Week 3 - Practice Test
Which of the following is the most basic type of firewall?
Screening firewall
Which of the following is the best definition for spyware?
Software that monitors activity on a computer
What does SPI stand for?
Stateful packet inspection
If a company purchases a high-end UNIX server to use for its research and development department, what is probably the most valuable part of the system?
The information on the server
Which of the following is most true regarding certified encryption methods?
There is no such thing as certified encryption.
Which of the following is most true regarding binary operations and encryption?
They can form a part of viable encryption methods.
Which binary mathematical operation can be used for a simple (but unsecured) encryption method and is, in fact, a part of modern symmetric ciphers?
XOR
Information is an asset to your company if it:
costs any sum of money to produce.
Which of the following types of information would be a likely target for industrial espionage?
All of these
In the context of preventing industrial espionage, why might you wish to limit the number of company CD burners and control access to them in your organization?
An employee could use such media to take sensitive data.
Which of the following methods uses a variable-length symmetric key?
Blowfish
How do most antispyware packages work?
By looking for known spyware
Which of the following is the oldest encryption method?
Caesar cipher
It is important to understand the concepts and application of cryptography. Which of the following most accurately defines encryption?
Changing a message so it can only be easily read by the intended recipient
Which of the following is a symmetric key system that uses 64-bit blocks?
DES
What is the greatest security risk to any company?
Disgruntled employees
What is the usual motivating factor for corporate/industrial espionage?
Economic
Which of the following is the correct term for making a system less attractive to intruders?
Intrusion deterrence
What is the advantage of a symmetric key system using 64-bit blocks?
It is fast.
Which of the following is most likely to be true of an encryption method that is advertised as unbreakable?
It is likely to be exaggerated.
Many classic ciphers are easy to understand but not secure. What is the main problem with simple substitution?
It is too simple.
Accurate statistics on corporate espionage are difficult to obtain. One reason is that the victims don't always report the crime, as they often don't want the incidents to become public. Which of the following is a likely reason that an organization might be reluctant to admit it has been a victim of corporate espionage?
It might cause stock value to decline.
Which of the following is a disadvantage of using an application gateway firewall?
It uses a great deal of resources.
What is a major weakness with a network host-based firewall?
Its security depends on the underlying operating system.
What is one way of checking emails for virus infections?
Look for subject lines that are from known virus attacks.
Which of the following is most true regarding new encryption methods?
Never use them until they have been proven.
What is the difference between corporate and industrial espionage?
None; they are interchangeable terms.
Which of the following methods is available as an add-in for most email clients?
PGP
What is the term for blocking an IP address that has been the source of suspicious activity?
Preemptive blocking
What is PGP?
Pretty Good Privacy, a public key encryption method
What type of encryption uses different keys to encrypt and decrypt the message?
Public key
Information is a valuable asset. It can be useful to calculate that value in order to determine how much effort should be put into protecting it. What formula can you use to calculate the value of information?
Resources needed to produce the information plus resources gained from the information
What is the term for a firewall that is software installed on an existing server?
Screened host
What are TSR programs?
Terminate and stay resident programs, which stay in memory after you shut them down
Why would you want to scan an employee's computer when he leaves the organization?
To check for signs of corporate espionage
Which of the following is the most common way for a virus scanner to recognize a virus?
To compare a file to known virus attributes
Terrance is trying to explain industrial espionage to a group of new security techs. What is the ultimate goal of espionage?
To obtain information not otherwise available
In order to truly understand industrial espionage, you need to understand the mindset of the spy. What is the best outcome for a spy attempting an espionage activity?
To obtain information without the target even realizing he did so
What is the reason for encrypting hard drives on laptop computers?
To prevent a thief from getting data off of a stolen laptop
What size key does a DES system use?
56 bit
Classic ciphers were improved with the addition of multiple shifts (multiple substitution alphabets). Which of the following is an encryption method that uses two or more different shifts?
Multi-alphabet encryption
What is the highest level of security you can expect to obtain?
A level of security that makes the effort required to get information more costly than the value of the information
What method do most IDS software implementations use?
Anomaly detection
Why is binary mathematical encryption not secure?
It does not change the letter or word frequency.
Which of the following is not one of the basic types of firewalls?
Heuristic firewall
What is the name for scanning that depends on complex rules to define what is and is not a virus?
Heuristic scanning
What is the term for a fake system designed to lure intruders?
Honey pot
What should you be most careful of when looking for an encryption method to use?
How long the algorithm has been around
