Ch 4: Network Security

A) that passwords be easy to remember B) that passwords be long phrases instead of being about 8-12 characters long C) both A and B D) neither A nor B

C) both A and B

Employees often attack ________. A) for revenge B) for money C) both A and B D) neither A nor B

C) both A and B

In terms of security thinking, "insiders" include ________. A) employees B) many contractors working for the company C) both A and B D) neither A nor B

C) both A and B

The messages of VPNs ________. A) share the same transmission lines used by other VPNs B) are encrypted C) both A and B D) neither A nor B

C) both A and B

Viruses and worms propagate through ________. A) social engineering B) exploiting vulnerabilities C) both A and B D) neither A nor B

C) both A and B

When a firewall identifies an attack packet, it ________. A) discards the packet B) copies information about the packet into a log file C) both A and B D) neither A nor B

C) both A and B

Which form of authentication depends on the supplicant proving that she knows something only the true party should know? A) reusable password authentication B) iris scanning C) both A and B D) neither A nor B

C) both A and B

Who mounts APTs today? A) national governments B) cybercriminals C) both A and B D) neither A nor B

C) both A and B

________ is the general name for malware on a user's PC that collects sensitive information and sends this information to an attacker.

Spyware

Malware programs that masquerade as system files are called ________.

Trojan horses

Biometrics, and other new authentication methods, are being created with the goal of getting rid of reusable passwords.

True

SSL/TLS is used for ________.

Web applications

A spear phishing attack is usually aimed at ________.

an individual

Authentication should generally be ________.

appropriate for a specific resource

Electronic signatures provide message-by-message ________.

authentication

In antivirus filtering, the best ways to filter currently use ________.

behavioral detection

Using bodily measurements for authentication is ________.

biometrics

In a DDoS attack, a ________ sends messages directly to the victim.

bot

Attack programs that can be remotely controlled by an attacker are ________.

bots

NGFWs ________.

can implement different rules for different applications

The Target attackers sold stolen card information to ________.

card shops

What type of attacker are most attackers today?

career criminals

In digital certificate authentication, the verifier gets the key it needs directly from the ________.

certificate authority

In SPI firewalls, ACLs are used for packets in the ________ state.

connection-opening

Which of the following can spread very rapidly?

directly-propagating viruses

The Target attackers probably first broke into Target using the credentials of a(n) ________.

employee in a firm outside Target

In which type of attack does the attacker gather extensive sensitive personal information about its victim?

identity theft

Which is more harmful to the victim?

identity theft

A firewall will drop a packet if it ________.

is a definite attack packet

Facial recognition is controversial because ________.

it can be used surreptitiously

Fingerprint recognition is generally acceptable for ________.

laptops

Digital certificate authentication fails if the supplicant ________.

learns the true party's private key

Compared to NGFWs, IDSs ________.

look for different threats

The general term for evil software is ________.

malware

Secured packets typically receive ________. A) confidentiality B) authentication C) message integrity D) all of the above

D) all of the above

Trojan horses can spread by ________. A) e-mailing themselves to victim computers B) directly propagating to victim computers C) both A and B D) neither A nor B

D) neither A nor B

If a packet is highly suspicious but not a provable attack packet, an ________ may drop it. A) SPI firewall B) IDS C) NGFW D) none of the above

D) none of the above

In distributed DoS attacks, the attacker sends messages directly to ________. A) bots B) the intended victim of the DoS attack C) a DOS server D) none of the above

D) none of the above

The digital certificate provides the ________. A) private key of the supplicant B) private key of the true party C) public key of the supplicant D) none of the above

D) none of the above

How did the Target attackers obtain the stolen information? A) Directly from the POS terminals B) From the vendor service server C) From the POS software download server D) none of the above.

D) none of the above.

Which of the following is the most frustrating to use?

IDSs

Who are the most dangerous types of employees?

IT security employees

________ is the most frequent type of company attack.

Malware

Cyberwar attacks are made by ________.

national governments

In general, what type of attackers do the most damage?

national governments

How will a stateful packet inspection (SPI) firewall handle a packet containing a TCP segment that contains an acknowledgement?

pass it if it is part of an approved connection

Which of the following probably suffered the most financial damage from the Target breach?

retailers

In ________ thinking, the opponent is primarily an intelligent attacker.

security

Traditionally, we have told users that passwords ________.

should have a mix of characters (uppercase and lowercase letters, digits, other keyboard characters)

For sensitive assets, reusable passwords ________.

should not be used

What kind of attack is most likely to succeed against a system with no technological vulnerabilities?

social engineering

For reusable passwords, NIST now recommends ________.

that passwords be easy to remember

A specific encryption method is called a ________.

cipher

Users typically can eliminate a vulnerability in one of their programs by ________.

installing a patch

DoS attacks attempt to ________.

reduce the availability of a computer

In authentication, the ________ is the party trying to prove his or her identity.

supplicant

You accidentally discover that you can get into other e-mail accounts after you have logged in under your account and only spend a few minutes looking at another user's mail. Is that hacking?

yes

Vulnerability-based attacks that occur before a patch is available are called ________ attacks.

zero-day

Requiring someone prove his or her identity is ________.

authentication

Hacking is defined as using a computer resource without authorization or in excess of authorization.

False

NIST guidelines for reusable passwords permit ________.

entirely lower-case passwords

Firewall log files should be read ________.

every day

Which type of firewall filtering collects streams of packets to analyze them as a group?

NGFW

________ is the dominant firewall filtering method used on main border firewalls today.

Stateful packet inspection

Using SSL/TLS for Web applications is attractive because SSL/TLS ________.

is essentially free to use

You are concerned with the security of a site you use and run a vulnerability test against it. The test reveals a security threat. Is this hacking?

yes

________ look at ________, while ________ mostly look at ________.

Antivirus programs; files; firewalls; packets

Which of the following can be upgraded after it is installed on a victim computer (choose the most specific answer)?

bots

Using encryption, you make it impossible for attackers to read your messages even if they intercept them. This is ________.

confidentiality

Antivirus programs are designed to detect ________. A) viruses B) worms C) both A and B D) neither A nor B

C) both A and B

Which of the following meets the definition of hacking? A) to intentionally use a computer resource without authorization B) to intentionally use a computer on which you have an account but use it for unauthorized purposes C) both A and B D) neither A nor B

C) both A and B

The supplicant is ________. A) the true party B) an impostor C) either A or B D) neither A nor B

C) either A or B

Which type of firewall is more expensive per packet handled?

NGFW

For consumers who suffered credit card fraud because of the Target breach and acted quickly, which of the following is true?

The credit card companies did not charge them for fraudulent purchasers.

In general, what should an employer do whenever an employee leaves the firm?

Their accounts should be disabled instantly

Why are employees especially dangerous?

They are trusted.

In authentication, ________ are the general name for proofs of identity.

credentials

Which of the following were able to recoup most of the money they lost from Target?

credit card companies

In an SPI firewall, all rules except the last will permit the connection. The last will ________.

deny the connection

When a packet that is not part of an ongoing connection and that does not attempt to open a connection arrives at a stateful inspection firewall, the firewall ________.

drops the packet

Advanced persistent threats are ________.

extremely dangerous for the victim

SPI firewalls are attractive because of their ________.

low cost

Stateful packet inspection firewalls are attractive because of their ________.

low cost for a given traffic volume

Electronic signatures also provide ________ in addition to authentication.

message integrity

You click on a link expecting to go to a legitimate website but are directed to a website that contains information you are not authorized to see. You exit without looking around. is that hacking?

no

When a packet that is part of an ongoing connection arrives at a stateful inspection firewall, the firewall usually ________.

passes the packet

SPI firewalls are being replaced in large part because they are limited in their ability to detect ________.

port spoofing

Iris scanning is attractive because of its ________.

precision

In a ________ attack, the attacker encrypts some or all of the victim's hard drive.

ransom

In most encryption, keys must be at least ________ long to be considered safe.

128 bits

________ is a program that can capture passwords as you enter them.

A keystroke logger

________ is a flaw in a program that permits a specific attack or set of attacks.

A vulnerability

________ is the general name for a security flaw in a program.

A vulnerability

Which of the following sometimes uses direct propagation between computers?

worms

________ are full programs.

worms

If you see a username and password on a Post-It note that anyone can see on a monitor, is it hacking if you use this information to log in?

yes

In encryption, what must be kept secret?

the key

In digital certificate authentication, the supplicant encrypts the challenge message with ________.

the supplicant's private key

The supplicant claims to be ________.

the true party

In digital certificate authentication, the verifier decrypts the challenge message with ________.

the true party's public key

A debit card is secure because it requires two credentials for authentication-the card itself and a PIN. This is called ________.

two-factor authentication

Which of the following attach themselves to other programs?

viruses

Pieces of code that are executed after the virus or worm has spread are called ________.

payloads

________ attacks typically extend over a period of months.

APT

Which type of firewall filtering looks at application-layer content?

NGFW