382Lab2ndTerm

Ace your homework & exams now with Quizwiz!

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?

25

What is the maximum value for any octet in an IPv4 IP address?

255

Which of the following is true regarding comments in the Certificate Creation Wizard?

A comment will be visible to the receiver.

To complete the creation of a key, what do you need to enter in the pinentry dialog box?

A passphrase, or password

Keys are also referred to as:

Certificates

__________ consists of unwanted programs like Trojans and viruses.

Malware

Cryptography takes human readable information and makes it unreadable "cipher text" which can only be read if:

one possesses the correct key.

When malware slows performance, which of the following tenets of information system security is impacted?

Availability

When malware grants unauthorized access to the compromised machine and network, which of the following tenets of information system security is impacted?

Confidentiality

Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input?

Cross-site scripting (XSS)

What protocol is responsible for assigning IP addresses to hosts on most networks?

DHCP

The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.

False

What type of network connects systems over the largest geographic area?

WAN

What is NOT a service commonly offered by unified threat management (UTM) devices?

Wireless Network Access

No security program is complete without:

host-based security measures.

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?

Hub

How can you ensure the confidentiality, integrity, and availability (CIA) of the web application and service?

Penetration testing

Which of the following should be performed on a regular schedule and whenever the web application and service is modified?

Penetration testing

Which of the following statements is true regarding SQL Injection attacks?

Their likelihood can be reduced through regular testing.

Which of the following statements is true regarding cross-site scripting (XSS) attacks?

They are one of the most common web attacks.

If you and another person want to encrypt messages, what should you provide that person with?

Your public key

What do others need to decrypt files that you have encrypted with your private key?

Your public key

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

captive portal

In a __________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen.

non-persistent cross-site scripting

No production web application, whether it resides inside or outside of the firewall, should be implemented without:

penetration testing and security hardening.

Users often complain that __________ make their systems "slow" and hard to use.

security measures

A __________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door," allowing additional hack tools and access to the system.

Trojan

The OSI Reference Model is a theoretical model of networking with interchangeable layers.

True

The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.

True

When the key is successfully created, which of the following options lets you store your certificate on a public Internet server?

Upload Certificate To Directory Service

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

VLAN virtual lan

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?

VPN Concentrator

A standard __________ is a program that will spread from one computer to another in any variety of means, taking advantage of application or OS vulnerabilities to propagate further and will generally try to stay undetected.

Virus

What wireless security technology contains significant flaws and should never be used?

WEP

Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?

WiFi

Each time a key pair is created, Kleopatra generates:

a unique 40-character fingerprint.

Which of the following is a tool left intentionally vulnerable to aid security professionals in learning about web security?

Damn Vulnerable Web Application

Database developers and administrators are responsible for:

Database developers and administrators are responsible for:

A packet-filtering firewall remembers information about the status of a network communication.

False

IP addresses are eight-byte addresses that uniquely identify every device on the network.

False

David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?

Fibre Channel over Ethernet (FCoE)

When is the company under additional compliance laws and standards to ensure the confidentiality of customer data?

If e-commerce or privacy data is entered into the web application

When malware is able to steal and modify data, which of the following tenets of information system security is impacted?

Integrity

Which of the following helps secure the perimeter of a network?

Intrusion prevention systems

Which of the following statements is true regarding the hybrid approach to encryption?

It provides the same full C-I-A protection as asymmetrical encryption with nearly the same speed as symmetrical encryption.

What is the certificate management component of GPG4Win?

Kleopatra

When the key is successfully created, which of the following options sends a copy of your private key to your computer?

Make a Backup Of Your Key Pair

Signs of __________ include degraded system performance, unusual services and network traffic, altered or removed system logs, missing or inactive anti-virus, and any number of application anomalies.

Malware

If someone sends you his public key and you import it into Kleopatra, will he be able to decrypt the encrypted messages you send him?

No because you must provide your public key to any user wanting to decrypt any message encrypted by you.

Which type of attack is triggered by the victim?

Persistent cross-site scripting attack

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?

Presentation

Which of the following allows valid SQL commands to run within a web form?

SQL Injection

When the key is successfully created, which of the following options creates a new e-mail and automatically attaches your public key certificate?

Send Certificate By EMail

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?

Switch

Which of the following statements is true regarding asymmetrical encryption?

The receiver obtains the needed key from the sender or through a trusted third party, such as a certificate server.

Which of the following statements is true regarding symmetric cryptography?

The sender and receiver use the same key to encrypt and decrypt a given message.

Hackers use __________ to execute arbitrary scripts through the web browser.

cross-site scripting (XSS)

The main principle of __________ is to build layers of redundant and complementary security tools, policies, controls, and practices around the organization's information and assets.

defense in depth

The primary assumption of __________ is that no one single tool or practice will completely deter a resolved attacker.

defense in depth

Unless stringent security is mandated by policy, the security practitioner must always balance security with:

functionality and user adoption.

Some of the more important __________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management.

host-based security measures.

Web application firewalls, security information and event management systems, access controls, network security monitoring, and change controls help to keep the "soft center" from becoming an easy target when the __________ fails.

perimeter

In a __________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server.

persistent cross-site scripting

What firewall approach is shown in the figure?

screened subnet

Web application developers and software developers are responsible for:

the secure coding and testing of their application.


Related study sets

10年文法80-稱呼A為B-SVOC句型

View Set

Developmental Psychology Questions

View Set

Christ and Church- Chapter 3 Test

View Set

Assessment and Management of Problems Related to Male Reproductive Processes

View Set

Biology Chapter 4, Biology Plant cells and photosynthesis

View Set

Chapter 5 Python: Numerical Types

View Set

Psych - Ch. 4 Nature & Nurture - Prep: Learning Curve

View Set

TX - Chapter 5: Political Parties, EXAM 3 MINTAP QUIZES

View Set