Network Defense and Security Midterm
Which of the following describes AppleTalk? A. A legacy protocol used in networks hosting mainly Macintosh computers B. A policy that allows employees, contractors, and others to connect their own computers, smartphones, and other devices to their organizations' networks C. An application-programming interface (API) developed by IBM in 1985 to emulate NetBIOS on a token ring network D. An Application Layer protocol used by e-mail clients to receive messages from an e-mail server
A. A legacy protocol used in networks hosting mainly Macintosh computers
Which of the following describes a banner? A. A message sent by a service in response to a valid or invalid query. Its function is to confirm communication is functioning properly or to announce an error. B. A form of unauthorized access to a system. C. Persistent public messaging forums accessed over the Network News Transfer Protocol (NNTP). D. A variant of the UNIX operating system that is supported by Windows NT 4.0, but not subsequent version of Windows.
A. A message sent by a service in response to a valid or invalid query. Its function is to confirm communication is functioning properly or to announce an error.
Which of the following describes advanced persistent threat (APT)? A. A network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The purpose of such an attack is to steal data, not to damage the network or organization. B. A rogue program that automatically dials a modem to a pre-defined number. Sometimes this is to download additional malware to the victim or to upload stolen data from the victim. In other cases, the dialer calls premium rate telephone numbers to rack up massive long distance charges. C. The act of a hacker changing the MAC address of the network interface. D. The unused portion of the last cluster allocated to a stored file. It may contain remnants of prior files stored in that location.
A. A network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The purpose of such an attack is to steal data, not to damage the network or organization.
Which term describes the calculation of the total loss potential across a year for a given asset and a specific threat? A. Annualized loss expectancy (ALE) B. Annualized rate of occurrence (ARO) C. User Datagram Protocol (UDP) D. Cost-benefit analysis
A. Annualized loss expectancy (ALE)
Which term describes an object, computer, program, piece of data, or other logical or physical component you use in a business process to accomplish a business task? A. Asset B. Client C. Appliance D. Trust
A. Asset
Which term describes the cumulative value of an asset based on both tangible and intangible values? A. Asset value (AV) B. Exposure factor (EF) C. Single loss expectancy (SLE) D. Packet
A. Asset value (AV)
What attack cracks a password or encryption key by trying all possible valid combinations from a defined set of possibilities (a set of characters or hex values)? A. Brute-force attack B. Hybrid attack C. Dictionary password attack D. Modeling
A. Brute-force attack
What term is used to describe a tactic of pursuing and extracting information for the purpose of making a sale or performing a social engineering attack? A. Cold calling B. Privilege escalation C. Proxy manipulation D. Recreational hacker
A. Cold calling
Which name is given to the security service of preventing access to resources by unauthorized users while supporting access to authorized users? A. Confidentiality B. Authentication C. Demilitarized zone (dmz) D. Defense in Depth
A. Confidentiality
Which term describes the process of converting ciphertext back into plain text? A. Decryption B. Hashing C. Avalanche effect D. Symmetric cryptography
A. Decryption
Which term is used to describe a network service that maintains a searchable index or database of network hosts and shared resources? A. Directory Service B. Open systems interconnection (OSI) reference model C. Denial of Service (DoS) D. DNS service
A. Directory Service
Ingress and egress filtering can expand beyond protection against spoofing and include a variety of investigations on inbound and outbound traffic. Which of the following is not one of the ways ingress and egress filtering expand beyond protection against spoofing? A. Dynamic packet filtering B. Blacklist and whitelist filtering C. Protocol and port blocking D. Confirmation of authentication or authorization before communications continue
A. Dynamic packet filtering
Which of the following refers to a software firewall installed on a client or server? A. Host firewall B. Hardware firewall C. Transport Layer (Layer 4) D. Client
A. Host firewall
Which term refers to a type of business telephone network? A. Private Branch Exchange (PBX) B. Host-to-site VPN C. Rekeying D. Virtual private network (VPN)
A. Private Branch Exchange (PBX)
Which of the following characteristics describes an edge router? A. The last device owned and controlled by an organization before an ISP or telco connection B. A form of VPN establishing a secure VPN over trusted VPN connections C. A form of cryptography in which each encryption key is used once before being discarded D. A security service that ensures that a sender cannot deny sending a message
A. The last device owned and controlled by an organization before an ISP or telco connection
Which of the following describes authentication? A. The process of confirming the identity of a user B. Confidence in the expectation that others will act in your best interest or that a resource is authentic C. A small network, workgroup, or client/server, deployed by a small business, a home-based business, or just a family network in a home D. A stated purpose or target for network security activity
A. The process of confirming the identity of a user
Which of the following describes identity and access management (IAM)? A. The security discipline that enables the right individuals to access the right resources at the right times consistent with organizational policy B. Portions of a software system that unauthenticated users can run C. A form of security based on hiding details of a system or creating convolutions that are difficult to understand to overcome the obscure methodology D. A policy of allowing or even encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks
A. The security discipline that enables the right individuals to access the right resources at the right times consistent with organizational policy
Which of the following is not a characteristic of a private address? A. They are leased. B. They require translation. C. They can be mixed with public addresses. D. They are isolated from the Internet.
A. They are leased.
Which of the following describes a BYOD? A. An application-programming interface (API) developed by IBM in 1985 to emulate NetBIOS on a token ring network B. A policy allowing or encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks C. A legacy protocol developed by Novell for its NetWare networking product D. A security feature that blocks DDoS attacks
B. A policy allowing or encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks
Which of the following describes a blacklist? A. A security mechanism to detect and prevent attempts to breach security B. A type of filtering in which all activities or entities are permitted except those identified C. A list of the hosts and servers on the network D. A list that describes the steps to lock down a host against threats and attacks
B. A type of filtering in which all activities or entities are permitted except those identified
Which of the following characteristics relates to a demilitarized zone (DMZ)? A. Confidence in the expectation that others will act in your best interest or that a resource is authentic B. A type of perimeter network used to host resources designated as accessible by the public from the Internet C. A form of networking where each computer is a peer D. A host on a network
B. A type of perimeter network used to host resources designated as accessible by the public from the Internet
Which of the following refers to encoding and decoding information using related but different keys for each process? A. Digital certificate B. Asymmetric cryptography C. Ciphertext D. Algorithm
B. Asymmetric cryptography
Which of the following is a portion of a software system that unauthenticated users can run? A. Bring Your Own Device (BYOD) B. Attack surface C. Post Office Protocol (POP) D. Modeling
B. Attack surface
Which of the following is the name given to unauthorized access to a system? A. Hijacking B. Backdoor C. Tunneling D. Exploit
B. Backdoor
Which term is used to describe a firewall that is implemented via software? A. Risk assessment B. Bump-in-the-stack C. Hardware firewall D. Screening router
B. Bump-in-the-stack
Which term describes the seemingly random and unusable output from a cryptographic function applied to original data? A. Dedicated leased line B. Ciphertext C. Identity proofing D. Host VPN
B. Ciphertext
Which of the following refers to a type of software product that is pre-compiled and whose source code is undisclosed? A. Circuit B. Closed source C. Bots D. Physical address
B. Closed source
Which of the following refers to a logical division of data composed of one or more sectors on a hard drive? A. Boot sector B. Cluster C. Buffer D. Honeypot
B. Cluster
All of the following are advantages of a defense-in-depth security design except which one? A. Defense in depth avoids single points of failure. B. Defense in depth keeps senior management out of the activities of the security department. C. Defense in depth divides and conquers, which separates projects into smaller pieces. D. Defense in depth filters user interactions.
B. Defense in depth keeps senior management out of the activities of the security department.
Which attack uses a pre-constructed list of potential passwords or encryption keys? A. Piloting B. Dictionary password attack C. Brute-force attack D. Hybrid attack
B. Dictionary password attack
Which of the following refers to filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations? A. Router B. Egress filtering C. Auditing D. Whitelist
B. Egress filtering
Which term describes a VPN created between two individual hosts across a local or intermediary network? A. VPN appliance B. Host-to-host VPN C. Hash D. Site-to-site VPN
B. Host-to-host VPN
Which of the following refers to the process of simulating and testing a new concept, design, programming technique, and so on before deployment into a production environment? A. Eavesdropping B. Modeling C. AppleTalk D. Piloting
B. Modeling
hich of the following describes caching? A. A network service that acts as a "middle man" between a client and server B. Retention of Internet content by a proxy server C. Filtering traffic as it attempts to enter a network D. A mechanism to establish a secure remote access connection across an intermediary network
B. Retention of Internet content by a proxy server
Which of the following characteristics describes the application layer? A. The sixth layer of the OSI model, which translates the data received from the host software into a format acceptable to the network B. The top or seventh layer of the OSI model, which is responsible for enabling communications with host software, including the operating system C. An entrance or exit point to a controlled space D. The fifth layer of the OSI model, which manages the communication channel
B. The top or seventh layer of the OSI model, which is responsible for enabling communications with host software, including the operating system
Gathering through eavesdropping on communications, whether encrypted or not, is known as what? A. Encryption B. Traffic and trend analysis C. Eavesdropping D. Filtering
B. Traffic and trend analysis
Which of the following refers to the end user's desktop devices such as a desktop computer, laptop, VoIP telephone, or other endpoint device? A. LAN Domain B. Workstation Domain C. WAN Domain D. Remote Access Domain
B. Workstation Domain
Which name is given to a probability prediction based on statistics and historical occurrences on the likelihood of how many times in the next year a threat is going to cause harm? A. Tunnel mode encryption B. Physical address C. Annualized rate of occurrence (ARO) D. Rule
C. Annualized rate of occurrence (ARO)
Which of the following refers to a type of firewall that filters on a specific application's content and session information? A. Circuit firewall B. Hardware firewall C. Application firewall D. Stateful inspection
C. Application firewall
Which name is given to an exploit that allows a hacker to run any command-line function on a compromised system? A. Command shell B. Whois C. Arbitrary code execution D. ARP spoofing
C. Arbitrary code execution
Which term describes programs used to control access to computer resources, enforce policies, audit usage, and provide billing information? A. Traffic congestion B. Certificate authority (CA) C. Authentication, authorization, and accounting (AAA) services D. Trusted roots list
C. Authentication, authorization, and accounting (AAA) services
Which malicious software program is distributed by hackers to take control of victims' computers? A. Hardware firewalls B. Viruses C. Bots D. Bastion host
C. Bots
Which term describes a network device that forwards traffic between networks based on the MAC address of the Ethernet frame? A. Domain B. Bottleneck C. Bridge D. Node
C. Bridge
Which of the following is not a type of malware? A. Virus B. Worm C. Chip creep D. Trojan horse
C. Chip creep
. Which of the following terms describes hiding information from unauthorized third parties? A. Virtual Private Network (VPN) B. Split tunnel C. Cryptography D. Authentication, Authorization, and Accounting (AAA) Services
C. Cryptography
Which of the following refers to a form of attack that attempts to compromise availability? A. Zero day exploits B. Man-in-the-middle (mitm) C. Denial of service (DoS) D. Sniffer
C. Denial of service (DoS)
Which term describes a form of security defense that focuses on discouraging a perpetrator with physical harm, social disgrace, and legal consequences? A. Buffer overflow B. Firewall C. Deterrent D. Dumpster diving
C. Deterrent
Which firewall has a network interface located in a unique network segment that allows for true isolation of the segments and forces the firewall to filter all traffic moving from one segment to another? A. Appliance firewall B. Software firewall C. Dual-homed firewall D. Triple-homed firewall
C. Dual-homed firewall
Which protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, is unencrypted and performs authentication and data transfer in plaintext? A. Post Office Protocol (POP) B. AppleTalk C. File Transfer Protocol (FTP) D. Hyper Text Transfer Protocol (HTTP)
C. File Transfer Protocol (FTP)
Which of the following us an intentional discharge made to damage or destroy electronic equipment ranging from cell phones to computers and servers? A. Session hijacking B. Virus C. Intentional electromagnetic interference (IEMI) D. Chip creep
C. Intentional electromagnetic interference (IEMI)
Which term describes the act of working from a home, remote, or mobile location while connecting into the employer's private network, often using a VPN? A. Public key cryptography B. Host-to-site VPN C. Telecommuting D. Scalability
C. Telecommuting
Which of the following characteristics relates to access control? A. The feature of network design that ensures the existence of multiple pathways of communication. B. An attack that occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters C. The process or mechanism of granting or denying use of resources; typically applied to users or generic network traffic D. The process of confirming the identity of a user
C. The process or mechanism of granting or denying use of resources; typically applied to users or generic network traffic
Contract workers place a higher risk on the organization for all of the following reasons, except which one? A. They are not full-time regular employees and might lack loyalty. B. They are more likely to compromise the organization. C. They see the company as worthy of protection. D. They might not be accountable after a project ends.
C. They see the company as worthy of protection.
Which of the following refers to a form of encryption also known as point-to-point or host-to-host encryption? A. Hardware firewall B. Circuit firewall C. Transport mode encryption D. Tunnel mode encryption
C. Transport mode encryption
Which of the following characteristics relates to the term algorithm? A. A hardware VPN device B. A VPN created between two individual hosts across a local or intermediary network C. Used to connect a remote or mobile host to a networked office workstation D. A set of rules and procedures—usually mathematical in nature—that can define how the encryption and decryption processes operate
D. A set of rules and procedures—usually mathematical in nature—that can define how the encryption and decryption processes operate
Which of the following describes an appliance firewall? A. The process of automatically creating temporary filters. In most cases, the filters allow inbound responses to previous outbound requests. B. A hardened hardware firewall C. The second layer of the OSI model responsible for physical addressing (MAC addresses) and supporting the network topology, such as Ethernet D. A type of firewall that filters on a specific application's content and session information
D. A type of firewall that filters on a specific application's content and session information
Which of the following is a malicious software program distributed by a hacker to take control of a victim's computers? A. Sacrificial host B. Client C. Server D. Agent
D. Agent
Which term is used to describe a feature added to the NTFS file system to support files from POSIX, OS/2, and Macintosh? A. Deterrent B. Adware C. Hierarchical file system (HFS) D. Alternate data stream (ADS)
D. Alternate data stream (ADS)
When conducting an audit, the auditor should be which of the following? A. An internal employee who can be trusted B. An external person capable of hacking C. An internal employee capable of enclosing or encasing one protocol or packet inside another protocol or packet D. An external person who is independent of the organization under audit
D. An external person who is independent of the organization under audit
Which of the following describes covert channel? A. A criminal whose objective is to compromise IT infrastructures. B. A method of discovering wireless networks by moving around a geographic area with a detection device. C. A tactic of pursuing and extracting information for the purpose of making a sale or performing a social engineering attack. D. An unknown, secret pathway of communication.
D. An unknown, secret pathway of communication.
Which term describes when a system is usable for its intended purpose? A. Authorization B. Auditing C. Encryption D. Availability
D. Availability
Hackers can be deterred by defense methods that detect and evade. All of the following are defense methods, except which one? A. Honeypots B. Firewalls C. IDSs D. Botnet army
D. Botnet army
Which of the following refers to a communication pathway, circuit, or frequency dedicated or reserved for a specific transmission? A. Hardware VPN B. Host-to-site VPN C. Asymmetric cryptography D. Channel
D. Channel
Which of the following refers to a host on a network that supports user interaction with the network? A. Server B. Role C. Trust D. Client
D. Client
Which of the following is given to a software interface with a system that allows code execution? A. Intentional Electromagnetic Interference (IEMI) B. National Institute of Standards and Technology (NIST) C. Proxy D. Command shell
D. Command shell
Which of the following refers to the malicious insertion of scripting code onto a vulnerable Web site? A. Insertion attack B. Upstream filtering C. Keystroke logger D. Cross-site scripting (XSS)
D. Cross-site scripting (XSS)
Which name is given to a rogue program that automatically dials a modem to a pre-defined number to auto-download additional malware to the victim or to upload stolen data from the victim? A. Adware B. Sector C. Spyware D. Dialer
D. Dialer
Which term is used to describe a public-key, cryptography-based mechanism for proving the source (and possibly integrity) of a dataset or message? A. Trusted third party B. Symmetric cryptography C. Algorithm D. Digital signature
D. Digital signature
Which term describes a network, network link, or channel located between the endpoints of a VPN? A. One-way function B. Host-to-host network C. Site-to-site network D. Intermediary network
D. Intermediary network
Which of the following refers to the entity responsible for global coordination of IP addressing, DNS root, and other Internet protocol resources? A. AppleTalk B. Bring Your Own Device (BYOD) C. Internet Assigned Numbers Authority (IANA) D. NetBIOS Extended User Interface (NetBEUI)
D. NetBIOS Extended User Interface (NetBEUI)
What is compression? A. A VPN used to grant outside entities access into a perimeter network; used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public B. A subset of asymmetric cryptography based on the use of key pair sets C. The art and science of hiding information from unauthorized third parties D. Removal of redundant or superfluous data or space to reduce the size of a data set
D. Removal of redundant or superfluous data or space to reduce the size of a data set
Which term describes a form of security based on hiding details of a system, or creating convolutions that are difficult to understand? A. Firewall B. Bring Your Own Device (BYOD) C. Modeling D. Security through obscurity
D. Security through obscurity
As an organization stretches beyond its capacity to support, sell, create, maintain, respond, produce, and so on, small problems quickly become big problems. Which of the following does not ensure long-term viability and stability for the business and network security design? A. Steady growth B. Controlled growth C. Planned growth D. Unlimited growth
D. Unlimited growth
Which of the following is not a consideration when placing firewalls on the network? A. Structure of the network B. Traffic patterns C. Most likely access pathways D. Where hackers are located
D. Where hackers are located