Chapter 5, 6, 7, 8 Review Questions Test 2 Cit270

The address space in an IPv6 header is _____ bits in length.

128

What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)?

A NIPS can take actions quicker to combat an attack.

If a group of users must be separated from other users, which is the most secure network design?

Connect them to different switches and routers

Which of the following Domain Name System (DNS) attacks replaces a fraudulent IP address for a symbolic name?

DNS poisoning

_____ uses lattice-based cryptography and may be more resistant to quantum computing attacks.

NTRUEncrypt

Which of the following is not an advantage of host virtualization?

Only one copy of anti-virus software is needed.

What is data called that is to be encrypted by inputting into an encryption algorithm?

Plaintext

A variation of NAT that is commonly found on home routers is _______.

Port address translation (PAT)

_____ is a hash that uses two different and independent parallel chains of computation, the result of which are then combined at the end of the process.

RIPEMD

Which of the following asymmetric cryptographic algorithms is the most secure?

RSA

Which of the following asymmetric encryption algorithms uses prime numbers?

RSA

Which of the following would not be a valid Internet Control Message Protocol (ICMP) error message?

Router Delay

Which of the following is the most secure protocol for transferring files?

SFTP

Which version of Simple Network Management Protocol (SNMP) is considered the most secure?

SNMPv3

_____ is a protocol for securely accessing a remote computer.

Secure Shell (SSH)

Which of the following is not a basic security protection over information that cryptography can provide?

Stop loss

Each of the following can be used to hide information about the internal network except ___________.

a protocol analyzer

A multipurpose security device is known as a(n) _______.

all-in-one network security appliance

Hashing would not be used in which of the following examples?

encrypting and decrypting e-mail attachments

Which is another name for a packet filter?

firewall

A(n) _____ is not decrypted but is only used for comparison purposes.

hash

Which of the following devices is easiest for an attacker to take advantage of in order to capture and analyze packets?

hub

Which of the following is not where keys can be stored?

in hashes

The areas of a file in which steganography can hide data include all of the following except ______.

in the directory structure of the file system

Public key infrastructure (PKI) ________.

is the management of digital certificates

The Microsoft Windows LAN Manager hash ______.

is weaker than NTLMv2

Each of the following is a type of a network security hardware log except _______.

local host anti-virus log

A virtual LAN (VLAN) allows devices to be grouped _____________.

logically

Each of the following is a technique for securing a router except _______.

make all configuration changes remotely

In a network using IEEE 802.1x, a supplicant _______.

makes a request to the authenticator

A _____ watches for attacks and only sounds an alert when one occurs.

network intrusion detection system (NIDS)

Proving that a user sent an e-mail message is known as ______.

non-repudiation

Symmetric cryptographic algorithms are also called ______.

private key cryptography

The Trusted Platform Module (TPM) _____.

provides cryptographic services in hardware instead of software

A(n) _____ intercepts internal user requests and then processes that request on behalf of the user.

proxy server

A reverse proxy _________________.

routes incoming requests to the correct server

In order to ensure a secure cryptographic connection between a Web browser and a Web server, a(n) _____ digital certificate would be used.

server digital certificate

A _____ firewall allows the administrator to create sets of related parameters that together define one aspect of the device's operation.

settings-based

A firewall using _____ is the most secure type of firewall.

stateless packet filtering

Each of the following is an entry in a firewall log that should be investigated except _______.

successful logins

A digital certificate associates ________.

the user's identity with their public key

The ______ party trust model supports CA.

third

Digital certificates can be used for each of the following except ________.

to verify the authenticity of the Registration Authorizer

A digital signature can provide each of the following benefits except ______.

verify the receiver

A centralized directory of digital certificates is called a(n) ________.

Certificate Repository (CR)

_____ is adding digital voice clients and new voice applications onto the IP network.

IP telephony

Which transport encryption algorithm is integrated as part of IPv6?

IPsec

Which of the following is not an attack against a switch?

ARP address impersonation

If a device is determined to have an out-of-date virus signature file, then Network Access Control (NAC) can redirect that device to a network by _______.

Address Resolution Protocol (ARP) poisoning

Which of the following is the strongest symmetric cryptographic algorithm?

Advanced Encryption Standard

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, the key he uses to encrypt the message is _______.

Alice's public key

Which of the following is not part of the certificate life cycle?

Authorization

Each of the following is a field of an X.509 certificate except ________.

CA expiration code

An entity that issues digital certificates is a(n) ________.

Certificate Authority (CA)

A digital certificate that turns the address bar green is a(n) ________.

Extended Validation SSL Certificate

The TCP/IP architecture uses how many layers?

Four

What is the cryptographic transport protocol that is used most often to secure Web transactions?

HTTPS

Which of the following has an onboard key generator and key storage facility, accelerated symmetric and asymmetric encryption, and can back up sensitive material in encrypted form?

Hardware Security Module (HSM)

_____ encrypts a hash with a shared secret key.

Hashed Message Authentication Code (HMAC)

Each of the following attacks use Internet Control Message Protocol (ICMP) except _______.

ICMP poisoning

Which is the preferred location for a spam filter?

Install the spam filter with the SMTP server.

Which of the following is a protection provided by hashing?

Integrity

Which of the following is not true regarding a demilitarized zone (DMZ)?

It contains servers that are only used by internal network users.

Which of the following is true about subnetting?

It is also called subnet addressing.

Each of the following is true regarding hierarchical trust models except ________.

It is designed for use on a large scale

What does MAC limiting and filtering do?

It limits devices that can connect to a switch

Which of the following is true regarding a flood guard?

It prevents DoS or DDoS attacks.

Why is loop protection necessary?

It prevents a broadcast storm that can cripple a network

Which of the following is true about network address translation (NAT)?

It removes private addresses when the packet leaves the network.

_____ refers to a situation in which keys are managed by a third party, such as a trusted CA.

Key escrow

Which of the following is not a characteristic of cloud computing?

Limited client support

Which of the following is true regarding security for a computer that boots to Apple Mac OS X and then runs a Windows 7 virtual machine?

The Windows 7 virtual machine needs its own security.

Which of the following is not an advantage of a load balancer?

The risk of overloading a desktop client is reduced.

Which of the following is not a security concern of virtualized environments?

Virtual servers are less expensive than their physical counterparts.

Dual sided digital certificates ________.

are used in military and financial settings when it is necessary for the client to authenticate back to the server

Public-Key Cryptography Standards (PKCS) ________.

are widely accepted in the industry

A(n) _____ is a published set of rules that govern the operation of a PKI.

certificate policy (CP)

Each of the following is a characteristic of a secure hash algorithm except _______.

collisions should be rare

Each of the following is an option in a firewall rule except _______.

delay

The strongest technology that would assure Alice that Bob is the sender of a message is a(n) ________.

digital certificate