security

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

true

A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it. T or f?

false

A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer.

public key infrastructure

A framework for all of the entities involved in digital certificates for digital certificate management is known as:

whatever' OR full_name LIKE '%Mia%'

Choose the SQL injection statement example below that could be used to find specific users:

false

Encryption is the practice of transforming information so that it is secure and cannot be accessed by unauthorized parties.T or F?

512

If using the MD5 hashing algorithm, what is the length to which each message is padded?

confidentiality, availibility and integrity

List and describe three of the characteristics of information that must be protected by information security?

hierarchical, distributed, and bridge trust model

List the three PKI trust models that use a CA.

open source intelligence

Select the term that best describes automated attack software?

HIPAA

Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?

crypto service providers

What allows an application to implement an encryption algorithm for execution?

avoidance, transfer, mitigate, accept

What are the four different risk response techniques?

authentication, confidentiality, key management

What are the three areas of protection provided by IPSEC?

cross site scripting, cross site forgery

What are the two types of cross-site attacks? (Choose all that apply.)

availability, authentication, non-repudiation, and integrity

What four basic protections can cryptography support?

blowfish

What is a block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits?

master secret

What is used to create session keys?

technical controls

What process describes using technology as a basis for controlling the access and usage of sensitive data?

desctruction

What process will remove all private and public keys along with the user's identification information in the CA?

IPsec

What protocol below supports two encryption modes: transport and tunnel?

ARP

What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?

extentions

What technology expands the normal capabilities of a web browser for a specific webpage?

TPM

What technology uses a chip on the motherboard of the computer to provide cryptographic services?

defensein depth

What term describes a layered security approach that provides the comprehensive protection?

silver bullet

What term refers to an action that provides an immediate solution to a problem by cutting through the complexity that surrounds it?

local host table, external DNS server

What two locations can be a target for DNS poisoning? (Choose all that apply.)

man in the browser

What type of attack intercepts communication between parties to steal or manipulate the data?

third party trust

What type of trust model is used as the basis for most digital certificates used on the Internet?

PGP

What widely used commercial asymmetric cryptography software can be used for encrypting files and email messages?

DNS

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

whatever' AND 1=(SELECT COUNT(*) FROM tabname); --

Which SQL injection statement example below could be used to discover the name of the table?

whatever' AND email IS NULL; --

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?

Gramm-Leach-Bliley Act

Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?

brokers and competitors

Which of the following are considered threat actors?

elliptical curve and digital signature

Which of the following are considered to be common asymmetric cryptographic algorithms? (Choose al

man in the middle and replay attacks

Which of the following are considered to be interception attacks? (Choose all that apply.)

RSA

Which of the following asymmetric cryptography algorithms is most commonly used?

domain validation digital certificate

Which of the following certificates verifies the identity of the entity that has control over the domain name?

ISO, COBIT, RFC

Which of the following is a common security framework?

Online certification status protocol, certificate revocation list

Which of the following is a valid way to check the status of a certificate? (Choose all that apply.)

extended validation

Which of the following is an enhanced type of domain digital certificate?

nonce

Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session?

protect the public key

Which of the following is not one of the functions of a digital signature?

information security

Which term below is frequently used to describe the tasks of securing information that is in a digital format?

smurf attack

Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?

sponge

Which type of cryptographic algorithm takes an input string of any length, and returns a string of any requested variable length?

diversity, simplicity, layering

fundamental security principle?

HMAC

hat type of message authentication code uses hashing to authenticate the sender by using both a hash function and a secret cryptographic key?

160

he SHA-1 hashing algorithm creates a digest that is how many bits in length?

public key cryptography

what alternative term can be used to describe asymmetric cryptographic algorithms?

advanced persistent threat

what class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period?


संबंधित स्टडी सेट्स

Chapter 19---The menstrual cycle

View Set

Unit 6: Palliative Online Courses

View Set

Chapter 19, Documenting, Reporting, Conferring

View Set

Adult cognitive disorders Neuropsych assessment post brain injury

View Set

Chemistry 131 Chapter 3 & 4 Exam study guide

View Set