Computer Network Security Midterm

verify the receiver

A digital signature can provide each of the following benefits EXCEPT

stateful packet filtering

A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below?

private key

A key that is generated by a symmetric cryptographic algorithm

a macro

A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as:

Performing a security risk assessment

A typical configuration baseline would include each of the following EXCEPT

drive-by-download

A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

3DES

After the DES cipher was broken and no longer considered secure, what encryption algorithm was made as its successor?

Session hijacking

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

Certificate Authority (CA)

An entity that issues digital certificates is a

static analysis

Anti-virus products typically utilize what type of virus scanning analysis?​

expiration

At what stage can a certificate no longer be used for any type of authentication?

server-side

Attacks that take place against web based services

logic bomb

Computer code that is typically added to a legitimate program but lies dormant until it is triggered by a specific logical event

Quantum cryptography

Cryptography that attempts to use the microscopic behaviors of objects to develop and share keys while also detecting eavesdropping

BIND

DNS poisoning can be prevented using the latest edition of what software below?

cleartext

Data that is in an unencrypted form is referred to as which of the following?

to verify the authenticity of the Registration Authorizer

Digital certificates can be used for each of these EXCEPT

DNS poisoning

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

Alice's public key

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?

512 bits

If using the MD5 hashing algorithm, what is the length to which each message is padded?

server digital certificate

In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) would be used.

distributed

In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network?

cloud infrastructure as a service

In what type of cloud computing does the customer have the highest level of control?

ransomware

Malware that locks or prevents a device from functioning properly until a fee has been paid

Privilege escalation

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

non-repudation

Proving that a user sent an email message is known as

../

Select below the string of characters that can be used to traverse up one directory level from the root directory:

trojan

Select below the type of malware that appears to have a legitimate use, but actually contains or does something malicious:

encrypts the key and the message

The Hashed Message Authentication Code (HMAC)

RSA

The asymmetric cryptography algorithm most commonly used is

C:\Inetpub\ wwwroot

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?

flood guard

The deployment of this technology below can be used as a defense against DoS and DDoS SYN flood attacks:

Create a VLAN and add the users' computers / ports to the VLAN

The management in your corporate office want to group users on the network together logically even though they are attached to separate network switches. How can this be done?

authentication

The security protection item that ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter is known as

digital certificate

The strongest technology that would assure Alice that Bob is the sender of a message is a

viruses and trojans

The two types of malware that require user intervention to spread are:

root

To what specific directory are users generally restricted to on a web server?

HIPAA

Under which law are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?

asymmetric encryption

Using what mechanism below can the non-repudiation of an e-mail and it's content be enforced?

TLS

What cryptographic transport algorithm is considered to be significantly more secure than SSL?

plaintext

What is data called that is to be encrypted by inputting it into an cryptographic algorithm?

SHA-3

What is the latest version of the Secure Hash Algorithm?

session

What layer of the OSI model is responsible for permitting two parties on a network to hold ongoing communications across the network?

IPSec

What protocol below supports two encryption modes: transport and tunnel?

social engineering

What term below is used to describe a means of gathering information for an attack by relying on the weaknesses of individuals?

NetBIOS

What transport protocol is used by Windows operating systems to allow applications on separate computers to communicate over a LAN?

Administrative controls

What type of controls are the processes for developing and ensuring that policies and procedures are carried out?

hash

What type of cryptographic algorithm is considered to be a one-way algorithm, in that its contents can't be used to reveal the original set of data?

firewall

What type of device, sometimes called a packet filter, is designed to prevent malicious network packets from entering or leaving computers or networks?

rootkit

What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?

virus

What type of malware is heavily dependent on a user in order to spread?

NAT

When a private network uses a single public IP address, and each outgoing TCP packet uses a different port to allow for proper translation, what networking technology is in use?

hypervisor

When setting up a server virtualization environment, what component below manages the virtual machine operating systems and supports one or more guest systems?

third-party

When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established?

RSA

Which asymmetric cryptographic algorithm is the most secure?

Develop the security policy

Which is the first step in securing an operating system?

transport layer

Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices?

Keyboard Mapping

Which of the following is NOT a Microsoft Windows setting that can be configured through a security template?

Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service

Which of the following is NOT an advantage to an automated patch update service?

intent

Which of the following is not a component of an IP packet that a firewall rule can use for filtering purposes?

source

Which of the following is not one of the four methods for classifying the various types of malware?​

confidentiality

Which of the three protections ensures that only authorized parties can view information?

The hash should always be the same fixed size

Which of these is NOT a characteristic of a secure hash algorithm?

authorization

Which of these is NOT part of the certificate life cycle?

in digests

Which of these is NOT where keys can be stored?

whitelist

Which of these is a list of approved email senders?

SSL v2.0

Which of these is considered the weakest cryptographic transport protocol?

Advanced Encryption Standard

Which of these is the strongest symmetric cryptographic algorithm?

integrity

Which protection is provided by hashing?

It monitors and controls two interlocking doors to a room

Which statement about a mantrap is true?

It can only protect data while it is on the user's personal computer

Which statement about data loss prevention (DLP) is NOT true?

replay

Which type of attack below is similar to a passive man-in-the-middle attack?

proxy server

a computer or application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user

service pack

a cumulative package of all patches and hot- fixes as well as additional features

supplicant

a device that requests permission from an authenticator to join a network

the user's identity with his public key

a digital certificate associates

threat agent

a person or element that has the power to carry out a threat

data loss prevention

a system of security tools that is used to recognize and identify data that is critical to an organization and ensure that it is protected

hotfix

addresses a specific customer situation and often may not be distributed outside that customer's organization

Group Policy

allows for a single configuration to be set and then deployed to many or all users

session keys

are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.

integrity

ensures that information is correct and that no unauthorized person or malicious software has altered that data

Integrity

ensures that the information is correct and no unauthorized person or malicious software has altered that data?

public key infrastructure

framework for all the entities involved in digital certificates for digital certificate management

script kiddies

individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so

signature

monitoring that compares network traffic, activities, transactions, or behavior against a database of known attack patterns

OCSP

performs a real-time lookup of a digital certificate's status.

key escrow

process by which keys are managed by a third party

is the management of digital certificates

public key infrastructure (PKI)

SSH

secure alternative to the telnet protocol

substitution

simplest type of stream cipher in which one letter or character is exchanged for another

backdoor

system security malware that allows for access to a computer, program, or service without authorization

VPN

technology that enables authorized users to use an unsecured public network as if it were a secure private network

certification authority

term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates

Network

the layer of the OSI model at which the route a packet is to take is determined, and the addressing of the packet is performed

AES

the standard that is based on the Rijndael algorithm, and was approved by NIST in late 2000 as a replacement for DES:

server digital

type of certificate that is often issued from a server to a client, with the purpose of ensuring the authenticity of the server

asymmetric

type of cryptography that uses two keys instead of one, generating a public and private key

personal digital

what kind of certificate is typically used by an individual to secure e-mail transmissions?

protect the public key

which of the following is not one of the functions of a digital signature?