MIS585 Module 6-9

What is a virtual firewall? a. A firewall that runs in the cloud b. A firewall that runs in an endpoint virtual machine c. A firewall that blocks only incoming traffic d. A firewall appliance that runs on a LAN

a. A firewall that runs in the cloud A virtual firewall is one that runs in the cloud. Virtual firewalls are designed for settings, such as public cloud environments, in which deploying an appliance firewall would be difficult or even impossible.

In which of the following configurations are all the load balancers always active? a. Active-active b. Active-passive c. Passive-active-passive d. Active-load-passive-load

a. Active-active In an active-active configuration, all load balancers are always active. Network traffic is combined, and the load balancers then work together as a team.

What is the name of the device protected by a digital certificate? a. CN b. TLXS c. RCR d. V2X2

a. CN The common name (CN) is the name of the device protected by the digital certificate. The CN can be a single device (www.example.com) or a wildcard certificate (*.example.com) but is not the URL (https://example.com).

Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged? a. CTR b. CN c. CD d. CXL

a. CTR Counter (CTR) mode requires that both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged. The weakness of CTR is that it requires a synchronous counter for both the sender and receiver.

Which of the following is not to be decrypted but is only used for comparison purposes? a. Digest b. Key c. Stream d. Algorithm

a. Digest

How is confidentiality achieved through IPsec? a. ESP b. AHA c. ISAKMP d. AuthX

a. ESP Encapsulating Security Payload (ESP) is an IPsec protocol that encrypts packets.

Which of the following functions does a network hardware security module NOT perform? a. Fingerprint authentication b. Key management c. Key exchange d. Random number generator

a. Fingerprint authentication A network HSM does not perform authentication

Which device intercepts internal user requests and then processes those requests on behalf of the users? a. Forward proxy server b. Reverse proxy server c. Host detection server d. Intrusion prevention device

a. Forward proxy server A forward proxy is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.

Which of the following contains honeyfiles and fake telemetry? a. High-interaction honeypot b. Attacker-interaction honeypot c. Honeypotnet d. Honeyserver

a. High-interaction honeypot A high-interaction honeypot is designed for capturing much more information from the threat actor. Usually, it is configured with a default login and loaded with software, data files that appear to be authentic but are actually imitations of real data files (honeyfiles), and fake telemetry.

How does BPDU guard provide protection? a. It detects when a BPDU is received from an endpoint. b. It sends BPDU updates to all routers. c. BPDUs are encrypted so that attackers cannot see their contents. d. All firewalls are configured to let BPDUs pass to the external network

a. It detects when a BPDU is received from an endpoint.

Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use? a. Masking b. Tokenization c. Data Object Obfuscation (DOO) d. PII Hiding

a. Masking When the data is used only for testing purposes, such as determining if a new app functions properly, masking may be used. Data masking involves creating a copy of the original data but obfuscating (making unintelligible) any sensitive elements such as a user's name or Social Security number.

Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use? a. Only use compiled and not interpreted Python code. b. Use the latest version of Python. c. Use caution when formatting strings. d. Download only vetted libraries

a. Only use compiled and not interpreted Python code. Using compiled Python will not impact its vulnerabilities.

What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption? a. .P7B b. .cer c. .P12 d. .xdr

a. P7B Cryptographic Message Syntax Standard with an extension of .P7B defines a generic syntax for defining digital signature and encryption.

What is data called that is to be encrypted by inputting it into a cryptographic algorithm? a. Plaintext b. Byte-text c. Cleartext d. Ciphertext

a. Plaintext

Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this? a. Stateful packet filtering b. Connection-aware firewall c. Proxy firewall d. Packet filtering firewall

a. Stateful packet filtering Stateful packet filtering uses both the firewall rules and the state of the connection: that is, whether the internal device requested each packet. A stateful packet filtering firewall keeps a record of the state of a connection between an internal endpoint and an external device.

Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior? a. Tcpreplay b. Tcpdump c. Wireshark d. Packetdump

a. Tcpreplay Tcpreplay is a tool for editing packets and then "replaying" the packets back onto the network to observe their behavior.

What is the result of an ARP poisoning attack? a. The ARP cache is compromised. b. Users cannot reach a DNS server. c. MAC addresses are altered. d. An internal DNS must be used instead of an external DNS.

a. The ARP cache is compromised. Threat actors take advantage of a MAC address stored in a software ARP cache to compromise the data so that an IP address points to a different device. This attack is known as ARP poisoning.

What is Bash? a. The command-language interpreter for Linux/ UNIX OSs b. The open source scripting language that contains many vulnerabilities c. A substitute for SSH d. The underlying platform on which macOS is built

a. The command-language interpreter for Linux/UNIX OSs Bash is the command language interpreter for Linux/UNIX.

What is a collision? a. Two files produce the same digest. b. Two ciphertexts have the same length. c. Two algorithms have the same key. d. Two keys are the same length.

a. Two files produce the same digest.

Which of the following is NOT a firewall rule parameter? a. Visibility b. Time c. Context d. Action

a. Visibility There is no visibility firewall parameter.

Which of these is the strongest symmetric cryptographic algorithm? a. Data Encryption Standard b. Advanced Encryption Standard c. Triple Data Encryption Standard d. RC 1

b. Advanced Encryption Standard

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? a. Alice's private key b. Alice's public key c. Bob's public key d. Bob's private key

b. Alice's public key

Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond? a. RSA has no known weaknesses. b. As computers become more powerful, the ability to compute factoring has increased. c. RSA weaknesses are based on ECC. d. The digest produced by the RSA algorithm is too short to be secure.

b. As computers become more powerful, the ability to compute factoring has increased.

What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection? a. Electronic Code Book (ECB) repositories b. Certificate attributes c. CTR d. PFX

b. Certificate attributes There are several different certificate attributes that make up an X.509 digital certificate. These attributes are used when the parties negotiate a secure connection.

Which of these is NOT a characteristic of a secure hash algorithm? a. The results of a hash function should not be reversed. b. Collisions should occur no more than 15 percent of the time. c. A message cannot be produced from a predefined hash. d. The hash should always be the same fixed size.

b. Collisions should occur no more than 15 percent of the time.

What entity calls in crypto modules to perform cryptographic tasks? a. Certificate Authority (CA) b. Crypto service provider c. Intermediate CA d. OCSP

b. Crypto service provider A crypto service provider allows an application to implement an encryption algorithm for execution. Typically, crypto service providers implement cryptographic algorithms, generate keys, provide key storage, and authenticate users by calling various crypto modules to perform the specific tasks.

Tomaso is explaining to a colleague the different types of DNS attacks. Which DNS attack would only impact a single user? a. DNS hijack attack b. DNS poisoning attack c. DNS overflow attack d. DNS resource attack

b. DNS poisoning attackIn a DNS poisoning attack, the local HOSTS file contains an entry to a malicious DNS server. This allows the threat actor to control all websites that a user attempts to visit.

Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider? a. DDoS Prevention System (DPS) b. DNS sinkhole c. MAC pit d. IP denier

b. DNS sinkhole A DNS sinkhole changes a normal DNS request to a pre-configured IP address that points to a firewall that has a rule of Deny set for all packets so that every packet is dropped with no return information provided to the sender. DNS sinkholes are commonly used to counteract DDoS attacks. Many enterprises contract with a DDoS mitigation service that helps identify DDoS traffic so that it is sent to a sinkhole while allowing legitimate traffic to reach its destination.

Which of these is NOT used in scheduling a load balancer? a. The IP address of the destination packet b. Data within the application message itself c. Round-robin d. Affinity

b. Data within the application message itself A load balancer does not consider the contents of the payload in scheduling.

What is the difference between a DoS and a DDoS attack? a. DoS attacks are faster than DDoS attacks. b. DoS attacks use fewer computers than DDoS attacks. c. DoS attacks do not use DNS servers as DDoS attacks do. d. DoS attacks use more memory than DDoS attacks

b. DoS attacks use fewer computers than DDoS attacks. DoS attacks today are distributed denial of service (DDoS) attacks: instead of only one source making a bogus request, a DDoS involves hundreds, thousands, or even millions of sources producing a torrent of fake requests.

Which of these provides cryptographic services and is external to the device? a. Trusted Platform Module (TPM) b. Hardware Security Module (HSM) c. Self-encrypting hard disk drives (SED) d. Encrypted hardware-based USB devices

b. Hardware Security Module (HSM)

Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect? a. Web server buffer and host DNS server b. Reply referrer and domain buffer c. Web browser and browser add-on d. Host table and external DNS server

b. Host table and external DNS server DNS poisoning modifies a local lookup table on a device to point to a different domain. DNS hijacking is intended to infect an external DNS server with IP addresses that point to malicious sites.

Which of the following is FALSE about "security through obscurity"? a. It attempts to hide its existence from outsiders. b. It can only provide limited security. c. It is essentially impossible. d. Proprietary cryptographic algorithms are an example.

b. It can only provide limited security

Which of the following is NOT correct about L2TP? a. It is used as a VPN protocol. b. It must be used on HTML 5 compliant devices. c. It does not offer encryption. d. It is paired with IPsec.

b. It must be used on HTML5 compliant devices. L2TP does not have to be used in conjunction with HTML5.

Which refers to a situation in which keys are managed by a third party, such as a trusted CA? a. Key authorization b. Key escrow c. Remote key administration d. Trusted key authority

b. Key escrow Key escrow refers to a process in which keys are managed by a third party, such as a trusted CA. In key escrow, the private key is split and each half is encrypted. The two halves are registered and sent to the third party, which stores each half in a separate location.

Which attack intercepts communications between a web browser and the underlying OS? a. Interception b. Man-in-the-browser (MITB) c. DIG d. ARP poisoning

b. Man-in-the-browser (MITB) Like an MITM attack, a man-in-the-browser (MITB) attack intercepts communication between parties to steal or manipulate the data. Whereas an MITM attack occurs between two endpoints—such as between two user laptops or a user's computer and a web server—an MITB attack occurs between a browser and the underlying computer. Specifically, an MITB attack seeks to intercept and then manipulate the communication between the web browser and the security mechanisms of the computer.

Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as? a. Repudiation b. Nonrepudiation c. Obfuscation d. Integrity

b. Nonrepudiation

Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need? a. Content/URL filtering firewall b. Policy-based firewall c. Hardware firewall d. Proprietary firewall

b. Policy-based firewall A more flexible type of firewall than a rule-based firewall is a policy-based firewall. This type of firewall allows for more generic statements to be used instead of specific rules.

Which of the following sensors can detect an object that enters the sensor's field? a. Proximity b. Field detection c. IR verification d. Object recognition

b. Proximity A sensor that detects the presence of an object ("target") when the target enters the sensor's field. Depending on the type of proximity sensor, sound, light, infrared radiation (IR), or electromagnetic fields may be utilized by the sensor to detect a target.

Who verifies the authenticity of a CSR? a. Certificate signatory b. Registration authority c. Certificate authority d. Signature authority

b. Registration authority A user electronically signs the CSR by affixing her public key and then sends it to a registration authority that is responsible for verifying the credentials of the applicant.

Which of the following is NOT a symmetric cryptographic algorithm? a. DES b. SHA c. Blowfish d. 3DES

b. SHA

Which is a protocol for securely accessing a remote computer in order to issue a command? a. Transport Layer Security (TLS) b. Secure Shell (SSH) c. Secure Sockets Layer (SSL) d. Secure Hypertext Transport Protocol (SHTTP)

b. Secure Shell (SSH) Secure Shell (SSH) is an encrypted alternative to the Telnet protocol that is used to access remote computers. SSH is a Linux/UNIX-based command interface and protocol for securely accessing a remote computer.

Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose? a. Narrow tunnel b. Split tunnel c. Full tunnel d. Wide tunnel

b. Split tunnel Not all traffic—such as web surfing or reading personal email—needs to be protected through a VPN. In this case, a split tunnel, or routing only some traffic over the secure VPN while other traffic directly accesses the Internet, may be used instead. This can help to preserve bandwidth and reduce the load on the VPN concentrator.

What is low latency? a. A low-power source requirement of a sensor. b. The time between when a byte is input into a cryptographic cipher and when the output is obtained. c. The requirements for an IoT device that is using a specific network. d. The delay between when a substitution cipher decrypts the first block and when it finishes with the last block

b. The time between when a byte is input into a cryptographic cipher and when the output is obtained.

Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide? a. Verify the sender b. Verify the receiver c. Prove the integrity of the message d. Enforce nonrepudiation

b. Verify the receiver

Which utility sends custom TCP/IP packets? a. curl b. hping c. shape d. pingpacket

b. hping Hping sends custom TCP/IP packets.

What are public key systems that generate different random public keys for each session? a. Public Key Exchange (PKE) b. perfect forward secrecy c. Elliptic Curve Diffie-Hellman (ECDH) d. Diffie-Hellman (DH)

b. perfect forward secrecy

Which type of monitoring methodology looks for statistical deviations from a baseline? a. Behavioral monitoring b. Signature-based monitoring c. Anomaly monitoring d. Heuristic monitoring

c. Anomaly monitoring Anomaly monitoring is designed for detecting statistical anomalies.

Which of the following is NOT a means by which a newly approved root digital certificate is distributed? a. Pinning b. OS updates c. Application updates d. Web browser updates

c. Application updates Updates to applications cannot contain root digital certificates.

Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this? a. Deprecation attack b. Pullback attack c. Downgrade attack d. Obfuscation attack

c. Downgrade attack

Which of the following is NOT a reason that threat actors use PowerShell for attacks? a. It cannot be detected by antimalware running on the computer. b. It leaves behind no evidence on a hard drive. c. It can be invoked prior to system boot. d. Most applications flag it as a trusted application

c. It can be invoked prior to system boot. PowerShell is not invoked prior to system boot

Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)? a. It provides cryptographic services in hardware instead of software. b. It can generate asymmetric cryptographic public and private keys. c. It can easily be transported to another computer. d. It includes a pseudorandom number generator (PRNG).

c. It can easily be transported to another computer.

Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this? a. MAC spoofing attack b. MAC cloning attack c. MAC flooding attack d. MAC overflow attack

c. MAC flooding attack A threat actor will overflow the switch with Ethernet packets that have been spoofed so that every packet contains a different source MAC address, each appearing to come from a different endpoint. This can quickly consume all the memory (called the content addressable memory or CAM) for the MAC address table. Once the MAC address table is full and is unable to store any additional MAC address, the switch enters a fail-open mode and functions like a network hub, broadcasting frames to all ports

Elton needs his application to perform a realtime lookup of a digital certificate's status. Which technology would he use? a. Certificate Revocation List (CRL) b. Real-Time CA Verification (RTCAV) c. Online Certificate Status Protocol (OCSP) d. Staple

c. Online Certificate Status Protocol (OCSP) Online Certificate Status Protocol (OCSP) performs a real-time lookup of a certificate's status. OCSP is called a request-response protocol. The browser sends the certificate's information to a trusted entity like the CA, known as an OCSP Responder. The OCSP Responder then provides revocation information on that one specific certificate.

Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this? a. XOR b. XAND13 c. ROT13 d. Alphabetic

c. ROT13

Which of these is NOT a basic security protection for information that cryptography can provide? a. Integrity b. Authenticity c. Risk d. Confidentiality

c. Risk

Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest? a. SHA-256 b. MD5 c. SHA3-512 d. SHA6-6

c. SHA3-512

_________________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Digital digests b. Encrypted signatures c. Session keys d. Digital certificates

c. Session keys The master secret is used to create session keys, which are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.

Which of the following hides the existence of information? a. Encryption b. Decryption c. Steganography d. Ciphering

c. Steganography

Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say? a. The users' symmetric key with the public key b. The users' public key with their private key c. The users' identity with their public key d. A private key with a digital signature

c. The user's identity with their public key A digital certificate is a technology used to associate a user's identity to a public key and that has been digitally signed by a trusted third party

What is the purpose of certificate chaining? a. To ensure that a web browser has the latest root certificate updates b. To look up the name of intermediate RA c. To group and verify digital certificates d. To hash the private key

c. To group and verify digital certificates Grouping and verifying digital certificates relies on certificate chaining. Certificate chaining creates a path between the trusted root CAs (of which there are a few) and intermediate CAs (of which there are many) with the digital certificates that have been issued.

Which of the following can a digital certificate NOT be used for? a. To encrypt messages for secure email communications b. To encrypt channels to provide secure communication between clients and servers c. To verify the authenticity of the CA d. To verify the identity of clients and servers on the web

c. To verify the authenticity of the CA A digital certificate does not verify the authenticity of a CA; rather, a CA verifies the authenticity of a user.

Which of the following is NOT a Microsoft defense against macros? a. Protected View b. Trusted documents c. Trusted domain d. Trusted location

c. Trusted domain This is fictitious and does not exist.

Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing? a. Dual observation protocol (DOP) b. Compromise mitigation assessment (CMA) c. Two-person integrity/control d. Multiplayer recognition

c. Two-person integrity/control Using two security guards is called two-person integrity/control.

Which of these appliances provides the broadest protection by combining several security functions? a. NAT b. WAF c. UTM d. NGFW

c. UTM Unified threat management (UTM) is a device that combines several security functions. These include packet filtering, antispam, antiphishing, antispyware, encryption, intrusion protection, and web filtering.

Which of the following is NOT a NAC option when it detects a vulnerable endpoint? a. Deny access to the network. b. Give restricted access to the network. c. Update Active Directory to indicate the device is vulnerable. d. Connect to a quarantine network

c. Update Active Directory to indicate the device is vulnerable. NAC does not update Active Directory.

Which is an IPsec protocol that authenticates that packets received were sent from the source? a. PXP b. DER c. CER d. AH

d. AH IPsec authenticates that packets received were sent from the source. This is identified in the header of the packet to ensure that no specific attacks took place to alter the contents of the packet. This is accomplished by the Authentication Header (AH) protocol.

Which firewall rule action implicitly denies all other traffic unless explicitly allowed? a. Force Allow b. Force Deny c. Bypass d. Allow

d. Allow Allow implicitly denies all other traffic unless explicitly allowed.

A centralized directory of digital certificates is called a(n) _________________. a. Digital signature permitted authorization (DSPA) b. Authorized digital signature (ADS) c. Digital signature approval list (DSAP) d. Certificate repository (CR)

d. Certificate repository (CR) A certificate repository (CR) is a publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate. This directory can be managed locally by setting it up as a storage area that is connected to the CA server.

Which of the following does NOT describe an area that separates threat actors from defenders? a. DMZ b. Air gap c. Secure area d. Containment space

d. Containment space This is fictitious and does not exist.

What is the strongest technology that would assure Alice that Bob is the sender of a message? a. Digital signature b. Encrypted signature c. Digest d. Digital certificate

d. Digital certificate A digital certificate is a technology used to associate a user's identity to a public key that has been digitally signed by a trusted third party. This third party verifies the owner and that the public key belongs to that owner.

Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need? a. Website validation b. Root c. Extended validation d. Domain validation

d. Domain validation A domain validation digital certificate is a certificate that only verifies the identity of the entity that has control over the domain name

Which statement regarding a demilitarized zone (DMZ) is NOT true? a. It can be configured to have one or two firewalls. b. It typically includes an email or web server. c. It provides an extra degree of security. d. It contains servers that are used only by internal network users.

d. It contains servers that are used only by internal network users. It contains servers that are used only by external and not internal network users.

Which of the following is NOT true about VBA? a. It is commonly used to create macros. b. It is built into most Microsoft Office applications. c. It is included in select non-Microsoft products. d. It is being phased out and replaced by PowerShell.

d. It is being phased out and replaced by PowerShell. VBA is not being phased out.

Which of the following is not a basic configuration management tool? a. Baseline configuration b. Standard naming convention c. Diagrams d. MAC address schema

d. MAC address schema An Internet Protocol schema (not a MAC address schema) is a standard guide for assigning IP addresses to devices. This makes it easier to set up and troubleshoot devices and helps to eliminate overlapping or duplicate subnets and IP address device assignments, avoid unnecessary complexity, and not waste IP address space.

Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack? a. Network b. Application c. IoT d. Operational Technology

d. Operational Technology An Operational Technology attack uses endpoints that can be programmed and have an IP address.

Which is the first step in a key exchange? a. The browser generates a random value ("pre-master secret"). b. The web server sends a message ("ServerHello") to the client. c. The web browser verifies the server certificate. d. The web browser sends a message ("ClientHello") to the server

d. The web browser sends a message ("ClientHello") to the server. The web browser sends a message ("ClientHello") to the server that contains information including the list of cryptographic algorithms that the client supports.

Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use? a. head b. show c. display d. cat

d. cat Cat will display an entire file in Linux.

Which of the following is a third-party OS penetration testing tool? a. theHarvester b. scanless c. Nessus d. sn1per

d. sn1per This is the tool for penetration testing that is a third-party tool.

Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use? a. tracepacket b. trace c. tracert d. traceroute

d. traceroute Traceroute is the Linux utility that would provide these details.