Review Questions 1, CNT4403 Midterm

¡Supera tus tareas y exámenes ahora con Quizwiz!

To determine best path, routers use metrics such as the value of the first octet of the destination IP address. (True or False)

False

Which of the following is an element of the TCP header that can indicate that a connection has been established?

Flags

What is the packet called where a Web browser sends a request to the Web server for Web page data?

HTTP GET

Which security tool works by recognizing signs of a possible attack and sending notification to an administrator?

IDPS

Which of the following is an accurate set of characteristics you would find in an attack signature?

IP address, TCP flags, port numbers

What feature does RIPng support that is not supported by RIP?

IPv6

Name four goals of network security.

NONREPUDIATION, CONFIDENTIALITY, INTEGRITY, AVAILABILITY

In which OSI model layer will you find the OSPF protocol?

Network

______________________ is the capability to prevent a participant in an electronic transaction from denying that it performed an action.

Nonrepudiation

Which TCP flag can be the default response to a probe on a closed port?

RST

Which of the following is the first packet sent in the TCP three-way handshake?

SYN

________________ events usually track the operations of the firewall or IDPS, making a log entry whenever it starts or shuts down.

System

Which field in the IP header is an 8-bit value that identifies the maximum amount of time the packet can remain in the network before it is dropped?

TTL

Packet fragmentation is not normal, and can only occur if an attack has been initiated. (True or False)

True

Physical security protects a system from theft, fire, or environmental disaster. (True or False)

True

Some methods of attacking a Cisco router do not require knowledge of the IOS version, so software patching is recommended.

True

The IP address 172.20.1.5 is a private IP address. (True or False)

True

The TCP protocol uses a three-way handshake to create a connection. (True or False)

True

What Cisco router command encrypts all passwords on the router?

service password-encryption

Why might you want your security system to provide nonrepudiation?

so a user can't deny sending or receiving a communication

Which term is best described as an attack that relies on the gullibility of people?

social engineering

Which of the following is the description of a land attack?

source and destination IP address/port are the same

How are the two parts of an IP address determined?

subnet mask

Under which attack category does a UNIX Sendmail exploitation fall?

suspicious data payload

What should you set up if you want to store router system log files on a server?

syslog server

The Transport layer of the OSI model includes the RIP protocol. (True or False)

False

Which of the following addresses is a Class B IP address?

189.77.101.6

If you are subnetting a class B network, what subnet mask will yield 64 subnets?

255.255.252.0

Which of the following is considered a flooded broadcast IP address?

255.255.255.255

Most network threats originate from which of the following? a. inside the company b. script kiddies c. back doors d. industrial spies

A. INSIDE THE COMPANY

Packet filters can block or allow transmission of packets based on which of the following criteria? (Choose all that apply.) a. port number b. open ports c. time of access attempts d. IP address

A. PORT NUMBER D. IP ADDRESS

In an IDPS, specific indications of a possible attack are called . a. signatures b. signals c. true positives d. alerts

A. SIGNATURES

Servers with outside access to the public should be located on _____. (Choose all that apply.) a. their own subnet b. a DMZ c. an internal LAN d. a network perimeter

A. THEIR OWN SUBNET B. A DMZ D. A NETWORK PERIMETER

Which of the following malware is designed to replicate itself? (Choose all that apply.) a. worm b. virus c. Trojan horse d. SYN flood

A. WORM B. VIRUS

The Stuxnet worm was designed to _____. a. shut down Internet DNS servers b. disrupt computer-controlled industrial operations c. steal financial information d. be used by script kiddies

B. DISRUPT COMPUTER-CONTROLLED INDUSTRIAL OPERATIONS

Firewall enforcement of policies is handled primarily through setting up packet-filtering rules, a set of which is contained in the _____. a. routing table b. rule base c. access control list d. packet filter

B. RULE BASE

An IP address combined with a TCP/IP port number is called which of the following? a. network address b. socket c. script d. port ID

B. SOCKET

The capability to prevent one participant in an electronic transaction from denying that it performed an action is called _____. a. plausible deniability b. integrity c. nonrepudiation d. undeniability

C. NONREPUDIATION

An uninterruptible power supply is a component of ______ security. a. virtual b. auditing c. physical d. password

C. PHYSICAL

What are some of the reasons for network attacks? a. industrial espionage b. revenge c. financial gain d. all of the above

D. ALL OF THE ABOVE

In a restrictive firewall policy, what is the starting point for developing a rule base? a. allow all traffic b. block all traffic except specified types c. allow all traffic except specified types d. block all traffic

D. BLOCK ALL TRAFFIC

An attacker who causes harm to systems in support of some principle is categorized as which of the following? a. cracker b. hacker c. industrial spy d. cyberterrorist

D. CYBERTERRORIST

Which protocol is responsible for automatic assignment of IP addresses?

DHCP

____________ routes are manually configured routes that direct all packets not specifically configured in the routing table.

Default

A packet-filtering device evaluates data in the payload and compares it with a predefined set of rules. True or False?

FALSE

What is the typical packet sequence for closing a TCP session?

FIN, ACK, FIN ACK, ACK

A rollover cable is wired similarly to an Ethernet cable except that pins 7 and 8 are crossed. (True or False)

False

All devices interpret attack signatures uniformly. (True or False)

False

Current Microsoft OSs include IPv6, but to use it, you must enable it first. (True or False)

False

Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult. (True or False)

False

Reviewing log files is a time-consuming task and therefore should only be done when an attack on the network has occurred. (True or False)

False

__________________ are spread by several methods, including running executable code, sharing disks or memory sticks, opening e-mail attachments, and viewing infected or malicious Web pages.

Viruses

______________ do not require user intervention to be launched; they are self-propagating.

Worms

Which type of scan has the FIN, PSH, and URG flags set?

Xmas scan

Defense in depth can best be described as which of the following?

a layered approach to security

Which of the following is NOT among the items of information that a CVE reference reports?

attack signature

Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following?

botnet

What should you do when configuring DNS servers that are connected to the Internet in order to improve security?

disable zone transfers

Which of the following types of password prevents a user from accessing privileged exec mode on a Cisco router?

enable

Which of the following is a reason that UDP is faster than TCP?

it doesn't guarantee delivery

Which of the following is a metric routers can use to determine best path?

link state

Which of the following is a type of script that automates repetitive tasks in an application such as a word processor but can also be programmed to be a virus?

macro

With which access control method do system administrators establish what information users can share?

mandatory access control

Of what category of attack is a DoS attack an example?

multiple-packet attack

What can an attacker use a port scanner to test for on a target computer?

open sockets

What does a sliding window do in a TCP packet?

provides flow control

Under which suspicious traffic signature category would a port scan fall?

reconnaissance

The enable ___________ password uses type 5 encryption and overrides the enable password.

secret

What is the TCP portion of a packet called?

segment

Which of the following is true about ACLs on Cisco routers?

there is an implicit deny any statement at the end of the ACL

Which of the following is true about static routes?

they are used for stub networks

How does the CVE standard make network security devices and tools more effective?

they can share information about attack signatures

Which of the following is true about extended IP ACLs?

they should be applied to an interface close to the traffic source

A hactivist can best be described as which of the following?

use DoS attacks on Web sites with which they disagree

Rather than using classful routing, ________________ subnet masks allow you to divide your network into different sizes to make better use of available addresses.

variable-length


Conjuntos de estudio relacionados

Personal Money Management (Final Exam Review)

View Set

Social Studies SS8H7: The New South

View Set

Introduction aux Sciences du langage et de la communication

View Set

Advantages/Disadvantages of Sole Proprietorship, Partnerships, and Corporations

View Set