NETSEC 4
65) Fingerprint recognition should be used as a security measure for access to ________. A) a non-essential supply cabinet B) a notebook containing sensitive information C) Both A and B D) Neither A nor B
A
76) In the context of PKI, ________ is the process of accepting public keys and providing new digital certificates to the users. A) provisioning B) reflection C) coordination D) certification
A
106) If Directory Server A trusts Directory Server Band Directory Server B trusts Directory Server A, this is ________ trust. A) Mutual B) One-way C) Transitive D) Intransitive
A
107) ________ security uses 128-bit AES encryption for confidentiality and AES-CCMP for automatic rekeying. A) 802.11i B) WPA C) WEP D) None of the above Answer:
A
110) Using a shared initial key is dangerous in ________. A) WEP B) WPA pre-shared key mode C) Both A and B D) Neither A nor B Answer
A
114) An unauthorized access point set up by individuals or departments is called a(n) ________ access point. A) rogue B) evil twin C) Both A and B D) Neither A nor B Answer
A
15) A ________ attack is when a victim is flooded with SYN packets in an attempt to make many half-open TCP connections. A) SYN flood B) Ping flood C) HTTP flood D) None of the above Answer
A
2) In regards to network security, ________ means preventing unauthorized users from gaining information about the network structure, data flowing across the network, network protocols used, or packet header values. A) confidentiality B) integrity C) availability D) authentication Answer
A
26) Listing your friend's home in the local classifieds at a low price is equivalent to a ________. A) P2P redirect B) P2P port C) DDoS D) None of the above Answer
A
27) Long passwords that use several types of keyboard characters are called ________ passwords. A) complex B) reusable C) dictionary D) one-time
A
32) ________ is one method of thwarting DoS attacks by dropping all IP packets from an attacker. A) Black holing B) ICMP echo C) P2P redirect D) None of the above Answer
A
34) ________ is a good option if an attack is aimed at a single server because it keeps transmission lines at least partially open for other communication. A) Rate limiting B) False open C) Black holing D) None of the above Answer
A
39) A ________ is a small device with a display that has a number that changes frequently. A) one-time-password token B) USB token C) magnetic stripe card D) None of the above
A
41) A ________ does not require a special reader to be added to a PC for access control. A) USB token B) magnetic stripe card C) smart card D) All of the above
A
42) ________ can be much shorter than ________. A) PINs, passwords B) Passwords, PINs C) There is no general length difference between passwords and PINs. D) None of the above
A
49) For computer access, a false ________ means that a legitimate user is denied access to a resource. A) rejection B) acceptance C) Both A and B D) Neither A nor B
A
50) The authenticator is the ________. A) workgroup switch B) central authentication server C) client D) None of the above Answer
A
51) For watch lists of criminals, a false ________ means that an innocent person is identified as a criminal. A) acceptance B) rejection C) Both A and B D) Neither A nor B
A
57) ________ is used by ________ for authentication. A) EAP, RADUS B) RADIUS, EAP C) Both A and B D) Neither A nor B Answer
A
60) When an attacker deliberately attempts to fool the system, this is called ________. A) deception B) a false acceptance C) a false rejection D) All of the above.
A
67) Iris recognition technology is ________ and ________. A) expensive, has low FARs B) expensive, has high FARs C) inexpensive, has low FARs D) inexpensive, has high FARs
A
74) A private key/public key pair is usually created by the ________. A) client B) PKI server C) Both A and B D) Neither A nor B
A
75) CAs distribute public keys ________. A) in digital certificates B) only in ways using encryption for confidentiality C) Both A and B D) Neither A nor B
A
79) Authorizations are also called ________. A) permissions B) verifications C) Both A and B D) Neither A nor B
A
8) Compared to access control based on individual accounts, RBAC is ________. A) less prone to error B) more expensive C) Both A and B D) Neither A nor B
A
85) What standard did the 802.11 Working Group create to extend 802.1X operation to WLANs with security for EAP? A) 802.11i B) 802.1i C) 802.1Xi D) None of the above Answer
A
87) In Kerberos, the ________ is the supplicant's proof that it has already authenticated itself with the Kerberos Server. A) ticket granting ticket B) service ticket C) Both A and B D) Neither A nor B
A
9) The ultimate goal of a DoS attack is to ________. A) cause harm B) frustrate users C) practice hacking D) None of the above Answer
A
92) WEP typically takes ________ to crack today. A) minutes B) hours C) days D) weeks Answer
A
94) In directory servers, information is organized ________. A) hierarchically B) rhizomatically C) relationally D) None of the above
A
95) In directory servers, ________. A) there can only be one O in a directory server B) there can only be one OU in a directory server C) Both A and B D) Neither A nor B
A
92) ________ firewalls may be able to stop attacks by employees within the firm against internal site resources. A) Internal B) External C) UTM D) Border
Answer: A Diff: 1 Question: 22b
70) Which IPS response to an attack is the most effective in stopping attacks? A) Dropping packets B) Limiting suspicious traffic to a certain percentage of the total bandwidth C) Both A and B are equally effective D) Neither A nor B
Answer: A Diff: 2
63) What type of filtering do IDSs do? A) Deep packet inspection B) SPI filtering C) Both A and B D) Neither A nor B
Answer: A Diff: 2 Question: 17d
41) Stateful packet inspection firewalls are ________. A) expensive B) fairly safe in practice C) Both A and B D) Neither A nor B
Answer: B Diff: 1 Question: 12b
7) ________ firewalls filter traffic passing between different parts of a site's network. A) Border B) Internal C) Intermediate D) None of the above
Answer: B Diff: 1 Question: 1e
49) ________ firewalls always examine application messages in depth. A) Static packet filtering B) SPI C) Application proxy D) All of the above
Answer: C Diff: 2 Question: 14a
19) Static packet filtering is sometimes used ________. A) as a secondary filtering mechanism on an application proxy firewall B) on border routers C) Both A and B D) Neither A nor B
Answer: C Diff: 2 Question: 4c
56) Stateful packet inspection firewalls ________. A) always do application content filtering B) have the slow speed of relay operation C) Both A and B D) Neither A nor B
Answer: D Diff: 2 Question: 15a
13) A border firewall sits at the boundary between the corporate site and the external Internet.
Answer: TRUE Diff: 1
26) A socket designates a specific program designated by a port number on a specific computer's IP address.
Answer: TRUE Diff: 1
98) Half-open TCP SYN attacks can be stopped by many border firewalls.
Answer: TRUE Diff: 1 Question: 21b
Question: 25a 77) Centralized firewall management systems automatically create ACLs from policies.
Answer: TRUE Diff: 1 Question: 25b
86) It is getting easier for attackers to bypass the border firewall.
Answer: TRUE Diff: 1 Question: 27a
33) Ingress ACL rules typically permit a specific type of externally originated connection to network resources.
Answer: TRUE Diff: 2 Question: 8a
103) Replication between a domain controller in a child domain and a domain controller in its parent domain is ________. A) total B) partial C) nonexistent D) intransitive
B
119) ________ is possible today. A) Single sign-on B) Reduced sign-on C) Both A and B D) Neither A nor B
B
28) The book recommends that passwords be at least ________ characters long. A) 6 B) 8 C) 20 D) 100
B
46) In biometric, a match occurs when a ________ meets the decision criteria. A) set of key features B) match index C) Both A and B D) Neither A nor B
B
59) ________ is a form of identification that identifies a person as being a member of a group. A) RBAC B) Watch list matching C) Group ID matching D) Group acceptance
B
86) Which of the following is not one of the devices in RADIUS central authentication? A) The supplicant B) The verifier C) The authenticator D) The RADIUS central authentication server
B
91) The ________ gives the verifier a symmetric session key. A) ticket-granting ticket B) service ticket C) Both A and B D) Neither A nor B
B
100) In Active Directory, a domain controller contains ________. A) a RADIUS authentication server program B) an Active Directory database C) Both A and B D) Neither A nor B
B
104) ________ security uses the RC4 cipher in encryption for confidentiality and the Temporal Key Integrity Protocol for keying and rekeying. A) 802.11i B) WPA C) WEP D) None of the above Answer
B
105) The Wi-Fi Alliance calls 802.11i ________. A) WPA B) WPA2 C) WEP D) None of the above Answer
B
110) In federated identity management, firms ________. A) query one another's identity management databases B) send assertions to one another C) Both A and B D) Neither A nor B
B
111) A(n) ________ is a statement from Firm A that Firm B should accept as true if Firm B trusts Firm A. A) certification B) assertion C) certificate D) attribute
B
111) In 802.11i pre-shared key mode, the initial key is generated ________. A) automatically B) from a passphrase C) from a password D) None of the above. There is no initial key in 802.11i pre-shared key mode. Answer
B
112) In pre-shared key mode, a passphrase should be at least ________ characters long? A) 8 B) 20 C) 64 D) 100 Answer
B
118) ________ allows a user to authenticate him or herself to the identity management server once; thereafter, whenever the user asks for access to another server, no additional logins are required. A) RSO B) SSO C) TSO D) None of the above
B
122) Self-service identity management should be used to change a ________ in the identity database. A) password B) telephone number C) Both A and B D) Neither A nor B
B
14) ________ is the process of obscuring an attackers source IP address. A) Backscatter B) Spoofing C) IP Flood D) None of the above Answer:
B
16) A ________ attack is when a victim is flooded with ICMP packets that appear to be normal supervisory traffic. A) SYN flood B) Ping flood C) HTTP flood D) None of the above Answer
B
19) ________ can be used to supply power during long power outages. A) Uninterruptable power supplies B) Electrical generators C) Both A and B D) Neither A nor B
B
2) ________ is the process of assessing the identity of each individual claiming to have permission to use a resource. A) Authorizations B) Authentication C) Accuracy D) Auditing
B
21) An attacker controlling bots in a coordinated attack against a victim is known as a ________. A) DoS attack B) DDoS attack C) ICMP D) None of the above. Answer
B
23) ________ are an additional layer of compromised hosts that are used to manage large groups of bots. A) Botnets B) Handlers C) Phatbots D) None of the above Answer
B
3) ________ is the process of assessing the identity of each individual claiming to have permission to use a resource. A) Authorizations B) Authentication C) Both A and B D) Neither A nor B
B
33) Which of the following is true? A) Human password resets are dangerous. B) Automated password resets are dangerous. C) Both A and B D) Neither A nor B
B
36) A ________ card is an access card that has a built-in microprocessor and memory. A) magnetic stripe B) smart C) Both A and B D) Neither A nor B
B
40) A ________ is a small device that plugs into a standard computer port to identify the owner. A) one-time-password token B) USB token C) magnetic stripe card D) smart card
B
44) During enrollment, the scanner sends ________ to the authentication system. A) scan data B) key features C) Both A and B D) Neither A nor B
B
45) Eavesdropping usually is more of a concern for ________ LANs than for ________ LANs. A) wired, wireless B) wireless, wired C) about an equal concern for wired and wireless LANs D) None of the above Answer
B
45) The template is based on ________ generated during the enrollment scan. A) scan data B) key features C) Both A and B D) Neither A nor B
B
46) ________ is called Port-Based Access Control. A) 802.11i B) 802.1X C) Both A and B D) Neither A nor B Answer
B
51) An EAP response message may contain ________. A) a request for a different authentication mechanism B) a negative acknowledgement C) Both A and B D) Neither A nor B Answer
B
53) An EAP failure message is sent to the ________. A) authentication server B) authenticator C) client D) Any of the above Answer
B
54) When a new EAP authentication is added, software does not have to be changed on the ________. A) client B) authenticator C) central authentication server D) No software has to be changed on ANY device Answer
B
55) The verifier itself determines the identity of the supplicant in ________. A) verification B) identification C) Both A and B D) Neither A nor B
B
55) When a new EAP authentication is added, software has to be changed on the ________. A) authenticator B) central authentication server C) Both A and B D) Neither A nor B Answer
B
56) Most central authentication servers are governed by the ________ standard. A) EAP B) RADIUS C) IPsec D) 802.1X Answer
B
58) Which is more likely to generate a false acceptance? A) Verification B) Identification C) Both verification and identification are equally likely to generate a false acceptance. D) None of the above
B
62) Wireless 802.11 networks generally have a range of ________. A) 5 to 10 meters B) 10 to 30 meters C) 15 to 45 meters D) None of the above Answer
B
63) Which of the following statements accurately describes fingerprint recognition? A) Fingerprint recognition scanners are very expensive. B) Fingerprint recognition is easily deceived. C) Fingerprint recognition is rarely used. D) All of the above
B
66) Which of the following statements accurately describes iris recognition? A) Iris recognition has high FARs. B) Iris recognition technology is expensive. C) Iris recognition scans the eye with lasers. D) All of the above
B
71) The strongest form of authentication is ________. A) biometrics B) cryptographic authentication C) reusable passwords D) smart cards
B
72) A ________ can be used to gather network information or user data. A) RFMON B) packet sniffer C) whaling device D) None of the above Answer
B
77) Evil twin access point attacks are most common in ________. A) secure WLANs B) public hotspots C) wired connected networks D) None of the above Answer
B
77) The ________ authentication problem is that unless individuals are carefully vetted before being allowed in a system, imposters can simply enroll through social engineering. A) core B) prime C) final D) human
B
78) Giving a user permissions to use a certain resource is ________. A) authentication B) authorization C) Both A and B D) Neither A nor B
B
80) The principle of ________ states that each person should only get the permissions that he or she absolutely needs to do his or her job. A) appropriate authorizations B) least permissions C) minimization D) All of the above.
B
83) If a firewall lacks the processing power to handle incoming traffic, it will drop any packets it cannot process. This is ________. A) a security failure B) failing safely C) Both A and B D) Neither A nor B
B
87) In 802.11i, ________ authentication always uses SSL/TLS. A) inner B) outer C) Both A and B D) Neither A nor B Answer
B
88) In Kerberos, the ________ is an encrypted session key that only the verifier can decrypt. A) ticket granting ticket B) service ticket C) Both A and B D) Neither A nor B
B
9) In the military, departments do not have the ability to alter access control rules set by higher authorities in ________. A) policy-based access control B) mandatory access control C) discretionary access control D) multilevel access control
B
94) What mistake did the 802.11i Working Group make when creating IVs? A) Transmitting IVs in the clear B) Making the IV too short C) Both A and B D) Neither A nor B Answer:
B
99) Microsoft's directory server product is ________. A) Kerberos B) Active Directory C) LDAP D) MS Directory
B
45) Nearly all main border walls today use ________ filtering. A) unified threat management B) stateful packet inspection C) static packet inspection D) All of the above
B Diff: 1 Question: 12d
67) ________ drop packets. A) IDSs B) IPSs C) Both A and B D) Neither A nor B
B Diff: 1 Question: 18a
1) Firewalls will drop ________. A) suspicious packets B) provable attack packets C) Both A and B D) Neither A nor B
B Diff: 1 Question: 1b
89) ________ detection looks at traffic patterns for deviations from set norms. A) Signature B) Anomaly C) Both A and B D) Neither A nor B
B Diff: 1 Question: 28a
11) If a firewall cannot keep up with traffic volume, it will ________. A) continue passing all packets but slow operation B) drop packets it cannot process C) pass any packets it cannot filter D) shut down, failing safely
B Diff: 1 Question: 2a
75) What time of filtering do UTM firewalls provide? A) IDS Service B) Antivirus filtering C) Both A and B D) Neither A nor B
B Diff: 2 Question: 20d
97) Why is creating firewall policies desirable compared to just creating a list of ACL rules? A) Policies are more specific. B) Policies are easier to understand. C) Both A and B D) Neither A nor B
B Diff: 2 Question: 24b
91) Zero-day attacks might be stopped by ________ detection. A) signature B) anomaly C) Both A and B D) Neither A nor B
B Diff: 2 Question: 28d
18) Static packet filtering firewalls are limited to ________. A) inspecting packets for which there are good application proxy filtering rules B) inspecting packets in isolation from their context C) Both A and B D) Neither A nor B
B Diff: 2 Question: 4c
108) ________ servers synchronize directory servers from different vendors. A) Synchronization B) LDAP C) Metadirectory D) Central authentication
C
17) Which of the following should be forbidden in secure areas? A) Cameras B) USB flash drives C) Both A and B D) Neither A nor B
C
70) The most widely used form of biometrics is ________. A) retinal scanning B) iris scanning C) fingerprint scanning D) face recognition
C
1) Ensuring network ________ means that authorized users have access to information, services, and network resources. A) confidentiality B) integrity C) availability D) authentication Answer
C
1) Which of the following is not one of the AAA controls? A) Authentication B) Auditing C) Accuracy D) Authorizations
C
10) DoS attacks can cause harm by ________. A) stopping a critical service B) slowly degrading services over a period of time C) Both A and B D) Neither A nor B Answer
C
10) In ________ the department has discretion over giving access to individuals, within policy standards set by higher authorities. A) policy-based access control B) mandatory access control C) discretionary access control D) delegated access control
C
102) Firms still choose to use WPA in order to ________. A) avoid configuration expenses for access points B) avoid configuration expenses for wireless clients C) Both A and B D) Neither A nor B Answer:
C
105) If Directory Server A trusts Directory Server B, Directory Server B trusts Directory Server C, and Directory Server A trusts Directory Server C, this is ________ trust. A) Mutual B) One-way C) Transitive D) Intransitive
C
108) 802.11i works in ________ mode. A) pre-shared key B) enterprise C) Both A and B D) Neither A nor B Answer
C
112) A security assertion may contain ________. A) authenticity information B) attributes, such as spending limits for purchasers C) Both A and B D) Neither A nor B
C
114) The standard for sending security assertions is ________. A) LDAP B) XML C) SAML D) None of the above
C
116) ________ is the centralized policy based management of all information required for access to corporate systems by people, machines, programs, or other resources. A) Directory service B) Meta-directory service C) Identity management D) Meta-identity management
C
117) Which of the following are benefits of using identity management? A) Reduced costs B) Centralized auditing of all an employee's access permission across a firm C) Both A and B D) Neither A nor B
C
120) A(n) ________ is the set of attributes about a person or resource that must be revealed in a particular context. A) template B) subtemplate C) identity D) None of the above
C
121) What was the first core wireless security standard? A) 802.11i B) WPA C) WEP D) None of the above Answer
C
14) In CobiT, entry must be ________. A) justified B) logged C) Both A and B D) Neither A nor B
C
15) On loading docks, outgoing shipments should be separated from incoming shipments ________. A) to ensure the segregation of duties B) to avoid confusion C) to reduce the risk of theft D) All of the above
C
16) Which of the following is not one of the rules for working in secure areas? A) Unsupervised work in secure areas should be avoided. B) When no one is in a secure area, it should be locked and verified periodically. C) No one should be allowed to work in secure areas for more than four hours in a row. D) Electronic devices that can record or copy mass amounts of information should be forbidden in secure areas.
C
17) A ________ attack is when a webserver is flooded with application layer web requests. A) SYN flood B) Ping flood C) HTTP flood D) None of the above Answer
C
20) ________ are compromised hosts running malware controlled by the hacker. A) DDoS B) ICMP C) Bots D) None of the above Answer:
C
30) A ________ is an older attack that uses an illegally large IP packet to crash an operating system. A) smurf flood B) P2P redirect C) ping of death D) None of the above Answer
C
37) Rerouting traffic using ARP poisoning is an attack on ________ of a network. A) functionality B) confidentiality C) Both A and B D) None of the above Answer
C
38) A ________ card stores authentication data. A) magnetic stripe B) smart C) Both A and B D) Neither A nor B
C
4) In regards to network security, ________ is the policy-driven control of access to systems, data, and dialogues. A) confidentiality B) integrity C) access control D) availability Answer
C
42) ________ is/are effective method(s) to preventing ARP poisoning attacks. A) Static tables B) Limiting local access C) Both A and B D) Neither A nor B Answer
C
52) An EAP message begins with an ________ message. A) EAP request B) EAP accept C) EAP start D) EAP response Answer
C
6) Which of the following is one of the four bases for authentication credentials? A) What you know B) What you have C) Both A and B D) Neither A nor B
C
65) The most common attack against a wireless network is a ________. A) man-in-the-middle attack using an evil twin B) wireless DOS attacks C) unauthorized network access D) None of the above Answer
C
69) Hand geometry recognition is used heavily for ________. A) PC access B) watch list access C) door access D) server access
C
7) Two-factor authentication can be defeated if ________. A) the user's computer is compromised B) the attacker uses a man-in-the-middle attack C) Both A and B D) Neither A nor B
C
76) In a man-in-the-middle attack, ________. A) an evil twin must have a stronger signal than the legitimate AP B) an evil twin sends own attacks, impersonating the victim C) Both A and B D) Neither A nor B Answer
C
78) WLAN DoS attacks are designed to affect the ________ of the network. A) confidentiality B) integrity C) availability D) authentication Answer
C
80) A network administrator notices extensive damage to wireless packets. This might indicate a ________ attack. A) man-in-the-middle B) SYN/ACK C) DoS flood attack D) None of the above Answer
C
81) In addition to deauthenticate messages, an attacker could flood wireless clients with ________. A) RTS B) CTS C) Both A and B D) Neither A nor B Answer
C
84) ________ record(s) and analyzes what a person or program actually did. A) Authentication B) Authorizations C) Auditing D) All of the above
C
89) In Kerberos, the ________ is sent from the Kerberos server to the supplicant. A) ticket granting ticket B) service ticket C) Both A and B D) Neither A nor B
C
90) The original 802.11 core security protocol, ________, was deeply flawed. A) 802.11i B) WPA C) WEP D) None of the above. The original core protocol was NOT deeply flawed. Answer
C
91) WEP stands for ________. A) wireless equivalent privacy B) wireless equivalent policy C) wired equivalent privacy D) wired equivalent policyAnswer
C
96) Directory servers can hold information about ________. A) people B) computers C) Both A and B D) Neither A nor B
C
97) Attackers can exploit WEPs weaknesses by ________. A) using WEP cracking software B) reading two messages encrypted with the same key C) Both A and B D) Neither A nor B Answer
C
97) LDAP can be used ________. A) to update information in the directory server B) to retrieve data from the directory server C) Both A and B D) Neither A nor B
C
98) ________ often get their authentication information from ________. A) Directory servers, central authentication servers B) Central authentication servers, metadirectory servers C) Central authentication servers, directory servers D) Metadirectory servers, central authentication servers
C
51) If you will proxy four different applications, how many proxy programs will you need? A) 1 B) 2 C) 4 D) 8
C Diff: 1 Question: 14c
2) If a firewall receives a provable attack packet, the firewall will ________. A) log the packet B) drop the packet C) Both A and B D) Neither A nor B
C Diff: 1 Question: 1b
78) Firewall policies should govern ________. A) configuration B) testing C) Both A and B D) Neither A nor B
C Diff: 1 Question: 25e
82) The most time-consuming part of firewall management is ________. A) creating ACLs B) creating policies C) reading firewall logs D) None of the above
C Diff: 1 Question: 25i
17) SPI firewalls can conduct ________ inspection. A) stateful packet B) static packet filtering C) Both A and B D) Neither A nor B
C Diff: 1 Question: 3c
24) A connection between two programs on different computers is represented by its ________. A) pair of IP addresses B) pair of port numbers C) pair of sockets D) None of the above
C Diff: 1 Question: 5e
46) NAT is able to stop ________. A) scanning probes B) sniffers from learning anything about the internal IP address of internal hosts C) Both A and B D) Neither A nor B
C Diff: 2 Question: 13a
57) Automatic protections for application proxy firewalls include ________. A) protocol fidelity B) header destruction C) Both A and B D) Neither A nor B
C Diff: 2 Question: 16d
69) If an IPS identifies an attack, it can ________. A) drop the attack packet(s) B) limit suspicious traffic to a certain percentage of the total bandwidth C) Both A and B D) Neither A nor B
C Diff: 2 Question: 19a
96) What type of host may be placed in the DMZ? A) Public webservers B) Eternal DNS servers C) Both A and B D) Neither A nor B
C Diff: 2 Question: 23d
12) If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________. A) good because it will prevent possible attack packets from entering the network B) bad because valid, non-attack packets will be dropped and this will effectively created a self-generated DOS attack C) Both A and B D) Neither A nor B
C Diff: 2 Question: 2b
27) What is the SPI firewall rule for packets that do not attempt to open connections? A) Drop the packet unless it is permitted by an ACL B) Pass the packet unless it is forbidden by an ACL C) Pass the packet if it is part of a previously approved connection D) Either A or B
C Diff: 2 Question: 6a
28) What is the SPI firewall rule for packets that only have their TCP ACK bits set but no other flags set? A) Drop the packet unless it is permitted by an ACL B) Pass the packet unless it is forbidden by an ACL C) Pass the packet if it is part of a previously approved connection D) Either A or B
C Diff: 3 Question: 6a
54) Today, application proxy firewalls are commonly used ________. A) to protect internal clients from malicious external servers B) as main border firewalls C) Both A and B D) Neither A nor B
A Diff: 1 Question: 14g
59) ________ drop packets. A) Firewalls B) IDSs C) Both A and B D) Neither A nor B
A Diff: 1 Question: 17a
68) ________ do not drop packets. A) IDSs B) IPSs C) Firewalls D) All of the above drop packets.
A Diff: 1 Question: 18a
8) In ________ filtering, the firewall examines packets entering the network from the outside. A) ingress B) egress C) Both A and B D) Neither A nor B
A Diff: 1 Question: 1f
9) In ________ filtering, the firewall filters packets when they are leaving the network. A) ingress B) egress C) Both A and B D) Neither A nor B
A Diff: 1 Question: 1f
88) ________ detection looks for specific patterns in the network traffic to identify a threat. A) Signature B) Anomaly C) Both A and B D) Neither A nor B
A Diff: 1 Question: 28a
90) A ________ attack is an attack that is made before attack signatures for the threat are defined. A) zero-day B) vulnerability based C) stealth D) anomaly based
A Diff: 1 Question: 28b
15) A ________ firewall handling all traditional firewall functions (SPI, ACLs, etc.) as well as additional security functions such as antivirus filtering, spam filtering, application proxy filtering, and so forth. A) unified threat management B) stateful packet inspection C) static packet inspection D) None of the above
A Diff: 1 Question: 2f
23) A ________ is a persistent conversation between different programs on different computers. A) connection B) state C) Both A and B D) Neither A nor B
A Diff: 1 Question: 5d
35) A ________ port number designates a specific application running on a server. A) well-known B) ephemeral C) Both A and B D) Neither A nor B
A Diff: 1 Question: 8c
64) What type of filtering do IDSs do? A) Packet stream analysis B) SPI filtering C) Both A and B D) Neither A nor B
A Diff: 2 Question: 17d
100) A DoS attack that uses TCP flags is called a ________ attack. A) half-open B) half-close C) Both A and B D) Neither A nor B
A Diff: 2 Question: 21a
87) Firms can address the increasing ability of attackers to bypass the border firewalls by ________. A) hardening hosts B) having multiple border firewalls C) Both A and B D) Neither A nor B
A Diff: 2 Question: 27c
32) Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt to open connections? A) Permit all attempts to open a connection from an internal host to an external host B) Permit all attempts from external hosts to open a connection with an internal host C) Both A and B D) Neither A nor B
A Diff: 2 Question: 7
71) Which IPS response to an attack can do the most damage? A) Dropping packets B) Limiting suspicious traffic to a certain percentage of the total bandwidth C) Both A and B do equal amounts of damage D) Neither A nor B
A Diff: 3
52) If you will proxy 8 different applications, you will need ________ proxy programs. A) 2 B) 4 C) 6 D) 8
D Diff: 1
47) There is(are) ________ NAT traversal method(s). A) 1 B) 2 C) 7 D) several
D Diff: 1 Question: 13d
3) If a firewall receives a suspicious packet, the firewall will ________. A) log the packet B) drop the packet C) Both A and B D) Neither A nor B
D Diff: 1 Question: 1c
72) Antivirus servers can look for ________. A) viruses B) worms C) Trojan horses D) All of the above
D Diff: 1 Question: 20b
16) Almost all main border firewalls use ________ filtering as their primary filtering mechanism. A) unified threat management B) application proxy C) static packet filtering D) None of the above
D Diff: 1 Question: 3b
21) Most packets are part of the ________ state. A) connection opening B) connection closing C) Both A and B D) Neither A nor B
D Diff: 1 Question: 5b
74) After an antivirus server performs filtering, it may ________. A) drop the object B) send the object to the firewall to pass to the destination C) pass the object to the destination directly D) All of the above
D Diff: 2 Question: 20c
95) The ________ is a subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world. A) Internet subnet B) server subnet C) external subnet D) None of the above
D Diff: 2 Question: 23b
94) A router that connects to three subnets is called a ________ router. A) border B) internal C) application proxy D) None of the above
D Diff: 3 Question: 23a
4) ________ is the process of collecting information about the activities of each individual in log files for immediate and later analysis. A) Authorizations B) Authentication C) Accuracy D) Auditing
D
48) In 802.1X, the heavy authentication work is done on ________. A) authenticators B) clients C) Both A and B D) Neither A nor B Answer
D
49) Which of the following is a benefit of using a central authentication server in 802.1X? A) Reduced cost B) Consistency in authentication C) Immediacy in access control changes D) All of the above Answer
D
63) Which of the following is an example of a wireless attack? A) Unauthorized network access B) Man-in-the-middle attack using an evil twin C) Wireless DOS attacks D) All of the above Answer
D
71) After gaining wireless access to the private network, the attach can ________. A) cause harm to internal clients B) steal data C) launch external attacks D) All of the above Answer
D
85) Which of the following statements is true about log files? A) Log files should be read regularly. B) External auditing should be conducted periodically. C) Automatic alerts should be established. D) All of the above
D
90) In Kerberos, the ________ is sent from the Kerberos server to the verifier. A) ticket granting ticket B) service ticket C) Both A and B D) Neither A nor B
D
11) In military security, the term multilevel security means multifactor security.
FALSE
52) For watch lists of criminals, a false acceptance is worse than a false rejection from a security viewpoint.
FALSE
6) "Breadth of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is possible. Answer:
FALSE
103) Many companies continue to use WEP to avoid the cost of reconfiguring all of their access points and clients to 802.11i and because WEP has not been fully cracked yet. Answer
FALSE
104) If Directory Server A trusts Directory Server B and Directory Server B trusts Directory Server C then Directory Server A MUST trust Directory Server C.
FALSE
113) The main standards used by firms to send security assertions to one another is LDAP.
FALSE
115) XML makes SAML platform-dependent.
FALSE
116) Each media access control (MAC) address has a network interface card (NIC). Answer
FALSE
12) An indirect attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer. Answer
FALSE
13) All unattended exits should be locked to bar exit.
FALSE
18) ICMP can be best described as the second part of a three-way TCP handshake sent in response to a SYN. Answer
FALSE
23) It is illegal to go through a company's trash bins even if the trash bins are outside the corporation.
FALSE
24) In a P2P attack, there is a change in the overall volume of traffic but the traffic pattern is the same. Answer
FALSE
26) Password cracking is usually done over the network by trying many passwords to log into an account.
FALSE
28) In a smurf flood DoS attack, attackers can benefit from a multiplier effect because multiple ICMP requests are responded to by a single host. Answer
FALSE
29) According to the book, r%Dv$ is a strong password.
FALSE
29) In a smurf flood DoS attack, attackers can benefit from a multiplier effect because a single ICMP request is responded to by multiple hosts. Answer
FALSE
31) Most DoS attacks are difficult to detect. Answer
FALSE
31) Users should select very long and complex passwords and use the same password at all sites for auditability.
FALSE
35) ARP is used to resolve 48-bit IP addresses into 32-bit local MAC addresses. Answer
FALSE
35) Passwords offer reasonable security at reasonable cost and will likely continue to increase in importance in the future.
FALSE
37) A magnetic stripe card is an access card that has a built-in microprocessor and memory.
FALSE
41) In a MITM attack, access to the local network is not required in order to work. Answer
FALSE
44) Access control is more of a problem for wired LANs than for wireless LANs. Answer
FALSE
47) A false rejection occurs when a person is improperly matched to a template.
FALSE
47) The main access threat to 802.11 wireless LANs is an attacker plugging into a wall jack. Answer
FALSE
5) Authentication is the process of collecting information about the activities of each individual in log files for immediate and later analysis.
FALSE
50) From a security viewpoint, a false acceptance is always worse than a false rejection.
FALSE
53) Identification is the process where the verifier determines whether the supplicant is a particular person that the supplicant claims who he or she is.
FALSE
54) Verification is the process where the verifier determines the identity of the supplicant.
FALSE
56) Verification requires more matches against templates than does identification.
FALSE
58) EAP uses RADIUS for authentication. Answer
FALSE
59) The 802.1X protocol created for wired LANs can work in wireless LANs without significant modification. Answer
FALSE
61) Wireless attacks avoid the access points to limit detection. Answer
FALSE
62) Because fingerprint scanning is often deceived, it should never be used as a security measure.
FALSE
64) The most common attack against a wireless network is a wireless DoS attack. Answer
FALSE
66) Secure wireless networks can be legally accessed by anyone and are frequently posted as such. Answer
FALSE
67) Open networks can be legally accessed by anyone and are frequently posted as such. Answer
FALSE
68) Iris scanning usually is done surreptitiously.
FALSE
68) Rogue access points are authorized access points set up by individuals or departments. Answer
FALSE
7) DoS network attacks are fairly uncommon. Answer
FALSE
72) Biometric authentication is the strongest form of authentication.
FALSE
73) Focusing electronic attacks on specific high-value targets is known as promiscuous attacks. Answer
FALSE
81) When assigning initial permissions, it is good to add more permissions than strictly necessary and then remove permissions if appropriate.
FALSE
83) CTS frames tell other wireless clients that you want to transmit for a given amount of time. Answer
FALSE
93) In Kerberos, the verifier is explicitly notified that the supplicant has been authenticated.
FALSE
95) WEP mandates private keys. Answer
FALSE
98) In a large organization, WEP rekeying is inexpensive. Answer
FALSE
99) RC4 uses WEP for fast and therefore cheap encryption. Answer
FALSE
25) A connection designates a specific program designated by a port number on a specific computer's IP address.
FALSE Diff: 1
43) Main border firewalls rarely use stateful packet inspection.
FALSE Diff: 1
48) The NAT firewall places only the internal socket in the translation table.
FALSE Diff: 1
61) IDSs drop packets that are merely suspicious.
FALSE Diff: 1
65) Firewalls do not stop provable attack packets
FALSE Diff: 1
85) Reading firewall logs requires limited time in firewall administration.
FALSE Diff: 1
53) Nearly all applications can be proxied effectively.
FALSE Diff: 1 Question: 14e
60) IDSs tend to issue many false negatives.
FALSE Diff: 1 Question: 17b
4) If a firewall receives a packet that is suspicious, it will drop and log the packet.
FALSE Diff: 1 Question: 1c
5) An internal firewall sits at the boundary between the corporate site and the Internet.
FALSE Diff: 1 Question: 1e
10) The purpose of egress firewall filtering is to stop attack packets from entering the firm's internal network.
FALSE Diff: 1 Question: 1f
73) Antivirus servers can only find viruses, not other types of malware.
FALSE Diff: 1 Question: 20b
14) Wire speed is the maximum speed at which a firewall can filter packets.
FALSE Diff: 1 Question: 2d
58) Stateful packet inspection firewalls use relay operation with two connections per client/server pair.
FALSE Diff: 2
66) IDSs need to filter individual packets rather than packet streams.
FALSE Diff: 2
81) Most firewall database policies include less than 5 rules.
FALSE Diff: 2
84) The basic strategy of log file reading is to determine what traffic is usual.
FALSE Diff: 2
40) In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet arrives that does not attempt to open a connection.
FALSE Diff: 2 Question: 11b
99) Companies can nearly always stop DoS attacks without assistance from ISPs and other upstream agencies.
FALSE Diff: 2 Question: 21e
83) Creating ACLs is the most time-consuming part of firewall management.
FALSE Diff: 2 Question: 25i
30) SPI firewalls cannot handle UDP communications because UDP is connectionless.
FALSE Diff: 2 Question: 6c
34) Ingress ACL rules typically permit a specific type of internally originated connection to outside resources.
FALSE Diff: 2 Question: 8b
38) The last egress ACL rule in a border firewall is DENY ALL.
FALSE Diff: 2 Question: 8f
100) WEP uses RC4 for fast and therefore cheap encryption. Answer
TRUE
101) A Microsoft domain can have multiple domain controllers.
TRUE
102) Microsoft domains can be organized into trees, and trees can be organized into forests.
TRUE
109) In federated identity management, firms do not query one another's identity management databases.
TRUE
11) A direct attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer. Answer
TRUE
113) Wireless IDSs get their data from the company's access points. Answer
TRUE
115) Some writers prefer to turn off SSID broadcasting. Answer
TRUE
117) Each network interface card (NIC) has a media access control address (MAC). Answer
TRUE
118) To use an access point, you must know its SSID. Answer
TRUE
12) In military security, SBU documents are unclassified.
TRUE
121) As far as possible, identities should be managed by people closest to the situation.
TRUE
123) Identity management is really just another form of risk management.
TRUE
124) The amount of money companies should spend on identity management can be measured through risk analysis.
TRUE
18) Placing sensitive equipment in secure areas to minimize potential threats and damage is called siting.
TRUE
22) Once established, botnets can be leased to other criminals for DoS attacks. Answer
TRUE
24) Most users who have access to servers use reusable passwords for authentication.
TRUE
25) In a P2P attack, there is a change in traffic pattern but the overall volume of traffic is the same. Answer
TRUE
25) PCs should require login screens with complex passwords.
TRUE
27) In a reflected DoS attack, attackers send spoofed requests to legitimate servers. The servers then send all responses to the victim. Answer
TRUE
30) It is very important for testers to get permission before running a password cracking program on their company's computers to check for weak passwords even if such testing is in their job definitions.
TRUE
32) Passwords should be changed frequently.
TRUE
33) A firewall does note set aside resources for a connection when a SYN segment arrives, so handling a large number of false SYN segments is only a small burden. Answer
TRUE
34) In high-risk environments, password reset risks are reduced by requiring the user's physical presence.
TRUE
36) ARP is used to resolve 32-bit IP addresses into 48-bit local MAC addresses. Answer
TRUE
38) One problem with ARP requests and replies is that they do not require authentication of verification. Answer
TRUE
39) In normal ARP traffic, generally an attacker on the same network cannot see traffic between two hosts. Answer
TRUE
40) In normal ARP traffic, every host can make ARP requests. Answer
TRUE
43) The major promise of biometrics is to replace reusable passwords.
TRUE
43) Traditionally, Ethernet LANs offered no access security. Answer
TRUE
48) A false acceptance occurs when a person is improperly matched to a template.
TRUE
5) "Death of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is impossible. Answer
TRUE
57) Identification requires more matches against templates than does verification.
TRUE
60) The 802.11 standards were developed by the IEEE 802.11 Working Group. Answer
TRUE
61) Fingerprint scanning, which is often deceived, may be acceptable for entry into a non-sensitive supplies cabinet.
TRUE
64) Fingerprint recognition is easily deceived.
TRUE
69) Rogue access points are unauthorized access points set up by individuals or departments. Answer
TRUE
70) By giving unauthorized users access to a local WLAN means that they are on the local network. Answer
TRUE
73) A firm can be its own certificate authority for internal users.
TRUE
74) Focusing electronic attacks on specific high-value targets is known as whaling. Answer
TRUE
75) In a man-in-the-middle attack, an evil twin sends own attacks, impersonating the victim. Answer
TRUE
79) Flooding the frequency of a wireless network is one method attackers use to affect the network. Answer
TRUE
8) A DoS attack makes a server or network unavailable by flooding it with attack packets. Answer
TRUE
82) RTS frames tell other wireless clients that you want to transmit for a given amount of time. Answer
TRUE
82) When assigning initial permissions, it is good to give the least permissions believed to be necessary and then add permissions if appropriate.
TRUE
84) CTS frames tell other clients that you have received a RTS frame. Answer
TRUE
86) In 802.11i, EAP outer authentication takes place before inner authentication. Answer
TRUE
88) PEAP is a popular extended EAP protocol. Answer
TRUE
89) 802.11i offers strong security. Answer
TRUE
92) In Kerberos, the Kerberos server sends the Service Ticket directly to the supplicant rather than directly to the verifier.
TRUE
93) WEP encrypts each frame with a per-frame key that consists of the shared RC4 key plus a 24-bit initialization vector that is different for each frame. Answer
TRUE
96) WEP mandates shared keys. Answer
TRUE
101) Nearly all wireless access points can support 802.11i. Answer
TRUE
106) Pre-shared key mode was created for homes and small businesses with a single access point. Answer
TRUE
13) Similar to a direct attack, an indirect attack occurs when an attacker spoofs his/her IP address. Answer
TRUE
19) SYN-ACK can be best described as the second part of a three-way TCP handshake sent in response to a SYN. Answer
TRUE
22) A state is a distinct phase in a connection between two applications.
TRUE Diff: 1
42) Attacks other than application level attacks usually fail to get through SPI firewalls.
TRUE Diff: 1
44) The combination of high safety and low cost makes SPI firewalls extremely popular.
TRUE Diff: 1
6) In ingress filtering, the firewall examines packets entering the network from the outside, typically from the Internet.
TRUE Diff: 1
62) Bandwidth limitation for certain types of traffic is less risky than dropping packets.
TRUE Diff: 1
50) An application proxy firewall needs have multiple proxy programs if it is to filter multiple application protocols.
TRUE Diff: 1 Question: 14b
79) The firewall should go through vulnerability testing after each change.
TRUE Diff: 1 Question: 25f
29) SPI filtering for packets that are part of ongoing communications is usually simple.
TRUE Diff: 1 Question: 6b
37) It is better to have an ACL that permits access to a single internal webserver than one that allows access to all internal webservers.
TRUE Diff: 1 Question: 8e
36) Both TCP and UDP can be used by an application .
TRUE Diff: 2
31) SPI firewalls can handle both ICMP and UDP.
TRUE Diff: 2
55) Application proxy firewalls can always examine application layer content.
TRUE Diff: 2
76) Firewall appliances need little or no hardening before they are installed.
TRUE Diff: 2
80) In a firewall policy database, the source field and destination field are fairly explanatory.
TRUE Diff: 2
39) In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet arrives that attempts to open a connection.
TRUE Diff: 2 Question: 11a
93) It is easier to create appropriate ACL rules for server host firewalls than for border firewalls.
TRUE Diff: 2 Question: 22c
20) A connection opening is a state.
TRUE Diff: 2 Question: 5a
119) Which of the following measures offers strong security? A) Using spread spectrum transmission in 802.11 B) Turning oFf SSID broadcasting C) WEP D) None of the above Answer:
D
22) ________ is a social engineering trick where an intruder may follow an authorized user through a door that the authorized user opens with an access device. A) Shoulder surfing B) Shadowing C) Trailing D) Piggybacking
D
107) Directory servers from different vendors are synchronized through ________. A) LDAP B) central authentication servers C) AD servers D) None of the above
D
109) In ________, users authenticate themselves to the access point via the use of a single, shared initial key. A) WEP B) 802.11i pre-shared key mode C) WPA pre-shared key mode D) All of the above. Answer
D
120) Which of the following measures offers strong security? A) Turning off SSID broadcasting B) MAC access control lists C) Both A and B D) Neither A nor B Answer
D
20) If a laptop needs to be taken off premises, ________. A) it should first be logged out. B) it should be logged in when returned C) all sensitive information should be removed D) All of the above
D
21) Buildings should be set back from streets and protected with rolling hill landscaping to reduce threats from ________. A) wireless eavesdropping B) industrial espionage C) casual observation D) terrorism
D
3) Ensuring appropriate network ________ means preventing attackers from altering the capabilities or operation of the network. A) confidentiality B) integrity C) availability D) functionality Answer
D