the legitimate responses received. A. Perturbation B. Partitioning C. Inference D. Compromise
C
The principal attraction of __________ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead. A.MD5 B.Diffie-Hellman C.ECC D.none of the above
C.ECC
The most common means of human-to-human identification are __________. A.signatures B.retinal patterns C.facial characteristics D.fingerprints
C.facial characteristics
A __________ is a password guessing program. A.password salt B.password biometric C.password cracker D.password hash
C.password cracker
A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords. A.user education B.proactive password checking C.reactive password checking D.computer-generated password
C.reactive password checking
Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________. A.authentication step B.identification step C.verification step D.corroboration step
C.verification step
A __________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. A. hash function B. cryptanalysis C. mode of operation D. brute-force attack
D
An end user who operates on database objects via a particular application but does not own any of the database objects is the __________. A. application owner B. foreign key C. administrator D. end user other than application owner
D
Digital signatures and key management are the two most important applications of __________ encryption. A. preimage resistant B. advanced C. private-key D. public-key
D
If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to __________ . A. use shorter keys B. use more keys C. use less keys D. use longer keys
D
Modifying the system's TCP/IP network code to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows, allowing a new connection attempt to proceed is _______. A. poison packet B. slashdot C. backscatter traffic D. random drop
D
TCP uses the _______ to establish a connection. A. zombie B. SYN cookie C. directed broadcast D. three-way handshake
D
The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator. A. sensor B. operator C. data source D. analyzer
D
The original message or data that is fed into the algorithm is __________. A. encryption algorithm B. secret key C. decryption algorithm D. plaintext
D
______ attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete. A. HTTP B. Reflection attacks C. SYN flooding D. Slowloris
D
__________ encompasses intrusion detection, prevention and response. A. Database access control B. Security assessments C. Data loss prevention D. Intrusion management
D
__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder. A. Profile based detection B. Anomaly detection C. Threshold detection D. Signature detection
D
__________ is a procedure that allows communicating parties to verify that received or stored messages are authentic. A. Cryptanalysis B. Decryption C. Collision resistance D. Message authentication
D
__________ is provided by means of a co-processor board embedded in the tape drive and tape library hardware. A. caesar cypher B. OTP C. vigenere cipher D. library-based tape encryption
D
__________ specifies the minimum requirements for telecommunications infrastructure of data centers. A. RFC-4949 B. NIST-7883 C. RSA-298 D. TIA-492
D
In 2005, NIST announced the intention to phase out approval of _______ and move to a reliance on the other SHA versions by 2010. A.SHA-256 B. SHA-512 C. SHA-2 D. SHA-1
D. SHA-1
The __________ uses an algorithm that is designed to provide only the digital signature function and cannot be used for encryption or key exchange. A.ECC B.XOR C.RSA D.DSS
D.DSS
___________ was the first published public-key algorithm. A.RSA B.NIST C.RC4 D.Diffie-Hellman
D.Diffie-Hellman
To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol. A.eavesdropping B.denial-of-service C.Trojan horse D.challenge-response
D.challenge-response
A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored. A.eavesdropping attack B.denial-of-service attack C.client attack D.host attack
D.host attack
An institution that issues debit cards to cardholders and is responsible for the cardholder's account and authorizing transactions is the _________. A.processor B.cardholder C.auditor D.issuer
D.issuer
The _________ attack exploits the common use of a modular exponentiation algorithm in RSA encryption and decryption, but can be adapted to work with any implementation that does not run in fixed time. A.mathematical B.brute-force C.chosen ciphertext D.timing
D.timing
There are two general approaches to attacking a symmetric encryption scheme cryptanalytic attacks and __________ attacks. answer was flubbed so short answer
brute force