ITN 263 Midterm
You are analyzing a risk and have determined that the SLE is $1,000 and the ARO is 5. What is the ALE?
$5,000
When performing a risk assessment, how do you calculate a potential cost/benefit?
(Original ALE - New ALE) - cost of the countermeasure per year
Logging the time a user accessed a particular resource is an example of which of the following?
Accounting
The address range 192.168.0.0-192.168.255.255/16 is an example of which of the following?
Class C
For what reason might you use an optical carrier (OC) line for a VPN rather than the Internet?
High speed
Which of the following is a secure VPN protocol?
IPSec
Which entity is responsible for global coordination of IP addressing?
Internet Assigned Numbers Authority (IANA)
Which IT domain includes demilitarized zones (DMZs) and intrusion detection systems (IDS)?
LAN-to-WAN domain
Which IT domain marks the boundary where the private network meets the public network?
LAN-to-WAN domain
What is accomplished with IP addressing?
Traffic management through routing Traffic filtering
Which of the following is generally not protected by a firewall?
USB flash drive
Which IT domain is most vulnerable to social engineering?
User domain
______ __________ ____________ allows an attacker to eavesdrop on electronic devices from a distance. The technique is ot perfect or simple to perform, but has been demonstrated on LCD and CRT monitorsas well as keyboard cables. With minor shielding, you can eliminate most of the risk from such an attack.
Van Eck Phreaking
What employs routing protocols to exchange information about routes and connected pathways? This information calculates the best path to guide a packet towards its destination.
Router
Uninstalling all unnecessary applications and services on a user system is an example of system hardening. In which IT domain is client system hardening typically applied?
Workstation Domain
Which of the following is an example of multi-factor authentication? choose the best answer.
a bank atm card and a pin number
Which of the following is an example of multi-factor authentication? choose the best answer.
a user accesses the server (login) with a username, password, and RSA token card
which of the following is not true of a secure vpn?
addressing and routing performed within the trusted VPN must be defined after the VPN goes online
Which of the following does not apply to stateful firewalls?
analyzes both static and real-time data
Hardening is the process of reducing the _________ of a potential target by removing unnecessary components and adding protections.
attack surface
What does asymmetric cryptography provide?
authenticity non-repudiation
The principle of least privilege is often a good guideline as to appropriate ___________ settings.
authorization
You are filtering MAC addresses on a switch by blocking only specific IP addresses. What do you use to perform this type of filtering?
black list
What type of attack can result in arbitrary code execution with system-level privileges?
buffer overflow
Which type of backup solution typically stores your data on another organization's hardware, making you dependent on their security, confidentiality assurance, and reliability?
cloud
What is not an example of containment during incident response?
confirming a breach
You have a firewall between a programming group's network and the production network. What is the best option to enable on the firewall to prevent unapproved versions of software from leaking out?
content filtering
What is a feature of hashing?
creates a fixed-length output from a file or message
Which of the following is not a common hacking tool countermeasure?
creating an acceptable user policy
A person receives a phishing e-mail, clicks the link in the e-mail (without understanding the risks), and is directed to a malicious Web site. The site downloads and installs a Trojan horse program and keystroke logger on the user's computer without the user's knowledge. What type of attack has occurred?
cross-site scripting
Which aspect of a VPN prevents others from eavesdropping and observation?
cryptographic functions
Which layer of the OSI reference model manages physical addressing (MAC addresses) and supports the network topology, such as Ethernet?
data link
An IT environment with a bastion host, an intrustion prevention system, and workstation antivirus and firewall software is an example of _____________.
defense in depth
What is a potential disadvantage of online data backups?
dependency on provider's security
When selecting networking equipment, which of the following is not a desirable feature from a security perspective?
easy power switch
Which of the following is a VPN device model that's best suited for business partners?
edge router
What is an advantage of VPN tunnel mode?
encapsulates protocol headers and packet payloads
Which of the following must an administrator organize to ensure follow-through of a new security plan?
end-user training and awareness
What is a benefit of implementing a VPN?
establish remote network access
Who performs penetration testing?
ethical hackers
What does an application proxy do?
examines packet payloads
When performing a risk assessment, what is the amount of potential harm from a threat, expressed as a percentage?
exposure factor (EF)
What is a network component that filters traffic between nodes?
firewall
The best practice of 'use default deny over default permit' can be applied to which of the following system? Choose the best answer.
firewalls
Which of the following attacks must take maximum transmission units (MTUs) into account?
fragmentation
_______________ is the process of securing or locking down a host against threats and attacks.
hardening
A hacker eavesdrops on a session to learn details, such as the addresses of the session endpoints and the sequencing numbers. With this information, the hacker desynchronizes the client, takes on the client's addresses, and then injects crafted packets into the data stream. Which type of attack is being described?
hijacking
Which of the following is a method of trapping hackers and detecting new attacks?
honeypot
What is a type of social engineering technique?
impersonation creating urgency
Which of the following is not a network security management best practice?
implement single-factor authentication
An attack is composed of four packets: A, B, C, and D. The IDS signature is a packet stream of ABCD. The hacker transmits the attack as AXBCYD, where X and Y are invalid packets. The IDS doesn't recognize the pattern, and the target discards X and Y, enabling the ABCD attack to occur. Which type of attack has been described?
insertion
SQL injection is considered to be which type of attack?
insertion
One of the most effective preventative techniques in network security troubleshooting is __________.
installing patches and updates
Encryption is primarily concerned with which of the following primary objective(s)?
integrity and confidentiality
What is a primary benefit of a multi-homed firewall?
isolation of subnets
Which of the following is a problem for static filtering?
large, unordered rule sets
What is the purpose of the post-mortem review after a security assessment?
learn from mistakes
Giving network users enough permissions to do their job is an example of , is an example of __________.
least privilege
An Access Control List (ACL) is an example of which of the following?
logical security
In which type of attack does the hacker fool clients into initiating sessions with the hacker's computer instead of the target server?
man in the middle
A ________ attack occurs when a hacker intervenes in a communication session between a client and a server. The attack usually involves fooling or tricking the client into initiating the session with the hacker's computer instead of with the intended server.
man-in-the-middle
Which layer of the OSI reference model handles logical addressing (IP addresses) and routing traffic?
network
_______ translates internal addresses into external addresses.
network address translation (NAT)
Bus, tree, and mesh are types of __________.
network topologies
What is another form of a honeypot?
padded cell
A security assessment may include which of the following steps?
perform a risk assessment perform penetration testing perform vulnerability scanning
Window locks, door locks, and security cameras are examples of which of the following?
physical security
What can a firewall provide that is a form of static reversal of network translation?
port forwarding
What can a stateful firewall accomplish by filtering network packets?
prevent malware infection
Assigning users, including administrators, only the necessary privileges, access, and permissions to accomplish their assigned work is an example of __________.
principle of least privilege
In asymmetric cryptography, what does a digital signature accomplish?
proves the identity of the sender
Which of the following is generally not a benefit of VPNs?
quality of service
During which phase of the hacking process does footprinting take place?
reconnaissance
What is usually the first activity in the hacking process?
reconnaissance
Which of the following helps avoid single points of failure by building in multiple elements, pathways, or methods of accomplishing mission-critical tasks?
redundancy
_____________ is the act of avoiding single points of failure by building in multiple elements, pathways, or methods of accomplishing each mission-critical task.
redundancy
A hacker captures and retransmits authentication packets against the same server in order to gain interactive or session access to a system. This describes which type of attack?
replay
During which phase of the hacking process does war dialing, war driving, or ping sweeps take place?
scanning
Which of the following is the best reason you might switch from IPv4 to IPv6 as your primary network protocol?
security
Staying offline and only using trusted communication pathways is an example of which of the following?
security through obscurity
Isolating and compartmentalizing administrative privileges, so that no single administrator has full or total power over the entire environment, is an example of __________.
separation of duties
Any host that uses TCP/IP without encryption is vulnerable to ____________.
session hijacking
When selecting a strong symmetric cryptography algorithm, which of the following is not a desirable feature?
short key length
Which of the following could compromise network security?
simplify by assigning maximum required permissions
Which type of VPN architecture supports secure connections between LANs over intermediary public networks?
site-to-site
A hacker posing as a contract IT consultant tricks an employee into stating his network user name and password. Which type of attack is being described?
social engineering
Which firewall is able to protect only a single host from malicious network activity?
software
Using a fingerprint to unlock a workstation is an example of which of the following?
something you are
Which of the following is a common drawback of VPNs?
speed
What type of firewall keeps track of state tables to filter network traffic?
stateful packet inspection
Which of the following is not a common VPN device model?
switch
From the perspective of a hacker, what is a primary difference between wired and wireless networks?
the hacker doesn't have to be physically close to a wireless network to launch an attack
From the perspective of computers and networks, _________ is confidence that other users will act in accordance with your organization's security rules.
trust
A _________ is any segment, subnet, network, or collection of networks that represent a certain level of risk.
zone of risk
When performing a risk assessment, what is the amount of potential loss that can be experienced due to any compromise of an asset for a specific threat within a year?
Annualized loss expectancy (ALE)
What is defined as any device on a network, even those without an IP address?
Node
Why might you develop an acceptable use policy?
to establish network usage rules
Which of the following is a typical function of a network firewall?
traffic filtering
Which of the following is effective against traffic generation DoS attacks?
traffic filtering
A ________ is a mechanism of distribution or delivery more than a specific type of malware.
trojan
