Chapter 3

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

The password "R7%t&" can be defeated by a ________.

Brute force attack

1) The threat environment includes ________. A) attackers B) attacks C) Both A and B D) Neither A nor B

C

8) A ________ is a flaw in a program that permits a specific attack or set of attacks against this problem. A) malware B) security error C) vulnerability D) security fault

C

Trojan horses can get onto computers by ________. A) viruses B) hackers C) Both A and B D) Neither A nor B

C

Which of the following can be a type of backdoor? A) A new account. B) A Trojan horse. C) Both A and B D) Neither A nor B

C

The Target attackers sold their stolen card information to ______.

Card shops

Credit card number thieves are called.

Carders

What type of attacker are most of hackers today?

Career criminals

In distributed DoS attacks, the attacker sends messages directly to a ________________.

Command and control

_________is the general name for proofs of identity in authentication?

Credentials

Passwords are widely used because they ______________.

Are inexpensive to use

2) Which phase of the plan-protect-respond cycle takes the largest amount of work? A) Plan. B) Protect. C) Respond. D) Each phase requires about equal effort.

B

According to the book, passwords should be at least ________ characters long. A) 6 B) 8 C) 12 D) 20

B

Actions that people are allowed to take on a resource comes under the heading of ________. A) hacks B) permissions C) exploits D) risks

B

An action that will stop many viruses is ________. A) installing a firewall B) the use of an antivirus program C) Both A and B D) Neither A nor B

B

Balancing threats against protection costs is called ________. A) economic justification B) risk analysis C) comprehensive security D) defense in depth

B

DoS attacks attempt to ________. A) hack a computer B) reduce the availability of a computer C) Both A and B D) Neither A nor B

B

Egress filtering examines packets ________. A) arriving from the outside B) leaving to the outside C) Both A and B D) Neither A nor B

B

Which of the following sometimes uses direct propagation between computers? A) Viruses. B) Worms. C) Both A and B D) Neither A nor B

B

Which of the following tends to be more damaging to the victim? A) Credit card theft. B) Identity theft. C) Both are about equally damaging to the victim.

B

Which type of attack is made by national governments? A) Cyberterror attacks. B) Cyberwar attacks. C) Both A and B D) Neither A nor B

B

________ is lying to get victims to do something against their financial self interest. A) Social engineering B) Fraud C) Neither A nor B

B

6) The generic name for evil software is ________. A) viruses B) worms C) exploits D) malware

D

7) The generic name for a security flaw in a program is a ________. A) virus B) malware C) security fault D) vulnerability

D

A password that can be defeated by a hybrid dictionary attack can be adequately long if it ________. A) can only be broken by a brute force-attack B) is sufficiently long C) begins with a capital letter and ends with a digit (number) D) None of the above

D

With complex passwords, adding a single character increases the number of passwords that must be tried in brute force guessing by a factor of about ________. A) 2 B) 10 C) 25 D) 70

D

Tricking users into doing something against their security interests is.

Social Engineering

If you see a username and password on a Post-It note that anyone can see on a monitor, is it hacking if you use this information to log in?

Yes

Authentication should generally be ____________.

appropriate for a specific resource

The messages of VPNs ___________.

are encrypted

When a firewall identifies an attack packet, it ____________.

both discards the packet and copies information about the packet into a log file.

To defeat brute-force attacks, a password must be.

both long and complex

Using encryption, you make it impossible for attackers to read your messages even if they intercept them, this is ___________.

confidentiality

Two-factor authentication usually will work even if the attacker controls the supplicant's computer.

f

Egress filtering examines packets___________.

leaving to the outside

Which of the following can spread more rapidly?

DIrectly propagating worms

A user picks the password "tiger." This is likely to be cracked quickly by a(n).

Dictionary attack

Which of the following tends to be more damaging to the victim?

Identity theft

Trojan horses can spread by

neither e-mailing themselves to victim computers nor directly propagating to victim computers

Scripts are likely to be dangerous primarily if a computer has a vulnerability.

t

Scripts may execute software when a webpage is downloaded.

t

Hackers send probe packets to identify ________. A) IP addresses with active hosts B) hosts running certain applications C) Both A and B D) Neither A nor B

A

What are the most dangerous types of employees? A) Financial employees. B) Manufacturing employees. C) IT security employees. D) Former employees.

A

When a packet that is not part of an ongoing connection and that does not attempt to open a connection arrives at a stateful inspection firewall, the firewall ________. (Read this question carefully.) A) drops the packet B) passes the packet C) opens a new connection D) does not approve the connection

A

Which of the following must be followed? A) Standards. B) Guidelines. C) Both A and B D) Neither A nor B

A

How will an SPI firewall handle a packet containing a TCP segment which is an acknowledgement? A) Process it through the ACL. B) Pass it if it is part of an approved connection. C) Both A and B D) Neither A nor B

B

Methods that hackers use to break into computers are ________. A) cracks B) magics C) exploits D) compromises

C

Which of the following is a propagation vector for some worms? A) E-mail. B) Direct propagation. C) Both A and B D) Neither A nor B

C

A specific encryption method is called a ________. A) code B) schema C) key method D) cipher

D

After a break-in, the first step usually is to ________. A) do damage manually B) delete log files C) create a backdoor D) download a hacker toolkit

D

The digital certificate provides the ________. A) private key of the supplicant B) private key of the true party C) public key of the supplicant D) None of the above

D

Which of the following is a form of biometrics?

Facial recognition

Iris scanning is attractive because of its _________.

Precision

Attack programs that can be remotely controlled by an attacker are_______.

bots

ACLs are used for packets in the ________ state. A) connection-opening B) ongoing communication C) Both A and B D) Neither A nor B

A

Attack programs that can be remotely controlled by an attacker are ________. A) bots B) DoS programs C) exploits D) All of the above

A

Attackers only need to find a single weakness to break in. Consequently, companies must ________. A) have comprehensive security B) have insurance C) do risk analysis D) only give minimum permissions

A

Attacking your own firm occurs in ________. A) vulnerability testing B) auditing C) Both A and B D) Neither A nor B

A

Passwords are widely used because ________. A) they can be used at little or no additional cost B) they offer very strong authentication C) Both A and B D) Neither A nor B

A

Policies are separated by implementation to take advantage of ________. A) implementer knowledge B) the delegation of work principle

A

Tricking users into doing something against their interests is ________. A) social engineering B) hacking C) Both A and B D) Neither A nor B

A

Viruses most commonly spread from one computer to another ________. A) via e-mail B) by propagating directly by themselves C) through obfuscation D) All of the above

A

Which of the following can thwart directly-propagating worms? A) Firewalls. B) Antivirus programs. C) Both A and B D) Neither A nor B

A

________ look at ________, and ________ look at ________.

Antivirus programs, files, firewalls, packets

Iris scanning is attractive because of its ________. A) low cost B) precision C) Both A and B D) Neither A nor B

B

Requiring someone requesting to use a resource to prove his or her identity is ________. A) confidentiality B) authentication C) authorization D) Both B and C

B

The password Velociraptor can be defeated most quickly by a ________. A) dictionary attack B) hybrid mode dictionary attack C) brute force attack D) All of the above could defeat the password equally quickly.

B

Trojan horses can get onto computers by ________. A) self-propagation B) hackers C) Both A and B D) Neither A nor B

B

Using encryption, you make it impossible for attackers to read your messages even if they intercept them. This is ________. A) authentication B) confidentiality C) Both A and B D) Neither A nor B

B

Vulnerabilities are occasionally found in even the best security products. Consequently, companies must ________. (Select the best answer.) A) have comprehensive security B) have defense in depth C) do risk analysis D) only give minimum permissions

B

What type of attacker are most attackers today? A) Disgruntled employees and ex-employees. B) Criminals. C) Hackers motivated by a sense of power. D) Cyberterrorists.

B

Which of the following can spread more rapidly? A) Directly-propagating viruses. B) Directly-propagating worms. C) Both of the above can spread with approximately equal speed.

B

An attacker must break through two firewalls to get to a host. This illustrates the principle called ________. (Select the most specific answer.) A) comprehensive security B) risk assurance C) perimeter/internal defenses D) defense in depth

D

Pieces of code that are executed after the virus or worm has spread are called ________. A) vulnerabilities B) exploits C) compromises D) payloads

D

When a packet that is not part of an ongoing connection and that does not attempt to open a connection arrives at a stateful inspection firewall, the firewall.

Drops the Packet

Firewall log files should be read __________.

Every day

A specific encryption method is called a __________.

cipher

4) A compromise is an attempted attack.

F

Firewalls typically stop viruses.

F

The password NeVEr is adequately strong.

FALSE

Which type of firewall filtering looks at application-layer content?

NGFW

It is still hacking if a person breaks into a computer accidentally.

f

Passwords are widely used because they offer very strong authentication.

f

The last stage in a hacking attack is the break-in.

f

An attack in which an authentic-looking e-mail or website entices a user to enter his or her username, password, or other sensitive information is called?

phishing

3) Compromises also are called ________. A) breeches B) incidents C) Both A and B D) Neither A nor B

C

An action that will stop many viruses is ________. A) installing patches B) the use of an antivirus program C) Both A and B D) Neither A nor B

C

Computer security incident response teams (CSIRTs) are used in ________. A) false alarms B) normal incidents C) major incidents D) disasters

C

In digital certificate authentication, the verifier uses ________. A) the supplicant's public key B) the verifier's public key C) the true party's public key D) None of the above

C

In symmetric key encryption, a key must be ________ bits long or longer to be considered strong. (Choose the choice closest to the correct answer.) A) 40 B) 56 C) 128 D) None of the above

C

Spam can be used to ________. A) implement a fraud B) cause the reader to go to a website that will download malware to the victim's computer C) Both A and B D) Neither A nor B

C

The password NeVEr can be defeated by a ________. A) dictionary attack B) hybrid dictionary attack C) brute force attack D) None of the above

C

__________is the dominant firewall filtering method used on main border firewalls today?

Stateful packet inspection

Forensic procedures are ways to capture and safeguard data in ways that fit rules of evidence in court proceedings.

TRUE

Implementation guidance is less specific than implementation.

TRUE

Oversight helps ensure that a policy is implemented faithfully.

TRUE

Passwords are widely used because they can be used at little or no additional cost.

TRUE

Security is primarily a management issue.

TRUE

Viruses propagate within a computer by infecting other programs in that computer.

TRUE

Which of the following probably suffered the most financial damage from the Target breach?

Target

Which of the following meets the definition of hacking. .

To intentionally use a computer resource without authorization

Small malware programs that download larger malware programs are called.

downloaders

Universal malware requires a vulnerability to succeed.

f

DoS attacks attempt to ____________.

reduce the availability of a computer

In a firewall, VPN traversal _______________.

reduces firewall filtering effectiveness

10) An attack that occurs before a patch is available is called a zero-day attack.

t

ACLs are used for packets in the __________ state.

(connection-opening)

The Target attackers probably first broke into Target using the credentials of a(n)______________.

(employee in a firm outside of target).

If a firewall does not have the processing power to filter all of the packets that arrive______________.

(it will drop packets it cannot process)

A way back into a system that an attacker can use to get into the compromised computer later is called a ________. (Choose the most specific answer.) A) backdoor B) Trojan horse C) compromise D) rootkit

A

An attack in which an authentic-looking e-mail or website entices a user to enter his or her username, password, or other sensitive information is called ________. (Select the most specific answer.) A) phishing B) identity theft C) social engineering D) a spyware attack

A

Electronic signatures provide message-by-message ________. A) authentication B) confidentiality C) Both A and B D) Neither A nor B

A

How will an SPI firewall handle a packet containing a TCP SYN segment? A) Process it through the ACL. B) Pass it if it is part of an approved connection. C) Both A and B D) Neither A nor B

A

In authentication, the ________ is the party trying to prove his or her identity. A) supplicant B) verifier C) true party D) All of the above

A

In digital certificate authentication, the supplicant does a calculation with ________. A) the supplicant's private key B) the verifier's private key C) the true party's private key D) None of the above

A

In distributed DoS attacks, the attacker sends messages directly to ________. A) bots B) the intended victim of the DoS attack C) backdoors D) DOS servers

A

In two-way dialogues using symmetric key encryption, how many keys are used for encryption and decryption? A) 1 B) 2 C) 4 D) None of the above

A

Oversight activities include ________. A) vulnerability testing B) creating guidelines C) Both A and B D) Neither A nor B

A

Policies should drive ________. A) implementation B) oversight C) Both A and B D) Neither A nor B

A

The password 7u3aB& can be defeated most quickly by a ________. A) simple dictionary attack B) hybrid mode dictionary attack C) brute-force attack D) All of the above could defeat the password equally quickly.

A

The password velociraptor can be defeated most quickly by a ________. A) dictionary attack B) hybrid mode dictionary attack C) brute-force attack D) None of the above because it is more than 8 characters long

A

Which of the following attach themselves to other programs? A) Viruses. B) Worms. C) Both A and B D) Neither A nor B

A

Which of the following is not one of the four major security planning principles? A) Perimeter defense. B) Risk analysis. C) Comprehensive security. D) Defense in depth.

A

Which of the following specifies what should be done? A) Policies. B) Implementation. C) Both A and B D) Neither A nor B

A

In digital certificate authentication, the verifier uses ________. A) the supplicant's public key B) the true party's public key C) Both of A and B D) Neither A nor B

B

Which of the following can be done today without the target's knowledge? A) Iris scanning. B) Face recognition. C) Both A and B D) Neither A nor B

B

Which of the following can be upgraded after it is installed on a victim computer? A) Trojan horses. B) Bots. C) Viruses. D) Worms.

B

Which of the following is true? A) Guidelines must be followed. B) Guidelines must be considered. C) Both A and B D) Neither A nor B

B

A password cracking attack that tries all combinations of keyboard characters is called a ________. A) simple dictionary attack B) hybrid mode dictionary attack C) brute force attack D) comprehensive keyboard attack

C

A user picks the password tiger. This is likely to be cracked most quickly by a(n) ________. A) attack on an application running as root B) brute-force attack C) dictionary attack D) hybrid dictionary attack

C

ASIC technology has been critical to the development of ________. A) static packet filtering B) stateful packet inspection C) deep packet inspection D) None of the above

C

Access control involves ________. A) limiting access to each resource B) limiting the permissions of users to each resource C) Both A and B D) Neither A nor B

C

Deep inspection firewalls grew out of ________. A) static packet filtering B) stateful packet inspection C) intrusion detection systems D) None of the above

C

In authentication, defense in depth is provided through ________. A) the use of digital certificates B) passing authentication messages through firewalls C) two-factor authentication D) None of the above

C

Static packet filtering ________. A) only looks at a single packet at a time, without context B) may be used for pre-screening before the main packet firewall C) Both A and B D) Neither A nor B

C

The general name for malware on a user's PC that collects sensitive information and sends this information to an attacker is ________. A) keystroke loggers B) anti-privacy software C) spyware D) data mining software

C

The password R7%t& can be defeated by a ________. A) dictionary attack B) hybrid mode dictionary attack C) brute-force attack D) All of the above could defeat the password equally quickly.

C

To defeat brute-force attacks, a password must be ________. A) long B) complex C) Both A and B D) Neither A nor B

C

What type of filtering does an application-aware firewall use? A) Static packet filtering. B) Stateful packet inspection. C) Deep inspection. D) All of the above

C

When a firewall identifies an attack packet, it ________. A) discards the packet B) copies information about the packet into a log file C) Both A and B D) Neither A nor B

C

When a packet that is part of an ongoing connection arrives at a stateful inspection firewall, the firewall usually ________. A) drops the packet B) drops the packet and notifies an administrator C) passes the packet D) passes the packet, but notifies an administrator

C

Which of the following can thwart directly-propagating worms? A) Applying patches. B) Firewalls. C) Both A and B D) Neither A nor B

C

Which of the following is a criterion by which biometrics can be judged? A) Cost. B) Susceptibility to deception. C) Both A and B D) Neither A nor B

C

Which type of firewall filtering always looks at application-layer content? A) Static packet filtering. B) Stateful packet inspection. C) Deep inspection. D) All of the above

C

Which type of firewall filtering collects streams of packets to analyze them as a group? A) Static packet filtering. B) Stateful packet inspection. C) Deep inspection. D) None of the above

C

________ is the dominant firewall filtering method used on main border firewalls today. A) ACL filtering B) Application content filtering C) Stateful packet inspection D) None of the above

C

In two-way dialogues using symmetric key encryption, how many keys are used for encryption and decryption?

1

In symmetric key encryption, a key must be _____ bits long, or longer, to be considered strong.

128

36) Unsolicited commercial e-mail is better known as ________. A) spam B) adware C) social engineering D) identity theft

A

9) Users typically can eliminate a vulnerability in one of their programs by ________. A) installing a patch B) doing a zero-day installation C) using an antivirus program D) All of the above

A

A firewall will drop a packet if it ________. A) is a definite attack packet B) is a probable attack packet C) Both A and B D) Neither A nor B

A

A policy specifies ________. A) what should be done B) how to do it C) Both A and B D) Neither A nor B

A

A program that can capture passwords as you type them is ________. A) a keystroke logger B) data mining software C) Both A and B D) Neither A nor B

A

________ is the general name for proofs of identity in authentication. A) Credentials B) Authorizations C) Certificates D) Signatures

A

_______ are full programs?

worms

How will a stateful packet inspection (SPI) firewall handle a packet containing a TCP SYN segment?

(Process it through the Access Control List (ACL)

In digital certificate authentication, the supplicant encrypts the challenge message with ____________.

the supplicant's private key

Debit card is secure because it requires two credentials for authentication. This is also called ________.

two-factor authentiication

SSL/TLS is used for________.

web applications

In authentication, the _______ is the party trying to prove his or her identity.

Supplicant

Fingerprint scanning may be an acceptable access control method for ordinary laptops.

T

5) Malware is a generic name for evil software.

TRUE

Biometrics is the use of body measurements to authenticate you.

TRUE

The password 7u3aB& is adequately strong.

FALSE

The password velociraptor is adequately strong.

FALSE

Hackers identify possible victim computers by sending ________. A) scouts B) probe packets C) exploits D) Mocking Jays

B

Two-factor authentication usually will work even if the attacker can intercept all authentication communication.

FALSE

How will an SPI firewall handle a packet containing a TCP FIN segment? A) Process it through the ACL. B) Pass it if it is part of an approved connection. C) Both A and B D) Neither A nor B

B

Electronic signatures provide message-by-message ________. A) integrity B) authentication C) Both A and B D) Neither A nor B

B

Firewall log files should be read ________. A) every hour B) every day C) every week D) usually only when a serious attack is suspected

B

Credit card number thieves are called ________. (Pick the most precise answer.) A) numbers racketeers B) fraudsters C) identity thieves D) carders

D

In digital certificate authentication, the verifier gets the key it needs directly from the ________. A) supplicant B) verifier C) true party D) None of the above

D

Malware programs that masquerade as system files are called ________. A) social engineers B) scripts C) payloads D) Trojan horses

D

Mobile code is another name for ________. A) virus B) worm C) Both A and B D) Neither A nor B

D

Passwords are widely used because they ________. A) are demanded by users B) offer strong authentication C) are the only authentication techniques known by most security professionals D) are inexpensive to use

D

CSIRTs should include ________. A) IT personnel B) senior line managers C) Both A and B D) Neither A nor B

D

Prepare2 can be cracked most quickly by a(n) ________. A) authentication attack B) brute-force attack C) dictionary attack D) hybrid dictionary attack

D

In general, people who receive access to a resource should be given maximum permissions so that they can do their jobs with few restrictions.

FALSE

Stateful firewalls are attractive because of their ________. A) high filtering sophistication B) ability to filter complex application content C) QoS guarantees D) low cost

D

The last stage in a hacking attack is ________. A) scanning B) the break-in C) creating a back door D) None of the above

D

Two-factor authentication usually will work ________. A) even if the attacker controls the supplicant's computer B) even if the attacker can intercept all authentication communication C) Both A and B D) Neither A nor B

D

What does a hacker usually do IMMEDIATELY after downloading a hacker toolkit? A) Install a Trojan horse. B) Create a backdoor. C) Execute an exploit. D) None of the above

D

What type of attacker can do the most damage? A) Criminal attackers. B) Hackers driven by curiosity. C) Employees and ex-employees. D) National governments.

D

Which of the following is not one of the four response phases for when attacks occur? A) Detecting the attack. B) Stopping the attack. C) Repairing the damage. D) All of the above are response phases.

D

In identity theft, the attacker steals credit card numbers, which he or she will use to make unauthorized purchases.

FALSE

A firewall drops a packet if it probably is an attack packet.

FALSE

A password that can be broken by a dictionary attack or a dictionary attack in hybrid mode can be adequately strong if it is very long.

FALSE

It is generally illegal to write malware.

F

Scripts are normally bad.

F

Security attempts to eliminate risk.

F

The password R7%t& is adequately strong.

F

Antivirus programs can usually stop directly-propagating worms.

FALSE

Authentication should generally be as strong as possible.

FALSE

Most hackers today are driven by curiosity, a sense of power, and, sometimes, a desire to increase their reputation among peers.

FALSE

With a complex password, adding two characters will require the attacker to make more than 1,000 attempts to crack the password.

FALSE

How will a stateful packet inspection (SPI) firewall handle a packet containing a TCP FIN segment?

Pass it if it is part of an approved connection


Kaugnay na mga set ng pag-aaral

SPCH 1315 Final Exam Blinn Hibbeler

View Set

Part 2 Of Practice Exam For Realestate Module 2

View Set