ITD 3443 Network Security Mid Term - Ch1- Ch7
Which protocol that runs on Cisco routers shares information between Cisco devices? TCP CDP bootp SSH
CDP
Which of the following is the broadcast address for subnet 192.168.10.32 with subnet mask 255.255.255.240? -192.168.10.63 -192.168.10.47 -192.168.10.23 -192.168.10.95
192.168.10.47
Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively? 20, 23 20, 25 21, 23 21, 20
21, 20
Which of the following is considered a flooded broadcast IP address? -255.255.255.255 -200.15.6.255 -FFFF.FFFF.FFFF -10.255.255.255
255.255.255.255
Which of the following is the IPv6 loopback address? -::FFFF -000:000:: -::1 -1000:127:0:0:1
::1
Which protocol is responsible for automatic assignment of IP address? -SNMP -FTP -DHCP -DNS
DHCP
What is the typical packet sequence for closing a TCP session? FIN, ACK, FIN ACK, ACK FIN, FIN ACK, RST FIN, FIN ACK FIN ACK, FIN, ACK, RST
FIN, ACK, FIN ACK, ACK
Current Microsoft OSs include IPv6, but to use it, you must enable it first.
False
Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult.
False
T/F: A hash value is a variable-length string of symbols and numbers representing the original input's contents.
False
T/F: A packet monkey is an unskilled programmer who spreads viruses and other malicious scripts to exploit computer weaknesses.
False
T/F: A rollover cable is wired similarly to an Ethernet cable except that pins 7 and 8 are crossed.
False
T/F: All devices interpret attack signatures uniformly.
False
T/F: An atomic attack is a barrage of hundreds of packets directed at a host.
False
T/F: IPv4 and IPv6 headers are interoperable
False
T/F: The transport layer of the OSI model includes the RIP protocol.
False
To determine best path, routers use metrics such as the value of the first octet of the destination IP address.
False
Which of the following is an element of the TCP header that can indicate that a connection has been established? Sequence number Stream index Flags SEQ/ACK analysis
Flags
What is the packet called where a Web browser sends a request to the Web server for Web page data? HTML SEND HTTP GET HTML RELAY HTTP XFER
HTTP GET
What is contained in ARP tables? IP address, MAC address DNS name, IP address MAC address, TCP port NetBIOS name, IP address
IP address, MAC address
What feature does RIPng support that is not supported by RIP? 32-bit addresses IPv6 supernetting gigabit Ethernet
IPv6
______________ cryptanalysis is applicable to block ciphers that use a substitution-permutation network including Rijndael, Twofish, and IDEA.
Integral
An ARP broadcast is sent to the local subnet in an attempt to discover the destination computer's ______________ address.
MAC
T/F: Some methods of attacking a Cisco router do not require knowledge of the IOS version, so software patching is recommended.
True
T/F: The IP address 172.20.1.5 is a private IP address.
True
Which element of an ICMP header would indicate that the packet is an ICMP echo request message. Type Code Identifier Data
Type
What Cisco router command encrypts all passwords on the router? enable secret password crypto key passwords service password-encryption secure passwords enable
service password-encryption
Which of the following makes routing tables more efficient? VLSM route summarization host routing CIDR
route summarization
Which of the following is NOT a critical goal of information security? scalability authentication confidentiality nonrepudiation
scalability
The enable ___________ password uses type 5 encryption and overrides the enable password.
secret
What is a VPN typically used for? -secure remote access -detection of security threats -filter harmful scripts -block open ports
secure remote access
What is the TCP portion of a packet called?
segment
What should you set up if you want to store router system log files on a server? AAA server syslog server buffered logging TTY connection
syslog server
What is the most likely weak link when using asymmetric encryption for verifying message integrity and nonrepudiation? the hashing algorithm used to generate a message digest the use of the sender's private key the integrity of the private keys the source of the public keys
the source of the public keys
_____ events usually track the operations of the firewall or IDPS, making a log entry whenever it starts or shuts down.
System
Which field in the IP header is an 8 bit value that identifies the maximum amount of time the packet can remain in the network before it is dropped? -ECN -Fragment OFfset -options -TTL
TTL
Which of the following addresses is a Class B IP address? -224.14.9.11 -189.77.101.6 -211.55.119.7 -126.14.1.7
189.77.101.6
How large is the IPv6 address space? -128 bits -168 bits -32 bits -64 bits
128 bits
Which of the following types of traffic does NOT travel through routers? network route information ARP requests DNS zone transfers SNMP status information
ARP requests
______ IPv6 addresses are used for one to one or one to many communication.
Anycast
What feature in ICMPv6 replaces ARP in IPv4? -Neighbor Discovery -Authentication Header -Echo Request -Multicast Listener Discovery
Neighbor Discovery
Which of the following is an open standard used for authentication on Cisco routers? CHAP ACE ATM RADIUS
RADIUS
Which type of attack causes the operating system to crash because it is unable to handle arbitrary data sent to a port?
RPC attacks
Which TCP flag can be the default response to a probe on a closed port? SYN URG RST PSH
RST
Which of the following is the first packet sent in the TCP 3 way handshake? -SYN -PSH -ACK -RST
SYN
What is the sequence of packets for a successful three-way handshake? SYN, SYN ACK, ACK SYN, ACK, ACK SYN, SYN ACK, RST SYN, ACK, FIN
SYN, SYN ACK, ACK
Which IPv6 header field is known as the priority field? -Hop Limit -Version -Traffic Class -Flow Label
Traffic Class
What is a program that appears to do something useful but is actually malware? -Trojan -backdoor -logic bomb -virus
Trojan
Cisco routers support both numbered and named ACLs, starting with IOS version 11.2.
True
Packet fragmentation is not normal, and can only occur if an attack has been initiated.
True
T/F: A worm creates files that copy themselves repeatedly and consume disk space.
True
T/F: Encrypted files can be transmitted in both electronic form and as written messages.
True
T/F: In a passive attack, cryptanalysts eavesdrop on transmissions but don't interact with parties exchanging information.
True
_______ are spread by several methods, including running executable code, sharing disks or memory sticks, opening e-mail attachments, and viewing infected or malicious Web pages.
Viruses
____ do not require user intervention to be launched; they are self-propagating.
Worms
Which type of scan has the FIN, PSH, and URG flags set? SYN Scan FIN scan Xmas scan Null scan
Xmas scan
Which of the following is true about standard IP ACLs? they can filter on IP address and port they can filter on source and destination IP address a 0.0.0.0 inverse mask means all bits are significant they automatically apply to all active interfaces
a 0.0.0.0 inverse mask means all bits are significant
Which of the following is the first step in the digital signature process where Mike sends a message to Sophie? a message digest of Mike's message is calculated using a hashing algorithm Sophie encrypts Mike's message with Mike's public key the message digest is encrypted by Mike's private key Sophie compares the message digest she calculated to Mikes's message
a message digest of Mike's message is calculated using a hashing algorithm
Which of the following best describes a CRL? serve as a front end to users for revoking certificates a file that contains information about the user and public key a published listing of invalid certificates keeps track of issued credentials and manages revocation of certificates
a published listing of invalid certificates
DNS operates at the ______ layer of the OSI model.
application
Which of the following is NOT among the items of information that a CVE reference reports? description of vulnerability reference in other databases attack signature name of the vulnerability
attack signature
What type of attack does a remote-access Trojan attempt to perpetrate? worm back door composite attack remote denial of service
back door
In which form of authentication does the authenticating device generate a random code and send it to the user who wants to be authenticated? -challenge / response -signature -basic -biometrics
challenge / response
What can an IDPS check to try to determine whether a packet has been tampered with or damaged in transit? CRC value parity bit fragment offset checksum
checksum
Which of the following is NOT information that a packet filter uses to determine whether to block a packet? -port -checksum -protocol -IP address
checksum
To what type of port on a Cisco router do you connect a rollover cable? Ethernet auxiliary Frame Relay console
console
During the routing process, the router strips off ______________________ layer header information and then examines the Network layer address.
data link
Which of the following is a command you would find in an antispoofing ACL for network 172.31.0.0/16? permit icmp any any redirect deny TCP 172.31.0.0 0.0.0.0 any log permit ip any 172.31.0.0 0.0.255.255 log deny ip 172.31.0.0 0.0.255.255 any log
deny ip 172.31.0.0 0.0.255.255 any log
Which of the following is a type of cryptanalysis that applies primarily to block ciphers but can also be used against stream ciphers and hashing functions and works by examining how differences in input affect the output? related key XSL differential integral
differential
What should you do when configuring DNS servers that are connected ot the Internet in order to improve security? -disable DNS buffers -disable DNS zone transfers -setup DNS proxy -delete the DNS cache
disable DNS zone transfers
What uses mathematical calculations to compare routes based on some measurement of distance? routing metrics link-state routing protocols route summarization distance-vector routing protocols
distance-vector routing protocols
Which of the following types of password prevents a user from accessing privileged exec mode on a Cisco router? TTY AUX enable console
enable
What is the term used when an IDPS doesn't recognize that an attack is underway? true positive negative activity positive signature false negative
false negative
The _____ field in an IP header is a 3-bit value indicating whether a datagram is a fragment.
flags
Which of the following is NOT one of the three primary goals of information security? -integrity -impartiality -confidentiality -availability
impartiality
Which of the following is a metric routers can use to determine best path? packet TTL datagram size link state network protocol
link state
Which of the following is NOT a reason for subnetting a network? -controlling network traffic -increasing network security -making larger groups of hosts -planning for growth
making larger groups of hosts
With which access control method do system administrators establish what information users can share? -discretionary -mandatory -administrative -role-based
mandatory access control
Of what category of attack is a DoS attack an example? bad header information suspicious data payload multiple-packet attack single-packet attack
multiple-packet attack
The ______ command shows current sessions with associated port numbers.
netstat -n
In which OSI model layer will you find the OSPF protocol? -session -application -network -transport
network
The _____ is the part of the IP address that is the same among computers in a network segment.
network identifier
A TCP packet with no flags set is referred to as a _________ packet.
null
The _______________ part of a packet is the actual data sent from an application on one computer to an application on another.
payload
Which type of function is used in cryptography? permutation Not AND X-box NOR
permutation
What does a sliding window do in a TCP packet? -ensures all packets are delivered -ensures transmission reliability -provides packet security -provides flow control
provides flow control
Under which suspicious traffic signature category would a port scan fall? unauthorized access denial of service reconnaissance informational
reconnaissance
What is a downside to using Triple DES? using three keys decreases security goes through three rounds of encryption uses only a 56-bit key requires more processing time
requires more processing time
In an RPC _________, a targeted host receives an RPC set request from a source IP address of 127.0.0.1.
set spoof
A ______________ is made up of IP numbers and options, TCP flags, and port number that define a type of network activity.
signature
What remote shell program should you use if security is a consideration? rsh rlogin rcp ssh
ssh
In which type of scan does an attacker scan only ports that are commonly used by specific programs? vanilla scan strobe scan random scan ping sweep
strobe scan
How are the two parts of an IP address determined? -subnet mask -host identifier routing table -network identifier
subnet mask
Which of the following is NOT an advantage of IPv6 versus IPv4? -larger address space -built-in security -supports static configuration -NAT is unnecessary
supports static configuration
Under which attack category does a UNIX Sendmail exploitation fall? suspicious data payload single-packet attack bad header information multiple-packet attack
suspicious data payload
Which of the following is true about encryption algorithms? their strength is tied to their key length block ciphers encrypt one bit at a time not vulnerable to brute force attacks asymmetric algorithms use a single key
their strength is tied to their key length
Which of the following is true about PRNGs? the shorter the state, the longer the period they are not completely random their state is measured in bytes they can never produce the same value
they are not completely random
Which of the following is true about static routes? the metric is higher than a dynamic route they are used for stub networks they are created by routing protocols they change automatically as the network changes
they are used for stub networks
How does the CVE standard make network security devices and tools more effective? they can share information about attack signatures the layered approach makes attacks nearly impossible it requires you to use compatible devices from one vendor it warns an attacker that your site is being monitored
they can share information about attack signatures
Rather than using classful routing, ________________ subnet masks allow you to divide your network into different sizes to make better use of available addresses.
variable length