IST 220 FINAL (EXAM 4)
What is the strongest security protocol for 802.11 today? 802.11s WPA 802.11X 802.11i
802.11i
Which type of firewall filtering looks at application-layer content? NGFW Stateful Packet Inspection Both Neither
NGFW
Which type of firewall is more expensive per packet handled?
NGFW
Iris scanning is attractive because of its ________. Precision Low cost Both Neither
Precision
Which phase of the plan-protect-respond cycle takes the largest amount of work?
Protect
Which is less expensive to implement? SSL/TLS IPsec Both cost about the same
SSL/TLS
Traditionally, we have told users that passwords ________. Should be easy to remember Should have a mix of characters (uppercase and lowercase letters, digits, other keyboard characters) Both Neither
Should have a mix of characters (uppercase and lowercase letters, digits, other keyboard characters)
For sensitive assets, reusable passwords ________. Should not be used Should be especially long Should contain a truly complex mixture of characters Should be difficult to remember
Should not be used
Which of the following secures communication between the wireless computer and the server it wishes to use against evil twin attacks? VPNs 802.1X mode VLANs None of the above
VPNs
Which of the following attach themselves to other programs? Viruses Worms Both Neither
Viruses
The Wi-Fi Alliance calls 802.11i ________.
WPA2
Using encryption, you make it impossible for attackers to read your messages even if they intercept them. This is ________.
confidentiality
In SPI firewalls, ACLs are used for packets in the ________ state.
connection-opening state
802.11i 802.1X initial authentication mode was created for ________.
corporations with multiple access points
In authentication, ________ are the general name for proofs of identity.
credentials
________ attackers are often well-funded.
cybercriminal
In transport mode, ESP fields surround an IPv4 packet's ________.
data field
A spear phishing attack is usually aimed at ________.
an individual
A specific encryption method is called a ________.
cipher
In most encryption, keys must be at least ________ long to be considered safe.
128 bits
In 802.11i PSK mode, the pass phrase should be at least ________ characters long.
20
________ is a program that can capture passwords as you enter them. A keystroke logger Data mining software Both Neither
A keystroke logger
________ is the general name for a security flaw in a program.
A vulnerability
________ attacks typically extend over a period of months.
APT
In public key encryption, if Bob wants to send Alice a secure message, Bob would use
Alice's public key
Authentication should generally be ________. Different for every resource As strong as possible The same for all resources Appropriate for a specific resource
Appropriate for a specific resource
A type of encryption that requires seperate keys for encryption and decryption
Asymmetric Key Encryption
In antivirus filtering, the best ways to filter currently use ________.
Behavioral detection
For reusable passwords, NIST now recommends ________. That passwords be easy to remember That passwords be long phrases instead of being about 8-12 characters long Both Neither
Both
Which of the following is a risk in 802.11i PSK mode? Unauthorized sharing of the pre-shared key. A weak passphrase may be selected. Both Neither
Both
Which of the following meets the definition of hacking? To intentionally use a computer resource without authorization To intentionally use a computer on which you have an account but use it for unauthorized purposes Both Neither
Both, To intentionally use a computer resource without authorization and to intentionally use a computer on which you have an account but use it for unauthorized purposes
IPsec is used for ________ VPNs. Site-to-site Remote-access Both Neither
Both, remote-access and site-to-site
Antivirus programs are designed to detect ________. Worms Viruses Both Neither
Both, viruses and worms
Major incidents are handled by the __________ .
CSIRT
Which of the following is more widely used? ESP AH Both are used equally
ESP
Which of the following is the most frustrating to use? Opaque filtering SPI Firewalls IDSs NGFW firewalls
IDSs
The first stage of IPsec uses the ________ protocol.
IKE
Which has stronger security? SSL/TLS IPsec Both have equal security
IPsec
Who are the most dangerous types of employees?
IT security employees
Facial recognition is controversial because ________. It can be used surreptitiously It can be fooled very easily Both Neither
It can be used surreptitiously
Communication after authentication is protected most strongly if the ________ initial authentication is used. 802.1X PSK WPA It does not matter which initial authentication mode is used
It does not matter which initial authentication mode is used
Stateful packet inspection firewalls are attractive because of their ________. Ability to base rules on specific application programs Low cost for a given traffic volume Both Neither
Low cost for a given traffic volume
The general term for evil software is ________.
Malware
Which type of firewall filtering collects streams of packets to analyze them as a group? NGFW SPI Both Neither
NGFW
If a drive-by hacker succeeds in connecting to an internal access point, the network traffic is ________. Still protected by encryption Still protected by a firewall Both Neither
Neither
If a packet is highly suspicious but not a provable attack packet, an ________ may drop it. NGFW SPI Firewall IDS None of the above
None of the above
In 802.11i ________, hosts must know a shared initial key. PSK initial authentication mode 802.1X initial authentication mode Both Neither
PSK initial authentication mode
________ is the dominant firewall filtering method used on main border firewalls today.
Stateful packet inspection
Which protects more of the original IP packet? tunnel mode transport mode both provide the same protection
Tunnel mode
When a user attempts to plug into an Ethernet switch protected by 802.1X, ________. The user will be required to authenticate himself or herself The switch port will freeze The switch will freeze None of the above
The user will be required to authenticate himself or herself
SSL/TLS is used for ________.
Web applications
In 802.1x initial authentication mode, the authenticator is the ________. Wireless access point Wireless client Authentication server None of the above
Wireless access point
Which of the following sometimes uses direct propagation between computers? Trojan Horses Viruses Downloaders Worms
Worms
An evil twin access point is usually ________.
a laptop computer
ARP cache poisoning is ________.
a man-in-the-middle attack
A central firewall management program that pushes changes to firewalls is __________. (Select the most specific answer.)
a single point of takeover
In 802.11i, protection is provided between the client and the ________.
access point
Secured packets typically receive ________. Message integrity Confidentiality Authentication All of the above
all of the above
IPsec protects ________ layer content. application data link both neither
application
SAs in two directions ________. are always the same are always different are sometimes different
are sometimes different
Electronic signatures provide message-by-message ________. authentication confidentiality both neither
authentication
A user is allowed to edit files in a particular directory. This is an example of __________. (Select the most specific answer.)
authorizations
Using bodily measurements for authentication is ________.
biometrics
In a DDoS attack, a ________ sends messages directly to the victim.
bot
What type of attacker are most attackers today?
career criminals
In digital certificate authentication, the verifier gets the key it needs directly from the ________.
certificate authority
In an SPI firewall, all rules except the last will permit the connection. The last will ________.
deny the connection
After two wireless clients authenticate themselves via PSK to an access point, they will use ________ to communicate with the access point.
different pairwise session keys
When a packet that is not part of an ongoing connection and that does not attempt to open a connection arrives at a stateful inspection firewall, the firewall ________.
drops the packet
In tunnel mode, ESP fields surround an IPv4 packet's ________.
entire length
Attackers only need to find a single weakness to break in. Consequently, companies must __________.
have comprehensive security
Vulnerabilities are occasionally found in even the best security products. Consequently, companies must __________.
have defense in depth
In which type of attack does the attacker gather extensive sensitive personal information about its victim?
identity theft
Policies are separated by implementation to take advantage of __________.
implementer knowledge
Users typically can eliminate a vulnerability in one of their programs by ________.
installing a patch
A firewall will drop a packet if it ________.
is a definite attack packet
In encryption, what must be kept secret?
key
If someone has been properly authenticated, they should receive _______ permissions.
minimum
When a packet that is part of an ongoing connection arrives at a stateful inspection firewall, the firewall usually ________.
passes the packet
Pieces of code that are executed after the virus or worm has spread are called ________.
payloads
SPI firewalls are being replaced in large part because they are limited in their ability to detect ________.
port spoofing
In a ________ attack, the attacker encrypts some or all of the victim's hard drive.
ransom
DoS attacks attempt to ________.
reduce the availability of a computer
802.11i PSK initial authentication mode was created for ________.
residences with a single access point
Balancing threats against protection costs is called .
risk analysis
A ________ is an unauthorized internal access point.
rogue
It is most desirable to do access control based on __________.
roles
In IPsec, agreements about how security will be done are called ________. security associations security contracts tranches service-level agreements
security associations
What kind of attack is most likely to succeed against a system with no technological vulnerabilities?
social engineering
Compliance with __________ is mandatory.
standards
In authentication, the ________ is the party trying to prove his or her identity.
supplicant
In digital certificate authentication, the supplicant encrypts the challenge message with ________.
the supplicant's private key
The supplicant claims to be ________.
the true party
In digital certificate authentication, the verifier decrypts the challenge message with ________. the true party's private key the true party's public key the supplicant's private key the supplicant's public key
the true party's public key
Malware programs that masquerade as system files are called ________.
trojan horses
If a company uses 802.11i for its core security protocol, an evil twin access point will set up ________ 802.11i connection(s). one two four none of the above
two
A debit card is secure because it requires two credentials for authentication-the card itself and a PIN. This is called ________.
two-factor authentication
Attacking your own firm occurs in __________.
vulnerability testing
A policy specifies .
what should be done
Vulnerability-based attacks that occur before a patch is available are called ________ attacks.
zero-day
