Network Security Chp 9, 10, 11
What file type is least likely to be impacted by a file infector virus?
.docx
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?
25
What is the maximum value for any octet in an IPv4 IP address?
255
What ISO security standard can help guide the creation of an organization's security policy?
27002
Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow?
3389
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?
443
What is NOT a valid encryption key length for use with the Blowfish algorithm?
512 bits
Which of the following is true regarding comments in the Certificate Creation Wizard?
A comment will be visible to the receiver.
To complete the creation of a key, what do you need to enter in the pinentry dialog box?
A passphrase, or password
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
Alice's private key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alice's public key
1 pts Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?
Application proxying
When malware slows performance, which of the following tenets of information system security is impacted?
Availability
Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?
Bob's public key
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?
Captive portal
In Kleopatra, each new certificate is created with no expiration (valid until) date, but you can set an expiration date in the:
Certificate Details screen.
Which information security objective allows trusted entities to endorse information?
Certification
What must you do to any certificate imported into Kleopatra before you can use it to decrypt messages?
Change the trust level
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?
Chosen plaintext
How can you verify that the integrity of encrypted files is maintained during the transmission to another user's computer?
Compare the decrypted file's contents with the contents of the original file.
Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?
Confidentiality
When malware grants unauthorized access to the compromised machine and network, which of the following tenets of information system security is impacted?
Confidentiality
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Cross-site scripting (XSS)
Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input?
Cross-site scripting (XSS)
What program, released in 2013, is an example of ransomware?
Crypt0L0cker
Which of the following is a tool left intentionally vulnerable to aid security professionals in learning about web security?
Damn Vulnerable Web Application
What is NOT one of the four main purposes of an attack?
Data import
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?
Decryption
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
What protocol is responsible for assigning IP addresses to hosts on most networks?
Dynamic Host Configuration Protocol (DHCP)
What mathematical problem forms the basis of most modern cryptographic algorithms?
Factoring large primes
1 pts The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.
False
A border router can provide enhanced features to internal networks and help keep subnet traffic separate.
False
A digitized signature is a combination of a strong hash of a message and a secret key.
False
A packet-filtering firewall remembers information about the status of a network communication.
False
A private key cipher is also called an asymmetric key cipher.
False
A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
False
A subnet mask is a partition of a network based on IP addresses.
False
A worm is a self-contained program that has to trick users into running it.
False
Another name for a border firewall is a DMZ firewall.
False
Cryptographic key distribution is typically done by phone.
False
IP addresses are eight-byte addresses that uniquely identify every device on the network.
False
Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.
False
In a known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.
False
Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
False
Product cipher is an encryption algorithm that has no corresponding decryption algorithm.
False
Retro viruses counter the ability of antivirus programs to detect changes in infected files.
False
Spyware does NOT use cookies.
False
System infectors are viruses that attack document files containing embedded macro programming capabilities.
False
The SSH protocol allows the transmission of clear text data but offers less security than Telnet.
False
The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.
False
The reconnaissance phase involves remotely controlling a victim's server.
False
The term certificate authority (CA) refers to a trusted repository of all public keys.
False
Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocols.
False
You must always use the same algorithm to encrypt information and decrypt the same information.
False
What is NOT a common motivation for attackers?
Fear
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?
Fibre Channel over Ethernet (FCoE)
What type of firewall security feature limits the volume of traffic from individual hosts?
Flood guard
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?
Hash
What type of system is intentionally exposed to attackers in an attempt to lure them out?
Honeypot
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?
Hub
When is the company under additional compliance laws and standards to ensure the confidentiality of customer data?
If e-commerce or privacy data is entered into the web application
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
Integrity
When malware is able to steal and modify data, which of the following tenets of information system security is impacted?
Integrity
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?
Internet Control Message Protocol (ICMP)
Which of the following helps secure the perimeter of a network?
Intrusion prevention systems
Which of the following statements is true regarding the hybrid approach to encryption?
It provides the same full C-I-A protection as asymmetrical encryption with nearly the same speed as symmetrical encryption.
What is the certificate management component of GPG4Win?
Kleopatra
When the key is successfully created, which of the following options sends a copy of your private key to your computer?
Make a Backup Of Your Key Pair
__________ consists of unwanted programs like Trojans and viruses.
Malware
Which of the following is a security countermeasure that could be used to protect your production SQL databases against injection attacks?
Monitor your SQL databases for unauthorized or abnormal SQL injections.
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?
Nmap
If someone sends you his public key and you import it into Kleopatra, will he be able to decrypt the encrypted messages you send him?
No because you must provide your public key to any user wanting to decrypt any message encrypted by you.
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?
Nonrepudiation
Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?
Online Certificate Status Protocol (OCSP)
How can you ensure the confidentiality, integrity, and availability (CIA) of the web application and service?
Penetration testing
Which of the following should be performed on a regular schedule and whenever the web application and service is modified?
Penetration testing
Which type of attack is triggered by the victim?
Persistent cross-site scripting attack
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?
Polymorphic virus
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?
Presentation
Which approach to cryptography provides the strongest theoretical protection?
Quantum cryptography
What type of malicious software allows an attacker to remotely control a compromised computer?
Remote Access Tool (RAT)
How do you encrypt a text message using the keys you created in the lab?
Right-click the file and select Sign and Encrypt from the context menu.
What is NOT a symmetric encryption algorithm?
Rivest-Shamir-Adelman (RSA)
Which of the following allows valid SQL commands to run within a web form?
SQL Injection
Which Web application attack is more likely to extract privacy data elements out of a database?
SQL Injection attack
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?
SQL injection
What firewall approach is shown in the figure?
Screened subnet
When the key is successfully created, which of the following options creates a new e-mail and automatically attaches your public key certificate?
Send Certificate By EMail
Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Session hijacking
In the lab, what did you do before attempting the script tests that exposed the vulnerabilities?
Set the security level of DVWA to low.
Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?
Smurf
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
Spear phishing
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?
Switch
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, stream, substitution
Which type of virus targets computer hardware and software startup functions?
System infector
In the SSL/TLS handshake process, first the client issues a request for a session and then the server sends a certificate containing the public key. What is the next step?
The client authenticates the certificate.
Which of the following statements is true regarding asymmetrical encryption?
The receiver obtains the needed key from the sender or through a trusted third party, such as a certificate server.
Which of the following statements is true regarding symmetric cryptography?
The sender and receiver use the same key to encrypt and decrypt a given message.
Which of the following statements is true regarding SQL Injection attacks?
Their likelihood can be reduced through regular testing.
Which of the following statements is true regarding cross-site scripting (XSS) attacks?
They are one of the most common web attacks.
Why do hackers often send zipped and encrypted files and attachments?
They cannot be opened by antivirus software and so they will often reach the recipient.
Which of the following Web forms can be exploited to output passwords, credit card information, and other data?
Those that are poorly designed
Which type of cipher works by rearranging the characters in a message?
Transposition
A __________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door," allowing additional hack tools and access to the system.
Trojan
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?
Trojan horse
A computer virus is an executable program that attaches to, or infects, other executable programs.
True
A firewall is a basic network security defense tool.
True
A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.
True
A network attacker wants to know IP addresses used on a network, remote access procedures, and weaknesses in network systems.
True
A network protocol governs how networking equipment interacts to deliver data across the network.
True
A person demonstrates anonymity when posting information to a web discussion site without authorities knowing who he or she is.
True
A physical courier delivering an asymmetric key is an example of in-band key exchange.
True
A salt value is a set of random characters you can combine with an actual input key to create the encryption key.
True
A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks.
True
A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources.
True
A wireless access point (WAP) is the connection between a wired and wireless network.
True
ActiveX is used by developers to create active content.
True
An algorithm is a repeatable process that produces the same result when it receives the same input.
True
An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage.
True
Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
True
Backdoor programs are typically more dangerous than computer viruses.
True
Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.
True
Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.
True
Digital signatures require asymmetric key cryptography.
True
In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.
True
In symmetric encryption, the same key encrypts and decrypts the message.
True
Integrity-checking tools use cryptographic methods to make sure nothing and no one has modified the software.
True
Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer.
True
It is common for rootkits to modify parts of the operating system to conceal traces of their presence.
True
Malware can reduce productivity and performance in an organization.
True
Message authentication confirms the identity of the person who started a correspondence.
True
Network access control (NAC) works on wired and wireless networks.
True
TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model.
True
The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).
True
The Diffie-Hellman (DHE) algorithm is the basis for several common key exchange protocols, including Diffie-Hellman in Ephemeral mode (DHE) and Elliptic Curve DHE (ECDHE).
True
The OSI Reference Model is a theoretical model of networking with interchangeable layers.
True
The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.
True
The financial industry created the ANSI X9.17 standard to define key management procedures.
True
The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.
True
The goal of a command injection is to execute commands on a host operating system.
True
The hash message authentication code (HMAC) is a hash function that uses a key to create a hash, or message digest.
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
True
The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.
True
The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.
True
Unlike viruses, worms do NOT require a host program in order to survive and replicate.
True
What is NOT an effective key distribution method for plaintext encryption keys?
Unencrypted email
What is NOT a typical sign of virus activity on a system?
Unexpected power failures
When the key is successfully created, which of the following options lets you store your certificate on a public Internet server?
Upload Certificate To Directory Service
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?
VPN concentrator
What is the only unbreakable cipher when it is used properly?
Vernam
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
Virtual LAN (VLAN)
The ___________ is a quarantine area where all removed files, virus infected or suspicious, are stored until you take action on them.
Virus Vault
The main purpose of the __________ is to keep any deleted file for a certain period of time, so that you can make sure you do not need the file any more.
Virus Vault
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?
Whitelisting
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois
Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?
Wi-Fi
What type of network connects systems over the largest geographic area?
Wide area network (WAN)
The __________ is a personal firewall that filters incoming and outgoing traffic by blocking unauthorized traffic to the local computer.
Windows Firewall with Advanced Security
What standard is NOT secure and should never be used on modern wireless networks?
Wired Equivalent Privacy (WEP)
What wireless security technology contains significant flaws and should never be used?
Wired Equivalent Privacy (WEP)
What is NOT a service commonly offered by unified threat management (UTM) devices?
Wireless network access
If you and another person want to encrypt messages, what should you provide that person with?
Your public key
What do others need to decrypt files that you have encrypted with your private key?
Your public key
Each time a key pair is created, Kleopatra generates:
a unique 40-character fingerprint.
Keys are also referred to as:
certificates
Hackers use __________ to execute arbitrary scripts through the web browser.
cross-site scripting (XSS)
To ensure you have coverage on the most recent malware and malicious software, it is recommended that you update your anti-virus signature files __________ prior to performing a system scan.
daily
The main principle of __________ is to build layers of redundant and complementary security tools, policies, controls, and practices around the organization's information and assets.
defense in depth
The primary assumption of __________ is that no one single tool or practice will completely deter a resolved attacker.
defense in depth
Database developers and administrators are responsible for:
ensuring regular backups of the database are performed.
Unless stringent security is mandated by policy, the security practitioner must always balance security with:
functionality and user adoption.
What file extension does Kleopatra add to an encrypted file?
gpg
Often hackers will use __________ to make the scripts even harder to detect.
hexadecimal character strings
Some of the more important __________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management.
host-based security measures
No security program is complete without:
host-based security measures.
Signs of __________ include degraded system performance, unusual services and network traffic, altered or removed system logs, missing or inactive anti-virus, and any number of application anomalies.
malware
In a __________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen.
non-persistent cross-site scripting
Cryptography takes human readable information and makes it unreadable "cipher text" which can only be read if:
one possesses the correct key.
No production web application, whether it resides inside or outside of the firewall, should be implemented without:
penetration testing and security hardening.
Web application firewalls, security information and event management systems, access controls, network security monitoring, and change controls help to keep the "soft center" from becoming an easy target when the __________ fails.
perimeter
In a __________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server.
persistent cross-site scripting
Users often complain that __________ make their systems "slow" and hard to use.
security measure
Web application developers and software developers are responsible for:
the secure coding and testing of their application.
A standard __________ is a program that will spread from one computer to another in any variety of means, taking advantage of application or OS vulnerabilities to propagate further and will generally try to stay undetected.
virus