Final Exam (Chapter 5-8, 12, and 15)
What is the recommended secure setting in Internet Explorer for initializing and scripting ActiveX controls not marked as safe? A. Disable B. Enable C. Forbid D. Prompt
A. Disable
Which of the following templates is used to provide the most security for the domain controllers? A. Hisecdc.inf B. Securedc.inf C. Hisecws.inf D. Sectopdc.inf
A. Hisecdc.inf
Attempting to make your system appear less appealing is referred to as what? A. Intrusion deterrence B. Intrusion deflection C. Anomaly detection D. System deterrence
A. Intrusion deterrence
IDS is an acronym for: A. Intrusion-detection system B. Intrusion-deterrence system C. intrusion-deterrence service D. Intrusion-detection service
A. Intrusion-detection system
Why is the XOR mathematical operation not secure? A. It does not change the letter or word frequency B. The mathematics are flawed C. It does not use a symmetric key system D. The key length is too short
A. It does not change the letter or word frequency
Which of the following is the primary weakness in the caesar cipher? A. It does not disrupt letter frequency B. It does not use complex mathematics C. It does not use a public key system D. There is no significant weakness; the Caesar cipher is adequate for most encryption uses.
A. It does not disrupt letter frequency
Which of the following is an important security feature in CHAP? A. It periodically re-authenticates B. It uses 3DES encryption C. It is immune to IP spoofing D. It uses AES encryption
A. It periodically re-authenticates
Which authentication protocols are available with L2TP that are not available with PPTP? A. MS-CHAP, PAP, and SPAP B. EAP and CHAP C. PAP, EAP, and MS-CHAP D. SPAP and MS-CHAP
A. MS-CHAP, PAP, and SPAP
What account lockout threshold does the NSA recommend? A. 5 tries B. 3 tries C. 4 tires D. 2 tries
B. 3 tries
A series of ICMP packets sent to your ports in sequence might indicate what? A. A DoS attack B. A ping flood C. A packet sniffer D. A port scan
B. A ping flood
What is banishment vigilance?
Blocking all traffic from a suspect IP address (i.e. banishing that address)
What size key does the DES algorithm use? A. 255-bit B. 123-bit C. 56-bit D. 64-bit
C. 56-bit
Who issues certificates? A. The UN encryption authority B. The US Department of Defense C. A private certificate authority D. The ACM
C. A private certificate authority
Which of the following encryption algorithm is a block cipher, and uses the Rijndael algorithm? A. DES B. RSA C. AES D. NSA
C. AES
What OS requires periodic patches? A. Windows B. Linux C. All of these D. Macintosh
C. All of these
Which of the following is the oldest known encryption method? A. PGP B. Multi-alphabet C. Caesar cipher D. Cryptic cipher
C. Caesar cipher
At which layer of the OSI model does PPTP operate? A. Physical B. Network C. Data link D. Transport
C. Data link
What's the max password age that Microsoft recommends? A. 20 days B. 3 months C. 1 year D. 42 days
D. 42 days
What is threshold monitoring?
Monitoring a network or system looking for any activity that exceeds some predefined limit or threshold
What is resource profiling?
Monitoring approach that measures system-wide use of resources and develops a historic usage profile
What is a digital signature?
A cryptographic method of verifying a file or sender. It uses asymmetric cryptography in reverse order. They can verify who sent the message. Some part of the message is encrypted or signed with the user's private key. Any recipient can verify the signature using the sender's public key.
What is a network-based firewall?
A firewall solution that runs on an existing server
What is quantum entanglement?
A phenomena from quantum physics where two subatomic particles are related in such a way that a change to the state of one instantaneously causes a change to the state of the other
What is quantum encryption?
A process that uses quantum physics to encrypt data
What is a service?
A program that runs in the background, often performing some system service
What is a honeypot?
A system or server designed to be very appealing to hackers, when in fact it is a trap to catch them A honeypot is a single machine set up to appear to be an important server All traffic to the machine is suspicious; no legitimate users should connect Honeypots can help track and catch hackers and can be configured to emulate many server services
What is executable profiling?
A type of intrusion detection strategy that seeks to profile the behavior of legitimate executables and compare that against the activity of any running program
What is blowfish?
A well-known symmetric block cipher created by Bruce Schneier
What is Snort?
A widely used, open source, intrusion-detection system
What is a digital signature? A. A piece of encrypted data added to other data to verify the sender B. A scanned-in version of your signature, often in .jpg format C. A signature that is entered via a digital pad or any other device D. A method for verifying the recipient of a document
A. A piece of encrypted data added to other data to verify the sender
Which of the following has 3 different key sizes that it can use? A. AES B. DES C. Triple DES D. IDEA
A. AES
What protocols make up IPSec? A. AH, IKE, ESP, and ISAKMP B. AH, PAP, CHAP, and ISAKMP C. ISAKMP, MS-CHAP, PAP, and AH D. AH, SPAP, CHAP, and ISAKMP
A. AH, IKE, ESP, and ISAKMP
Which type of IDS is the Cisco Sensor? A. Anomaly detection B. Intrusion deflection C. Intrusion deterrence D. Anomaly deterrence
A. Anomaly detection
What does disabling the default admin account and setting up an alternative account accomplish? A. Makes it more difficult for someone to guess the log-on information B. Keeps admin conscious of security C. Allows closer management of admin access D. Makes the password stronger
A. Makes it more difficult for someone to guess the log-on information
Why is encryption an important part of security? A. No matter how secure your network is, the data being transmitted is still vulnerable without encryption B. Encrypted transmissions will help stop denial of service attacks C. A packet that is encrypted will travel faster across networks D. Encrypted transmission are only necessary with VPNs
A. No matter how secure your network is, the data being transmitted is still vulnerable without encryption
What is the difference between voluntary and compulsory tunneling in PPTP? A. Only voluntary tunneling allows the user to choose encryption B. Only compulsory tunneling forces the user to send his password C. Only voluntary tunneling allows a standard PPP/non-VPN connection D. Only compulsory tunneling forces 3DES encryption
A. Only voluntary tunneling allows the user to choose encryption
Which of the following is generally considered the least secure? A. PAP B. SPAP C. MS-CHAP D. X-PAP
A. PAP
What is changing the TCP/Settings in the registry called? A. Stack tweaking B. Stack altering C. Stack compression D. Stack building
A. Stack tweaking
Setting up parameters for acceptable us, such as the number of login attempts, and watching to see if those levels are exceeded is referred to as what? A. Threshold monitoring B. Resource profiling C. System monitoring D. Executable profiling
A. Threshold monitoring
What is the purpose of IKE? A. Key exchange B. Packet encryption C. Header protection D. Authentication
A. key exchange
What is AES?
Advanced Encryption Standard. A modern symmetric cipher that is widely used. Uses Rijndael algorithm and specifies three key sizes: 128, 192, and 256 bits
What is a encrypting file system?
Also known as EFS, this is Microsoft's file system that allows users to encrypt individual file. It was first introduced in Windows 2000
What is intrusion deterrence?
An IDS strategy that attempts to deter intruders by making the system seem formidable perhaps more formidable than it is
What is intrusion deflection?
An IDS strategy that is dependent upon making the system seem less attractive to intruders. It seeks to deflect attention away from the system
What are discretionary access controls?
An admin's option either to control access to a given resource or simply allow unrestricted access
What is the primary vulnerability in SPAP? A. Weak encryption B. Playback attacks C. Clear text passwords D. No hash code
B. Playback attacks
PPTP is an an acronym for which of the following? A. Point-to-Point Transmission Protocol B. Point-to-Point Tunneling Protocol C. Point-to-Point Transmission Procedure D. Point-to-Point Tunneling Procedure
B. Point-to-Point Tunneling Protocol
What type of encryption uses a different key to encrypt the message than it uses to decrypt message? A. Private key B. Public key C. Symmetric D. Secure
B. Public key
If you are using a block cipher to encrypt large amounts of data, which of the following would be the most important consideration when deciding which cipher to use (assuming all of your possible choices are well known and secure)? A. Size of the keys used B. Speed of the algorithm C. Whether or not it has been used by any military group D. Number of keys used
B. Speed of the algorithm
What is the rule for unused services on any computer? A. Turn them off only if they are critical B. Turn them off C. Monitor them carefully D. Configure them for minimal privileges
B. Turn them off
A system that is set up for attracting and monitoring intruders is called what? A. Fly paper B. Trap door C. Honeypot D. Hacker cage
C. Honeypot
Snort is which type of IDS? A. Router-based B. OS-based C. Host-based D. Client-based
C. Host-based
Why might you run Specter in strange mode? A. It may confuse and deter them from your systems B. It will be difficult to determine the system is a honeypot C. It might fascinate hackers and keep them online long enough to catch them D. It will deter novice hackers
C. It might fascinate hackers and keep them online long enough to catch them
Which of the following is a problem with the threshold monitoring approach? A. It is difficult to configure B. It misses many attacks C. It yields many false positives D. It is resource-intensive
C. It yields many false positives
What type of encryption does EFS utilize? A. Single key B. Multi-alphabet C. Public key encryption D. A secret algorithm proprietary to Microsoft
C. Public key encryption
Which of the following is the most common legitimate use for a password cracker? A. There is no legitimate use for a password cracker B. Military intelligence agents using it to break enemy communications C. Testing the encryption of your own network D. Trying the break the communications of criminal organizations in order to gather evidence
C. Testing the encryption of you own network
What is the purpose of a certificate? A. To verify that software is virus-free B. To guarantee that a signature is valid C. To validate the sender of a digital signature or software D. To validate the recipient of a document
C. To validate the sender of a digital signature or software
What binary mathematical operation can be used for a simple encryption method? A. Bit shift B. OR C. XOR D. Bit swap
C. XOR
What's the min password length that the NSA recommends? A. 6 characters B. 8 characters C. 10 characters D. 12 characters
D. 12 characters
Which of the following is a security recommendation for Linux not common to Windows? A. Shut down all services that you are not using (called daemons in Linux) B. Configure the browser securely C. Routinely patch the OS D. Disable all console-equivalent access for regular users
D. Disable all console-equivalent access for regular users
A profiling technique that monitors how applications use resources is called what? A. System monitoring B. Resource profiling C. Application monitoring D. Executable profiling
D. Executable profiling
What is primary advantage of the DES encryption algorithm? A. It is complex B. It is unbreakable C. It uses asymmetric keys D. It is relatively fast
D. It is relatively fast
What level of privileges should all users have? A. Admin B. Guest C. Most privileges possible D. Lest possible
D. Least possible
What is the difference between the transport mode and the tunnel mode in IPSec? A. only transport mode is unencrypted B. Only tunneling mode is unencrypted C. Only tunneling mode does not encrypt the header D. Only transport mode does not encrypt the header
D. Only transport mode does not encrypt the header
PPTP is based on what earlier protocol? A. SLIP B. L2TP C. IPSec D. PPP
D. PPP
Which of the following is NOT one of Snort's modes? A. Sniffer B. Packet logger C. Network intrusion-detection D. Packet filtering
D. Packet filtering
What is the min secure setting in Internet Explorer for Run components not signed with Authenticode? A. Disable B. Enable C. Forbid D. Prompt
D. Prompt
Which of the following is an encryption method developed by 3 mathematicians in the 1970s? A. PGP B. DES C. DSA D. RSA
D. RSA
Which of the following is NOT a profiling strategy used in anomaly detection? A. Threshold monitoring B. Resource profiling C. Executable profiling D. System monitoring
D. System monitoring
What is DES?
Data Encryption Standard. A symmetric cryptography algorithm fist published in 1977, no longer considered secure due to the small key size Uses a symmetric key system. Data is divided and transposed. Data is then sent through a series of steps Further scrambled with a swapping algorithm
What is network intrusion detection?
Detecting any attempted intrusion throughout the network, as opposed to intrusion detection that only works on a single machine or server
What is a null session?
How Windows represents an anonymous user
What is IDEA?
International Data Encryption Algorithm. A block cipher designed as a replacement for DES Uses a subways generated from a 128-bit key Uses the following procedures: 128-bit key split into eight 16 bit keys Digits are shifted 25 bits to left to make a new key and generate the next subkeys Step 2 is repeated until 52 subways are generated
What is IDS?
Intrusion Detection system. A system for detecting attempting intrusion. Related to intrusion prevention systems (IPS) that block suspected attacks
What is ASCII code?
Numeric codes used to represent all standard alphanumeric symbols. There are 255 different ASCII codes
What are group policy objects?
Objects in Microsoft Windows that allow you to assign access rights to entire groups of users or computers
What are account policies?
Policies regarding account settings
What is a security template?
Present security setting that can be applied to a system
What is PGP?
Pretty Good Privacy. A widely used tool that has symmetric and asymmetric algorithms, often used to encrypt e-mail. Uses its own cert format and certs are self-generated, not using a CA.
What is a port scan?
Sequentially pinging ports to see which ones are active
What is encryption?
The act of encrypting a message, usually by altering a message so that is cannot be read without the key and the decryption algorithm
What is the Rijndael algorithm?
The algorithm used by AES
What is a mono-alphabet cipher?
An encryption cipher using only one substitution alphabet
What is a public key system?
An encryption method where the key used to encrypt messages is made public and anyone can use it. A separate, private key is required to decrypt the message
What is a false positive?
An erroneous flagging of legitimate activity as an attempted intrusion by an intrusion detection device
What is anomaly detection?
An intrusion-detection strategy that depends on detecting anomalous activities
Which of the following most accurately describes the registry? A. A relational database containing system settings B. A database containing system settings C. A database where software is registered D. A relational database where software is registered
B. A database containing system settings
What advantage does AH have over SPAP? A. AH a uses stronger encryption B. AH is a stronger authentication C. AH is not susceptible to replay attacks D. None; SPAP is more secure
B. AH is a stronger authentication
What is another term for preemptive blocking? A. Intrusion deflection B. Banishment vigilance C. User deflection D. Intruder blocking
B. Banishment vigilance
Which encryption algorithm uses a variable-length symmetric key? A. RSA B. Blowfish C. DES D. PGP
B. Blowfish
Which of the following is a symmetric key system using blocks? A. RSA B. DES C. PGP D. Diffie-Hellman
B. DES
Which authentication protocols are available under PPTP? A. MS-CHAP, PAP, and SPAP B. EAP and CHAP C. PAP, EAP, and MS-CHAP D. SPAP and MS-CHAP
B. EAP and CHAP
What protects the actual packet data in IPSec? A. AH B. ESP C. SPAP D. CHAP
B. ESP
What does L2TP use for encryption? A. MPPE B. IPSec C. 3DES D. AES
B. IPSec
Attempting to attract intruders to a system set up to monitor them is called what? A. Intrusion deterrence B. Intrusion deflection C. Intrusion banishment D. Intrusion routing
B. Intrusion deflection
What does L2TP stand for? A. Level 2 Transfer Protocol B. Layer 2 Tunneling Protocol C. Level 2 Tunneling Protocol D. Layer 2 Transfer Protocol
B. Layer 2 Tunneling Protocol
An improvement on the Caesar cipher that uses more than one shift is called what? A. DES encryption B. Multi-alphabet substitution C. IDEA D. Triple DES
B. Multi-alphabet substitution
Which of the following is a weakness in PPTP? A. Clear text passwords B. No encryption C. Used only with IP networks D. Not supported on most platforms
B. No encryption