Quiz 9 Computer Security
The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.
1) True
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?
443
What program, released in 2013, is an example of ransomware?
Crypt0L0cker
A simple network has two primary parts: hosts and computers.
False
A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
False
Network address translation (NAT) prevents hosts on a LAN from sharing the global IP address assigned by the ISP.
False
Unused network jacks are commonplace and pose no danger to security.
False
What is NOT a common motivation for attackers?
Fear
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?
SQL injection
What firewall approach is shown in the figure?
Screened subnet
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?
Switch
A network attacker wants to know IP addresses used on a network, remote access procedures, and weaknesses in network systems.
True
Star Network connects three or more endpoints through a central mode.
True
The OSI Reference Model is a theoretical model of networking with interchangeable layers.
True
The goal of a command injection is to execute commands on a host operating system.
True
The star topology requires an addressing scheme to distinguish between the different connections.
True
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?
Whitelisting
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois
What wireless security technology contains significant flaws and should never be used?
Wired Equivalent Privacy (WEP)