IS Security Quiz 3
What is not a typical sign of virus activity on a system?
Unexpected power failures
What file type is least likely to be impacted by a file infector virus?
.docx
How many values can be used at a time with each of the following operators? + not and !=
2 1 2 2
What is the maximum value for any octet in an Internet Protocol version 4 (IPv4) address?
255
What network port number is used for unencrypted web-based communication by default?
80
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
Alice's private key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alice's public key
Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating?
Blacklisting
Alice would like to send a message to Bob securely and wishes to use asymmetric encryption to encrypt the contents of the message. What key does she use to encrypt this message?
Bob's public key
Miriam is a network administrator. She would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?
Captive portal
Which cryptographic attack is relevant in only asymmetric key systems and hash functions?
Chosen ciphertext
Bob is sending a message to Alice. He wants to ensure that nobody can read the content of the message while it is in transit. What goal of cryptography is Bob attempting to achieve?
Confidentiality
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Cross-site scripting (XSS)
What program, released in 2013, is an example of ransomware?
Cryptolocker
Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?
Decryption
Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
What is not a symmetric encryption algorithm?
Diffie-Hellman
Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity?
Digital signature
What type of attack occurs in real time and is often conducted against a specific target?
Direct
What protocol is responsible for assigning Internet Protocol (IP) addresses to hosts on many networks?
Dynamic Host Configuration Protocol (DHCP)
Which of the following is not an objective of cryptanalysis, the process of breaking codes?
Encrypt the plaintext of a target message
Some ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that involves multiplicative inverses that these ciphers use?
Field theory
What type of firewall security feature limits the volume of traffic from individual hosts?
Flood guard
What type of system is intentionally exposed to attackers in an attempt to lure them out?
Honeypot
Carrie is a network technician developing the Internet Protocol (IP) addressing roadmap for her company. While IP version 4 (IPv4) has been the standard for decades, IP version 6 (IPv6) can provide a much greater number of unique IP addresses. Which addressing system should she designate for primary use on her roadmap and why?
IPv6 is only slowly being adopted. She should make IPv4 the primary addressing scheme in her roadmap until IPv6 is more widely adopted.
Bob is sending a message to Alice. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Bob attempting to achieve?
Integrity
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she filter?
Internet Control Message Protocol (ICMP)
Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause?
Macro virus
Maria is a freelance network consultant. She is setting up security for a small business client's wireless network. She is configuring a feature in the wireless access point (WAP) that will allow only computers with certain wireless network cards to connect to the network. This feature filters out the network cards of any wireless computer not on the list. What is this called?
Media Access Control (MAC) address filtering
Isabella is a network engineer. She would like to strengthen the security of her organization's networks by adding more requirements before allowing a device to connect to a network. She plans to add authentication to the wireless network and posture checking to the wired network. What technology should Isabella use?
Network access control (NAC)
When Alice receives a message from Bob, she wants to be able to demonstrate to Miriam that the message actually came from Bob. What goal of cryptography is Alice attempting to achieve?
Non-repudiation
Which approach to cryptography uses highly parallel algorithms that could solve problems in a fraction of the time needed by conventional computers?
Quantum cryptography
Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose?
Remote Access Tool (RAT)
What firewall approach is shown in the figure, assuming the firewall has three network cards?
Screened subnet
There are a large number of protocols and programs that use port numbers to make computer connections. Of the following, which ones do not use port numbers?
Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Session hijacking
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered?
Slow virus
The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
Spear phishing
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database?
Structured Query Language (SQL) injection
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, stream, substitution
Which of the following is a type of denial of service (DoS) attack?
Synchronize (SYN) flood
Which type of virus targets computer hardware and software startup functions?
System infector
Which of the following is not true of hash functions?
The hashes produced by a specific hash function may vary in size.
Which type of cipher works by rearranging the characters in a message?
Transposition
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter?
Trojan horse
Wen is a network security professional. He wants to strengthen the security of his agency's network infrastructure defenses. Which control can he use to protect the network?
Use proxy services and bastion hosts to protect critical services
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?
VPN concentrator
What is the only unbreakable cipher when it is used properly?
Vernam
Wen is a network engineer. He would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology is best to use?
Virtual LAN (VLAN)
Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose?
Wi-Fi Protected Access version 3 (WPA3)
Which information security objective verifies the action to create an object or verifies an object's existence by an entity other than the creator?
Witnessing
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller.
botnets
Susan is troubleshooting a problem with a computer's network cabling. At which layer of the Open Systems Interconnection (OSI) Reference Model is she working?
physical
A ________ is used to identify the part of an Ethernet network where all hosts share the same host address.
subnet mask
On early Ethernet networks, all computers were connected to a single wire, forcing them to take turns on a local area network (LAN). Today, this situation is alleviated on larger networks because each computer has a dedicated wire connected to a ___________ that controls a portion of the LAN.
switch
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
whois
