Fund. info. tech ch.9-12 quiz and txt book questions

Ace your homework & exams now with Quizwiz!

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall? a. 22 b. 25 c. 53 d. 80

25

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication? a. 80 b. 143 c. 443 d. 3389

443

What is NOT a valid encryption key length for use with the Blowfish algorithm? a. 32 bits b. 64 bits c. 256 bits d. 512 bits

512 bits

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities? a. 600 b. 700 c. 800 d. 900

800

Which Intstitute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs? a. 802.3 b. 802.11 c. 802.16 d. 802.18

802.11

Which standards organization publishes American Standard Fortran? A. IEEE B. ANSI C. ITU-T D. NIST

ANSI

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? A. Alice's private key B. Alice's public key C. Bob's private key D. Bob's public key

Alice's private key

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? a. Bob's private key b. Alice's private key c. Bob's public key d. Alice's public key

Alice's public key

Which of the following is one of the four basic forms of a cryptographic attack? A. Ciphertext-only attack B. Known-plaintext attack C. Chosen-plaintext attack D. Chosen-ciphertext attack E. All the above

All the above

When malware slose performance, which of the following tenets of information system security is impacted? a. Confidentiality b. Integrity c. Availability d. Control

Availability

A(n) __________ is a network of compromised computers that attackers use to launch attacks and spread malware. A. Black network B. Botnet C. Attacknet D. Trojan store

Botnet

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? a. Light Extensible Authentication Protocol (LEAP) b. Remote Authentication Dial-In User Service (RADIUS) c. Protected Extensible Authentication Protocol (PEAP) d. Captive portal

Captive portal

Which information security objective allows trusted entities to endorse information? a. Validation b. Witnessing c. Certification d. Authorization

Certification

What must you do to any certificate imported into Kleopatra before you can use it to decrypt messages? a. Link it to your public key b. Save it c. Link it to your private key d. Change the trust level

Change the trust level

A __________ is used to detect forgeries. A. Hash function B. Checksum C. Hash value D. KDC

Checksum

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works? a. Chosen plaintext b. Ciphertext only c. Chosen ciphertext d. Known plaintext

Chosen plaintext

An algorithm used for cryptographic purposes is known as a __________. A. Hash B. Private key C. Public key D. Cipher

Cipher

How can you verify that the integrity of encrypted files is maintained during the transmission to another user's computer? a. Right-click the file and select Integrity Check from the context menu. b. Import the file into KIeopatra and select the Integrity Check option. c. Compare the decrypted file's contents with the contents of the original file. d. Right-click the file and select Verify from the context menu.

Compare the decrypted file's contents with the contents of the original file.

Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking? a. Confidentiality b. Availability c. Integrity d. Accounting

Confidentiality

Which of the following statements is true regarding SQL Injection attacks? a. Their likelihood can be reduced through regular testing. b. They are one of the rarest type of web attacks. c. Their likelihood cannot be reduced through secure software development practices. d. They are extremely difficult to prevent.

Their likelihood can be reduced through regular testing

Which of the following statements is true regarding cross-site scripting (XSS) attacks? a. They are one of the most common web attacks. b. Their likelihood cannot be reduced through secure software development practices. c. Their likelihood cannot be reduced through regular testing. d. They are extremely difficult to prevent.

They are one of the most common web attacks

Why do hackers often send zipped and encrypted files and attachments? a. They look more official and recipients will be more likely to open them. b. They cannot be opened by antivirus software and so they will often reach the recipient. c. They can be emailed to more than one recipient at a time. d. They can be sent via email more quickly.

They cannot be opened by antivirus software and so they will often reach the recipient.

Which type of cipher works by rearranging the characters in a message? a. Substitution b. Transposition c. Asymmetric d. Steganographic

Transposition

A ______________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door", allowing additional hack tools and access to the system. a. Trojan b. denial-of-service attack c. SQL Injection d. virus

Trojan

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? a. Virus b. Logic bomb c. Trojan horse d. Worm

Trojan horse

A honeypot is a sacrificial host with deliberately insecure services deployed at the edges of a network to act as bait for potential hacking attacks. True/False

True

A salt value is a set of random characters you can combine with an actual input key to create the encryption key. True/False

True

A secure virtual private network (VPN) creates an authenticated and encrypted channel across some form of public network. True/False

True

A strong hash function is designed so that a forged message cannot result in the same hash as a legitimate message. True/False

True

A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks. True/False

True

Encryption ciphers fall into two general categories: symmetric (private) key and asymmetric (public) key. True/False

True

Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer. True/False

True

The best defense from keystroke loggers is to carefully inspect the keyboard cable before using a computer because the logger must connect to the keyboard's cable. True/False

True

The earliest digital computers were the result of experimental standards. True/False

True

The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them. True/False

True

The three basic types of firewalls are packet filtering, application proxy, and stateful inspection. True/False

True

The three main categories of network security risk are reconnaissance, eavesdropping and denial of service. True/False

True

The two basic types of ciphers are transposition and substitution. True/False

True

When the key is successfully created, which of the following options lets you store your certificate on a public Internet server? a. Save Your Key Pair b. Send Certificate by E-Mail c. Upload Certificate to Directory Service d. Make a Backup Of Your Key Pair

Upload Certificate to Directory Service

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use? a. Router b. VPN concentrator c. Firewall d. Unified threat management (UTM)

VPN concentrator

What is the only unbreakable cipher when it is used properly? a. Vernam b. Elliptic Curve Diffie-Hellman in Ephemeral mode (ECDHE) c. Blowfish d. Rivest-Shamir-Adelman (RSA)

Vernam

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use? a. Virtual LAN (VLAN) b. Firewall c. Transport Layer Security (TLS) d. Virtual private network (VPN)

Virtual LAN (VLAN)

Which type of malware attaches to, or infects, other programs? A. Spyware B. Virus C. Worm D. Rootkit

Virus

The ___________ is a quarantine area where all removed files, virus infected or suspicious files are stored until you take action on them. a. Trash Bin b. Spam Folder c. Virus Vault d. History

Virus Vault

Which standards organization publishes standards such as CGI, HTML, and XML? A. IEC B. ISO C. PCI D. W3C

W3C

What technology is the most secure way to encrypt wireless communications? A. TCP B. WEP C. WPA D. UDP

WPA

In the malware context, which of the following best defines the term mobile code? A. Website active content B. Malware targeted at PDAs and smartphones C. Software that runs on multiple operating systems D. Malware that uses networks to propagate

Website active content

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating? a. Packet filtering b. Blacklisting c. Whitelisting d. Context-based screening

Whitelisting

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? a. Whois b. Ping c. Simple Network Management Protocol (SNMP) d. Domain Name System (DNS)

Whois

A(n) __________ is a critical element in every corporate network today, allowing access to an organization's resources from almost anywhere in the world. A. Local area network (LAN) B. Wide area network (WAN) C. Dynamic Host Configuration Protocol (DHCP) D. None of the above

Wide area network (WAN)

The __________ is a personal firewall that filters incoming and outgoing traffic by blocking unauthorized traffic to the local computer. a. Active Directory b. Windows Firewall with Advanced Security c. Spam Folder d. Virus Vault

Windows Firewall with Advanced Security

What wireless security technology contains significant flaws and should never be used? a. WPA2 b. WiFi Protected Access (WPA) c. Wired Equivalent Privacy (WEP) d. Remote Authentication Dial-In User Service (RADIUS)

Wired Equivalent Privacy (WEP)

Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information? a. World Wide Web Consortium (W3C) b. Internet Engineering Task Force (IETF) c. International Electrotechnical Commission (IEC) d. National Institute of Standards and Technology (NIST)

World Wide Web Consortium (W3C)

Which type of malicious software is a standalone program that propagates from one computer to another? A. Spyware B. Virus C. Worm D. Snake

Worm

Each time a key pair is created, Kleopatra generates: a. a unique 8-digit fingerprint b. a test c. a unique 40-character fingerprint d. an expiration date

a unique 40-character fingerprint

The main principle of ____________ is to build layers of redundant and complementary security tools, policies, controls and practices around the organization's information and assets. a. Access Control Lists b. defense in depth c. network isolation d. system hardening

defense in depth

Database developers and administrators are responsible for: a. the secure coding and testing of their application b. ensuring regular backups of the database are performed. c. developing industry standards and compliance regulations. d. regular penetration testing

ensuring regular backups of the database are performed

Often hackers will use ____________ to make the scripts even harder to detect. a. SQL Injection b. cleartext c. cross-site scripting d. hexadecimal character strings

hexadecimal character strings

Some of the more important _________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management. a. SQL Injections b. cross-site scripts c. host-based security measures d. Damn Vulnerable Web Applications

host-based security measures

When is the company under additional compliance laws and standards to ensure the confidentiality of customer data? a. During penetration testing of the web application. b. During a SQL injection attack on the web application. c. If e-commerce or privacy data is entered into the web application. d. If there is cross-site scripting in the web application.

if e-commerce or privacy data entered into the web application

In a ___________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen. a. damn vulnerable cross-site scripting b. stored cross-site scripting c. non-persistent cross-site scripting d. persistent cross-site scripting

non-persistent cross-site scripting

No production web application, whether it resides inside or outside the firewall, should be implemented without: a. Cross-site scripting and security hardening. b. JavaScript testing and security hardening. c. penetration testing and security hardening. d. SQL injection and security hardening

penetration testing and security hardening

Web application firewalls, security information and event management systems, access controls, network security monitoring and change controls help to keep the "soft center" from becoming an easy target when the ________ fails. a. network b. defense in depth c. redundant layer d. perimeter

perimeter

In a _____________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server. a. persistent cross-site scripting b. reflected cross-site scripting c. damn vulnerable cross-site scripting d. non-persistent cross-site scripting

persistent cross-site scripting

Users often complain that _____________ make their systems "slow" and hard to use. a. security measures b. Access Control Lists c. change controls d. border routers

security measures

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows? a. Hub b. Access Point c. Switch d. Router

switch

Betty receives a ciphertext message from her colleague Tim. What type of function does Betty need to use to read the plaintext message? a. Hashing b. Decryption c. Validation d. Encryption

Decryption

The __________ strategy ensures that an attacker must compromise multiple controls to reach any protected resource.

Defense in depth

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key? a. Blowfish b. Diffie-Hellman c. Message digest algorithm (MD5) d. Rivest, Shamir, Adelman (RSA)

Diffie-Hellman

A __________ signature is a representation of a physical signature stored in a digital format. A. Digital B. Digitized C. Private key D. Public key

Digitized

How did viruses spread in the early days of malware? A. Wired network connections B. Punch cards C. Diskettes D. As program bugs

Diskettes

What protocol is responsible for assigning IP addresses to hosts on most networks? a. Simple Mail Transfer Protocol (SMTP) b. Virtual LAN (VLAN) c. Transport Layer Security (TLS) d. Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP)

The act of scrambling plaintext into ciphertext is known as __________. A. Decryption B. Encryption C. Plaintext D. Cleartext

Encryption

What mathematical problem forms the basis of most modern cryptographic algorithms? a. Quantum mechanics b. Factoring large primes c. Birthday problem d. Traveling salesman problem

Factoring large primes

A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information. True/False

False

DHCP provides systems with their MAC addresses. True/False

False

IP addresses are assigned to computers by the manufacturer. True/False

False

Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop. True/False

False

Product cipher is an encryption algorithm that has no corresponding decryption algorithm. True/False

False

the four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks. True/False

False

What does the TCP SYN flood attack do to cause a DDoS? A. Causes the network daemon to crash B. Crashes the host computer C. Saturates the available network bandwidth D. Fills up the pending connections table

Fills up the pending connections table

The basic job of a __________ is to enforce an access control policy at the border of a network. A. Firewall B. Router C. Switch D. Access point

Firewall

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature? a. Elliptic curve b. Decryption c. Encryption d. Hash

Hash

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? a. Switch b. Firewall c. Router d. Hub

Hub

Which standards organization formed in 1906 and handles standards for batteries? A. IEC B. ISO C. PCI D. W3C

IEC

The __________ is the world's largest professional association for the advancement of technology.

IEEE

Which standards organization publishes the 802.11g standard? A. ISO B. IEC C. ITU-T D. IEEE

IEEE

Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out? a. NIST 800-53 b. IEEE 802.3 c. ANSI x.1199 d. ISO 17799

IEEE 802.3

Which standards organization's name derives from the Greek word for equal? A. IEC B. ISO C. PCI D. W3C

ISO

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management? a. ISO 17799 b. ISO 9000 c. ISO 27002 d. ISO 14001

ISO 27002

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve? a. Authentication b. Confidentiality c. Integrity d. Nonrepudiation

Integrity

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI? a. International Organization for Standardization (ISO) b. National Institute of Standards and Technology (NIST) c. Ocean Surveillance Information System (OSIS) d. Information Systems Audit and Control Association (ISACA)

International Organization for Standardization

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? a. User Datagram Protocol (UDP) b. Internet Control Message Protocol (ICMP) c. Transmission Control Protocol (TCP) d. Hypertext Transfer Protocol (HTTP)

Internet Control Message Protocol (ICMP)

Which of the following helps secure the perimeter of a network? a. SQL Intrusion b. Java Script c. Intrusion prevention systems d. Damn Vulnerable Web Application

Intrusion prevention systems

Which of the following statements is true regarding the hybrid approach to encryption? a. The sender encrypts the message with an asymmetric key. b. It provides the same full CIA protection as asymmetrical encryption with nearly the same speed as symmetrical encryption. c. The sender sends the message and a copy of the asymmetric key using the sender's symmetric private key. d. The initial message and asymmetric key are decrypted using the sender's private key.

It provides the same full CIA protection as asymmetrical encryption with nearly the same speed as symmetrical encryption.

What is the certificate management component of GPG4Win? a. Windows Manager b. Kleopatra c. FileZilla d. Digital Signature Algorithm (DSA)

Kleopatra

When the key is successfully created, which of the following options sends a copy of your private key to your computer? a. Make a Backup Of Your Key Pair b. Upload Certificate to Directory Service c. Send Certificate by EMail d. Save Your Key Pair

Make a Backup Of Your Key Pair

Which of the following is a security countermeasure that could be used to protect your production SQL databases against injection attacks? a. Monitor your SQL databases for unauthorized or abnormal SQL injections. b. Avoid writing scripts for SNMP network management alerts. c. Avoid encrypting the data elements that reside in long-term storage of the SQL database. d. Ignore error messages that do not clear the User ID box.

Monitor your SQL databases for unauthorized or abnormal SQL injections

What technology allows you to hide the private IPv4 address of a system from the Internet? A. SSL B. RADIUS C. PPTP D. NAT

NAT

What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?" a. National Institute of Standards and Technology (NIST) b. National Aeronautics and Space Administration (NASA) c. Federal Communications Commission (FCC) d. Federal Trade Commission (FTC)

National Institute of Standards and Technology (NIST)

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? a. Nmap b. Ping c. Remote Access Tool (RAT) d. Simple Network Management Protocol (SNMP)

Nmap

Which software tool provides extensive port-scanning capabilities? A. Ping B. Whois C. Rpcinfo D. Nmap

Nmap

If someone sends you his public key and you import it into Kleopatra, will he be able to decrypt the encrypted messages you send him? a. No because you must provide your public key to any user wanting to decrypt any message encrypted by you. b. No because you must provide your private key to any user wanting to decrypt any message encrypted by you. c. Only if he also sends you his private key. d. Yes because his public key is used by both of you to encrypt and decrypt messages.

No because you must provide your public key to any user wanting to decrypt any message encrypted by you.

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve? a. Integrity b. Authentication c. Nonrepudiation d. Confidentiality

Nonrepudiation

__________ corroborates the identity of an entity, whether the sender, the sender's computer, some device, or some information. A. Nonrepudiation B. Confidentiality C. Integrity D. Authentication

Nonrepudiation

Which of the following is the most well-known ISO standard? A. OSI Reference Model B. TCP/IP protocol C. TCP/IP Reference Model D. OSI protocol

OSI Reference Model

Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time? a. Certificate revocation list (CRL) b. International Data Encryption Algorithm (IDEA) c. Transport Layer Security (TLS) d. Online Certificate Status Protocol (OCSP)

Online Certificate Status Protocol (OCSP)

The basic model for how you can build and use a network and its resources is known as the __________. A. Dynamic Host Configuration Protocol (DHCP) model B. International Organization for Standardization (ISO) model C. Open Systems Interconnection (OSI) Reference Model D. None of the above

Open Systems Interconnection (OSI) Reference Model

Which type of attack is triggered by the victim? a. Dan vulnerable cross-site scripting attack b. Persistent cross-site scripting attack c. Non-persistent cross-site scripting attack d. Reflected cross-site scripting attack

Persistent cross-site scripting attack

Which type of attack tricks a user into providing personal information by masquerading as a legitimate website? A. Phreaking B. Phishing C. Trolling D. Keystroke logging

Phishing

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? a. Multi-partitite virus b. Stealth virus c. Polymorphic virus d. Cross-platform virus

Polymorphic virus

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working? a. Session b. Application c. Presentation d. Data Link

Presentation

What layer of the OSI Reference Model is most commonly responsible for encryption? A. Application B. Presentation C. Session D. Transport

Presentation

Which approach to cryptography provides the strongest theoretical protection? a. Classic cryptography b. Quantum cryptography c. Asymmetric cryptography d. Elliptic curve cryptography

Quantum cryptography

What is the most common first phase of an attack? A. Vulnerability identification B. Reconnaissance and probing C. Target selection D. Evidence containment

Reconnaissance and probing

What type of malicious software allows an attacker to remotely control a compromised computer? a. Polymorphic virus b. Armored virus c. Worm d. Remote Access Tool (RAT)

Remote Access Tool (RAT)

The IETF produces documents called _______.

Request for Comments (RFC)

What type of publication is the primary working product of the Internet Engineering Task Force (IETF)? a. Public service announcement (PSA) b. ISO Standard c. Request for comment (RFC) d. Special Publication (SP)

Request for comment

What is NOT a symmetric encryption algorithm? a. Data Encryption Standard (DES) b. Carlisle Adams Stafford Tavares (CAST) c. Rivest-Shamir-Adelman (RSA) d. International Data Encryption Algorithm (IDEA)

Rivest-Shamir-Adelman (RSA)

A __________ is a device that interconnects two or more networks and selectively interchanges packets of data between them.

Router

Which of the following allows valid SQL commands to run within a web form? a. JavaScript coding b. Cross-site scripting (XSS) c. HTML coding d. SQL Injection

SQL Injection

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? a. Cross-site scripting (XSS) b. XML injection c. LDAP injection d. SQL injection

SQL injection

Which Web application attack is more likely to extract privacy data elements out of a database? a. Non-persistent cross-site scripting attack b. SQL Injection attack c. Damn vulnerable attack d. Persistent cross-site scripting attack

SQL injection attack

Which VPN technology allows users to initiate connections over the Web? A. SSL B. PPTP C. IPSec D. ICMP

SSL

What firewall topology supports the implementation of a DMZ? A. Bastion host B. Multilayered firewall C. Border firewall D. Screened subnet

Screened subnet

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? a. Cross-site scripting b. Session hijacking c. XML injection d. SQL injection

Session hijacking

In the lab, what did you do before attempting the script tests that exposed the vulnerabilities? a. Set the security level of penetration testing to high. b. Set the security level of Damn Vulnerable Web Application (DVWA) to high. c. Set the security level of DVWA to low. d. Set the security level of penetration testing to low.

Set the security level of DVWA to low

Barbara is investigating an attack against her network. she notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? a. Smurf b. Land c. Teardrop d. Cross-site scripting (XSS)

Smurf

____ is any unwanted message A. Spam B. Virus C. Worm D. Rootkit

Spam

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack too place? a. Pharming b. Command injection c. Adware d. Spear phishing

Spear phishing

What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)? a. Subject matter expertise on routing and switching b. Architecture for Internet protocols and procedures c. Confirmation of IETF chairs d. Editorial publication procedures for requests for comments (RFCs)

Subject matter expertise on routing and switching

Which simple network device helps to increase network performance by using the MAC address to send network traffic only to its intended destination? A.Hub B. Switch C. Router D. Gateway

Switch

An encryption cipher that uses the same key to encrypt and decrypt is called a(n) __________ key. A. Symmetric (private) B. Asymmetric (public) C. Encrypting D. Hash E. None of the above

Symmetric (private)

DES, IDEA, RC4, and WEP are examples of __________. A. Key revocation B. 802.11b wireless security C. Asymmetric key algorithms (or standards) D. Symmetric algorithms (or standards)

Symmetric algorithms (or standards)

Which set of characteristics describes the Caesar cipher accurately? a. Asymmetric, stream, transposition b. Symmetric, stream, substitution c. Asymmetric, block, substitution d. Symmetric, block, transposition

Symmetric, stream, substitution

Which type of virus targets computer hardware and software startup functions? a. System infector b. File infector c. Data infector d. Hardware infector

System infector

The IETF primarily focuses on standards of the __________ Internet protocol suite.

TCP/IP

__________ is a suite of protocols that was developed by the Department of Defense to provide a highly reliable and fault-tolerant network infrastructure. A. DHCP B. VPN C. PPPoE D. TCP/IP

TCP/IP

Which of the following statements is true regarding aymmetrical encryption? a. It does not guarantee the authenticity of the sender. b. The receiver obtains the needed key from the sender or through a trusted third party, such as certificate server. c. It is quite fast and generally easier to implement than symmetric cryptography. d. The sender encrypts with his/her public key and the receiver decrypts using the sender's private key.

The receiver obtains the needed key from the sender or through a trusted third party, such as certificate server.

Web application developers and software developers are responsible for: a. ensuring regular backups of the database are performed. b. regular penetration testing c. developing industry standards and compliance regulations. d. The secure coding and testing of their application.

The secure coding and testing of their application

Which of the following statements is true regarding symmetric cryptography? a. The sender and receiver use the same key to encrypt and decrypt a given message. b. It does not provide confidentiality or integrity. c. It guarantees authenticity. d. It is quite slow and generally more difficult to implement than asymmetric cryptography.

The sender and receiver use the same key to encrypt and decrypt a given message.

Which element is NOT a core component of the ISO 27002 standard? a. Access control b. Cryptography c. Asset management d. Risk assessment

Cryptography

__________ offers a mechanism to accomplish four security goals: confidentiality, integrity, authentication, and nonrepudiation. A. Security association (SA) B. Secure Sockets Layer (SSL) C. Cryptography D. None of the above

Cryptography

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? a. Command injection b. Cross-site scripting (XSS) c. SQL injection d. XML injection

Cross-site scripting (XSS)

Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input? a. Cross-site scripting (XSS) b. Phishing attacks c. Penetration testing d. SQL Injection

Cross-site scripting (XSS)


Related study sets

Chapter 11: Adolescence: Physical and Cognitive Development

View Set

Chapter 10: Poverty- Inquisitive Questions and Definitions

View Set

Blaw test 2 (quiz 2) OKSTATE- Holden

View Set

MS Diabetes Questions, prep U ch 51 med surg diabetes

View Set

Lymphatic System Multiple Choice

View Set

How to say Hi (English + Español)

View Set