Info and Network Security Chapter 8-15
Java and ActiveX codes should be scanned before they are _________. Deleted Known about Downloaded to your computer Infected
Downloaded to your computer
In which firewall configuration is the firewall running on a server with at least two network interfaces? Network host-based Router-based Screen host Dual-homed host
Dual-homed host
A _________ is a barrier between your network and the outside world. Web server Firewall File server Virus scanner
Firewall
Use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for _______ Desktop configuration Phone calls USB drives Instant messaging
Instant messaging
With asymmetric cryptography a different ______ is used to encrypt the message and to decrypt the message. a. Script b. Code c. Key d. Lock
Key
New employees should receive a copy of the company's __________ policies. Business continuation Password sharing Disacter recovery Security/acceptable use
Security/acceptable use
Cipher text is encrypted text. True False
True
You cannot disable some USB devices from end-user computers and allow others. True False
False
Mistaking a legitimate program for a virus is a ____________. Heiristic error False negative False positive Machine error
False positive
Mistaking a legitimate program for a virus is a ____________. Heiristic error Machine error False negative False positive
False positive
What is the rule in access control? Grant the least access job requirement allow Grant standard access for all users Grant the most access you can securely give Strictly limited access for most users
Grant the least access job requirement allow
Windows stores passwords using a method called __________. a. Exchange b. Hashing c. Authentication d. Keberos
Hashing
Use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for _______ USB drives Phone calls Instant messaging Desktop configuration
Instant messaging
Which of the following is the correct term for making a system less attractive to intrude? Intrusion camouflage Intrusion deflection Intrusion deterrence Intrusion avoidance
Intrusion deterrence
Why is binary mathematical encryption not secure? a. It leaves the message intact. b. It does not change letter or word frequency. c. It is too simple. d. The mathematics of it is flawed.
It does not change letter or word frequency.
What advantage does a symmetric key system using 64-bit blocks have? a. It is unbreakable. b. It is complex. c. It uses asymmetric keys. d. It is fast.
It is fast.
Which of the following is most likely to be true of an encryption method advertised as unbreakable? a. It is likely to be exaggerated. b. It is probably suitable for military use. c. It is unbreakable. d. It may be too expensive for your organization.
It is likely to be exaggerated.
Many classic ciphers are easy to understand, but not secure. What is the main problem with simple substitution? a. It does not use complex mathematics. b. It maintains letter and word frequency. c. It is too simple. d. It is easily broken with modern computers.
It maintains letter and word frequency.
Which of the following is a disadvantage to using an application gateway firewall? It is not very secure. It uses a great deal of resources. It can be difficult to configure. It can only work on router-based firewalls.
It uses a great deal of resources.
Which of the following methods is available as an add-in for most email clients? a. DES b. RSA c. Caesar cipher d. PGP
PGP
Which of following is used as firewall? Application gateway Domain gateway Circuit-level gateway Packet Filtering
Packet Filtering
Which of the following should NOT be a part of an organization's policy regarding email attachments? It was an expected attachment. It cam from a known source, and the source is confirmed. It appears to be a legitimate business document. Personal use for online shopping.
Personal use for online shopping.
________ refers to unencrypted text. a. Algorithm b. Plain text c. Cipher text d. Key
Plain text
What is the term for blocking an IP address that has been the source of suspicious activity? Intrusion deflection Preemptive blocking Proactive deflection Intrusion blocking
Preemptive blocking
What is PGP? a. Pretty Good Privacy, a public key encryption method b. Pretty Good Privacy, a symmetric key encryption method c. Pretty Good Protection, a public key encryption method d. Pretty Good Protection, a symmetric key encryption method
Pretty Good Privacy, a public key encryption method
What type of encryption uses different keys to encrypt and decrypt the message? a. Public key b. Secure c. Private key d. Symmetric
Public key
____ key is used to encrypt a message, and another is used to decrypt the message. a. Cipher b. Hash c. Private key d. Public key
Public key
Which of the following is most true regarding certified encryption methods? a. It depends on the source of the certificatio. b. It depends on the level of certification. c. There are the only methods you should use. d. There is no such thing as certified encryption.
There is no such thing as certified encryption.
Which of the following is most true regarding binary operations and encryption? a. They are only useful as a teaching method. b. They can provide secure encryption. c. They are completely useless. d. They can form a part of viable encryption methods.
They can form a part of viable encryption methods.
One reason allowing a user to change the desktop configuration poses a security problem is that to change a desktop the user must also be given rights to change other system settings. True False
True
Public key encryption is fast becoming the most widely used type of encryption because there are no issues to deal with concerning distribution of keys. True False
True
Security policies toward programmers and web developers are developmental policies. True False
True
The category of intrusion detection systems that looks for patterns that don't match those of normal use is called anomaly detection. True False
True
The most widely used symmetric key algorithm is Advanced Encryption Standard. True False
True
When an administrator proactively seeks out intelligence on potential threats or groups, this is called infiltration. True False
True
If you determine a virus has struck a system, the first step is to _________. Notify appropriate organization leaders Log the incident Unplug the machines from the network Scan and clean infected systems
Unplug the machines from the network
L2TP uses IPsec for its encryption. True False
True
A screening firewall works in the application layer of the OSI model. True False
False
A firewall ______ is a tool that can provide information after an incident has occurred. Scan Hub Port Log
Log
Binary numbers are made up of 0s and 1s. True False
True
A list of virus definitions is generally in a file with a ________ extension. .txt .def .vir .dat
.dat
A(n) ___________is a set of steps for doing something. a. Algorithm b. Formula c. Encryption d. Cipher
Algorithm
What size key does a DES system use? a. 64 bits b. 56 bits c. 128 bits d. 256 bits
56 bits
Which of the following is an operation used on binary numbers not found in normal math? a. PLUS b. DIVIDES c. MINUS d. AND
AND
The conflict between the users' goal for unfettered access to data and the security administrator's goal to protect that data is an issue of ______________. Access control Password protection Social engineering System administration
Access control
What method do most IDS software implementations use? Infiltration Anomaly detection Intrusion deterrence Preemptive blocking
Anomaly detection
Heuristic scanning uses rules to determine whether a file or program behaves like a virus. True False
True
Which of the following methods uses a variable-length symmetric key? a. RSA b. DES c. Carsar d. Blowfish
Blowfish
_________ is a block cipher that uses a variable-length key ranging from 32 to 448 bits. a. AES b. RC4 c. Blowfish d. 3DES
Blowfish
Which of the following is the appropriate sequence for a change request? Business unit manager requests change, IT unit verifies request, request is implemented. Business unit manager requests change, IT unit verifies request, request is scheduled with rollback plan, request is implemented. Business unit manager requesst change, IT unit verifies request, security unit verifies request, request is implemented. Business unit manager requests change, IT unit verifies request, security unit verifies request, request is scheduled with rollback plan, request is implemented.
Business unit manager requests change, IT unit verifies request, security unit verifies request, request is scheduled with rollback plan, request is implemented.
Using the __________ cipher you choose some number by which to shift each letter of a text. a. Caesar b. ASCII c. Multi-alphabet substitution d. DC4
Caesar
Which of the following is the oldest encryption method discussed in this text? a. Caesar cipher b. PGP c. Cryptic cipher d. Multi-alphaber encryption
Caesar cipher
It is important to understand the concepts and application of cryptography. Which of the following most accurately defines encryption? a. Changing a message using complex mathematics. b. Changing a message so it can only be easily read by the intended recipient. c. Applying keys to a message to conceal it. d. Using complex mathematics to conceal a message.
Changing a message so it can only be easily read by the intended recipient.
__________refers to encrypted text. a. Algorithm b. Key c. Plain text d. Cipher text
Cipher text
__________ is the art to write in or decipher secret code. a. Keying b. Decryption c. Cryptography d. Encryption
Cryptography
Principal of least privilege means that no one person can perform critical tasks. True False
False
Snort is an open-source firewall. True False
False
The method to attract an intruder to a subsystem setup for the purpose of observing him is called intrusion deterrence. True False
False
Which of the following is a symmetric key system using 64-bit blocks? a. PGP b. RSA c. Blowfish d. DES
DES
The plan to return a business to full normal operations is ____________ BIA BCP DRP ALE
DRP
Which of the following is not a significant security risk posed by instant messaging? Employees may send harassing messages. Employees might send out confidential information. An instant messaging program could actually be a Trojan horse. A virus or worm might infect the workstation via instant messaging.
Employees may send harassing messages.
______________ is the process to scramble a message or other information so that it cannot be easily read. a. Cryptography b. Encryption c. Decryption d. Keying
Encryption
Which of the following does not demonstrate the need for policies? Activirus software cannot prevent a user from downloading infected files. The most secure password is not at all secure if it's posed on a note by the computer. Technological security measures are dependent upon the employee's implementation. End users are generally not particularly bright and must be told everything,
End users are generally not particularly bright and must be told everything,
An on-demand virus scanner runs in the background and is constantly checking your PC True False
False
IPsec can only encrypt the packet data but not the header information. True False
False
Linux and Windows typically are not shipped with firewalls. True False
False
PGP involves only private key encryption. True False
False
The virus scanning technique that uses rules to determine if a program behaves like a virus is _________ scanning. File Download Heuristic Sandbox
Heuristic
Which of the following is not one of the basic types of firewalls? Application gateway Heuristic firewall Screening firewall Circuit-level gateway
Heuristic firewall
What is the name for scanning that depends on complex rules to define what is and is not a virus? Rule-based scanning (RBS) Logic-based scanning (LBS) Heuristic scanning TSR scanning
Heuristic scanning
What is the term for a fake system designed to lure intruders? Entrapment Honey pot Faux system Deflection system
Honey pot
What should you be most careful of when looking for an encryption method to use? a. Speed of the algorithm b. A complexity of the algorithm c. How long the algorithm has been around d. Veracity of the vendor's claims
How long the algorithm has been around
Which of the following is the appropriate sequence of events for a departing employee? IT is notified of the departure, all logon accounts are shut down, all access (physical and electronic) are disabled, the employee's workstation is searched/scanned. IT is notified of the departure, all logon accounts are shut down, all access (physical and electronis) are disabled. IT is notified of the departure, all electronis accesses are shut down, all physical accesses are shut down. IT is notified of the departure, all physical accesses are shut down, all electronic accesses are shut shown.
IT is notified of the departure, all logon accounts are shut down, all access (physical and electronic) are disabled, the employee's workstation is searched/scanned.
Which of the following is the best reason users should be prohibited from installing software? They may install incorrect version of software, and oftern incompatible. Software installation is often complex and should be done by professionals. They may not install it correctly, which could cause security problems for the workstation. If a user's account does not have installation privileges, then it is likely that a Trojan horse will not be inadvertently installed under their account.
If a user's account does not have installation privileges, then it is likely that a Trojan horse will not be inadvertently installed under their account.
Which of the following is not an area that user policies need to cover? What a user should do if she believes her password has been compromised. What websites a user can or cannot visit If and when to share passwors Minimum length of passwords
If and when to share passwors
The principal that users have access to only network resources when an administrator explicitly grants them is called ___________. Separation of duty Implicit deny Least privilege Job rotation
Implicit deny
What is a major weakness with a network host-based firewall? It can be easily hacked. It is very expensive. It is difficult to configure. Its security depends on the underlying operating system.
Its security depends on the underlying operating system.
A(n) ________ refers to the bits that are combined with the plain text to encrypt it. a. Plain b. Key c. Cipher text d. Algorithm
Key
What is one way of checking emails for virus infections by antivirus software? Block all emails with attachments Look for subject lines and content that are from known virus attacks. Block all active attachments (for example, ActiveX, scripting). Look for emails from known virus sources.
Look for subject lines and content that are from known virus attacks.
Classic ciphers were improved with multiple shifts (multiple substitution alphabets). Which of the following is an encryption method using two or more different shifts? a. Carsar cipher b. DES c. Multi-alphabet encryption d. PGP
Multi-alphabet encryption
Using the _________ cipher you select multiple numbers by which to shift letters. a. Multi-alphabet substitution b. ASCII c. DC4 d. Caesar
Multi-alphabet substitution
In which firewall configuration is the software installed on an existing machine with an exiting operating system? Network host-based Dual-homed host Screened host Router-based
Network host-based
Which of the following is most true regarding new encryption methods? a. Use them only if they are certified. b. Use them only if they are rated unbreakable. c. You can use them, but you myst be cautious. d. Never use them until they have been proven.
Never use them until they have been proven.
The virus scanning technique that means you have a separate area isolated from the operating system in which a file is run, so it won't infect the system is ________. File Heuristic Download Sandbox
Sandbox
What is the term for a firewall that is a combination of a bastion host and a screening router. Router-based firewall Dual-homed firewall Screened host Network host-based firewall
Screened host
Which of the following is the most basic type (i.e., first line of defense) of firewall? Screening firewall Heuristic firewall Circuit-level gateway Application gateway
Screening firewall
A(n)___________ firewall examines the entire conversation between client and server, not just individual packets. a. Packet filtering b. Domain gateway c. Circuit-level gateway d. Stateful Packet Inspection
Stateful Packet Inspection
What does SPI stand for? System packet inspection Stateful packet inspection Stateful packet interception System packet interception
Stateful packet inspection
A file that stays in memory after it executes is a(n) _____________. Terminate and Stay Resident program Executable Text file Bug
Terminate and Stay Resident program
What are TSR programs? Terminate and scan remote programs, which scan remote systems prior to terminating Terminate and stay resident programs, which stay in memory after you shut them down. Terminate signal registry programs, which alter the system Registry Terminate and system remove programs, which erase themselves when complete
Terminate and stay resident programs, which stay in memory after you shut them down.
Kerberos is an authentication protocol that uses a ticket granting system that sends an encrypted ticket to the user's machine. True False
True
Which of the following is the most common way for a virus scanner to recognize a virus? To use complex rules to look for virus-like behavior To look for only TSR programs To compare a file to known virus attributes To look for TSR programs or programs that alter the Registry
To compare a file to known virus attributes
Which of these is NOT a type of symmetric algorithm? a. Stream b. Transcription c. Block d. Ceasar
Transcription
Which of these is NOT a type of symmetric algorithm? a. Transcription b. Stream c. Block d. Ceasar
Transcription
A digital signature is used to guarantee who sent a message. This is referred to as non-repudiation. True False
True
A server with fake data used to attract an attacker is a honeypot. True False
True
A stateful packet inspection firewall examines each packet, and denies or permits access based not only on the current packet, but also on data derived from previous packets in the conversation. True False
True
A virtual private network is a way to use the Internet to create a connection between a remote user and a central location. True False
True
Which binary mathematical operation can be used for a simple (but unsecured) encryption method and is in fact a part of modern symmetric ciphers? a. Bit shift b. OR c. XOR d. Bit swap
XOR
Typically, when you update virus definitions _____________. Your computer restarts. Your computer modifies virus. The virus program scans your computer. You are updating the virus definition file on your computer
You are updating the virus definition file on your computer