MIS 170 exam 1
TRUE
A dictionary attack works by hashing all the words in a dictionary then comparing the hashed value with the system password file to discover a match.
FALSE
A port scanner is a software program that enables a computer to monitor and capture network traffic, whether on a LAN or wireless network.
FALSE
A worm is malware that masquerades as a useful program. It uses its outward appearance to trick users into running them. It looks like a programs that perform useful tasks, but actually it hides a malicious code
B
Alice would like to send a message to Bob using a digital signature. What cryptographic key does alice use to create the digital signature? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key
A
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. WHich model fits that scenario? A. Discretionary access control (DAC) B. Mandatory access control (MAC) C. Rule-based access control D. Role-based access control (RBAC)
FALSE
IT security guidelines are short written statements that the people in charge of an organization have set as a course of action or direction. A guideline comes from upper management and applies to the entire organization.
A
Juan's web server was down for an entire day last september. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? A. 96.67% B. 3.33% C. 99.96% D. .04%
TRUE
Kerberos uses both key distribution centers (KDCs) and ticket-granting servers (TGSs) in the authentication and authorization process to provide legitimate users with access to systems appropriate to their authorization level
FALSE
Man-in-the-middle attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
A
Message authentication confirms the identity of the person who started a correspondence.
TRUE
Remote Authentication Dial-In User Service (RADIUS) offers authentication, authorization, and accounting (AAA) services
TRUE
The security kernel provides a central point of access control and implements the reference monitor concept. It mediates all access requests and requests and permits access only when the appropriate rules or conditions are met.
C
Which characteristic of a biometric system measures the system's accuracy using a balance of a different error types? A. False acceptance rate ( FAR) B. False rejection rate (FRR) C. Crossover error rate ( CER) D. Reaction time
C
Which one of the following is not a good technique for performing authentication of an end user? A. Password B. Biometric scan C. Identification number D. Token
TRUE
an alteration threat violates information integrity
TRUE
an internet protocol (IP) stateful firewall is a security appliance that is used to filter IP packets and block unwanted IP, Transmission control Protocol, and user datagram protocol packet types from entering or leaving the network.
TRUE
an intrusion prevention system (IPS) examines internet protocol (IP) data streams for signs of malicious activity and can block those streams identified as malicious. IPSs can end the actual communication session, filter by source IP addresses, and block access to the targeted host.
A
brian notices an attack taking place on his network. when he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging media access control addresses. which type of attack is most likely taking place? A. address resolution protocol (ARP) poisoning B. Internet Protocol IP Spoofing C. URL Hijacking D. Christmas Attack
FALSE
cryptography is the process of transforming data from cleartext to ciphertext
FALSE
flooding attacks, such as smurf and syn flood attacks, attacks use software flaws to crash or seriously hinder the performance of remote servers.
TRUE
in a session hijacking attack, the attacker attempts to take over an existing connection between two network computers.
TRUE
organizations should start defining their IT security policy framework by defining an asset classification policy.
B
rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? A. COnfidentiality B. Integrity C. Availability D. Nonrepudiation
A
to reduce the risk of compromised confidentiality of data transmissions over a wlan, implement encryption between the workstation and wireless access point (WAP).
C
tomahawk industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter the access codes before allowing the system to engage. Which principlpe of security is this following? A. Least privilege B. Security through obscurity C. Need to Know D. Separation of dutuies
D
what type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature? A. RSA B. Decryption C. Encryption D. Hash
D
which mitigation plan is the least appropriate to limit the risk of unauthorized access to workstations? A. Enable Password Protection B. Enable Automatic Screen lockouts C. Disable system administration rights for end user D. Install and update antivirus software
B
which of the following is an example of a hardware security control? A. NTFS permission B. MAC filtering C. ID badge D. Security policy
C
which one of the following is an example of a logical access control? A. key for a lock B. Access card C. Password D. Fence
FALSE
which security model does protect the confidentiality of information? A. BIBA B. Bell-LaPadula C. Brewer and Nash D. Clark-Wilson
D
which term describes an action that can damage or compromise an asset? A. RIsk B. Vulnerability C. Countermeasure D. Threat
D
which type of attack against a web application uses a newly discovered vulnerability that is not patchable? A. SQL Injection B. Cross-Site Scripting C. Cross-Site request forgery D. Zero-day Attack
C
which type of attack involves the creation of some deception in order to trick unsuspecting users? A. Intersection B. INterruption C. Fabrication D. Modification
B
which type of authentication includes smart cards? A. Knowledge B. Ownership C. Location D. Action