CYBR 3200 Final
Physical security protects a system from theft, fire, or environmental disaster. True False
True
Which of the following is true about Message Authentication Code. it uses asymmetric encryption the key is sent to the receiver securely is uses PKI and certificates it uses a private and public key
the key is sent to the receiver securely
A hactivist can best be described as which of the following? -an unskilled programmer that spreads malicious scripts -consider themselves seekers of knowledge -use DoS attacks on Web sites with which they disagree -deface Web sites by leaving messages for their friends to read
use DoS attacks on Web sites with which they disagree
Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively? 20, 25 21, 23 20, 23 21, 20
21, 20
What is a dynamic route?
Dynamic routing allows routers to select their own path based on current data, as opposed to static routing.
Which wireless transmission method uses a hopping code? infrared OFDM narrowband FHSS
FHSS
IPv4 and IPv6 headers are interoperable. True False
False
Which component of IPsec enables computers to exchange keys to make an SA? IKE ISAKMP Oakley IPsec driver
IKE
Which of the following is an accurate set of characteristics you would find in an attack signature? IP address, attacker's alias, UDP options protocol options, TCP ports, region of origin IP address, TCP flags, port numbers IP number, MAC address, TCP options
IP address, TCP flags, port numbers
An ARP broadcast is sent to the local subnet in an attempt to discover the destination computer's ______________ address.
MAC
What is the TCP portion of a packet called? frame data segment header
segment
The standardization of cryptographic protocols discourages attackers from trying to break them. True False
False
To determine best path, routers use metrics such as the value of the first octet of the destination IP address. True False
False
Wireless networks are essentially the same as wired networks when it comes to the security threats each faces. True False
False
What is contained in ARP tables? IP address, MAC address DNS name, IP address NetBIOS name, IP address MAC address, TCP port
IP address, MAC address
A worm creates files that copy themselves repeatedly and consume disk space. True False
True
In a passive attack, cryptanalysts eavesdrop on transmissions but don't interact with parties exchanging information. True False
True
Packet fragmentation is not normal, and can only occur if an attack has been initiated. True False
True
RF signals can pass through walls and other objects while IR cannot. True False
True
SNMP requires the installation of an SNMP agent on the device you want to monitor. True False
True
The 802.11i standard maps to the WPA2 security protocol. True False
True
The IP address 172.20.1.5 is a private IP address. True False
True
The TCP protocol uses a three-way handshake to create a connection. True False
True
With discretionary access control, network users can share information with other users, making it more risky than MAC. True False
True
Which element of an ICMP header would indicate that the packet is an ICMP echo request message. Code Type Identifier Data
Type
What tool do you use to secure remote access by users who utilize the Internet? -VPN -IDS -DMZ -DiD
VPN
In which type of scan does an attacker scan only ports that are commonly used by specific programs? random scan vanilla scan ping sweep strobe scan
strobe scan
Which of the following is NOT an advantage of IPv6 versus IPv4? larger address space built-in security supports static configuration NAT is unnecessary
supports static configuration
Describe how a computer uses its ARP table and the ARP protocol when preparing to transmit a packet to the local network.
The ARP protocol uses ARP tables to tie the destination IP address of incoming traffic to a MAC address on that network.
The Transport layer of the OSI model includes the RIP protocol. True False
False
Which protocol is responsible for automatic assignment of IP addresses? DNS DHCP FTP SNMP
DHCP
Which RF transmission method uses an expanded redundant chipping code to transmit each bit? FHSS OFDM CDMA DSSS
DSSS
Which management frame type is sent by a station wanting to terminate the connection? Deauthentication Disassociation Reassociation request Probe response
Disassociation
What is the packet called where a Web browser sends a request to the Web server for Web page data? HTML SEND HTTP XFER HTTP GET HTML RELAY
HTTP GET
Which of the following makes a single pass on data and generates a 128-bit hash value displayed as a 32-character hexadecimal number and is used in VPNs? RSA Message Digest 5 RC4 Twofish
Message Digest 5
What feature in ICMPv6 replaces ARP in IPv4? Multicast Listener Discovery Neighbor Discovery Echo Request Authentication Header
Neighbor Discovery
What is a program that appears to do something useful but is actually malware? virus logic bomb Trojan back door
Trojan
Defense in depth can best be described as which of the following? a firewall that protects the network and the servers a layered approach to security antivirus software and firewalls authentication and encryption
a layered approach to security
Which of the following best describes a CRL? a published listing of invalid certificates serve as a front end to users for revoking certificates a file that contains information about the user and public key keeps track of issued credentials and manages revocation of certificates
a published listing of invalid certificates
Which of the following is defined as the maximum departure of a wave from the undisturbed state? amplitude spectrum frequency wavelength
amplitude
Which of the following is NOT among the items of information that a CVE reference reports? attack signature name of the vulnerability description of vulnerability reference in other databases
attack signature
Which of the following is true about wardriving? attackers use RF monitor mode the hardware is very expensive the software is very expensive their goal is simply to hijack a connection
attackers use RF monitor mode
What function does a RADIUS server provide to a wireless network? association encryption decryption authentication
authentication
What type of attack does a remote-access Trojan attempt to perpetrate? worm back door remote denial of service composite attack
back door
Which of the following is NOT a type of entry found in a routing table? default routes static routes dynamic routes backup routes
backup routes
What is used to convert an analog RF signal into digital format? spectrum EIRP modulator carrier
modulator
In which form of authentication does the authenticating device generate a random code and send it to the user who wants to be authenticated? basic challenge/response biometrics signature
challenge/response
What can an IDPS check to try to determine whether a packet has been tampered with or damaged in transit? parity bit CRC value checksum fragment offset
checksum
Which of the following is an IDPS security best practice? to prevent false positives, only test the IDPS at initial configuration communication between IDPS components should be encrypted all sensors should be assigned IP addresses log files for HIDPSs should be kept local
communication between IDPS components should be encrypted
What remote shell program should you use if security is a consideration? rlogin ssh rcp rsh
ssh
During the routing process, the router strips off ______________________ layer header information and then examines the Network layer address.
data link
Which term is the measurement of the difference between two signals? watt decibel amp volt
decibel
What should you do when configuring DNS servers that are connected to the Internet in order to improve security? disable zone transfers delete the DNS cache disable DNS buffers setup DNS proxy
disable zone transfers
What uses mathematical calculations to compare routes based on some measurement of distance? route summarization link-state routing protocols routing metrics distance-vector routing protocols
distance-vector routing protocols
Which of the following is true about RF transmissions? EM radiation is measured in volts frequency has an inverse relationship with wavelength frequency is the distance between waves cooler objects produce higher-frequency radiation than hotter objects
frequency has an inverse relationship with wavelength
Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion? inline host-based hybrid network-based
hybrid
Which of the following is NOT a network defense function found in intrusion detection and prevention systems? prevention response identification detection
identification
Which of the following is true about cryptographic primitives? each performs several tasks a single primitive makes up an entire cryptographic protocol primitives are usually not the source of security failures a primitive that provides confidentiality usually also provides authentication
primitives are usually not the source of security failures
Which of the following causes of signal loss is defined as differences in density between air masses over distance? reflection absorption scattering refraction
refraction
What is a downside to using Triple DES? uses only a 56-bit key goes through three rounds of encryption using three keys decreases security requires more processing time
requires more processing time
The enable ___________ password uses type 5 encryption and overrides the enable password.
secret
Which feature of a router provides traffic flow and enhances network security? VLSMs ACLs TCP CIDR
ACLs
Which type of frame advertises services or information on a wireless network? Probe request Association response Beacon Probe response
Beacon
Which layer does wireless communication rely heavily upon? MAC sublayer of the Network layer MAC sublayer of the Data Link layer LLC sublayer of the Data Link layer LLC sublayer of the Transport layer
MAC sublayer of the Data Link layer
Which TCP flag can be the default response to a probe on a closed port? RST URG PSH SYN
RST
Define metric and give three examples of common metrics that routers use.
Routing metrics are simply the values of the cost it takes routers to establish a link. Metrics could be measured hop count, bandwidth, or delay.
Which of the following is the first packet sent in the TCP three-way handshake? RST SYN ACK PSH
SYN
What is the sequence of packets for a successful three-way handshake? SYN, ACK, ACK SYN, SYN ACK, RST SYN, SYN ACK, ACK SYN, ACK, FIN
SYN, SYN ACK, ACK
A RTS frame is the first step of the two-way handshake before sending a data frame. True False
True
A hybrid IDPS combines aspects of NIDPS and HIDPS configurations. True False
True
Which of the following is NOT one of the three primary goals of information security? confidentiality integrity impartiality availability
impartiality
What term is given to a device that is designed to generate radio signals, not including those from the antenna? oscillator conductive medium intentional radiator EIRP
intentional radiator
Which type of attack works by an attacker operating between two computers in a network and impersonating one computer to intercept communications? malicious port scanning man-in-the-middle denial of service remote procedure call
man-in-the-middle
Of what category of attack is a DoS attack an example? bad header information single-packet attack multiple-packet attack suspicious data payload
multiple-packet attack
In which type of wireless attack does the attacker cause valid users to lose their connections by sending a forged deauthentication frame to their stations? association flood jamming session hijacking MAC address spoofing
session hijacking
Why might you want your security system to provide nonrepudiation? -to prevent a user from capturing packets and viewing sensitive information -to prevent an unauthorized user from logging into the system -to trace the origin of a worm spread through email -so a user can't deny sending or receiving a communication
so a user can't deny sending or receiving a communication
Which of the following is true about encryption algorithms? their strength is tied to their key length not vulnerable to brute force attacks block ciphers encrypt one bit at a time asymmetric algorithms use a single key
their strength is tied to their key length
Which of the following is a valid IPv6 address? 5BA4:2391:0:0:4C3E 1080::8:800:200C:417A 24::5B1A::346C 5510:ABCD::34:1::2
1080::8:800:200C:417A
Which of the following addresses is a Class B IP address? 126.14.1.7 224.14.9.11 189.77.101.6 211.55.119.7
189.77.101.6
Which of the following is the broadcast address for subnet 192.168.10.32 with subnet mask 255.255.255.240 192.168.10.63 192.168.10.47 192.168.10.23 192.168.10.95
192.168.10.47
Which of the following pairs represents a medium frequency band and its common use? 300 KHz-3MHz, AM radio 144-174 MHz, TV channels 30-300 KHz, cordless phones 3-30 MHz, CB and shortwave radio
300 KHz-3MHz, AM radio
The Fresnel zone is the dispersal pattern of waves as they travel from sending to receiving antennas. True False
False
All devices interpret attack signatures uniformly. True False
False
An NIDPS can tell you whether an attack attempt on the host was successful. True False
False
In wireless networks, infrared signals are used most often for data communications. True False
False
Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult. True False
False
Reviewing log files is a time-consuming task and therefore should only be done when an attack on the network has occurred. True False
False
What does a measurement of +3 dB equal in power measured in mW? double the power 3 times the power one third the power one half the power
double the power
Which of the following best describes a one-way function? a bit string that prevents generation of the same ciphertext random bits used as input for key derivation functions generates secret keys from a secret value easy to compute but difficult and time consuming to reverse
easy to compute but difficult and time consuming to reverse
In which type of attack do attackers intercept the transmissions of two communicating nodes without the user's knowledge? rogue device wardriver man-in-the-middle brute force
man-in-the-middle
What is a VPN typically used for? -secure remote access -detection of security threats -block open ports -filter harmful scripts
secure remote access
Which of the following is true about asymmetric cryptography? the private key can be used to encrypt and decrypt a message a shared key is used to encrypt all messages and the private key decrypts them a single key is used and is transferred using a key management system the public key is used to encrypt a message sent to the private key owner
the public key is used to encrypt a message sent to the private key owner
What is the most likely weak link when using asymmetric encryption for verifying message integrity and nonrepudiation? the use of the sender's private key the hashing algorithm used to generate a message digest the source of the public keys the integrity of the private keys
the source of the public keys
If you see a /16 in the header of a snort rule, what does it mean? a maximum of 16 log entries should be kept the size of the log file is 16 MB the subnet mask is 255.255.0.0 the detected signature is 16 bits in length
the subnet mask is 255.255.0.0
Which of the following is true about PRNGs? they are not completely random their state is measured in bytes the shorter the state, the longer the period they can never produce the same value
they are not completely random
Which of the following is true about static routes? the metric is higher than a dynamic route they are created by routing protocols they are used for stub networks they change automatically as the network changes
they are used for stub networks
Which of the following is true about the SSID? they can be Null they are registered they are not found in beacon frames they are found in control frames
they can be Null
Which of the following is NOT a suggested practice before using a newly configured wireless network? change the administrator password change the manufacturer's default key use the default encryption method alter the default channel
use the default encryption method
Which IDPS customization option is a list of entities known to be harmless? thresholds whitelists blacklists alert settings
whitelists
Which of the following is true about MAC addresses in a wireless network? MAC address filtering will stop a determined attacker MAC addresses are Network layer identities you need to configure the MAC address before you use the WNIC you can change a WNICs MAC address with software
you can change a WNICs MAC address with software
