Prior Knowledge Assessment

A packet monkey is an unskilled programmer who spreads viruses to victims. TRUE OR FALSE

FALSE

Reviewing log files is a time-consuming task and therefore should only be done when an attack on the network has occurred.

FALSE

Which security tool works by recognizing signs of a possible attack and sending notification to an administrator? DiD DMZ IDPS VPN

IDPS

What is a VPN typically used for? secure remote access block open ports detection of security threats filter harmful scripts

secure remote access

________ events usually track the operations of the firewall or IDPS, making a log entry whenever it starts or shuts down.

System

What is a program that appears to do something useful but is actually malware? logic bomb back door virus Correct! Trojan

TROJAN

A worm creates files that copy themselves repeatedly and consume disk space. TRUE OR FALSE

TRUE

Physical security protects a system from theft, fire, or environmental disaster. TRUE OR FALSE

TRUE

With discretionary access control, network users can share information with other users, making it more risky than MAC.

TRUE

Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following? Trojan logic bomb packet monkey Correct! botnet

BOTNET

Which of the following is a type of script that automates repetitive tasks in an application such as a word processor but can also be programmed to be a virus? Trojan Correct! macro back door worm

MACRO

______________________ is the capability to prevent a participant in an electronic transaction from denying that it performed an action.

Nonrepudiation

What can an attacker use a port scanner to test for on a target computer? open sockets ping floods SYN flags invalid IP addresses

OPEN SOCKETS

A ______________ is reserved for a program that runs in the background to listen for requests for the service it offers.

PORT

Which type of attack causes the operating system to crash because it is unable to handle arbitrary data sent to a port? ICMP message abuse malicious port scanning SYN flood RPC attacks

RPC attacks

Which term is best described as an attack that relies on the gullibility or trust of people? malicious code script kiddie back door social engineering

SOCIAL ENGINEERING

________________ are spread by several methods, including running executable code, sharing disks or memory sticks, opening e-mail attachments, and viewing infected or malicious Web pages.

Viruses

______________ do not require user intervention to be launched; they are self-propagating.

Worms

Defense in depth can best be described as which of the following? a layered approach to security authentication and encryption antivirus software and firewalls a firewall that protects the network and the servers

a layered approach to security

Which security layer verifies the identity of a user, service, or computer? authentication repudiation physical security authorization

authentication

In which form of authentication does the authenticating device generate a random code and send it to the user who wants to be authenticated? signature challenge/response basic biometrics

challenge/response

Which of the following is NOT information that a packet filter uses to determine whether to block a packet? checksum protocol port IP address

checksum

Which type of attack works by an attacker operating between two computers in a network and impersonating one computer to intercept communications? man-in-the-middle malicious port scanning remote procedure call denial of service

man-in-the-middle

Which of the following is NOT one of the three primary goals of information security? impartiality confidentiality integrity availability

impartiality

What is the name of a storage area where viruses are placed by antivirus software so they cannot replicate or do harm to other files? recycle bin demilitarized zone firewall quarantine

quarantine

Which type of firewall policy calls for a firewall to deny all traffic by default? demilitarized policy perimeter policy permissive policy restrictive policy

restrictive policy

Why might you want your security system to provide nonrepudiation? to prevent an unauthorized user from logging into the system to trace the origin of a worm spread through email Correct! so a user can't deny sending or receiving a communication to prevent a user from capturing packets and viewing sensitive information

so a user can't deny sending or receiving a communication

A hactivist can best be described as which of the following? use DoS attacks on Web sites with which they disagree an unskilled programmer that spreads malicious scripts deface Web sites by leaving messages for their friends to read consider themselves seekers of knowledge

use DoS attacks on Web sites with which they disagree