BISM 2600 Ch 2 and 3 test

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which layer(s) of the hybrid TCP/IP—OSI standards architecture normally use(s) OSI standards?

Data link

Which of the following can spread more rapidly?

Directly-propagating worms.

________ is the reestablishment of information technology operations after a disaster.

Disaster recovery

________ is placing a message in the data field of another message.

Encapsulation

B7-22-DD-6F-C8-AB is an ________ address.

Ethernet

The side wishing to close a TCP segment sends a(n) ________ segment.

FIN

A compromise is an attempted attack.

False

A corporate network can use either OSI standards at all layers or TCP/IP standards at all layers, but cannot use OSI standards at some layers and TCP/IP standards at other layers.

False

A password that can be broken by a dictionary attack or a dictionary attack in hybrid mode can be adequately strong if it is very long.

False

Antivirus programs can usually stop directly-propagating worms.

False

Binary counting usually begins at 1.

False

Firewalls can usually stop viruses.

False

Hacking is defined as intentionally using a computer resource without authorization.

False

IP is reliable.

False

If you have a field with N bits, you can represent N2 items.

False

In HTTP, a server may initiate an interaction with the client.

False

In HTTP, most response message header fields consist of a keyword, an equal sign, and the value for the keyword.

False

In identity theft, the attacker steals credit card numbers, which he or she will use to make unauthorized purchases.

False

It is still hacking if a person breaks into a computer accidentally.

False

Messages always have data fields.

False

Most hackers today are driven by curiosity, a sense of power, and, sometimes, a desire to increase their reputation among peers.

False

Most or all messages have trailers.

False

Nearly all application standards are simple, like HTTP.

False

Passwords are widely used because they offer very strong authentication.

False

Scripts are normally bad.

False

The application layer standard always is HTTP.

False

The goal of security is to eliminate risk.

False

The last stage in a hacking attack is the break-in.

False

Universal malware requires a vulnerability to succeed.

False

In general, people who receive access to a resource should be given maximum permissions so that they can do their jobs with few restrictions.

False.

Which of the following can thwart directly-propagating worms?

Firewalls

________ is lying to get victims to do something against their financial self interest.

Fraud

Which of the following is true?

Guidelines must be considered.

Which of the following is the standards agency for TCP/IP?

IETF.

217.42.18.248 is an ________ address

IP

Which of the following is a standard?

IP

Hackers send probe packets to identify ________.

IP addresses with active hosts and hosts running certain applications

Which has stronger security?

IPsec.

What are the most dangerous types of employees?

IT and IT security staff members.

CSIRTs should include ________.

IT personnel and Senior Managers

Which of the following is a standards agency for OSI?

ITU-T.

Which of the following tends to be more damaging?

Identity Theft

Which of the following is NOT an OSI layer?

Internet

Which of the following has port numbers in its header?

Both -- UDP and TCP

Port fields are found in ________.

Both -- UDP and TCP headers

In HTTP, the end of a header field is indicated by a ________.

CRLF

Which of the following is a criteria by which biometrics can be judged?

Cost and Susceptibility to deception

________ is the general name for proofs of identity in authentication.

Credentials

What type of attacker are most attackers today?

Criminals

Which type of attack is made by national governments?

Cyberwar attacks

What type of attacker can do the most damage?

National governments.

Which of the following is an architecture?

Neither IP or TCP

Which standards architecture is dominant at the application layer?

Neither OSI or TCP/IP

What is the dominant network standards architecture in most real firms today?

Neither TCP/IP or OSI

Which of the following is a network standards architecture?

TCP/IP

After the side wishing to close a TCP connection sends a FIN segment, it will ________.

only send ACK segments

UDP checks messages for errors but does not correct them. UDP is ________.

unreliable

Viruses most commonly spread from one computer to another ________.

via e-mail

Trojan horses get onto computers by ________.

viruses and hackers

A ________ is a flaw in a program that permits a specific attack or set of attacks against this problem.

vulnerability

Attacking your own firm occurs in ________.

vulnerability testing

Oversight activities include ________.

vulnerability testing

Which of the following sometimes uses direct propagation between computers?

worms

The fact that two processes other than physical layer processes cannot communicate directly requires the use of encapsulation.

True

The header is defined as everything that comes before the data field.

True

To handle internetwork transmission control tasks that IP cannot handle, the IETF created TCP.

True

Viruses propagate within a computer by infecting other programs in that computer.

True

Which of the following attach themselves to other programs?

Viruses

Which of the following layers has the most standards?

Application

Scripts are likely to be dangerous only if a computer has a vulnerability.

True

Scripts may execute software when a webpage is downloaded.

True

Malware programs that masquerade as system files are called ________.

trojan horses

Which layer has more standards?

Application

If someone says that a 1-bit flag is set, this means that it is given the value ________.

1

In two-way dialogues using symmetric key encryption, how many keys are used for encryption and decryption?

1

In binary, 13 is 1101. What is 14?

1110

A 7-bit field can represent ________ alternatives.

128

What is (are) the well-known port number(s) for FTP?

20 and 21

What is (are) the well-known port number(s) for SMTP?

25

In symmetric key encryption, a key must be ________ bits long or longer to be considered strong. (Choose the choice closet to the correct answer)

256

A 5-bit field can represent ________ alternatives.

32

In an IP header, the first bit in the second row is bit ________.

32

How long are IP addresses?

32 bits

Ethernet addresses are ________.

48 bits long

In OSI, the presentation layer is Layer ________.

6

Ethernet addresses are ________.

6 octets long

To represent 65 alternatives, your alternatives field would have to be ________ bits long.

7

With complex passwords, adding a single character increases the number of passwords that must be tried in brute force guessing by a factor of about ________.

70

According to the book, passwords should be at least ________ characters long.

8

What is (are) the well-known port number(s) for HTTP?

80

Which of the following is NOT one of the three general parts of messages?

Address field

Which of the following is not one of the four response phases for when attacks occur?

All of the above are response phases -- Detecting the attack, Stopping the attack, Repairing the damage, Punishing the attacker.

At which layer would you find file transfer protocol standards for downloading files?

Application

At which layer would you find standards for requesting videos from a video sharing site such as YouTube?

Application

How many bytes will it take to transmit "Can you hear me now?" without the quotation marks?

None of the Above

In digital certificate authentication, the verifier gets the key it needs from the ________.

None of the above -- supplicant, verifier, and true party

A host will retransmit a TCP segment if ________.

None of the above -- transmit an ACK segment, a NAC segment, an RSND segment.

If the destination host does not receive a segment, it will ________.

None of the above -- transmit an ACK segment, a NAC segment, an RSND segment.

If the destination host receives a segment that is incorrect, it will ________.

None of the above -- transmit an ACK segment, a NAC segment, an RSND segment.

Novell NetWare servers traditionally used ________ standards.

OSI

Switched WAN transmission is governed by ________ standards.

OSI

Which of the following is a network standards architecture?

OSI

Which of the following is more dominant in its layers of dominance?

OSI

Wireless LAN transmission normally is governed by ________ standards.

OSI

Which of the following is NOT one of the four major security planning principles?

Perimeter defense.

Which layer process does NOT do encapsulation when an application layer process transmits a message?

Physical

Which of the following specifies what should be done?

Policies.

Which phase of the plan-protect-respond cycle takes the largest amount of work?

Protect

Most IETF documents are called ________.

RFCs

IBM mainframes traditionally used ________ internetworking standards.

SNA

Which is less expensive to implement?

SSL/TLS.

Host P transmits a SYN to Host Q. If host Q is willing to open the connection, it will transmit a(n) ________ segment.

SYN/ACK

Which of the following must be followed?

Standards

________ is the dominant firewall filtering method used on main border firewalls today.

Stateful packet inspection

In what order are standards and standards architectures developed?

The standards architecture is developed first.

Which layer(s) of the hybrid TCP/IP—OSI standards architecture normally use(s) TCP/IP standards?

Transport

A firewall drops a packet if it probably is an attack packet.

True

Almost all applications, regardless of what standards architecture they come from, can run over TCP/IP standards at the internet and transport layers.

True

An attack that occurs before a patch is available is called a zero-day attack.

True

Biometrics is the use of body measurements to authenticate you.

True

Fingerprint scanning may be an acceptable access control method for ordinary laptops.

True

Forensic procedures are ways to capture and safeguard data in ways that fit rules of evidence in court proceedings.

True

Headers usually are divided into fields.

True

If the ACK bit is set, the acknowledgement number field MUST have a value.

True

Implementation guidance is less specific than implementation.

True

Increasing an alternatives field length by one bit always doubles the number of alternatives it can represent.

True

Malware is a generic name for evil software.

True

Network standards architectures break the standards functionality needed for communication into layers and define the functions of each layer.

True

Network standards are also called protocols.

True

Oversight helps ensure that a policy is implemented faithfully.

True

Passwords are widely used because they can be used at no additional cost.

True

Rehearsing response during planning makes actual response faster and more effective.

True

SSL/TLS is a cryptographic system standard.

True

A Trojan horse that sorts through files on the victim's computer to look for useable information is called ________.

a data mining software

A program that can capture passwords as you type them is ________.

a keystroke logger

Which of the following can be a type of backdoor?

a new account or a trojan horse

Well-known port numbers are associated with ________.

applications

Authentication should be ________.

appropriate for risks to the resource

The OSI presentation layer is actually used ________.

as a category for data file standards used by multiple applications

When a firewall identifies an attack packet, it ________.

discards the packet and copies information about the packet into a log file

The threat environment includes ________.

attackers and attacks

Requiring someone requesting to use a resource to prove his or her identity is ________.

authentication

Electronic signatures provide message-by-message ________.

authentication and integrity

A way back into a system that an attacker can use to get into the compromised computer later is called a ________. (Choose the most specific answer.)

backdoor

Attack programs that can be remotely controlled by an attacker are ________.

bots

In distributed DoS attacks, the attacker sends messages directly to ________.

bots

Which of the following can be upgraded after it is installed on a victim computer?

bots

Compromises also are called ________.

breaches and incidents

A password cracking attack that tries all combinations of keyboard characters is called a ________.

brute-force attack

The password 7u3ab& can be defeated most quickly by a ________.

brute-force attack

"Octet" is the same as ________.

byte

Credit card number thieves are called ________. (Pick the most precise answer.)

carders

A specific encryption method is called a ________.

cipher

Using encryption, you make it impossible for attackers to read your messages even if they intercept them. This is ________.

confidentiality

Cryptographic systems provide ________.

confidentiality and message integrity

ACLs are used for packets in the ________ state.

connection-opening

In an Ethernet frame, the IP packet is carried in the ________ field.

data

An HTTP response message has a ________.

data field

The ________ contains the content being delivered by a message.

data field

After the internet layer process does encapsulation, it passes the IP packet to the ________ layer process.

data link

OSI is dominant at the ________ layer.

data link

An attacker must break through two firewalls to get to a host. This illustrates the principle called ________. (Select the most specific answer.)

defense in depth

Routers make packet forwarding decisions based on a packet's ________.

destination IP address

A user picks the password tiger. This is likely to be cracked most quickly by a(n) ________.

dictionary attack

Prepare2 can be cracked most quickly by a(n) ________.

dictionary attack in hybrid mode

After a break-in, the first step usually is to ________.

download a hacker toolkit

When a packet that is not part of an ongoing connection and that does not attempt to open a connection arrives at a stateful inspection firewall, the firewall ________. (Read this question carefully)

drops the packet

Which of the following is a propagation vector for some worms?

e-mail and direct propogation

Converting application messages into bits is called ________.

encoding

Ethernet does ________.

error detection

Firewall log files should be read ________.

every day

Methods that hackers use to break into computers are ________.

exploits

Ethernet detects errors but does not correct them. Therefore, Ethernet is reliable.

false

IP detects errors but does not correct them. Therefore, IP is reliable.

false

It is generally illegal to write malware.

false

Routers make forward decisions based on a packet's source IP address.

false

One-bit fields are called ________ fields.

flag

Trojan horses can get onto computers by ________.

hackers

Attackers only need to find a single weakness to break in. Consequently, companies must ________.

have comprehensive security

Vulnerabilities are occasionally found in even the best security products. Consequently, companies must ________. (Select the best answer.)

have defense in depth

An HTTP request message usually has a ________.

header

The password Security7 can be defeated most quickly by a ________.

hybrid mode dictionary attack

Spam can be used to ________.

implement a fraud and cause the reader to go to a website that will download malware to the victim's computer

Policies should drive ________.

implementation and oversight

Policies are separated by implementation to take advantage of ________.

implementer knowledge

Users typically can eliminate a vulnerability in one of their programs by ________.

installing a patch

TCP/IP is dominant at the ________ layer(s).

internet

TCP/IP became dominant in corporations primarily because of ________.

its relatively simple standards

Egress filtering examines packets ________.

leaving to the outside

Stateful firewalls are most attractive because of their ________.

low cost

Iris scanning is attractive because of its ________.

low susceptibility to deception

Computer security incident response teams (CSIRTs) are used in ________.

major incidents

Security is primarily a ________ issue.

management

OSI is dominant at the ________ layer.

neither transport or internet

Mobile code is another name for ________.

neither worm or virus

What does a hacker usually do IMMEDIATELY after downloading a hacker toolkit?

none of the above - Install a Trojan horse, Create a backdoor, and Execute the exploit.

When a packet that is part of an ongoing connection arrives at a stateful inspection firewall, the firewall usually ________.

passes the packet

Pieces of code that are executed after the virus or worm has spread are called ________.

payload

Actions that people are allowed to take on a resource comes under the heading of ________.

permissions

An attack in which an authentic-looking e-mail or website entices a user to enter his or her username, password, or other sensitive information is called ________. (Select the most specific answer.)

phishing

After the data link layer process does encapsulation, it passes the IP packet to the ________ layer process.

physical

OSI is dominant at the ________ layer.

physical

The OSI ________ layer is designed to handle compression and encryption for applications.

presentation

The OSI ________ layer is designed to handle data formatting differences between two computers.

presentation

Hackers identify possible victim computers by sending ________.

probe packets

The digital certificate provides the ________.

public key of the true party

DoS attacks attempt to ________.

reduce the availability of a computer

Balancing threats against protection costs is called ________.

risk analysis

TCP messages are called ________.

segments

The meaning of a message is referred to as the message's ________.

semantics

Standards govern ________.

semantics and syntax

The OSI ________ layer allows application communication to be restarted at the last rollback point.

session

Tricking users into doing something against their interests is ________.

social engineering

Unsolicited commercial e-mail is better known as ________.

spam

The general name for malware on a user's PC that collects sensitive information and sends this information to an attacker is ________.

spyware

In authentication, the ________ is the party trying to prove his or her identity.

supplicant

How a message is organized is its ________.

syntax

In digital certificate authentication, the supplicant does a calculation with ________.

the supplicant's private key

In digital certificate authentication, the verifier uses ________.

the true party's public key

An action that will stop many viruses is ________.

the use of an antivirus program

Passwords are widely used because ________.

they can be used at no additional cost

TCP/IP is dominant at the ________ layer(s).

transport

TCP/IP is dominant at the ________ layer(s).

transport and internet


Ensembles d'études connexes

What are the 4 Components of the Marketing Mix?

View Set

Research Methods: CITI Training questions

View Set

Science Multiple Choice Questions

View Set

今天几月几号?What's The Date Today? (PinYin)

View Set

Fortinet NSE 4 7.0 Lesson 3: Firewall Policies

View Set

DATA SYSTEMS ADMINISTRATION - D330 (All Questions from Chapter 8-10, 12-15, and 17)

View Set