Network Defense and Countermeasures Ch. 1-10 COMPLETE
Which of the following has three different key sizes it can use?
*AES* IDEA DES Triple DES
What size key does the DES algorithm use?
56 bit
A. It does not change letter or word frequency
6-6: Why is the method described in Question 5 not secure?
B. Playback attacks
7-10: What is the primary vulnerability in SPAP?
Which of the following gives the best definition of spyware?
Any software or hardware that monitors your system
What type of firewall requires individual client applications to be authorized to connect?
Application gateway
How did Shedun spread?
As a legitimate Android app
Which encryption algorithm uses a variable-length symmetric key?
Blowfish
In addition to any malicious payload, what is the most common way a virus or worm causes harm to a system?
By increasing network traffic and overloading the system
Which of the following is the best definition for war-driving?
Driving looking for wireless networks to hack
Which of the following are the two most common things Trojan horse programs do?
Launch DDoS attacks and open back doors
What does L2TP stand for?
Layer 2 Tunneling Protocol
Which authentication protocols are available with L2TP that are not available with PPTP?
MS-CHAP, PAP, SPAP
An improvement on the Caesar cipher that uses more than one shift is called a what?
Multi-alphabet substitution
IDEA
Which of the following uses a total of 52 16-bit sub-keys?
What is the term for hacking a phone system?
phreaking
A. MPPE
7-11: What encryption does PPTP use?
C. Used only with IP networks
7-12: Which of the following is a weakness in PPTP?
A. AH, IKE, ESP, IPComp
7-13: What protocols make up IPSec?
C. AH is not susceptible to replay attacks
7-15: What advantage does AH have over SPAP?
A. AH
7-16: What protects the actual packet data in IPSec?
A. Key exchange
7-17: What is the purpose of IKE?
B. Point-to-point tunneling protocol
7-1: PPTP is an acronym for which of the following?
B. Layer 2 tunneling protocol
7-2: What does L2TP stand for?
D. PPP
7-3: PPTP is based on what earlier protocol?
C. Data link
7-4: At what layer of the OSI does PPTP operate?
C. Only voluntary tunneling allows standard PPP/non-VPN connection
7-5: What is the difference between voluntary and compulsory tunneling in PPTP?
B. EAP, CHAP
7-6: Which authentication protocols are available under PPTP?
A. MS-CHAP, PAP, SPAP
7-8: Which authentication protocols are available with L2TP that are not available with PPTP?
A. PAP
7-9: Which of the following is generally considered to be the least secure?
In the context of viruses, what is a .dat file?
A file with virus definitions
Which of the following is the best definition for the term ethical hacker?
A person who hacks a system to test its vulnerabilities
What is a digital signature?
A piece of encrypted data added to other data to verify the sender
A series of ICMP packets sent to your ports in sequence might indicate what?
A ping flood
Who issues certificates?
A private certificate authority
Which of the following encryption algorithms uses three key ciphers in a block system, and uses the Rijndael algorithm?
AES
What is RedSheriff?
Adware that is downloaded automatically when you visit certain websites
What was Gator?
Adware that was often attached to free programs found on the Internet.
What is another term for preemptive blocking?
Banishment vigilance
Which of the following is the oldest known encryption method?
Caesar cipher
Which type of firewall creates a private virtual connection with the client?
Circuit level gateway
Which of the following is the most basic security activity?
Controlling access to resources
What is the difference between transport mode and tunnel mode in IPSec?
D. Only transport mode does not encrypt the header
Which of the following is a symmetric key system using blocks?
DES
At what layer of the OSI model does PPTP operate?
Data Link
Which authentication protocols are available under PPTP?
EAP, CHAP
A profiling technique that monitors how applications use resources is called what?
Executable profiling
Manually removing spyware usually requires all but which of the following actins?
Formatting the hard drive
A system that is set up for attracting and monitoring intruders is called what?
Honeypot
What does PPTP use to accomplish encryption?
IPSec
Which of the following most accurately explains why minimum necessary privileges for a user help protect against Trojan horses?
If the user cannot install programs, it is completely impossible that he will install a Trojan horse.
Attempting to attract intruders to a system set up to monitor them is called what?
Intrusion deflection
Attempting to make your system appear less appealing is referred to as what?
Intrusion deterrence
IDS is an acronym for
Intrusion-detection system
Why might a proxy gateway be susceptible to a flood attack?
It allows multiple simultaneous connections
Which of the following is the most insidious aspect of Back Orifice?
It appears to be a legitimate program
Which of the following did the most to contribute to the wide spread of the Zafi.d worm?
It claimed to be a holiday card and was released just prior to a major holiday
Why is the XOR mathematical operation not secure?
It does not change letter or word frequency.
Which of the following is the primary weakness in the Caesar cipher?
It does not disrupt letter frequency
Why is an SPI firewall more resistant to flooding attacks?
It examines each packet in the context of previous packets
Why is an SPI firewall less susceptible to spoofing attacks?
It examines the source IP of all packets
Which of the following is the primary reason that Microsoft Outlook is so often a target for virus attacks?
It is easy to write programs that access Outlook's inner mechanisms
What is the primary advantage of the DES encryption algorithm?
It is relatively fast
What additional malicious activity did the Rombertik virus attempt?
It overwrote the master boot record
Which of the following is an important security feature in CHAP?
It periodically re-authenticates.
Why might a circuit level gateway be inappropriate for some situations?
It requires client-side configuration.
What effect did the util-linux Trojan horse in 1999 have?
It sent out login information of users logging in
What was the most dangerous aspect of Zafi.d?
It tried to overwrite parts of virus scanners.
What was the primary propagation method for the Kedi RAT virus?
It used its own SMTP engine to e-mail itself.
Which of the following is a problem with the approach described in Question 8 (threshold monitoring)?
It yields many false positives
Why is encryption an important part of security?
No matter how secure your network is, the data being transmitted is still vulnerable without encryption
Which of the following is not one of the three major classes of threats?
Online auction fraud
What is the difference between voluntary and compulsory tunneling in PPTP?
Only voluntary tunneling allows the user to choose encryption.
What is the greatest danger in a network host-based configuration?
Operating system security flaws
Which of the following is generally considered the least secure?
PAP
PPTP is based on what earlier protocol?
PPP
Which of the following are four basic types of firewalls?
Packet filtering, application gateway, circuit level, stateful packet inspection
What is the primary vulnerability in SPAP?
Playback attacks
PPTP is an acronym for which of the following?
Point-to-Point Tunneling Protocol
Why is blocking pop-up ads good for security?
Pop-up ads can be a vehicle for spyware or adware to get into your system
What is heuristic scanning?
Scanning using a rules-based approach
Which of the following is the best definition of malware?
Software that has some malicious purpose
If you are using a block cipher to encrypt large amounts of data, which of the following would be the most important consideration when deciding which cipher to use?
Speed of the algorithm
Which type of firewall is considered the most secure?
Stateful packet inspection
Which of the following is not a profiling strategy used in anomaly detection?
System monitoring
Which of the following is the most common legitimate use for a password cracker?
Testing the encryption of your own network
Setting up parameters for acceptable use, such as the number of login attempts, and watching to see if those levels are exceeded is referred to as what?
Threshold monitoring
What is the most common method of virus propagation?
Through e-mail attachments
What is the purpose of a certificate?
To validate the sender of a digital signature or software
Why are hidden file extensions a security threat?
User might download an image that is really a malicious executable.
What differentiates a virus from a worm?
Worms propagate without human intervention.
Which binary mathematical operation can be used for a simple encryption method?
XOR
Are there any reasons not to take an extreme view of security, if that view errs on the side of caution?
Yes, that can lead to wasting resources on threats that are not likely
What was the taxpayer virus hoax?
An e-mail that claimed that online tax submissions were infected and unsafe
What is a computer virus?
Any program that self-replicates
Which of the following is the most accurate definition of a virus?
Any program that self-replicates
What four rules must be set for packet filtering firewalls?
Protocol type, source port, destination port, source IP
What does Back Orifice do to a system?
Provides a remote user complete administrative access to the machine
What type of encryption uses a different key to encrypt the message than it uses to decrypt the message?
Public key
Which of the following is an encryption method developed by three mathematicians in the 1970s?
RSA
