Network Security Basics Test #2

Which security standard is used to encrypt e-mails?

S/MIME.

Which hashing algorithm uses a 160-bit hash value?

SHA.

Which of the following will NOT contribute to network hardening?

Locking down all unused ports on the firewall.

"Full disclosure testing" is more often known as which of the following?

White Box.

Which "X" standard defines certificate formats and fields for public keys?

X.509.

Your company has given you a laptop to use as you travel. What category does this laptop fall under?

COPE.

How many programs are traditionally run during vulnerability scanning?

12.

How many channels does the 802.11 standard define?

14.

Which of the following is NOT an asymmetric encryption algorithm?

3DES.

Computer room humidity should ideally be kept above ___________________ percent.

50.

Which encryption/security measure, originally developed by Netscape, is used to establish a secure, lower-layer communication connection between two TCP/IP-based machines?

SSL.

A major organization in the tracking and reporting of common computer and network security problems is ___________________.

CERT.

A ___________________ is used to provide EMI & RFI shielding for an entire room of computer or electronic equipment (also used to prevent eavesdropping).

Faraday Cage.

With which type of technology will allow a device to function only if it is within certain geographical locations?

Geofencing.

You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted upon. Which of the following terms describes the process of improving security in an NOS?

Hardening.

___________________ is the first step in the incident response cycle.

Incident Identification.

On the outer edge of physical security is the first barrier to entry. This barrier is known as a(n) ___________________.

Perimeter.

A ___________________is the term for an area in a building where access is individually monitored and controlled.

Security Zone.

A ___________________ is a repair made while the system being repaired remains in operation.

Service Pack.

Which kind of security attack is a result of the trusting nature of human beings?

Social Engineering.

Which of the following is an internal threat?

System Failure.

Which U.S. government agency publishes lists of known vulnerabilities in operating systems?

NIST.

Which of the following is an attack where a program or service is placed on a server to bypass normal security procedures?

Backdoor.

Which method of attack against a password happens when an attacker tries many different combinations of alphanumeric characters until successful?

Brute Force.

Which method of code breaking tries every possible combination of characters in an attempt to "guess" the password or key?

Brute Force.

The ___________________ method of backup keeps all data that has ever been on the system, regardless of its value.

Complete Archival.

Individuals who specialize in the making of codes are known as ___________________.

Cryptographers.

You are the administrator of the sybex.com website. You are working when suddenly web server and network utilization spikes to 100% and stays there for several minutes and users start reporting "Server not available" errors. You may have been the victim of what kind of attack?

DoS.

A ___________________ is a backup location that can provide services within hours of complete system failure.

Hot Site.

Which of the following is a wireless networking technology that uses two or more streams of data transmission to increase data throughput?

MIMO.

Which of the following is the process of ensuring that policies, procedures, and regulations are carried out in a manner consistent with organizational standards?

Inventory Review.

How does a user obtain a Message Authentication Code (MAC)?

It is derived from the message itself using an algorithm.

___________________ provide rules for expected behaviors to people in an organization.

Policies.

The process of making a computing environment more secure from attacks and intruders is known as ___________________.

Locking Up.

___________________ is a type of penetration/vulnerability testing that takes a passive approach rather than actually trying to break into the network.

Nonintrusive.

Which of the following is a type of attack that occurs when an attacker pretends to be a legitimate client, using information it has gained from a legitimate client (like it's IP address).

Spoofing.

Which of the following is used to refer to any sophisticated series of related attacks taking place over an extended period of time?

APT.

Which of the following is NOT necessary to back up?

Applications.

Which method of cryptography uses a sequence of photons to represent the encrypted data?

Quantum Cryptography.

The area of an application that is available to users (those who are authenticated as well as those who are not) is known as its:

Attack Surface.