practice final exam
Unresponsiveness
A Trojan is any program that masquerades as a useful program while hiding its malicious intent. The masquerading nature of a Trojan encourages users to download and run the program. _________________ of applications to normal commands is one telltale sign of a Trojan infection.
digital signature
A ___________ binds a message or data to a specific entity. This is not a digitized signature, which is an image of an electronically reproduced signature
port-scanning tool
A ___________ enables an attacker to discover and identify hosts on a network
transposition
A _____________ cipher does not alter the characters in a message. Instead, it rearranges them using a complex pattern and requires that the receiver unscramble them following the reverse pattern.
byte (or bit)
A stream cipher encrypts one _________ at a time, whereas a block cipher encrypts an entire block of data at a time
D
Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key? A. Rivest-Shamir-Adelman (RSA) B. Message digest algorithm (MD5) C. Blowfish D. Diffie-Hellman
databases
An SQL code injection attacks applications that depend on data stored in _____________. SQL statements are inserted into an input field and are executed by the application. SQL injection attacks allow attackers to disclose and modify data, violate data integrity, or even destroy data and manipulate the database server.
A
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered? A. Slow virus B. Retro virus C. Cross-platform virus D. Multipartite virus
C
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database? A. Cross-site scripting (XSS) B. Extensible Markup Language (XML) injection C. Structured Query Language (SQL) injection D. Lightweight Directory Access Protocol (LDAP) injection
A
Bob is sending a message to Alice. He wants to ensure that nobody can read the content of the message while it is in transit. What goal of cryptography is Bob attempting to achieve? A. Confidentiality B. Integrity C. Authentication D. Nonrepudiation
D
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller. A. logic bombs B. honeypots C. ransomware D. botnets
D
Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose? A. Wired Equivalent Privacy (WEP) B. Wi-Fi Protected Access (WPA) C. Wi-Fi Protected Access version 2 (WPA2) D. Wi-Fi Protected Access version 3 (WPA3)
D
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter? A. Virus B. Worm C. Ransomware D. Trojan horse
IP spoofing, packets
One popular technique for DoS attacks is called a SYN flood. In a SYN flood, the attacker uses ____________ to send a large number of __________ requesting connections to the victim computer.
symmetric key
Private key ciphers are also called _______ ciphers.
B
Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity? A. Message authentication B. Digital signature C. Receipt and confirmation D. Nonrepudiation
fileless viruses
Slow viruses, also called ____________, counter the ability of antivirus programs to detect changes in infected files. This class of virus resides in only the computer's memory and not in a file, so antivirus software has a harder time detecting it.
unclassified
The U.S. government currently has no standard for creating cryptographic keys for ___________ applications
insecure
The WEP algorithm is cryptographically ________ and should no longer be used. WPA and its successor WPA2 are both strong, secure wireless encryption protocols. WPA3 is the newest and most secure protocol of the four listed here.
True
True or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource.
False
True or False? A block cipher encrypts one byte (or bit) at a time, whereas a stream cipher encrypts an entire block of data at a time.
False
True or False? A port-scanning tool enables an attacker to escalate privileges on a network server.
False
True or False? A private key cipher is also called an asymmetric key cipher.
True
True or False? An algorithm is a repeatable process that produces the same result when it receives the same input.
True
True or False? Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
False
True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.
True
True or False? Unlike viruses, worms do not require a host program to survive and replicate.
symmetric
Using the Diffie-Hellman algorithm, the sender and receiver use asymmetric encryption to securely exchange symmetric keys. After the initial key exchange, each party can then use _________ encryption to encrypt and decrypt data.
A
What type of system is intentionally exposed to attackers in an attempt to lure them out? A. Honeypot B. Bastion host C. Web server D. Database server
B
Which of the following is a type of denial of service (DoS) attack? A. Logic bomb B. Synchronize (SYN) flood C. Cross-site scripting (XSS) D. Structured Query Language (SQL) injection
B
Which of the following is not true of hash functions? A. Hash functions help detect forgeries by computing a checksum of a message and then combining it with a cryptographic function so that the result is tamperproof. B. The hashes produced by a specific hash function may vary in size. C. A hash is a checksum designed so that no one can forge a message in a way that will result in the same hash as a legitimate message. D. The output from the message digest algorithm (MD5) or the Secure Hash Algorithm (SHA) hash provides input for an asymmetric key algorithm that uses a private key as input.
C
Which type of cipher works by rearranging the characters in a message? A. Substitution B. Steganographic C. Transposition D. Asymmetric
Hashes
________ are usually of a known fixed size based on the algorithm used.
Confidentiality
____________ keeps information secret from unauthorized users. Cryptography makes information unintelligible to anyone who does not know the encryption cipher and the proper key. Only authorized users, or an effective cryptanalysis, can decipher the content of an encrypted message
Honeypots
_____________ are sacrificial hosts and services deployed at the edges of a network to act as bait for potential hacking attacks and to provide a controlled environment for when such attacks occur. Typically, you configure these systems to appear real.
