Review Questions 1, CNT4403 Midterm
To determine best path, routers use metrics such as the value of the first octet of the destination IP address. (True or False)
False
Which of the following is an element of the TCP header that can indicate that a connection has been established?
Flags
What is the packet called where a Web browser sends a request to the Web server for Web page data?
HTTP GET
Which security tool works by recognizing signs of a possible attack and sending notification to an administrator?
IDPS
Which of the following is an accurate set of characteristics you would find in an attack signature?
IP address, TCP flags, port numbers
What feature does RIPng support that is not supported by RIP?
IPv6
Name four goals of network security.
NONREPUDIATION, CONFIDENTIALITY, INTEGRITY, AVAILABILITY
In which OSI model layer will you find the OSPF protocol?
Network
______________________ is the capability to prevent a participant in an electronic transaction from denying that it performed an action.
Nonrepudiation
Which TCP flag can be the default response to a probe on a closed port?
RST
Which of the following is the first packet sent in the TCP three-way handshake?
SYN
________________ events usually track the operations of the firewall or IDPS, making a log entry whenever it starts or shuts down.
System
Which field in the IP header is an 8-bit value that identifies the maximum amount of time the packet can remain in the network before it is dropped?
TTL
Packet fragmentation is not normal, and can only occur if an attack has been initiated. (True or False)
True
Physical security protects a system from theft, fire, or environmental disaster. (True or False)
True
Some methods of attacking a Cisco router do not require knowledge of the IOS version, so software patching is recommended.
True
The IP address 172.20.1.5 is a private IP address. (True or False)
True
The TCP protocol uses a three-way handshake to create a connection. (True or False)
True
What Cisco router command encrypts all passwords on the router?
service password-encryption
Why might you want your security system to provide nonrepudiation?
so a user can't deny sending or receiving a communication
Which term is best described as an attack that relies on the gullibility of people?
social engineering
Which of the following is the description of a land attack?
source and destination IP address/port are the same
How are the two parts of an IP address determined?
subnet mask
Under which attack category does a UNIX Sendmail exploitation fall?
suspicious data payload
What should you set up if you want to store router system log files on a server?
syslog server
The Transport layer of the OSI model includes the RIP protocol. (True or False)
False
Which of the following addresses is a Class B IP address?
189.77.101.6
If you are subnetting a class B network, what subnet mask will yield 64 subnets?
255.255.252.0
Which of the following is considered a flooded broadcast IP address?
255.255.255.255
Most network threats originate from which of the following? a. inside the company b. script kiddies c. back doors d. industrial spies
A. INSIDE THE COMPANY
Packet filters can block or allow transmission of packets based on which of the following criteria? (Choose all that apply.) a. port number b. open ports c. time of access attempts d. IP address
A. PORT NUMBER D. IP ADDRESS
In an IDPS, specific indications of a possible attack are called . a. signatures b. signals c. true positives d. alerts
A. SIGNATURES
Servers with outside access to the public should be located on _____. (Choose all that apply.) a. their own subnet b. a DMZ c. an internal LAN d. a network perimeter
A. THEIR OWN SUBNET B. A DMZ D. A NETWORK PERIMETER
Which of the following malware is designed to replicate itself? (Choose all that apply.) a. worm b. virus c. Trojan horse d. SYN flood
A. WORM B. VIRUS
The Stuxnet worm was designed to _____. a. shut down Internet DNS servers b. disrupt computer-controlled industrial operations c. steal financial information d. be used by script kiddies
B. DISRUPT COMPUTER-CONTROLLED INDUSTRIAL OPERATIONS
Firewall enforcement of policies is handled primarily through setting up packet-filtering rules, a set of which is contained in the _____. a. routing table b. rule base c. access control list d. packet filter
B. RULE BASE
An IP address combined with a TCP/IP port number is called which of the following? a. network address b. socket c. script d. port ID
B. SOCKET
The capability to prevent one participant in an electronic transaction from denying that it performed an action is called _____. a. plausible deniability b. integrity c. nonrepudiation d. undeniability
C. NONREPUDIATION
An uninterruptible power supply is a component of ______ security. a. virtual b. auditing c. physical d. password
C. PHYSICAL
What are some of the reasons for network attacks? a. industrial espionage b. revenge c. financial gain d. all of the above
D. ALL OF THE ABOVE
In a restrictive firewall policy, what is the starting point for developing a rule base? a. allow all traffic b. block all traffic except specified types c. allow all traffic except specified types d. block all traffic
D. BLOCK ALL TRAFFIC
An attacker who causes harm to systems in support of some principle is categorized as which of the following? a. cracker b. hacker c. industrial spy d. cyberterrorist
D. CYBERTERRORIST
Which protocol is responsible for automatic assignment of IP addresses?
DHCP
____________ routes are manually configured routes that direct all packets not specifically configured in the routing table.
Default
A packet-filtering device evaluates data in the payload and compares it with a predefined set of rules. True or False?
FALSE
What is the typical packet sequence for closing a TCP session?
FIN, ACK, FIN ACK, ACK
A rollover cable is wired similarly to an Ethernet cable except that pins 7 and 8 are crossed. (True or False)
False
All devices interpret attack signatures uniformly. (True or False)
False
Current Microsoft OSs include IPv6, but to use it, you must enable it first. (True or False)
False
Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult. (True or False)
False
Reviewing log files is a time-consuming task and therefore should only be done when an attack on the network has occurred. (True or False)
False
__________________ are spread by several methods, including running executable code, sharing disks or memory sticks, opening e-mail attachments, and viewing infected or malicious Web pages.
Viruses
______________ do not require user intervention to be launched; they are self-propagating.
Worms
Which type of scan has the FIN, PSH, and URG flags set?
Xmas scan
Defense in depth can best be described as which of the following?
a layered approach to security
Which of the following is NOT among the items of information that a CVE reference reports?
attack signature
Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following?
botnet
What should you do when configuring DNS servers that are connected to the Internet in order to improve security?
disable zone transfers
Which of the following types of password prevents a user from accessing privileged exec mode on a Cisco router?
enable
Which of the following is a reason that UDP is faster than TCP?
it doesn't guarantee delivery
Which of the following is a metric routers can use to determine best path?
link state
Which of the following is a type of script that automates repetitive tasks in an application such as a word processor but can also be programmed to be a virus?
macro
With which access control method do system administrators establish what information users can share?
mandatory access control
Of what category of attack is a DoS attack an example?
multiple-packet attack
What can an attacker use a port scanner to test for on a target computer?
open sockets
What does a sliding window do in a TCP packet?
provides flow control
Under which suspicious traffic signature category would a port scan fall?
reconnaissance
The enable ___________ password uses type 5 encryption and overrides the enable password.
secret
What is the TCP portion of a packet called?
segment
Which of the following is true about ACLs on Cisco routers?
there is an implicit deny any statement at the end of the ACL
Which of the following is true about static routes?
they are used for stub networks
How does the CVE standard make network security devices and tools more effective?
they can share information about attack signatures
Which of the following is true about extended IP ACLs?
they should be applied to an interface close to the traffic source
A hactivist can best be described as which of the following?
use DoS attacks on Web sites with which they disagree
Rather than using classful routing, ________________ subnet masks allow you to divide your network into different sizes to make better use of available addresses.
variable-length