Network Defense Mid Term Study Guide, CHAPTER 6—Control Statements: Part 2, CNT 4406 Chapter 7, CNT 4406 Chapter 5, CNT 4406 Chapter 4, CNT 4406 Chapter 2, CNT 4406 Chapter 1, INFO 621- Chapter 4, CNT 4406 Chapter 3
Collision
A _________ occurs when computing the MD5 algorithm with two different initialization vectors produces the same hash value.
Hash
A __________ value is a fixed-size string representing the original input's contents.
Signature
A ____________ is made up of IP numbers and options, TCP flags, and port number that define a type of network activity.
Unary operators (such as ++) cannot be used in conditions.
False . Unary operators can be used in conditions.
A default case must be provided for every switch statement.
False. A default case is not required for a switch statement.
for statements cannot be represented as while statements.
False. All for statements can be represented as while statements.
A case with no statements is called an empty case, and requires only the break statement.
False. An empty case does not require a break statement.
A case that consists of multiple lines must be enclosed in braces.
False. Braces are not required in switch.
The C# operator ^ can be used for exponentiation.
False. C# does not have an exponentiation operator, the Math.Pow method can be used for this purpose.
Counter-controlled repetition requires only a control variable, an initial value for the control variable and an increment or decrement.
False. Counter-controlled repetition also requires a loop-continuation condition to determine whether the loop should continue executing the statements in its body.
FIN packet
Lets the other computer know it is finished sending data
If a while condition is never true, the body will never execute.
True
It's possible to specify that a constant is of type decimal by appending the letter m to the constant
True
Modifying the control variable of a for statement in the body can cause errors.
True
The for repetition statement handles the details of counter-controlled repeti¬tion.
True
Only the statements for one case can be executed in any one execution of a switch statement.
True.
The effects of break and continue statements can be achieved by struc¬tured programming techniques.
True.
Ciphertext
Unreadable text, programs that do not execute, and graphics you cannot view
Scan Throttling
Used by attackers to delay the progression of a scan
D. IDPS
Which security tool works by recognizing signs of possible attack and sending notification to an administrator? A. DiD B. DMZ C. VPN D. IDPS
B. mandatory access control
With which access control method do system administrators establish what information users can share? A. discretionary access control B. mandatory access control C. administrative access control D. role-based access control
Anycast
__________ IPv6 addresses are used for one-to-one or one-to-many communication.
A common logic error known as a(n) occurs when the programmer incor¬rectly specifies a conditional operator, such as < instead of <=.
off-by-one error
compilers will automatically remove from loops body statements that do not need to be executed multiple times through a process known as .
optimization
Null
A TCP packet with no flags set is referred to as a _______ packet.
Assuming a is a bool with a value of false, which of the following eval¬uates to true?
!a
What is the Windows key sequence for typing the end-of-file indicator in Command Prompt window?
<Ctrl> z
Which of the following statements about the continue statement is true?
A continue statement proceeds with the next iteration of the immediately enclosing while, for, do...while statement.
XOR function
A cryptographic primitive based on binary bit logic and used as a linear mixing function, combining values for use in further computations
Stateless Autoconfiguration
A feature of IPv6 in which a computer can connect to a network by determining its own IP address based on the addressing of neighboring nodes
C. use DoS attack on Web sites with which they disagree
A hactivist can best be described as which of the following? A. an unskilled programmer that spreads malicious scripts B. consider themselves seekers of knowledge C. use DoS attack on Web sites with which they disagree D. deface Web sites by leaving message for their friends to read
Biometrics
A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voiceprints
Socket
A network connection consisting of a port number combined with a computer's IP address
DMZ
A semi trusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN
Ping Sweep
A series of ICMP echo request packets in a range of IP addresses
Multicast
A transmission used for one-to-many communication, in which a single host can send packets to a group of recipients
Key Management
A way to prevent keys from being discovered and used to decipher encrypted messages
Port
An area in random access memory (RAM) reserved for the use of a program that "listens" for requests for the service it provides
DES
An older protocol composed of a 16-round Feistel network with XOR functions, permutation functions, 64 S-box functions, and fixed key schedules
Back Door
An undocumented hidden opening through which an attacker can access a computer
Signature
Digital ____________ security vulnerabilities are mostly associated with the IT infrastructure required to support interoperability.
Multicast Listener Discovery
Enables IPv6 routers to discover multicast listeners on a directly connected link and to decide which multicast addresses are of interest to those nodes
Infinite loops are caused when the loop-continuation condition in a while, for or do...while statement never becomes true.
False. Infinite loops are caused when the loop-continuation condition in a while, for or do...while statement never becomes false.
Counting loops should be controlled with whatever data type most closely reflects the operations taking place, whether that is an int, float or double.
False. Integers should be used to control counting loops, because the approximate nature of floating-point values may prevent loop-continuation conditions from evaluating correctly.
Inserting a blank line before and after each major control statement is required.
False. It's a good programming practice.
Only one control variable may be initialized, incremented or decremented in a for statement header
False. Multiple initialization, increment or decrement expressions may be included in for statements as comma-separated lists.
The break statement terminates a program.
False. The break statement is used to terminate a loop early or skip the remaining cases in a switch.
A loop that counts down from 10 to 1 using control variable counter should use the loop-continuation condition counter <= 1.
False. The condition specified in this question results in a logic error. Since control variable counter would start at 10 in this case, the condition would be false upon entering the loop and the loop body would never execute. The proper loop-continuation condition would be counter >= 1.
The continue statement is used to undo the effects of the break statement.
False. The continue statement alters the flow of control in a loop by skipping the remaining statements in the body of a while, for, or do...while statement and proceeding with the next iteration of the loop. In a for statement, the increment expression executes before the loop-continuation condition is tested again.
A while statement automatically increments a variable that a programmer specifies.
False. The while statement does not automatically increment a value—it tests a con¬dition and executes the body if the condition evaluates to true.
The initialization expression, condition and increment expression in a for statement's header must be separated with commas.
False. These expressions must be separated by semicolons; otherwise, a syntax error occurs.
Packet Filters
Hardware or software tools that allow or deny packets based on a specified criteria, such as port, IP address, or protocol
Spoof
In an RPC _________, a targeted host receives an RPC set request from a source IP address of 127.0.0.1.
SYN
In the three-way handshake, the first packet in the sequence has the ______ flag set.
A. botnet
Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following? A. botnet B. Trojan C. logic bomb D. packet monkey
C. multiple-packet attack
Of what category of attack is a DoS attack and example? A. bad header information B. single-packet attack C. multiple-packet attack D. suspicious data payload
Netstat
The __________ command shows current sessions with associated port numbers.
Flag
The ___________ field in an IP header is a 3-bit value indicating whether a datagram is a fragment
Payload
The ___________ part of a packet is the actual data sent from an application on one computer to an application on another.
Which of the following statements about the break statement is false?
The break statement, when executed in a while, for or do...while, skips the remaining statements in the loop body and proceeds with the next iteration of the loop.
Suppose variable gender is MALE and age equals 60, how is the expression ( gender == FEMALE ) && ( age >= 65 ) evaluated?
The condition ( gender == FEMALE ) is evaluated first and the evaluation stops immediately.
Fragmentation
The division of packets into smaller sizes to accommodate routers with frame size limitations
MTU
The maximum packet size that can be transmitted
Consider the following two C# code segments: Segment 1 Segment 2 int i = 0; for (int i=0; i <= 20; ++i) while ( i < 20 ) { { Console.WriteLine ( i ); ++i; } Console.WriteLine ( i ); } Which of the following statements is true?
The output from these segments is not the same. b) The scope of the control variable i is different for the two segments. c) Both (a) and (b) are true.
Network Identifier
The part of an IP address that a computer has in common with other computers in its subnet
Cryptanalysis
The study of breaking encryption methods
. Braces are normally included with do...while statements even when unnec¬essary to avoid confusion with the while statement.
True
A control variable that's declared in a for statement header is not accessible outside of the body of the for statement.
True
A variable used as a counter should be initialized when it's declared.
True
Compressing statements before and in a for statement into the for header can reduce the readability of a program
True
C. the source of the public keys
What is the most likely weak link when using asymmetric encryption for verifying message integrity and nonrepudiation? A. the use of the sender's private key B. the hashing algorithm used to generate a message digest C. the source of the public keys D. the integrity of the private keys
C. SYN, SYN ACK, ACK
What is the sequence of packets for a successful three-way handshake? A. SYN, ACK, ACK B. SYN, SYN ACK, RST C. SYN, SYN ACK, ACK D. SYN, ACK, FIN
A. false negative
What is the term used when an IDPS doesn't recognize that an attack is underway? A. false negative B. true positive C. negative activity D. positive signature
A. disable zone transfers
What should you do when configuring DNS servers that are connected to the Internet in order to improve security? A. disable zone transfers B. delete the DNS cache C. disable DNS buffers D. setup DNS proxy
A. IKE
Which component of IPsec enables computers to exchange keys to make an SA? A. IKE B. ISAKMP C. Oakley D. IPsec driver
D. 21,20
Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively? A. 20, 25 B. 21, 23 C. 20, 23 D. 21, 20
B. scalability
Which of the following is NOT a critical goal of information security? A. confidentiality B. scalability C. authentication D. nonrepudiation
A. the local host source address occurs in the packet
Which of the following is the description of a land attack? A. the local host source address occurs in the packet B. source and destination IP address/port are the same C. an illegal TCP flag is found in the segment header D. the attacker uses an undefined protocol number
A. they are not completely random
Which of the following is true about PRNGs? A. they are not completely random B. their state is measured in bytes C. the shorter the state, the longer the period D. they can never produce the same value
B. Message Digest 5
Which of the following makes a single pass on data and generates a 128-bit hash value displayed as a 32-characer hexadecimal number and is used in VPNs? A. RSA B. Message Digest 5 C. RC4 D. Twofish
Viruses
___________ are spread by several methods, including running executable code, sharing disks or memory sticks, opening e-mail attachments, and viewing infected or malicious Web pages.
Integral
___________ cryptanalysis is applicable to block ciphers that use a substitution-permutation network including Rijndael, Twofish, and IDEA.
Nonrepudiation
____________ is achieved when neither party can plausibly deny its participation in message exchanges.
Non-repudiation
____________ is the capability to prevent a participant in an electronic transaction from denying that it is performed an action.
The do...while repetition statement tests the condition the body of the loop executes.
after
The header for (int i = 0; i <= 10; ++i) will cause i to be incremented:
after the entire body executes
The loop body of a do...while statement always executes __________.
at least once
The________ statement, when executed in a for loop, will terminate the loop.
break
The________ statement, when executed in a while loop, skips the remaining statements in the body of the statement and begins the next iteration of the loop.
continue
A case can be labeled as_______ to execute in the event that none of the pro¬vided cases are equivalent to the controlling expression.
default
What occurs when an empty case matches the controlling expression?
fall through
Which of the following will count down from 10 to 1 correctly?
for ( int j = 10; j >= 1; --j )
Which of the following for-loop control headers results in equivalent numbers of iterations:
for ( int q = 100; q >= 0; --q )
Which of the following for headers is syntactically incorrect?
for (i == 3)
The first line of the for statement is sometimes called the:
for statement header
Consider the code segment below. if ( gender == 1 ) { if ( age >= 65 ) ++seniorFemales; } // end if
if ( gender == 1 && age >= 65 ) ++seniorFemales;
Counting loops should be controlled with______ values.
int
Which of the following is equivalent to the following code segment? Segment: int total = 0; for ( int i = 0; i <= 20; i += 2 ) total += i;
int total = 0; for ( int i = 0; i <= 20; total += i, i += 2 )
Which of the following is not a control statement in C#?
loop
Which of the following operators ensures that at least one out of multiple conditions is true?
||