Intro to IA Mid Term study guide multiple choice

What size key does this system use? 128big 56bit 255bit 64bit

56bit

What do many analysts believe was the reason for the MyDoom virus/worm? An e-mail attack targeting Bill Gates A DoS attack targeting Microsoft Windows IIS servers A DoS attack against Microsoft.com A DDoS attack targeting Santa Cruz Operations

A DDoS attack targeting Santa Cruz Operations

Which is NOT true about a buffer overflow attack? A careful programmer will write applications so the buffer will truncate or reject data that exceeds the buffer length. Susceptibility to a buffer overflow is entirely contingent on software flaws. A buffer overflow can load malicious data into memory and run it on a target machine. A hacker does not need a good working knowledge of some programming language to create a buffer overflow.

A hacker does not need a good working knowledge of some programming language to create a buffer overflow.

Which of the following is the best definition for the term sneaker? An amateur who hacks a system without being caught A person who hacks a system to test its vulnerabilities A person who hacks a system by faking a legitimate password An amateur hacke

A person who hacks a system to test its vulnerabilities

What is a digital signature? A piece of encrypted data added to other data to verify the sender A signature that is entered via a digital pad or other device A method for verifying the recipient of a document A scanned-in version of your signature, often in .jpg format

A piece of encrypted data added to other data to verify the sender

Who issues certificates? The Association for Computer Machinery The United States Department of Defense The UN encryption authority A private certificate authority

A private certificate authority

Which is a block cipher developed by Belgian researchers and providing 128-, 192-, and 256-bit key sizes? DES3 Blowfish AES RSA

AES

Which is NOT an encryption method? AES DES PGP ASCII

ASCII

An open source software circuit level gateway is available from which of the following? Watchguard Technologies SonicWALL Amrita Labs Teros

Amrita Labs

Which serves as a single contact point between the Internet and the private network? Dual-homed host Screened host DMZ Bastion host

Bastion host

Which is a symmetric block cipher developed in 1993 that provides variable-length key sizes ranging from 32 to 448 bits? AES IDEA Blowfish DES3

Blowfish

Which of the following is not a common feature of most single PC firewalls? Software-based Packet filtering Ease of use Built-in NAT

Built-in NAT

Which is a very early encryption method? Caesar cipher DES3 AES WEP

Caesar cipher

Which is a firewall vendor manufacturing a host-based firewall for Windows 2000 Server, Sun Solaris, and Red Hat Linux environments? Wolverine Cisco Check Point D-Link

Check Point

Which type of encrypted communication is most common? Radio communications Telephone conversations Computer and Internet communications Written documents

Computer and Internet communications

Which term is generally used by hackers to refer to attempts at intrusion into a system without permission and usually for malevolent purposes? Blocking Social engineering. Cracking Hacking

Cracking

Which is a symmetric key encryption system? RSA DES AES PGP

DES

Which of the following is a symmetric key system using blocks? DES Blowfish PGP RSA

DES

Encryption and virtual private networks are techniques used to secure which of the following? Data Firewalls Proxy servers Connection points

Data

One of the most common types of attacks via the Internet is: Denial of service Session hacking Buffer overflow IP spoofing

Denial of service

Which attack causes Internet routers to attack the target systems without actually compromising the routers themselves? ICMP flood Tribal Flood Network SYN flood Distributed Reflection Denial of Service

Distributed Reflection Denial of Service

Medium-sized networks have what problem? Diverse user group Need to connect multiple LANs into a single WAN Low budgets Lack of skilled technical personnel

Diverse user group

Which of the following is the best definition for war-driving? Driving while using a wireless connection to hack Driving while hacking and seeking a computer job Driving looking for wireless networks to hack Driving and seeking rival hackers

Driving looking for wireless networks to hack

Which approach to security is proactive in addressing potential threats before they occur? Passive security approach Layered security approach Hybrid security approach Dynamic security approach

Dynamic security approach

Which of the following is a benefit of Cisco firewalls? Built-in IDS on all products Extensive training available on the product Built-in virus scanning on all products Very low cost

Extensive training available on the product

Which of the following maintains a repository for information on virus outbreaks and detailed information about specific viruses? CERT F-Secure Corporation SANS Institute Microsoft Security Advisor

F-Secure Corporation

What implementation is Check Point Firewall-1? Router based Network based Switch based Host based

Host based

Which of the following uses a total of 52 16-bit sub-keys? IDEA Triple DES DES AES

IDEA

Which is NOT a typical adverse result of a virus? Increased network functionality and responsiveness Deletion of files Increased network traffic Changing system settings

Increased network functionality and responsiveness

What is the best method of defending against IP spoofing? Blocking all incoming ICMP traffic Installing a router/firewall that blocks packets that appear to be originating within the network Blocking all incoming TCP traffic Installing a router/firewall that blocks packets that appear to be originating from outside the network

Installing a router/firewall that blocks packets that appear to be originating within the network

Why is the binary mathematical operation that is used for simple encryption not secure? It does not use a symmetric key system. It does not change letter or word frequency The mathematics are flawed The key length is too short.

It does not change letter or word frequency

Which of the following is the primary weakness in the Caesar cipher? It does not use a public key system. It does not disrupt letter frequency. There is no significant weakness; the Caesar cipher is adequate for most encryption uses. It does not use complex mathematics

It does not disrupt letter frequency.

Which of the following is an advantage of the network host-based configuration? It is more secure It is inexpensive or free It is resistant to IP spoofing It has user authentication

It is inexpensive or free

What is a technical weakness of the Stack tweaking defense? It is complicated and requires very skilled technicians to implement It only decreases time out but does not actually stop DoS attacks It is resource intensive and can degrade server performance. It is ineffective against DoS attacks

It only decreases time out but does not actually stop DoS attacks

Why might a circuit level gateway be inappropriate for some situations? It has no user authentication It requires client side configuration It blocks web traffic It is simply too expensive

It requires client side configuration

What was the greatest damage from the Bagle virus? It deleted system files It corrupted the Windows registry It shut down antivirus software It was difficult to detect

It shut down antivirus software

Which is true about public key encryption? It is based on the PGP protocol. It uses two different keys. It uses symmetric keys. Both keys must be closely protected to avoid hacking.

It uses two different keys.

Which is true about Windows XP Internet Connection Firewall (ICF)? It blocks incoming and outgoing packets. It works best in conjunction with a perimeter firewall. It has a logging feature enabled by default. It is a screened host firewall.

It works best in conjunction with a perimeter firewall.

Which is a powerful password cracker that works on Windows and Linux platforms? Solarwinds Quantum Cracker Brutus John the Ripper

John the Ripper

What is the best way to defend against a buffer overflow? Keeping all software patched and updated Using a robust firewall Blocking TCP packets at the router Stopping all ICMP traffic

Keeping all software patched and updated

The most desirable approach to security is one which is: Perimeter and dynamic Layered and dynamic Layered and static Perimeter and static

Layered and dynamic

Which created a domestic "cyber terrorism" attack against a Unix distributor? Blaster W32.Storm.Worm Slammer MyDoom

MyDoom

Which of the following virus attacks initiated a DoS attack? MyDoom Bagle Walachi Faux

MyDoom

A standalone technology that hides internal addresses from the outside and only allows connections that originate from inside the network is called: DMZ NAT TFTP HTTP

NAT

Following rules and learning from experience as part of the process to identify and notify an administrator about an intrusion are typical when Snort is operating in which mode? Network intrusion-detection mode Packet logger mode Command mode You Answered Sniffer mode

Network intrusion-detection mode

Why is encryption an important part of security? No matter how secure your network is, the data being transmitted is still vulnerable without encryption. Encrypted transmissions will help stop Denial of Service Attacks. A packet that is encrypted will travel faster across networks. Encrypted transmissions are only necessary with VPNs.

No matter how secure your network is, the data being transmitted is still vulnerable without encryption.

Which of the following is not one of the three major classes of threats? A computer virus or worm Denial of Service attacks Actually intruding on a system Online auction fraud

Online auction fraud

What is the greatest danger in a network host-based configuration? IP spoofing Operating System Security flaws SYN flood attacks Ping flood attacks

Operating System Security flaws

What are the three approaches to security? High security, medium security, and low security Perimeter, complete, and none Internal, external, and hybrid Perimeter, layered, and hybrid

Perimeter, layered, and hybrid

Which attack occurs by sending packets that are too large for the target machine to handle? Ping of death ICMP flood SYN flood Stack tweaking

Ping of death

What DoS attack is based on leaving connections half open? SYN flood Distributed Denial of Service Smurf Attack Ping of Death

SYN flood

Which of the following denial of service attacks results from a client's failure to respond to the server's reply to a request for connection? SYN flood ICMP flood Tribal flood UDP flood

SYN flood

Which of the following is the best definition of malware? Software that self replicates Any software that is not properly configured for your system Software that damages your system Software that has some malicious purpose

Software that has some malicious purpose

Which of the following is the best definition of a virus? Software that self-replicates Software that causes damage to any files Software that attaches to e-mail Software that causes damage to system files

Software that self-replicates

If you are using a block cipher to encrypt large amounts of data, which of the following would be the most important consideration when deciding which cipher to use (assuming all of your possible choices are well known and secure): Size of the keys used Speed of the algorithm Number of keys used Whether or not it has been used by any military group

Speed of the algorithm

Which method of defense against a SYN flood involves altering the response timeout? Micro blocks SYN cookies Stack tweaking RST cookies

Stack tweaking

Which of the following is NOT a denial of service attack? Smurf attack Stack tweaking SYN flood Ping of Death

Stack tweaking

Which of the following is not a profiling strategy used in anomaly detection? Resource profiling Threshold monitoring System monitoring Executable profiling

System monitoring

Which of the following best describes session hacking? Taking control of the login session Taking control of the communication link between two machines Taking over a target machine via a Trojan horse Taking control of a target machine remote

Taking control of the communication link between two machines

Which of the following is the most common legitimate use for a password cracker? Military intelligence agents using it to break enemy communications Testing the encryption of your own network There is no legitimate use for a password cracker Trying to break the communications of criminal organizations in order to gather evidence

Testing the encryption of your own network

From the attacker's point of view, what is the primary weakness in a DoS attack? The attack must be sustained. The attack does not cause actual damage The attack is difficult to execute The attack is easily thwarted

The attack must be sustained.

Which of the following best defines the primary difference between a sneaker and an auditor? There is no difference The sneaker tends to be less skilled The sneaker tends to use more unconventional methods. The auditor tends to be less skilled

The sneaker tends to use more unconventional methods.

Which is NOT true about enterprise networks and firewall solutions? They are likely to be supported by multiple network administrators. They are usually made up of several interconnected networks. They are usually easier to manage and secure. They are likely to contain several different operating systems.

They are usually easier to manage and secure.

What is the purpose of a certificate? To validate the sender of a digital signature or software To guarantee that a signature is valid To validate the recipient of a document To verify that software is virus free

To validate the sender of a digital signature or software

Which is NOT a way in which quantum physics might improve encryption in the future? Computers based on quantum physics would be much faster. Transferring keys could be based on changing states of subatomic particles. If someone tried to read a key without authorization, it could result in destruction of the key. Transferring keys would be immune to interference with subatomic particles.

Transferring keys would be immune to interference with subatomic particles.

Which of the following is found in Norton's personal firewall but not in ICF? A visual tool to trace attacks Strong encryption NAT Vulnerability scanning

Vulnerability scanning

Which is a robust commercial software firewall solution for Linux operating systems? Symantec Norton Firewall McAfee Personal Firewall SonicWALL Wolverine

Wolverine

Are there any reasons not to take an extreme view of security, if that view errs on the side of caution? Yes, if you are going to err, assume there are few if any realistic threats. No, there is no reason not to take such an extreme view. Yes, that can lead to wasting resources on threats that are not likely. Yes, that can require that you increase your security skills in order to implement more rigorous defenses.

Yes, that can lead to wasting resources on threats that are not likely.

The process of reviewing logs, records, and procedures to determine whether they meet appropriate standards is called: sneaking filtering auditing authenticating

auditing

Those who exploit systems for harm such as to erase files, change data, or deface Web sites are typically called: gray hat hackers red hat hackers black hat hackers white hat hackers

black hat hackers

Attempting to determine a password by simply trying every possible combination within the set parameters until successful is called: brute force password recovery authentication auditing password cracking

brute force

In many typical configurations with multiple firewalls, e-mail servers and FTP servers are located in the: demilitarized zone internal corporate network corporate Intranet external network

demilitarized zone

An attack characterized by an explicit attempt by attackers to prevent legitimate users from accessing a system is called: war-dialing. spoofing. denial of service. social engineering.

denial of service.

Which of the following best describes a buffer overflow attack? An attack that attempts to send oversized TCP packets An attack that overflows the target with too many TCP packets An attack that attempts to put misconfigured data into a memory buffer An attack that attempts to put too much data in a memory buffer

An attack that attempts to put too much data in a memory buffer

Which type of IDS is the Cisco Sensor? Intrusion deterrence Intrusion deflection Anomaly detection Anomaly deterrence

Anomaly detection

Which of the following is the best definition of "sensitive information"? Any information that has monetary value and is protected by any privacy laws Any information that is worth more thatn $1,000 Military or defense related information Any information that, if accessed by unauthorized personnel, could damage your organization in any way

Any information that, if accessed by unauthorized personnel, could damage your organization in any way

Which of the following types of privacy laws affect computer security? Any privacy law applicable to your organization Any state privacy law Any privacy law Any federal privacy law

Any privacy law applicable to your organization

Which of the following is the most accurate definition of a virus? Any program that can damage your system Any program that self replicates Any program that carries a malicious payload Any program that spreads via email.

Any program that self replicates

Which of the following activities do security professionals recommend to limit the chances of becoming a target for a Trojan horse? Prevent employees from downloading and installing any programs Download and install Windows updates and patches monthly Only open e-mail attachments from friends or co-workers Only download jokes, animated Flash files, or utility programs from popular sites

Prevent employees from downloading and installing any programs

Blocking attacks seek to accomplish what? Shut down security measures Prevent legitimate users from accessing a system Break into a target system Install a virus on the target machine

Prevent legitimate users from accessing a system

How does the SYN cookie work? Replaces cookies left by virus/worm programs. Enables encryption of outbound packets. Causes server to send wrong SYNACK to the client. Prevents memory allocation until third part of SYN ACK handshaking.

Prevents memory allocation until third part of SYN ACK handshaking

An intrusion-detection system is an example of: Hybrid security Good security practices Proactive security Perimeter security

Proactive security

Which of the following is the best definition for non-repudiation? It is another term for user authentication. Access control Processes that verify which user performs what action. Security that does not allow the potential intruder to deny his attack

Processes that verify which user performs what action

Which is a public key encryption standard developed by three mathematicians in 1977 that provides very high but slow security? DES AES RSA DES3

RSA

Which of the following is an encryption method developed by three mathematicians in the 1970s? DSA RSA DES PGP

RSA

Which of the following would be the best defense if your Web server had limited resources but you needed a strong defense against DoS? SYN cookies RST cookies A firewall Stack tweaking

RST cookies

What might one see in an implementation of intrusion deterrence? Real resources with fake names Fake resources with legitimate-sounding names Profiling of users, resources, groups, or applications Blocking of legitimate users by mistake

Real resources with fake names

Which method of intrusion-detection develops historic usage levels to measure activity against? Threshold monitoring Application profiling Resource profiling Infiltration profiling

Resource profiling

Which of the following can be shipped preconfigured? Dual-homed firewalls Network host-based firewalls Stateful packet inspection firewalls Router-based firewalls

Router-based firewalls

Which router configuration is potentially least vulnerable to an attack? Proxy firewalls where the proxy applications use the source IP address for authentication Routers to external networks that support multiple internal interfaces Routers that filter packets with source addresses in the local domain Routers with two interfaces that support subnetting on the internal network

Routers that filter packets with source addresses in the local domain

What type of firewall is Check Point Firewall-1? SPI/application gateway hybrid Application gateway Packet filtering/application gateway hybrid Circuit level gateway

SPI/application gateway hybrid

What is the name for a DoS defense that is dependent on sending back a hash code to the client? SYN cookie RST cookie Server reflection Stack tweaking

SYN cookie

Why is an SPI firewall more resistant to flooding attacks? It examines the destination IP of all packets It automatically blocks large traffic from a single IP It examines each packet in the context of previous packets It requires user authentication

it examines each packet in the context of previous packet

What is the term for hacking a phone system? phreaking Telco-hacking Hacking Cracking

phreaking

A firewall configuration using a server as a router and running multiple network interfaces with automatic routing disabled is an example of a: screened host router-based network host-based dual-homed host

router-based

Which firewall configuration would be appropriate within a network to separate and protect various subnets of a network to provide greater security? demilitarized zone dual-homed host bastion host router-based

router-based

In addition to mandating federal agencies to establish security measures, the Computer Security Act of 1987 defined important terms such as: private information security information sensitive information unauthorized access

sensitive information

A firewall designed to secure an individual personal computer is a: simple hardware firewall screened host firewall single machine firewall combination hardware/software firewall

single machine firewall

`Many encryption techniques such as XOR are easily broken because: brute force techniques can break them their public keys are readily available the underlying letter and word frequency can still be determined their basis in binary numbers makes them easy targets for math processors

the underlying letter and word frequency can still be determined

Symantec Decoy Server does all of the following EXCEPT: simulate outgoing mail server functions track attacking packets to their source record all traffic related to an intrusion attack simulate incoming mail server functions

track attacking packets to their source