ITN 263
You are analyzing a risk and have determined that the SLE is $1,000 and the ARO is 5. What is the ALE?
$5,000
When performing a risk assessment, how do you calculate a potential cost/benefit?
(Original ALE - New ALE) - cost of the countermeasure per year
Using the slash notation, what is subnet mask equivalent to 255.255.0.0?
/16
Using the slash notation, what is subnet mask equivalent to 255.255.255.0?
/24
Which of the following is a private IP address in RFC 1918?
10.0.0.0/8
Which of the following IP addresses is not part of RFC 1918?
127.16.0.0
If your PC IP address is 200.200.200.100 and the subnet mask is 255.255.255.0. Which of the following is correct default gateway?
200.200.200.254
What TCP port used for FTP service?
21
Which of the following is the correct subnet mask for class A network?
255.0.0.0
Which of the following is the correct subnet mask for class B network?
255.255.0.0
Which of the following is the correct subnet mask for class C network?
255.255.255.0
Which of the following do you not get with network address translation (NAT)?
A static public IP address for each internal client
Logging the time a user accessed a particular resource is an example of which of the following?
Accounting
Which of the following is not true of a secure VPN?
Addressing and routing performed within the trusted VPN must be defined after the VPN goes online.
Which of the following does not apply to stateful firewalls?
Analyzes both static and real-time data
When performing a risk assessment, what is the amount of potential loss that can be experienced due to any compromise of an asset for a specific threat within a year?
Annualized loss expectancy (ALE)
In what layer in the Internet model is HTTP?
Application layer
The principle of least privilege is often a good guideline as to appropriate ___________ settings.
Authorization
You are filtering MAC addresses on a switch by blocking only specific IP addresses. What do you use to perform this type of filtering?
Black list
What does asymmetric cryptography provide?
Both A and B
What is a type of social engineering technique?
Both A and B; Impersonation & Creating urgency
You can filter which type of traffic on a typical firewall?
Both ingress and egress
What type of attack can result in arbitrary code execution with system-level privileges?
Buffer overflow
Which private address range is 172.16.0.0-172.31.255.255 /12?
Class B
The address range 192.168.0.0-192.168.255.255/16 is an example of which of the following?
Class C
What class of IPs is used for multicast group communication?
Class D
You have a firewall between a programming group's network and the production network. What is the best option to enable on the firewall to prevent unapproved versions of software from leaking out?
Content filtering
What is a feature of hashing?
Creates a fixed-length output from a file or message
Which of the following is not a common hacking tool countermeasure?
Creating an acceptable user policy
A person receives a phishing e-mail, clicks the link in the e-mail (without understanding the risks), and is directed to a malicious Web site. The site downloads and installs a Trojan horse program and keystroke logger on the user's computer without the user's knowledge. What type of attack has occurred?
Cross-site scripting
Which aspect of a VPN prevents others from eavesdropping and observation?
Cryptographic functions
A _________ is a boundary network that hosts resource servers for the public Internet.
DMZ
_______ resloves FQDNs into the associated IP address. [hint 3 letters abbreviation]
DNS
Which layer of the OSI reference model manages physical addressing (MAC addresses) and supports the network topology, such as Ethernet?
Data link
Which of the following is a VPN device model that's best suited for business partners?
Edge router
What is an advantage of VPN tunnel mode
Encapsulates protocol headers and packet payloads
What is a benefit of implementing a VPN?
Establish remote network access
What does an application proxy do?
Examines packet payloads
When performing a risk assessment, what is the amount of potential harm from a threat, expressed as a percentage?
Exposure factor (EF)
What is a network component that filters traffic between nodes?
Firewall
Which of the following attacks must take maximum transmission units (MTUs) into account?
Fragmentation
Which of the following is not a distinguishing characteristic of a WAN compared to a LAN?
Has a limited geographic area
For what reason might you use an optical carrier (OC) line for a VPN rather than the Internet?
High speed
A hacker eavesdrops on a session to learn details, such as the addresses of the session endpoints and the sequencing numbers. With this information, the hacker desynchronizes the client, takes on the client's addresses, and then injects crafted packets into the data stream. Which type of attack is being described?
Hijacking
RFC 791 led to the development of which protocol?
IP
Which of the following is a secure VPN protocol?
IPSec
An attack is composed of four packets: A, B, C, and D. The IDS signature is a packet stream of ABCD. The hacker transmits the attack as AXBCYD, where X and Y are invalid packets. The IDS doesn't recognize the pattern, and the target discards X and Y, enabling the ABCD attack to occur. Which type of attack has been described?
Insertion
SQL injection is considered to be which type of attack?
Insertion
Encryption is primarily concerned with which of the following primary objective(s)?
Integrity and confidentiality
What is a primary benefit of a multi-homed firewall?
Isolation of subnets
Which IT domain includes demilitarized zones (DMZs) and intrusion detection systems (IDS)?
LAN-to-WAN Domain
Which of the following is a problem for static filtering?
Large, unordered rule sets
In which type of attack does the hacker fool clients into initiating sessions with the hacker's computer instead of the target server?
Man in the middle
Which layer of the OSI reference model han
Network
Which of the following enables you to check a client computer for compliance with security policies and either grant or deny its access to the internal network?
Network access control
_______ translates internal addresses into external addresses.
Network address translation (NAT)
In what layer in the Internet model is the Internet Protocol?
Network layer
What can a firewall provide that is a form of static reversal of network translation?
Port forwarding
What can a stateful firewall accomplish by filtering network packets?
Prevent malware infection
Which of the following is not a primary objective of information security?
Privacy
In asymmetric cryptography, what does a digital signature accomplish?
Proves the identity of the sender
Which of the following is generally not a benefit of VPNs?
Quality of service
During which phase of the hacking process does footprinting take place?
Reconnaissance
What is usually the first activity in the hacking process?
Reconnaissance
A hacker captures and retransmits authentication packets against the same server in order to gain interactive or session access to a system. This describes which type of attack?
Replay
During which phase of the hacking process does war dialing, war driving, or ping sweeps take place?
Scanning
Staying offline and only using trusted communication pathways is an example of which of the following?
Security through obscurity
Which of the following has the ultimate and final responsibility for network security in an organization?
Senior management
Which of the following is not a layer in the Internet model?
Session
When selecting a strong symmetric cryptography algorithm, which of the following is not a desirable feature?
Short key length
Which type of VPN architecture supports secure connections between LANs over intermediary public networks?
Site-to-site
A hacker posing as a contract IT consultant tricks an employee into stating his network user name and password. Which type of attack is being described?
Social engineering
Which firewall is able to protect only a single host from malicious network activity?
Software
Using a fingerprint to unlock a workstation is an example of which of the following?
Something you are
Which of the following is a common drawback of VPNs?
Speed
What type of firewall keeps track of state tables to filter network traffic?
Stateful packet inspection
Which of the following is not a common VPN device mode?
Switch
From the perspective of a hacker, what is a primary difference between wired and wireless networks?
The hacker doesn't have to be physically close to a wireless network to launch an attack.
Which of the following is a typical function of a network firewall?
Traffic filtering
Which of the following is effective against traffic generation DoS attacks?
Traffic filtering
In what layer in the Internet model is the TCP?
Transport layer
A ________ is a mechanism of distribution or delivery more than a specific type of malware.
Trojan
Which of the following is generally not protected by a firewall?
USB flash drive
Which IT domain is most vulnerable to social engineering?
User Domain
______ __________ ____________ allows an attacker to eavesdrop on electronic devices from a distance. The technique is ot perfect or simple to perform, but has been demonstrated on LCD and CRT monitorsas well as keyboard cables. With minor shielding, you can eliminate most of the risk from such an attack.
Van Eck phreaking
Which IT domain in a typical IT infrastructure typically includes routers, circuits, switches, firewalls, and equivalent gear at remote locations?
WAN Domain
Uninstalling all unnecessary applications and services on a user system is an example of system hardening. In which IT domain is client system hardening typically applied?
Workstation Domain
Hardening is the process of reducing the _________ of a potential target by removing unnecessary components and adding protections.
attack surface
The lack of ____________ is both a strength and weakness of workgroups.
central authority
An IT environment with a bastion host, an intrustion prevention system, and workstation antivirus and firewall software is an example of _____________.
defense in depth
A ___________ is either a hardware device or a software product you deploy to enforce the access control policy on network communications
firewall
_______________ is the process of securing or locking down a host against threats and attacks.
hardening
A ________ attack occurs when a hacker intervenes in a communication session between a client and a server. The attack usually involves fooling or tricking the client into initiating the session with the hacker's computer instead of with the intended server.
man-in-the-middle
Bus, tree, and mesh are types of __________.
network topologies
Security ________ are goals an organization strives to achieve through its security efforts.
objectives
What does a client/server environment have that a peer-to-peer networking environment typically does not?
server
Any host that uses TCP/IP without encryption is vulnerable to ____________.
session hijacking
From the perspective of computers and networks, _________ is confidence that other users will act in accordance with your organization's security rules.
trust
_____ ________ __________are new and previously unknown attacks for which no current specific defenses exist. [hint 3 words]
zero day exploits
A _________ is any segment, subnet, network, or collection of networks that represent a certain level of risk.
zone of risk