Network Security Midterm Exam

A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as:

A macro

What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?

ARP

An attack that corrupts the ARP cache​

ARP Poisoning

​Part of the TCP/IP protocol for determining the MAC address based on the IP address.

Address Resolution Protocol (ARP)

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?

Alice's Public Key

An intrusion prevention system that knows information such as the applications that are running as well as the underlying operating systems​

Application-aware IPS

​A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications

Application-aware firewall

DNS poisoning can be prevented using the latest edition of what software below?

BIND

A cipher that manipulates an entire block of plaintext at one time.​

Block Cipher

Injecting and executing commands to execute on a server​

Command Injection

___________ ensures that only authorized parties can view certain information.

Confidentiality

Searching incoming web content to match keywords​

Content inspection

The management in your corporate office needs to group users on the network together logically even though they are attached to separate network switches. How can this be done?

Create a VLAN and add the users' computers / ports to the correct VLAN

​A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks

Data Encryption Standard (DES)​

​An algorithm that uses elliptic curves instead of prime numbers to compute keys

Elitic Curve Cryptography

A digital certificate that turns the address bar green is a(n) _____________.

Extended Validation SSL Certificate

Which of the following is not a SIEM product?

Fortify

Which act requires banks and financial institutions to alert their customers of their policies and practices in disclosing customer information?

Gramm-Leach-Bliley Act (GLBA)

A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists​

Heuristic monitoring

What secure protocol is recommended for Network address translation?

IPsec

In what type of cloud computing does the customer have some control over the operating systems, storage, and their installed applications?

Infrastructure as a Service

In cryptography, which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data?

Integrity

Which of the following is not a tool/technology that can be used to encrypt data?

IronGeek

An administrator has two servers that host the same web content, but only one server is utilized at a given time. What can be configured that can help to evenly distribute work across the network, and make use of both servers in a manner that is transparent to the end users?

Load balancing

What type of additional attack does ARP spoofing rely on?

MAC spoofing

A techniq​ue that allows private IP addresses to be used on the public Internet.

Network Address Translation (NAT)

At what level of the OSI model does the IP protocol function?

Network Layer

The Heartbleed bug takes advantage of a fatal flaw in a safety feature that is supposed to keep your Web communication private. Identify the protocol that is involved with the vulnerability and provide a description of how the bug gains access to your data. Discuss if/how the vulnerability has been addressed.

OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. The process for access private data is as follows: 1. Send a request to the server sending a small payload ( perhaps 1 byte), but identify the size of the payload as 65, 536 bytes. 2. The server copies the payload to memory and prepares to send a response 3. The server locates the payload in memory and send a response to the requesting site. However, rather than responding with the actual payload (1 byte), the server uses the" size" of the payload specified in the original message (65,536) to respond to the request. The information sent back included the original payload of 1 byte along with the next 65,535 bytes that were in memory from a previous user. Users can address the issue by upgrading to OpenSSL 1.0.1g. Users can alternatively recompile OpenSSl with SOPENSSL_NO_HEARTBEATS. The resolution to the issue was to fix the original programming error in the OpenSSL code. Upgrading to the latest version resolves the issue.

Cryptography is the process of changing original text into a scrambled message. Cryptographic ciphers use what type of data as their input?

Plaintext

​An asymmetric encryption key that does have to be protected.

Private Key

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Privilege escalation

Which of the following is not one of the functions of a digital signature?

Protect the public key

Conducts on-line tests to determine security of BOTH web servers and local browsers.

Qualys SSL Labs

​A device that can forward packets across computer networks

Router

What specific type of hardware card inserts into a web server that contains one or more co-processors to handle SSL/TLS processing?

SSL/TLS accelerator

An attack that takes advantage of the procedures for initiating a session is known as what type of attack?

SYN flood attack

This attack takes advantage of procedures for initiating a session using TCP/IP

SYN flood attack

​A form of verification used when accessing a secure web application

Session Token

An attacker broadcasts a network request to multiple computers but changes the address from which the request came

Smurf attack

A key exchange that requires all parties to agree upon a large prime number and related integer so that the same key can be separately created.​

Stream cipher

What cryptographic transport algorithm is considered to be significantly more secure than SSL?

TLS

What criteria must be met for an XXS attack to occur on a specific website?

The website must accept user input without validating it and use that input in a response.

A technology that allows scattered users to be logically grouped together even though they may be attached to different switches​

Virtual LAN (VLAN)

Select the technology that can be used to examine content through application-level filtering.

Web security gateway

Select the security tool that is an inventory of applications and associated components that have been pre-approved and authorized to be active and present on the device?

application whitelist

Ransomware prevents a users device from properly functioning until a fee is paid. A recent form of ransomware is called crypto-malware. All of the following are characteristics of more recent crypto-malware except:

can encrypt files only on the user's hard drive

What type of system is designed to collect and consolidate logs from multiple sources for easy analysis?

centralized device log analyzer

An organization that purchased security products from different vendors is demonstrating which security principle?

diversity

The Hashed Message Authentication Code (HMAC) _____________

encrypts the key and the message

At what stage can a certificate no longer be used for any type of authentication?

expiration

List and describe the characteristics that a hash algorithm must have to be secure. Also, identify a secure hash algorithm.

fixed size - short set of data should produce same size as long set unique- two different sets of data cannot produce same digest original- should be impossible to produce a data set that has a desired or predefined hash secure- the resulting hash cannot be reversed in order to determine the original plaintext. A secure hash algorithm is: SHA3-512. MD5 is no longer considered secure.

What data unit is associated with the Open Systems Interconnection (OSI) and Internet models, layer two?

frame

Which of the following is not a reason why it is difficult to defend against today's hackers?

greater sophistication of defense tools

Public Key Infrastructure (PKI) ______________

is the management of digital certificates

Which statement is not true regarding hierarchical trust models?

it is designed for use on a large scale

What technology will examine the current state of a network device before allowing it can to connect to the network and force any device that does not meet a specified set of criteria to connect only to a quarantine network?

network access control

Public key exchanges that generate random public keys that are different for each session are called

perfect forward secrecy

A key that is generated by a symmetric cryptographic algorithm is said to be a:

private key

A virus that infects an executable program file is known as

program virus

What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?

rootkit

What kind of networking device forwards packets across different computer networks by reading destination addresses?

router

When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established?

third-party

Cybersecurity attacks from state-sponsored actors are increasing at an alarming rate. Which of the following would not be an objective of state sponsored attacks?

to sell vulnerabilities to the highest bidder

Which of the following is malicious computer code that reproduces itself on the same computer?

virus

Choose the SQL injection statement example below that could be used to find specific users:

whatever' OR full_name LIKE '%Mia%'

The exchange of information among DNS servers regarding configured zones is known as:

zone transfer

Data that has been encrypted.​

​Ciphertext

Which of the following is not one of the four methods for classifying the various types of malware?​

​Source

The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as?

​Tailgating