Fund. info. tech ch.9-12 quiz and txt book questions
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall? a. 22 b. 25 c. 53 d. 80
25
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication? a. 80 b. 143 c. 443 d. 3389
443
What is NOT a valid encryption key length for use with the Blowfish algorithm? a. 32 bits b. 64 bits c. 256 bits d. 512 bits
512 bits
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities? a. 600 b. 700 c. 800 d. 900
800
Which Intstitute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs? a. 802.3 b. 802.11 c. 802.16 d. 802.18
802.11
Which standards organization publishes American Standard Fortran? A. IEEE B. ANSI C. ITU-T D. NIST
ANSI
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? A. Alice's private key B. Alice's public key C. Bob's private key D. Bob's public key
Alice's private key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? a. Bob's private key b. Alice's private key c. Bob's public key d. Alice's public key
Alice's public key
Which of the following is one of the four basic forms of a cryptographic attack? A. Ciphertext-only attack B. Known-plaintext attack C. Chosen-plaintext attack D. Chosen-ciphertext attack E. All the above
All the above
When malware slose performance, which of the following tenets of information system security is impacted? a. Confidentiality b. Integrity c. Availability d. Control
Availability
A(n) __________ is a network of compromised computers that attackers use to launch attacks and spread malware. A. Black network B. Botnet C. Attacknet D. Trojan store
Botnet
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? a. Light Extensible Authentication Protocol (LEAP) b. Remote Authentication Dial-In User Service (RADIUS) c. Protected Extensible Authentication Protocol (PEAP) d. Captive portal
Captive portal
Which information security objective allows trusted entities to endorse information? a. Validation b. Witnessing c. Certification d. Authorization
Certification
What must you do to any certificate imported into Kleopatra before you can use it to decrypt messages? a. Link it to your public key b. Save it c. Link it to your private key d. Change the trust level
Change the trust level
A __________ is used to detect forgeries. A. Hash function B. Checksum C. Hash value D. KDC
Checksum
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works? a. Chosen plaintext b. Ciphertext only c. Chosen ciphertext d. Known plaintext
Chosen plaintext
An algorithm used for cryptographic purposes is known as a __________. A. Hash B. Private key C. Public key D. Cipher
Cipher
How can you verify that the integrity of encrypted files is maintained during the transmission to another user's computer? a. Right-click the file and select Integrity Check from the context menu. b. Import the file into KIeopatra and select the Integrity Check option. c. Compare the decrypted file's contents with the contents of the original file. d. Right-click the file and select Verify from the context menu.
Compare the decrypted file's contents with the contents of the original file.
Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking? a. Confidentiality b. Availability c. Integrity d. Accounting
Confidentiality
Which of the following statements is true regarding SQL Injection attacks? a. Their likelihood can be reduced through regular testing. b. They are one of the rarest type of web attacks. c. Their likelihood cannot be reduced through secure software development practices. d. They are extremely difficult to prevent.
Their likelihood can be reduced through regular testing
Which of the following statements is true regarding cross-site scripting (XSS) attacks? a. They are one of the most common web attacks. b. Their likelihood cannot be reduced through secure software development practices. c. Their likelihood cannot be reduced through regular testing. d. They are extremely difficult to prevent.
They are one of the most common web attacks
Why do hackers often send zipped and encrypted files and attachments? a. They look more official and recipients will be more likely to open them. b. They cannot be opened by antivirus software and so they will often reach the recipient. c. They can be emailed to more than one recipient at a time. d. They can be sent via email more quickly.
They cannot be opened by antivirus software and so they will often reach the recipient.
Which type of cipher works by rearranging the characters in a message? a. Substitution b. Transposition c. Asymmetric d. Steganographic
Transposition
A ______________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door", allowing additional hack tools and access to the system. a. Trojan b. denial-of-service attack c. SQL Injection d. virus
Trojan
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? a. Virus b. Logic bomb c. Trojan horse d. Worm
Trojan horse
A honeypot is a sacrificial host with deliberately insecure services deployed at the edges of a network to act as bait for potential hacking attacks. True/False
True
A salt value is a set of random characters you can combine with an actual input key to create the encryption key. True/False
True
A secure virtual private network (VPN) creates an authenticated and encrypted channel across some form of public network. True/False
True
A strong hash function is designed so that a forged message cannot result in the same hash as a legitimate message. True/False
True
A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks. True/False
True
Encryption ciphers fall into two general categories: symmetric (private) key and asymmetric (public) key. True/False
True
Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer. True/False
True
The best defense from keystroke loggers is to carefully inspect the keyboard cable before using a computer because the logger must connect to the keyboard's cable. True/False
True
The earliest digital computers were the result of experimental standards. True/False
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them. True/False
True
The three basic types of firewalls are packet filtering, application proxy, and stateful inspection. True/False
True
The three main categories of network security risk are reconnaissance, eavesdropping and denial of service. True/False
True
The two basic types of ciphers are transposition and substitution. True/False
True
When the key is successfully created, which of the following options lets you store your certificate on a public Internet server? a. Save Your Key Pair b. Send Certificate by E-Mail c. Upload Certificate to Directory Service d. Make a Backup Of Your Key Pair
Upload Certificate to Directory Service
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use? a. Router b. VPN concentrator c. Firewall d. Unified threat management (UTM)
VPN concentrator
What is the only unbreakable cipher when it is used properly? a. Vernam b. Elliptic Curve Diffie-Hellman in Ephemeral mode (ECDHE) c. Blowfish d. Rivest-Shamir-Adelman (RSA)
Vernam
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use? a. Virtual LAN (VLAN) b. Firewall c. Transport Layer Security (TLS) d. Virtual private network (VPN)
Virtual LAN (VLAN)
Which type of malware attaches to, or infects, other programs? A. Spyware B. Virus C. Worm D. Rootkit
Virus
The ___________ is a quarantine area where all removed files, virus infected or suspicious files are stored until you take action on them. a. Trash Bin b. Spam Folder c. Virus Vault d. History
Virus Vault
Which standards organization publishes standards such as CGI, HTML, and XML? A. IEC B. ISO C. PCI D. W3C
W3C
What technology is the most secure way to encrypt wireless communications? A. TCP B. WEP C. WPA D. UDP
WPA
In the malware context, which of the following best defines the term mobile code? A. Website active content B. Malware targeted at PDAs and smartphones C. Software that runs on multiple operating systems D. Malware that uses networks to propagate
Website active content
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating? a. Packet filtering b. Blacklisting c. Whitelisting d. Context-based screening
Whitelisting
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? a. Whois b. Ping c. Simple Network Management Protocol (SNMP) d. Domain Name System (DNS)
Whois
A(n) __________ is a critical element in every corporate network today, allowing access to an organization's resources from almost anywhere in the world. A. Local area network (LAN) B. Wide area network (WAN) C. Dynamic Host Configuration Protocol (DHCP) D. None of the above
Wide area network (WAN)
The __________ is a personal firewall that filters incoming and outgoing traffic by blocking unauthorized traffic to the local computer. a. Active Directory b. Windows Firewall with Advanced Security c. Spam Folder d. Virus Vault
Windows Firewall with Advanced Security
What wireless security technology contains significant flaws and should never be used? a. WPA2 b. WiFi Protected Access (WPA) c. Wired Equivalent Privacy (WEP) d. Remote Authentication Dial-In User Service (RADIUS)
Wired Equivalent Privacy (WEP)
Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information? a. World Wide Web Consortium (W3C) b. Internet Engineering Task Force (IETF) c. International Electrotechnical Commission (IEC) d. National Institute of Standards and Technology (NIST)
World Wide Web Consortium (W3C)
Which type of malicious software is a standalone program that propagates from one computer to another? A. Spyware B. Virus C. Worm D. Snake
Worm
Each time a key pair is created, Kleopatra generates: a. a unique 8-digit fingerprint b. a test c. a unique 40-character fingerprint d. an expiration date
a unique 40-character fingerprint
The main principle of ____________ is to build layers of redundant and complementary security tools, policies, controls and practices around the organization's information and assets. a. Access Control Lists b. defense in depth c. network isolation d. system hardening
defense in depth
Database developers and administrators are responsible for: a. the secure coding and testing of their application b. ensuring regular backups of the database are performed. c. developing industry standards and compliance regulations. d. regular penetration testing
ensuring regular backups of the database are performed
Often hackers will use ____________ to make the scripts even harder to detect. a. SQL Injection b. cleartext c. cross-site scripting d. hexadecimal character strings
hexadecimal character strings
Some of the more important _________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management. a. SQL Injections b. cross-site scripts c. host-based security measures d. Damn Vulnerable Web Applications
host-based security measures
When is the company under additional compliance laws and standards to ensure the confidentiality of customer data? a. During penetration testing of the web application. b. During a SQL injection attack on the web application. c. If e-commerce or privacy data is entered into the web application. d. If there is cross-site scripting in the web application.
if e-commerce or privacy data entered into the web application
In a ___________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen. a. damn vulnerable cross-site scripting b. stored cross-site scripting c. non-persistent cross-site scripting d. persistent cross-site scripting
non-persistent cross-site scripting
No production web application, whether it resides inside or outside the firewall, should be implemented without: a. Cross-site scripting and security hardening. b. JavaScript testing and security hardening. c. penetration testing and security hardening. d. SQL injection and security hardening
penetration testing and security hardening
Web application firewalls, security information and event management systems, access controls, network security monitoring and change controls help to keep the "soft center" from becoming an easy target when the ________ fails. a. network b. defense in depth c. redundant layer d. perimeter
perimeter
In a _____________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server. a. persistent cross-site scripting b. reflected cross-site scripting c. damn vulnerable cross-site scripting d. non-persistent cross-site scripting
persistent cross-site scripting
Users often complain that _____________ make their systems "slow" and hard to use. a. security measures b. Access Control Lists c. change controls d. border routers
security measures
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows? a. Hub b. Access Point c. Switch d. Router
switch
Betty receives a ciphertext message from her colleague Tim. What type of function does Betty need to use to read the plaintext message? a. Hashing b. Decryption c. Validation d. Encryption
Decryption
The __________ strategy ensures that an attacker must compromise multiple controls to reach any protected resource.
Defense in depth
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key? a. Blowfish b. Diffie-Hellman c. Message digest algorithm (MD5) d. Rivest, Shamir, Adelman (RSA)
Diffie-Hellman
A __________ signature is a representation of a physical signature stored in a digital format. A. Digital B. Digitized C. Private key D. Public key
Digitized
How did viruses spread in the early days of malware? A. Wired network connections B. Punch cards C. Diskettes D. As program bugs
Diskettes
What protocol is responsible for assigning IP addresses to hosts on most networks? a. Simple Mail Transfer Protocol (SMTP) b. Virtual LAN (VLAN) c. Transport Layer Security (TLS) d. Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP)
The act of scrambling plaintext into ciphertext is known as __________. A. Decryption B. Encryption C. Plaintext D. Cleartext
Encryption
What mathematical problem forms the basis of most modern cryptographic algorithms? a. Quantum mechanics b. Factoring large primes c. Birthday problem d. Traveling salesman problem
Factoring large primes
A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information. True/False
False
DHCP provides systems with their MAC addresses. True/False
False
IP addresses are assigned to computers by the manufacturer. True/False
False
Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop. True/False
False
Product cipher is an encryption algorithm that has no corresponding decryption algorithm. True/False
False
the four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks. True/False
False
What does the TCP SYN flood attack do to cause a DDoS? A. Causes the network daemon to crash B. Crashes the host computer C. Saturates the available network bandwidth D. Fills up the pending connections table
Fills up the pending connections table
The basic job of a __________ is to enforce an access control policy at the border of a network. A. Firewall B. Router C. Switch D. Access point
Firewall
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature? a. Elliptic curve b. Decryption c. Encryption d. Hash
Hash
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? a. Switch b. Firewall c. Router d. Hub
Hub
Which standards organization formed in 1906 and handles standards for batteries? A. IEC B. ISO C. PCI D. W3C
IEC
The __________ is the world's largest professional association for the advancement of technology.
IEEE
Which standards organization publishes the 802.11g standard? A. ISO B. IEC C. ITU-T D. IEEE
IEEE
Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out? a. NIST 800-53 b. IEEE 802.3 c. ANSI x.1199 d. ISO 17799
IEEE 802.3
Which standards organization's name derives from the Greek word for equal? A. IEC B. ISO C. PCI D. W3C
ISO
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management? a. ISO 17799 b. ISO 9000 c. ISO 27002 d. ISO 14001
ISO 27002
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve? a. Authentication b. Confidentiality c. Integrity d. Nonrepudiation
Integrity
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI? a. International Organization for Standardization (ISO) b. National Institute of Standards and Technology (NIST) c. Ocean Surveillance Information System (OSIS) d. Information Systems Audit and Control Association (ISACA)
International Organization for Standardization
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? a. User Datagram Protocol (UDP) b. Internet Control Message Protocol (ICMP) c. Transmission Control Protocol (TCP) d. Hypertext Transfer Protocol (HTTP)
Internet Control Message Protocol (ICMP)
Which of the following helps secure the perimeter of a network? a. SQL Intrusion b. Java Script c. Intrusion prevention systems d. Damn Vulnerable Web Application
Intrusion prevention systems
Which of the following statements is true regarding the hybrid approach to encryption? a. The sender encrypts the message with an asymmetric key. b. It provides the same full CIA protection as asymmetrical encryption with nearly the same speed as symmetrical encryption. c. The sender sends the message and a copy of the asymmetric key using the sender's symmetric private key. d. The initial message and asymmetric key are decrypted using the sender's private key.
It provides the same full CIA protection as asymmetrical encryption with nearly the same speed as symmetrical encryption.
What is the certificate management component of GPG4Win? a. Windows Manager b. Kleopatra c. FileZilla d. Digital Signature Algorithm (DSA)
Kleopatra
When the key is successfully created, which of the following options sends a copy of your private key to your computer? a. Make a Backup Of Your Key Pair b. Upload Certificate to Directory Service c. Send Certificate by EMail d. Save Your Key Pair
Make a Backup Of Your Key Pair
Which of the following is a security countermeasure that could be used to protect your production SQL databases against injection attacks? a. Monitor your SQL databases for unauthorized or abnormal SQL injections. b. Avoid writing scripts for SNMP network management alerts. c. Avoid encrypting the data elements that reside in long-term storage of the SQL database. d. Ignore error messages that do not clear the User ID box.
Monitor your SQL databases for unauthorized or abnormal SQL injections
What technology allows you to hide the private IPv4 address of a system from the Internet? A. SSL B. RADIUS C. PPTP D. NAT
NAT
What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?" a. National Institute of Standards and Technology (NIST) b. National Aeronautics and Space Administration (NASA) c. Federal Communications Commission (FCC) d. Federal Trade Commission (FTC)
National Institute of Standards and Technology (NIST)
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? a. Nmap b. Ping c. Remote Access Tool (RAT) d. Simple Network Management Protocol (SNMP)
Nmap
Which software tool provides extensive port-scanning capabilities? A. Ping B. Whois C. Rpcinfo D. Nmap
Nmap
If someone sends you his public key and you import it into Kleopatra, will he be able to decrypt the encrypted messages you send him? a. No because you must provide your public key to any user wanting to decrypt any message encrypted by you. b. No because you must provide your private key to any user wanting to decrypt any message encrypted by you. c. Only if he also sends you his private key. d. Yes because his public key is used by both of you to encrypt and decrypt messages.
No because you must provide your public key to any user wanting to decrypt any message encrypted by you.
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve? a. Integrity b. Authentication c. Nonrepudiation d. Confidentiality
Nonrepudiation
__________ corroborates the identity of an entity, whether the sender, the sender's computer, some device, or some information. A. Nonrepudiation B. Confidentiality C. Integrity D. Authentication
Nonrepudiation
Which of the following is the most well-known ISO standard? A. OSI Reference Model B. TCP/IP protocol C. TCP/IP Reference Model D. OSI protocol
OSI Reference Model
Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time? a. Certificate revocation list (CRL) b. International Data Encryption Algorithm (IDEA) c. Transport Layer Security (TLS) d. Online Certificate Status Protocol (OCSP)
Online Certificate Status Protocol (OCSP)
The basic model for how you can build and use a network and its resources is known as the __________. A. Dynamic Host Configuration Protocol (DHCP) model B. International Organization for Standardization (ISO) model C. Open Systems Interconnection (OSI) Reference Model D. None of the above
Open Systems Interconnection (OSI) Reference Model
Which type of attack is triggered by the victim? a. Dan vulnerable cross-site scripting attack b. Persistent cross-site scripting attack c. Non-persistent cross-site scripting attack d. Reflected cross-site scripting attack
Persistent cross-site scripting attack
Which type of attack tricks a user into providing personal information by masquerading as a legitimate website? A. Phreaking B. Phishing C. Trolling D. Keystroke logging
Phishing
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? a. Multi-partitite virus b. Stealth virus c. Polymorphic virus d. Cross-platform virus
Polymorphic virus
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working? a. Session b. Application c. Presentation d. Data Link
Presentation
What layer of the OSI Reference Model is most commonly responsible for encryption? A. Application B. Presentation C. Session D. Transport
Presentation
Which approach to cryptography provides the strongest theoretical protection? a. Classic cryptography b. Quantum cryptography c. Asymmetric cryptography d. Elliptic curve cryptography
Quantum cryptography
What is the most common first phase of an attack? A. Vulnerability identification B. Reconnaissance and probing C. Target selection D. Evidence containment
Reconnaissance and probing
What type of malicious software allows an attacker to remotely control a compromised computer? a. Polymorphic virus b. Armored virus c. Worm d. Remote Access Tool (RAT)
Remote Access Tool (RAT)
The IETF produces documents called _______.
Request for Comments (RFC)
What type of publication is the primary working product of the Internet Engineering Task Force (IETF)? a. Public service announcement (PSA) b. ISO Standard c. Request for comment (RFC) d. Special Publication (SP)
Request for comment
What is NOT a symmetric encryption algorithm? a. Data Encryption Standard (DES) b. Carlisle Adams Stafford Tavares (CAST) c. Rivest-Shamir-Adelman (RSA) d. International Data Encryption Algorithm (IDEA)
Rivest-Shamir-Adelman (RSA)
A __________ is a device that interconnects two or more networks and selectively interchanges packets of data between them.
Router
Which of the following allows valid SQL commands to run within a web form? a. JavaScript coding b. Cross-site scripting (XSS) c. HTML coding d. SQL Injection
SQL Injection
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? a. Cross-site scripting (XSS) b. XML injection c. LDAP injection d. SQL injection
SQL injection
Which Web application attack is more likely to extract privacy data elements out of a database? a. Non-persistent cross-site scripting attack b. SQL Injection attack c. Damn vulnerable attack d. Persistent cross-site scripting attack
SQL injection attack
Which VPN technology allows users to initiate connections over the Web? A. SSL B. PPTP C. IPSec D. ICMP
SSL
What firewall topology supports the implementation of a DMZ? A. Bastion host B. Multilayered firewall C. Border firewall D. Screened subnet
Screened subnet
Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? a. Cross-site scripting b. Session hijacking c. XML injection d. SQL injection
Session hijacking
In the lab, what did you do before attempting the script tests that exposed the vulnerabilities? a. Set the security level of penetration testing to high. b. Set the security level of Damn Vulnerable Web Application (DVWA) to high. c. Set the security level of DVWA to low. d. Set the security level of penetration testing to low.
Set the security level of DVWA to low
Barbara is investigating an attack against her network. she notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? a. Smurf b. Land c. Teardrop d. Cross-site scripting (XSS)
Smurf
____ is any unwanted message A. Spam B. Virus C. Worm D. Rootkit
Spam
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack too place? a. Pharming b. Command injection c. Adware d. Spear phishing
Spear phishing
What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)? a. Subject matter expertise on routing and switching b. Architecture for Internet protocols and procedures c. Confirmation of IETF chairs d. Editorial publication procedures for requests for comments (RFCs)
Subject matter expertise on routing and switching
Which simple network device helps to increase network performance by using the MAC address to send network traffic only to its intended destination? A.Hub B. Switch C. Router D. Gateway
Switch
An encryption cipher that uses the same key to encrypt and decrypt is called a(n) __________ key. A. Symmetric (private) B. Asymmetric (public) C. Encrypting D. Hash E. None of the above
Symmetric (private)
DES, IDEA, RC4, and WEP are examples of __________. A. Key revocation B. 802.11b wireless security C. Asymmetric key algorithms (or standards) D. Symmetric algorithms (or standards)
Symmetric algorithms (or standards)
Which set of characteristics describes the Caesar cipher accurately? a. Asymmetric, stream, transposition b. Symmetric, stream, substitution c. Asymmetric, block, substitution d. Symmetric, block, transposition
Symmetric, stream, substitution
Which type of virus targets computer hardware and software startup functions? a. System infector b. File infector c. Data infector d. Hardware infector
System infector
The IETF primarily focuses on standards of the __________ Internet protocol suite.
TCP/IP
__________ is a suite of protocols that was developed by the Department of Defense to provide a highly reliable and fault-tolerant network infrastructure. A. DHCP B. VPN C. PPPoE D. TCP/IP
TCP/IP
Which of the following statements is true regarding aymmetrical encryption? a. It does not guarantee the authenticity of the sender. b. The receiver obtains the needed key from the sender or through a trusted third party, such as certificate server. c. It is quite fast and generally easier to implement than symmetric cryptography. d. The sender encrypts with his/her public key and the receiver decrypts using the sender's private key.
The receiver obtains the needed key from the sender or through a trusted third party, such as certificate server.
Web application developers and software developers are responsible for: a. ensuring regular backups of the database are performed. b. regular penetration testing c. developing industry standards and compliance regulations. d. The secure coding and testing of their application.
The secure coding and testing of their application
Which of the following statements is true regarding symmetric cryptography? a. The sender and receiver use the same key to encrypt and decrypt a given message. b. It does not provide confidentiality or integrity. c. It guarantees authenticity. d. It is quite slow and generally more difficult to implement than asymmetric cryptography.
The sender and receiver use the same key to encrypt and decrypt a given message.
Which element is NOT a core component of the ISO 27002 standard? a. Access control b. Cryptography c. Asset management d. Risk assessment
Cryptography
__________ offers a mechanism to accomplish four security goals: confidentiality, integrity, authentication, and nonrepudiation. A. Security association (SA) B. Secure Sockets Layer (SSL) C. Cryptography D. None of the above
Cryptography
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? a. Command injection b. Cross-site scripting (XSS) c. SQL injection d. XML injection
Cross-site scripting (XSS)
Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input? a. Cross-site scripting (XSS) b. Phishing attacks c. Penetration testing d. SQL Injection
Cross-site scripting (XSS)