Network Defense Security Ch. 1
What tool do you use to secure remote access by users who utilize the Internet?
VPN
A ______________ is reserved for a program that runs in the background to listen for requests for the service it offers.
port
An area in random access memory (RAM) reserved for the use of a program that "listens" for requests for the service it provides
port
Which security tool works by recognizing signs of a possible attack and sending notification to an administrator?
IDPS
______________________ is the capability to prevent a participant in an electronic transaction from denying that it performed an action.
Nonrepudiation
An access control method that establishes organizational roles to control access to information
RBAC
Which type of attack causes the operating system to crash because it is unable to handle arbitrary data sent to a port?
RPC attacks
________________ events usually track the operations of the firewall or IDPS, making a log entry whenever it starts or shuts down.
System
______________ do not require user intervention to be launched; they are self-propagating.
Worms
Defense in depth can best be described as which of the following?
a layered approach to security
Which type of firewall policy calls for a firewall to deny all traffic by default?
restrictive policy
Signs of possible attacks that include an IP address, a port number, and the frequency of access attempts; an IDPS uses signatures to detect possible attacks
signatures
Why might you want your security system to provide nonrepudiation?
so a user can't deny sending or receiving a communication
Which term is best described as an attack that relies on the gullibility of people?
social engineering
A network connection consisting of a port number combined with a computer's IP address
socket
What is a VPN typically used for?
secure remote access
What is a program that appears to do something useful but is actually malware?
Trojan
An attack in which many computers are hijacked and used to flood the target with so many false requests that the server cannot process them all, and normal traffic is blocked
DDoS attack
A semitrusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN
DMZ
__________________ are spread by several methods, including running executable code, sharing disks or memory sticks, opening e-mail attachments, and viewing infected or malicious Web pages.
Viruses
The process of recording which computers are accessing a network and what resources are being accessed, and then recording the information in a log file
auditing
Which security layer verifies the identity of a user, service, or computer?
authentication
A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voiceprints
biometrics
Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following?
botnet
In which form of authentication does the authenticating device generate a random code and send it to the user who wants to be authenticated?
challenge/response
Which of the following is NOT information that a packet filter uses to determine whether to block a packet?
checksum
Which of the following is NOT one of the three primary goals of information security?
impartiality
Which of the following is a type of script that automates repetitive tasks in an application such as a word processor but can also be programmed to be a virus?
macro
Which type of attack works by an attacker operating between two computers in a network and impersonating one computer to intercept communications?
man-in-the-middle
With which access control method do system administrators establish what information users can share?
mandatory access control
What can an attacker use a port scanner to test for on a target computer?
open sockets
Hardware or software tools that allow or deny packets based on specified criteria, such as port, IP address, or protocol.
packet filters
What is the name of a storage area where viruses are placed by antivirus software so they cannot replicate or do harm to other files?
quarantine
A hactivist can best be described as which of the following?
use DoS attacks on Web sites with which they disagree
Computer files that copy themselves repeatedly and consume disk space or other resources
worm
