Network Defense Mid Term Study Guide
Collision
A _________ occurs when computing the MD5 algorithm with two different initialization vectors produces the same hash value.
Hash
A __________ value is a fixed-size string representing the original input's contents.
Signature
A ____________ is made up of IP numbers and options, TCP flags, and port number that define a type of network activity.
FIN packet
Lets the other computer know it is finished sending data
Ciphertext
Unreadable text, programs that do not execute, and graphics you cannot view
Scan Throttling
Used by attackers to delay the progression of a scan
D. IDPS
Which security tool works by recognizing signs of possible attack and sending notification to an administrator? A. DiD B. DMZ C. VPN D. IDPS
B. mandatory access control
With which access control method do system administrators establish what information users can share? A. discretionary access control B. mandatory access control C. administrative access control D. role-based access control
Anycast
__________ IPv6 addresses are used for one-to-one or one-to-many communication.
Viruses
___________ are spread by several methods, including running executable code, sharing disks or memory sticks, opening e-mail attachments, and viewing infected or malicious Web pages.
Null
A TCP packet with no flags set is referred to as a _______ packet.
XOR function
A cryptographic primitive based on binary bit logic and used as a linear mixing function, combining values for use in further computations
Stateless Autoconfiguration
A feature of IPv6 in which a computer can connect to a network by determining its own IP address based on the addressing of neighboring nodes
C. use DoS attack on Web sites with which they disagree
A hactivist can best be described as which of the following? A. an unskilled programmer that spreads malicious scripts B. consider themselves seekers of knowledge C. use DoS attack on Web sites with which they disagree D. deface Web sites by leaving message for their friends to read
Biometrics
A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voiceprints
Socket
A network connection consisting of a port number combined with a computer's IP address
DMZ
A semi trusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN
Ping Sweep
A series of ICMP echo request packets in a range of IP addresses
Multicast
A transmission used for one-to-many communication, in which a single host can send packets to a group of recipients
Key Management
A way to prevent keys from being discovered and used to decipher encrypted messages
Port
An area in random access memory (RAM) reserved for the use of a program that "listens" for requests for the service it provides
DES
An older protocol composed of a 16-round Feistel network with XOR functions, permutation functions, 64 S-box functions, and fixed key schedules
Back Door
An undocumented hidden opening through which an attacker can access a computer
Signature
Digital ____________ security vulnerabilities are mostly associated with the IT infrastructure required to support interoperability.
Multicast Listener Discovery
Enables IPv6 routers to discover multicast listeners on a directly connected link and to decide which multicast addresses are of interest to those nodes
Packet Filters
Hardware or software tools that allow or deny packets based on a specified criteria, such as port, IP address, or protocol
Spoof
In an RPC _________, a targeted host receives an RPC set request from a source IP address of 127.0.0.1.
SYN
In the three-way handshake, the first packet in the sequence has the ______ flag set.
A. botnet
Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following? A. botnet B. Trojan C. logic bomb D. packet monkey
C. multiple-packet attack
Of what category of attack is a DoS attack and example? A. bad header information B. single-packet attack C. multiple-packet attack D. suspicious data payload
Netstat
The __________ command shows current sessions with associated port numbers.
Flag
The ___________ field in an IP header is a 3-bit value indicating whether a datagram is a fragment
Payload
The ___________ part of a packet is the actual data sent from an application on one computer to an application on another.
Fragmentation
The division of packets into smaller sizes to accommodate routers with frame size limitations
MTU
The maximum packet size that can be transmitted
Network Identifier
The part of an IP address that a computer has in common with other computers in its subnet
Cryptanalysis
The study of breaking encryption methods
C. the source of the public keys
What is the most likely weak link when using asymmetric encryption for verifying message integrity and nonrepudiation? A. the use of the sender's private key B. the hashing algorithm used to generate a message digest C. the source of the public keys D. the integrity of the private keys
C. SYN, SYN ACK, ACK
What is the sequence of packets for a successful three-way handshake? A. SYN, ACK, ACK B. SYN, SYN ACK, RST C. SYN, SYN ACK, ACK D. SYN, ACK, FIN
A. false negative
What is the term used when an IDPS doesn't recognize that an attack is underway? A. false negative B. true positive C. negative activity D. positive signature
A. disable zone transfers
What should you do when configuring DNS servers that are connected to the Internet in order to improve security? A. disable zone transfers B. delete the DNS cache C. disable DNS buffers D. setup DNS proxy
A. IKE
Which component of IPsec enables computers to exchange keys to make an SA? A. IKE B. ISAKMP C. Oakley D. IPsec driver
D. 21,20
Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively? A. 20, 25 B. 21, 23 C. 20, 23 D. 21, 20
B. scalability
Which of the following is NOT a critical goal of information security? A. confidentiality B. scalability C. authentication D. nonrepudiation
A. the local host source address occurs in the packet
Which of the following is the description of a land attack? A. the local host source address occurs in the packet B. source and destination IP address/port are the same C. an illegal TCP flag is found in the segment header D. the attacker uses an undefined protocol number
A. they are not completely random
Which of the following is true about PRNGs? A. they are not completely random B. their state is measured in bytes C. the shorter the state, the longer the period D. they can never produce the same value
B. Message Digest 5
Which of the following makes a single pass on data and generates a 128-bit hash value displayed as a 32-characer hexadecimal number and is used in VPNs? A. RSA B. Message Digest 5 C. RC4 D. Twofish
Integral
___________ cryptanalysis is applicable to block ciphers that use a substitution-permutation network including Rijndael, Twofish, and IDEA.
Nonrepudiation
____________ is achieved when neither party can plausibly deny its participation in message exchanges.
Non-repudiation
____________ is the capability to prevent a participant in an electronic transaction from denying that it is performed an action.
