382Lab2ndTerm
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?
25
What is the maximum value for any octet in an IPv4 IP address?
255
Which of the following is true regarding comments in the Certificate Creation Wizard?
A comment will be visible to the receiver.
To complete the creation of a key, what do you need to enter in the pinentry dialog box?
A passphrase, or password
Keys are also referred to as:
Certificates
__________ consists of unwanted programs like Trojans and viruses.
Malware
Cryptography takes human readable information and makes it unreadable "cipher text" which can only be read if:
one possesses the correct key.
When malware slows performance, which of the following tenets of information system security is impacted?
Availability
When malware grants unauthorized access to the compromised machine and network, which of the following tenets of information system security is impacted?
Confidentiality
Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input?
Cross-site scripting (XSS)
What protocol is responsible for assigning IP addresses to hosts on most networks?
DHCP
The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.
False
What type of network connects systems over the largest geographic area?
WAN
What is NOT a service commonly offered by unified threat management (UTM) devices?
Wireless Network Access
No security program is complete without:
host-based security measures.
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?
Hub
How can you ensure the confidentiality, integrity, and availability (CIA) of the web application and service?
Penetration testing
Which of the following should be performed on a regular schedule and whenever the web application and service is modified?
Penetration testing
Which of the following statements is true regarding SQL Injection attacks?
Their likelihood can be reduced through regular testing.
Which of the following statements is true regarding cross-site scripting (XSS) attacks?
They are one of the most common web attacks.
If you and another person want to encrypt messages, what should you provide that person with?
Your public key
What do others need to decrypt files that you have encrypted with your private key?
Your public key
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?
captive portal
In a __________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen.
non-persistent cross-site scripting
No production web application, whether it resides inside or outside of the firewall, should be implemented without:
penetration testing and security hardening.
Users often complain that __________ make their systems "slow" and hard to use.
security measures
A __________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door," allowing additional hack tools and access to the system.
Trojan
The OSI Reference Model is a theoretical model of networking with interchangeable layers.
True
The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.
True
When the key is successfully created, which of the following options lets you store your certificate on a public Internet server?
Upload Certificate To Directory Service
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
VLAN virtual lan
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?
VPN Concentrator
A standard __________ is a program that will spread from one computer to another in any variety of means, taking advantage of application or OS vulnerabilities to propagate further and will generally try to stay undetected.
Virus
What wireless security technology contains significant flaws and should never be used?
WEP
Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?
WiFi
Each time a key pair is created, Kleopatra generates:
a unique 40-character fingerprint.
Which of the following is a tool left intentionally vulnerable to aid security professionals in learning about web security?
Damn Vulnerable Web Application
Database developers and administrators are responsible for:
Database developers and administrators are responsible for:
A packet-filtering firewall remembers information about the status of a network communication.
False
IP addresses are eight-byte addresses that uniquely identify every device on the network.
False
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?
Fibre Channel over Ethernet (FCoE)
When is the company under additional compliance laws and standards to ensure the confidentiality of customer data?
If e-commerce or privacy data is entered into the web application
When malware is able to steal and modify data, which of the following tenets of information system security is impacted?
Integrity
Which of the following helps secure the perimeter of a network?
Intrusion prevention systems
Which of the following statements is true regarding the hybrid approach to encryption?
It provides the same full C-I-A protection as asymmetrical encryption with nearly the same speed as symmetrical encryption.
What is the certificate management component of GPG4Win?
Kleopatra
When the key is successfully created, which of the following options sends a copy of your private key to your computer?
Make a Backup Of Your Key Pair
Signs of __________ include degraded system performance, unusual services and network traffic, altered or removed system logs, missing or inactive anti-virus, and any number of application anomalies.
Malware
If someone sends you his public key and you import it into Kleopatra, will he be able to decrypt the encrypted messages you send him?
No because you must provide your public key to any user wanting to decrypt any message encrypted by you.
Which type of attack is triggered by the victim?
Persistent cross-site scripting attack
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?
Presentation
Which of the following allows valid SQL commands to run within a web form?
SQL Injection
When the key is successfully created, which of the following options creates a new e-mail and automatically attaches your public key certificate?
Send Certificate By EMail
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?
Switch
Which of the following statements is true regarding asymmetrical encryption?
The receiver obtains the needed key from the sender or through a trusted third party, such as a certificate server.
Which of the following statements is true regarding symmetric cryptography?
The sender and receiver use the same key to encrypt and decrypt a given message.
Hackers use __________ to execute arbitrary scripts through the web browser.
cross-site scripting (XSS)
The main principle of __________ is to build layers of redundant and complementary security tools, policies, controls, and practices around the organization's information and assets.
defense in depth
The primary assumption of __________ is that no one single tool or practice will completely deter a resolved attacker.
defense in depth
Unless stringent security is mandated by policy, the security practitioner must always balance security with:
functionality and user adoption.
Some of the more important __________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management.
host-based security measures.
Web application firewalls, security information and event management systems, access controls, network security monitoring, and change controls help to keep the "soft center" from becoming an easy target when the __________ fails.
perimeter
In a __________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server.
persistent cross-site scripting
What firewall approach is shown in the figure?
screened subnet
Web application developers and software developers are responsible for:
the secure coding and testing of their application.
