MIST 5785 Quiz Review

Ace your homework & exams now with Quizwiz!

d) Acceptability

Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering? a) Reaction time b) Accuracy c) Dynamism d) Acceptability

c)

All of the following actions can be helpful in thwarting session hijacking attacks except ________. a) using an intrusion detection system (IDS) that can watch for suspicious activity b) using encryption to make it difficult for attackers to see what is being transmitted c) employing operating systems that create predictable sets of sequence numbers d) configuring routers to block spoofed traffic from outside the protected network

b) flags

Bits that are set in the header of a packet, each describing a specific behavior, are called _______. a) pings b) flags c) probes d) banners

b) Alice's public key

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? a) Bob's public key b) Alice's public key c) Bob's private key d) Alice's private key

a) passive session hijacking

Botnets are used to perform all of the following attacks except ________. a) passive session hijacking b) distributed denial of service (DDoS) attacks c) transmitting spam and other bogus information on behalf of their owner d) stealing information

1, 3, 4

CIA Triad includes _____. (3) 1. Confidentiality 2. Accountability 3. Availability 4. Integrity

d) Procedure

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? a) Policy b) Standard c) Guideline d) Procedure

d) Authorization

During which phase of the access control process does the system answer the question,"What can the requestor access?" a) Accountability b) Identification c) Authentication d) Authorization

b) Accountability

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about? a) Authorization b) Accountability c) Authentication d) Identification

d) Integrity

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve? a) Authentication b) Confidentiality c) Nonrepudiation d) Integrity

d) MAC flooding

Harold is performing a penetration test and would like to force a switch to fall back to forwarding mode. Which of the following attacks would be most helpful to Harold in meeting his goal? a) ARP spoofing b) Active sniffing c) Passive sniffing d) MAC flooding

d) Your public key

If you and another person want to encrypt messages, what should you provide that person with? a) A Rivest, Shamir, and Adelman (RSA) algorithm b) A Digital Signature Algorithm (DSA) c) Your private key d) Your public key

b) Red team

If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals? a) Pen team b) Red team c) Blue team d) Security team

b) Active session hijacking

In what type of attack does the attacker take over an established session between two parties and then interacts with the remaining party as if the attacker were the party that has been disconnected? a) Passive sniffing b) Active session hijacking c) Passive session hijacking d) Active sniffing

d) 96.67%

Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server's availability factor for that month? a) 3.33% b) 99.96% c) 0.04% d) 96.67%

d) methods of active sniffing

Media Access Control (MAC) flooding and Address Resolution Protocol (ARP) poisoning are ________. a) forms of passive sniffing b) methods of placing stations in separate collision domains c) types of promiscuous modes d) methods of active sniffing

a) Integrity

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? a) Integrity b) Availability c) Nonrepudiation d) Accountability

c) Nontechnical password attacks

Shoulder surfing, keyboard sniffing, and social engineering are considered ________. a) hybrid password attacks b) technical password attacks c) nontechnical password attacks d) dictionary attacks

False

T/F? A brute-force attack tries passwords that are pulled from a predefined list of words.

False

T/F? A private key cipher is also called an asymmetric key cipher.

True

T/F? A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks.

True

T/F? An algorithm is a repeatable process that produces the same result when it receives the same input.

True

T/F? Content addressable memory (CAM) is the memory present on a switch, which is used to build a lookup table.

True

T/F? Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.

True

T/F? Digital signatures require asymmetric key cryptography.

True

T/F? For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.

True

T/F? Log files are records that detail who logged on to a system, when they logged on, and what information or resources they used.

False

T/F? Most networks and protocols are inherently secure, making them difficult to sniff.

True

T/F? Promiscuous mode is a special mode that a network card can be switched to that will allow the card to observe all traffic that passes by on the network segment.

True

T/F? Single sign-on (SSO) can provide for stronger passwords because with only one password to remember, users are generally willing to use stronger passwords.

False

T/F? The four central components of access control are users, resources, actions, and features.

False

T/F? You must always use the same algorithm to encrypt information and decrypt the same information.

1, 2, 4

The seven domains of a typical IT infrastructure include __________________. (3) 1. Workstation domain 2. LAN-to-WAN domain 3. Router domain 4. System/Application domain

b) Separation of duties

Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following? a) Need to know b) Separation of duties c) Least privilege d) Security through obscurity

d) Unencrypted email

What is NOT an effective key distribution method for plaintext encryption keys? a) Smart card b) Paper c) CD d) Unencrypted email

c) Wardriving

What is the process of locating wireless access points and gaining information about the configuration of each? a) Wardialing b) Pinging c) Wardriving d) Port scanning

a) Acceptable Use Policy

What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network? a) Acceptable Use Policy b) Hacking Policy c) ISP Security Policy d) Port Scanning Policy

b) Security test

What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management? a) Penetration test b) Security test c) Ethical hacking test d) Hacking test

a) Nonrepudiation

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve? a) Nonrepudiation b) Availability c) Confidentiality d) Integrity

c) Top Secret

Which classification level is the highest level used by the US federal government? a) Private b) Confidential c) Top Secret d) Secret

c) Guideline

Which element of the security policy framework offers suggestions rather than mandatory actions? a) Policy b) Standard c) Guideline d) Procedure

c) Active fingerprinting

Which of the following is a form of OS fingerprinting that involves actively requesting information from a target system? a) Banner fingerprinting b) Network fingerprinting c) Active fingerprinting

c)

Which of the following statements is NOT true regarding distributed denial of service (DDoS) attacks? a) Defense is difficult due to the number of attackers. c) The impact of this attack is increased over that of a standard denial of service (DoS) attack. c) The attack is easily tracked back to its true source. d) Attacks of this type use hundreds or thousands of systems to conduct the attack.

c) Password

Which one of the following is an example of a logical access control? a) Access card b) Key for a lock c) Password d) Fence

b) MTTR

Which one of the following measures the average amount of time that it takes to repair a system, application, or component? a) Recovery time objective (RTO) b) Mean time to repair (MTTR) c) Mean time to failure (MTTF) d) Utime

d) Threat

Which term describes any action that could damage an asset? a) Risk b) Countermeasure c) Vulnerability d) Threat

d) TCP connect scan

Which type of TCP scan is the most reliable but also the easiest to detect? a) TCP SYN scan b) TCP NULL scan c) TCP FIN scan d) TCP connect scan

c) Brute-force attack

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? a) Dictionary attack b) Social engineering attack c) Brute-force attack d) Rainbow table attack

d) Social engineering

Yolanda discovered that a botnet infected several systems on her network. Which of the following activities is not a likely use of the botnet? a) Click fraud b) Information theft c) Denial of service attacks d) Social engineering


Related study sets

Concepts of Programming Languages - Chapter 5 (Names, Bindings, and Scopes) Part 2

View Set

Health Assessment Ch.27 Children and Adolescents PrepU

View Set

25: Banking System and Electronic Financial Transactions

View Set

Android Operating Systems Overview (L1)

View Set

Sir Gawain and the Green Knight- Review

View Set

Macroeconomics Test 1 (Quiz Questions)

View Set

5TH Grade SS chapter 14 section 3

View Set

Chain of Command Test AFJROTC Unit VA-20012 Chantilly Academy (2018)

View Set

GRE Math Foundations and Formulas 2022

View Set