Major Quiz 1

¡Supera tus tareas y exámenes ahora con Quizwiz!

Put the steps that an attacker would normally take to establish a full blown Distributed Denial of Service Attack. There is one step that does not belong. 1st = ? 2nd = ? 3rd = ? 4th = ? Final Step = ?

1st = Scan internet for vulnerable systems 2nd = Install Zombie agents on vulnerable systems 3rd = Have Zombies phone home (connect) to the Master Server 4th = Attacker sends signal to Master Server which sends signals to Zombies to attack a host Final Step = Targeted Systems feel the pain

Match the description on the LEFT with the correct term on the RIGHT. Malicious code that takes advantage of system or kernel level access = ? Technique for an attacker to return to a system later and ensures they have another way in = ? Used to carry out DDOS attacks = ? Social Engineering technique to gain access to a facility by taking advantage of a persons good manners = ?

Malicious code that takes advantage of system or kernel level access = rootkit Technique for an attacker to return to a system later and ensures they have another way in = backdoor Used to carry out DDOS attacks = Bots Social Engineering technique to gain access to a facility by taking advantage of a persons good manners = Tailgating

Match the description on the LEFT with the term on the RIGHT. Online CRL = ? Secure Key and Certificate Storage = ? Authority that verifies identity and passes registrations to CA = ? Has a list of CA's and their public keys (Pre loaded from manufacturer) = ?

Online CRL = OCSP Secure Key and Certificate Storage = HSM Authority that verifies identity and passes registrations to CA = RA Has a list of CA's and their public keys (Pre loaded from manufacturer) = Browser

Match the term on the LEFT with the description on the RIGHT. Passive = ? Active = ? Insider = ? Outsider = ?

Passive = Attacker established a foothold and installed a rootkit Active = DDOS attack Insider = Disgruntled Employee Outsider = Nation State

Match the term on the LEFT with the proper description on the RIGHT. Preventive Countermeasure = ? Detective Countermeasure = ? Recovery Countermeasure = ?

Preventive Countermeasure = Patches Detective Countermeasure = Logging Recovery Countermeasure = Business Continuity Plan (BCP)

Match the phrase on the LEFT with the correct terms(s) on the RIGHT. SHA 256 and MD5 = ? AES = ? Diffie Hellman = ?

SHA 256 and MD5 = Integrity AES = Confidentiality Diffie Hellman = Solves Key exchange

Match the description on the LEFT with the correct answer on the RIGHT. a) Script Kiddies = ? b) Elite Hackers = ? c) Phishing = ?

Script Kiddies = Lack Technical Expertise Elite Hackers = Comprise approx 1-2% of Hackers Phishing = Social Engineering

How many cryptographic keys are required to fully use a asymmetric algorithm with 10 participants? a) 20 b) 40 c) 10 d) 1

a) 20

Bill received a Confidential encrypted message sent to him from Sue. Which key should he use to decrypt the message? a) Bill's Private Key b) Bill's Public Key c) Sue's Public Key d) Sue's Private Key

a) Bill's Private Key

Blockchain relies on ________ to link blocks together. This cryptographic function provides for integrity (Immutability) of the Chain. a) Hashing b) Noncing c) Mining d) Asymmetric Encryption

a) Hashing

How does an operating system store a password so it cannot be seen in the clear? a) Hashing b) Symmetric Keys c) Transposition Ciphers d) ROT13

a) Hashing

What type of data do Healthcare Organizations deal with the most? a) PHI b) PCI c) HCI

a) PHI

What type of malware modifies sections of it's code to hide detection by anit-virus systems? It does not change it's entire structure. a) Polymorphic b) Singular c) Doubling Malware d) Metamorphic

a) Polymorphic

Individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software, but who have just enough understanding of computer systems to be able to download and run scripts that others have developed. a) Script Kiddies b) Slammers c) Elite Hackers d) Sons of Anarchy

a) Script Kiddies

What function would a Certificate Authorities NOT perform? a) Signing of the Browsers Private Key b) Adding the Entity's Public Key to a Certificate c) Signing the Digital Certificate for the Entity d) Processing a CSR for an entity

a) Signing of the Browsers Private Key

A SMURF attack relies on the network broadcast to help aid in spreading it. a) True b) False

a) True

OCSP is a more efficient way of checking for Revoked Certs because it's basically an online Query? a) True b) False

a) True

One of the most difficult threats that security professionals will have to address is that of the insider. a) True b) False

a) True

Symmetric Crypto Algorithms are based on a Shared Key. (True/False) a) True b) False

a) True

TLS v1.2 is basically a newer version of SSL? a) True b) False

a) True

Today, the data stored and processed by computers is almost always more valuable than the hardware. a) True b) False

a) True

Given an assignment to encrypt a large amount of backup data (over 3 Petabytes), what would be the best method? Keep in mind this is "data at rest" and will not be going across the wire (network). a) MD5 b) AES c) SHA 256 d) Any Stream Cipher

b) AES

Choose the Block Ciphers from this list, there are three! a) SHA 256 b) AES c) 3DES d) RC2 e) MD5

b) AES c) 3DES d) RC2

Which security principle is characterized by the use of multiple, different mechanisms with a goal of improving the defensive response to an attack? a) Sandboxing b) Defense in Depth c) Least privilege d) Secure Posture

b) Defense in Depth

____________ is an algorithm that handles the key sharing challenges for Symmetric Encryption. a) http b) Diffie Hellman c) SHA 512 d) RDP

b) Diffie Hellman

Asymmetric Cryptography uses a single shared key (True or False)? a) True b) False

b) False

Browser manufacturers pre load the public keys of domains by processing the Certificate Reservation List or CRL. a) True b) False

b) False

Intrusion detection systems (IDS) are important components when designing the security of a single host. a) True b) False

b) False

The Heartbleed bug uncovered a flaw in the length of the Certificates issued by the CA's and attackers were able to overflow the buffer to certificates and take over browsers. a) True b) False

b) False

The NIST framework only applies to companies that are part of the Critical Infrastructure under the DHS. a) True b) False

b) False

The biggest change affecting computer security that has occurred over the last 30 years has been the transformation of the computing environment from a highly interconnected network of smaller systems to large mainframes. a) True b) False

b) False

The more complexity and programming code that is built into a Software System, the easier it is to secure. a) True b) False

b) False

The normal 3 way handshake between two systems involves the following packets: SYN: From System A to System B SYN/ACK/SYN/SYN: From System B back to System A ACK/SYN: Acknowledgement from System A a) True b) False

b) False

Unstructured Threats typically take a long time to develop. a) True b) False

b) False

We can say that it is very common that the algorithm is the weakness in cryptography. (True or False) a) True b) False

b) False

Recommended Counter Measures for Security Attacks are: Present Defect Reply a) True b) False

b) False (they are Prevent, Detect, Recover)

What part of the CIA triad deals with Hashing as the best form of protection? a) Availability b) Integrity c) Availability d) Confidentiality

b) Integrity

How does Walmart.com get it's Public Key to your browser? a) Walmart's Public Key is pre loaded in the browser b) It is part of the certificate they send to the browser c) It is not sent to the browser d) It is stored in their HSM and they send it to the browser via the HSM

b) It is part of the certificate that they send to the browser

What makes 3DES more secure than the original DES? a) Longer Key b) It uses 3 keys and multiple rounds of encryption c) It adds 3 hash functions

b) It uses 3 keys and multiple rounds of encryption

A One Time Pad is considered unbreakable if the following rules are followed, choose all that apply! a) Same Key is used every 16 times b) Key is only used once and destroyed after use c) Key is random d) Key is never compromised e) Key is public f) Key is Same Size of Larger than message

b) Key is only used once and destroyed after use c) Key is random d) Key is never compromised f) Key Same Size or Larger than message

The NIST Cybersecurity framework follows a ____________ based approach. a) Authentication b) Risk c) Response d) Industry

b) Risk

Frank has discovered a process that looks like a system driver is running commands on the server, the process has super user access. The commands appear to be coming from a scsi driver that interacts with the disk subsystem, but they are trying to open the password file which a scsi driver does not require. What is most likely type of malware that has infected Frank's system? a) Ransomware b) Rootkit c) Phishing d) Kernel Flood

b) Rootkit

You initiate a Secure Session over HTTPS to Amazon.com How will Amazon decrypt the shared master secret from the client (Browser)? a) It does not decrypt it because it hashes the secret b) With their Private Key c) With the Browser Manufacturers Public Key (ie. Chrome or Firefox) d) With their Public Key

b) With their Private Key

You have started a Secure Socket Layer session to Amazon.com and you see the Lock icon. What TCP port would this traffic be sent over? a) 22 b) 25 c) 443 d) 80

c) 443

Bill received a Confidential encrypted message sent to him from Sue. Which key should he use to decrypt the message? a) Bill's Public Key b) Sue's Public Key c) Bill's Private Key d) Sue's Private Key

c) Bill's Private Key

This term describes an array or a string where data is held. It is usually a predefined size and susceptible to attack when boundaries are exploited. a) Macro b) Boot Sector c) Buffer d) Matrix

c) Buffer

_____________ is the component of the CIA triad that comes into play when you implement encryption on your backup tapes. a) Availability b) Integrity c) Confidentiality

c) Confidentiality

A Layered Security Approach is called _______________? a) Company Dress Code - Dress in Layers b) Patching c) Defense in Depth d) Backups

c) Defense in Depth

How would an organization safeguard their keys internally? a) OCSP b) Internal CA c) HSM d) CSR

c) HSM

You want to build a fail safe into your firewall rules so that if one of your rules does not cover a specific port then no one can gain access to the network through that port. What is the common operation term for this Security Principle? a) Stop Safe Deny b) Lockout c) Implicit Deny or Default Deny d) Default lockout

c) Implicit Deny or Default Deny

Recently a Certificate authority was breached and had to alert all users that their certificates were no longer valid. What is the standard method to revoke certificates? a) OCSP b) CLSR c) LDAP d) IMAP

c) LDAP

What is one of the most fundamental principles in security? a) Intrusion Detection (IDS) b) Economy of Scale c) Least privilege d) Open design

c) Least privilege

Choose all Hashing Algorithms. (There can be multiple answers.) a) AES b) 3DES c) MD5 d) SHA256 e) ROT13

c) MD5 d) SHA256

What attack does a CA help to reduce? a) Key Escrow Attack b) Stuxnet c) MITM d) Heartbleed

c) MITM

Review the question scenario below, name two security tenants that the coach is trying to enforce? Keep in mind that some tenants might be a bit outside the CIA triad. There are two answers required. The Scenario: The Penn State Football coach wants to send a message to the quarterback about the play book for the upcoming game against Ohio State. He wants the quarterback to be assured that the message came from the coach and he wants to ensure that no one else can read that message. a) Availability b) Separation of Duties c) Non Repudiation d) Integrity e) Confidentiality

c) Non Repudiation d) Confidentialilty

Review the question scenario below, name two security tenants that the coach is trying to enforce? Keep in mind that some tenants might be a bit outside the CIA triad. There are two answers required. The Scenario: The Penn State Football coach wants to send a message to the quarterback about the play book for the upcoming game against Ohio State. He wants the quarterback to be assured that the message came from the coach and he wants to ensure that no one else can read that message. a) Availability b) Separation of Duties c) Non Repudiation d) Integrity e) Confidentiality

c) Non Repudiation e) Confidentiality

Your organization runs a very tight ship, you keep patches, have the latest virus definitions and scanning in place but you have discovered that a hacker has accessed your network through an exploit of an open SMTP service on a server. You have shutdown the service and setup a firewall rule to block SMTP traffic in and out bound on port 25. What should be the next step? Choose the best answer based on our lessons on attack types. a) Patch all systems immediately b) Run Virus Scans on all Systems c) Review system and network logs looking for a possible Backdoor that the Hacker left d) Unplug the system from the internet

c) Review system and network logs looking for a possible Backdoor that the Hacker left

One of the best ways to avoid an attack on your host systems (servers) is by the following? a) Have robust firewalls b) Provide Social Engineering education c) Routinely perform security patches from vendors d) Have backups

c) Routinely perform security patches from vendors

Which of the following is a secure email protocol? a) X.509 b) PKI c) S/MIME d) SMTP

c) S/MIME

A ____ flood is a technique used in a Denial of Service Attack. This 3 letter is commonly associated with TCP IP Handshakes. a) ACK b) FIN c) SYN d) Ping of Death

c) SYN

Your organization runs a very tight ship, you keep current patches, have the latest virus definitions and scanning in place but you have discovered that a hacker has accessed your network through an exploit of an open SMTP service on a server. You have shutdown the service and setup a firewall rule to block SMTP traffic in and out bound on port 25. What process did your organization fail at? a) Patching the Operation System b) Patching the Applications c) Securing unneeded Services on Servers d) Adding Firewall rules to stop Malware

c) Securing unneeded Services on Servers

What is a software or hardware device that can capture traffic as it traverses over a network or other communication device? a) Spoofing device b) War dialer c) Sniffer d) Firewall

c) Sniffer

A hacker sends network packets that seem to come from a legitimate IP address but they have been disguised to appear that way. This technique is known as? a) Sniffing b) Spyware c) Spoofing d) Man in the Middle Attack

c) Spoofing

Which of the following are not fundamental types of encryption algorithms? (Select all that apply) a) Hash Functions b) Asymmetric Ciphers c) Trusted Platform d) DNS

c) Trusted Platform d) DNS

A _________ overflow is an attack that exploits weaknesses in computer code where a malicious person can enter more characters than the program was designed to accept. This can give the user escalated privileges when the area of memory storing the characters overflows. a) DDOS b) Trojan Horse c) buffer d) SQL Injection

c) buffer

As a cryptographer working on a new encryption algorithm, John is concerned about what sort of attack? a) Pharming b) Rootkit c) Phishing d) Birthday

d) Birthday

What mechanism is used when an entity sends a request to a CA to acquire a Digital Certificate. a) CRL b) Hash c) OCSP d) CSR

d) CSR

You send an e-mail to your friend in class. A hacker manages to intercept your e-mail, he/she reads it (but does not modify it) and sends it to your friend on behalf of you. In this case, which security property is NOT preserved? a) Authentication b) Availability c) Integrity d) Confidentiality

d) Confidentiality

What process involves Tracking of Computer Assets, Patching and tracking software and versions of patches on systems? a) Systems administration b) Patch remediation c) Information Tracking d) Configuration Management

d) Configuration Management

____________ infrastructures are those whose loss would have severe repercussions on the nation. a) Unstructured b) Structured c) National d) Critical

d) Critical

The science of encrypting, or hiding, information is called: a) Stenography b) Cryptanalysis c) Key Management d) Cryptography

d) Cryptography

Bob wants to send a message to Alice using an Asymmetric Crypto Algorithm. He wants this message to be confidential so that no one else can read it. What should he do with his message? a) Encrypt it with his private key b) Encrypt it with his Public Key c) Encrypt it with Alice's Private Key d) Encrypt it with Alice's Public Key

d) Encrypt it with Alice's Public Key

The measurement of randomness or uncertainty in cryptography is referred to. a) Key Escrow b) Key Management c) Frequency Analysis d) Entropy

d) Entropy

Your company is designing software for the Federal Government, what Info Sec Compliance standards must be addressed in your product? (Choose the Best Answer) a) NITS-27005 b) X.509 c) GPA d) FIPS

d) FIPS

How would an organization safeguard their keys internally? a) Internal CA b) OCSP c) CSR d) HSM

d) HSM

Marco wants to digitally sign a message he's sending to Skyler so that Skyler can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest? a) Marco's Public Key b) Skyler's Public Key c) Skyler's Private Key d) Marco's Private Key

d) Marco's Private Key

A user sends a confidential email with a digital signature so that the identity of the user does not come into question. This is an example of which additional component of the CIA triad (outside of the CIA). a) Prevention b) Singularity c) Availability d) Non Repudiation

d) Non Repudiation

Alice recently received an email message from Bill. What cryptographic goal would need to be met to convince Alice that Bill was actually the sender of the message? a) Confidentiality b) Integrity c) Authorization d) Non Repudiation

d) Non Repudiation

Dwight has visited a site called "www.sportsstuff.com" (Links to an external site.)Links to an external site. to buy a new golf shirt. He receives a message that the site is not trusted. What could be the issue? a) All of these are valid reasons b) His browser's private key cannot decrypt the sites public key c) The sites private key is not valid d) The site does not have a valid Certificate

d) The site does not have a valid Certificate

_________ is a format that was adopted to standardize digital certificates. a) HTTPS b) XML c) PKIS d) X.509

d) X.509


Conjuntos de estudio relacionados

Intention to Create Legal Relations

View Set