Practice Quizzes ITSS 4360

Ace your homework & exams now with Quizwiz!

A wireless access point is a _______.

A. cell tower B. Wi-Fi hot spot C. wireless access point to a LAN or WAN All of the Above

Types of intellectual property available

A. copyrights B. patents C. Trademarks D. All of the above All of the above

A benefit of IPsec is __________

A. that it is below the transport layer and transparent to applications B. there is no need to revoke keying material when users leave the organization C. it can provide security for individual users if needed D. all of the above

The smallest building block of a wireless LAN is a

BSS

The 802.11i RSN security specification defines the following services:

C. All of the Above A. privacy with message integrity B. authentication C. All of the above D. access control

_______ is the process in which a CA issues a certificate for a user's public key and returns that certificate to the user's client system and/or posts that certificate in a repository.

Certification

The specification of a protocol, along with the chosen key length, is known as a

Cipher suite

_______ is a list that contains the combinations of cryptographic algorithms supported by the client.

CipherSuite

Kerberos realm consists of server and

Client and Application Server

a ___________ is a person or organization that maintains a business relationship with, and uses service from, cloud providers

Cloud Service Consumer

A ____________ is a networking facility that provides connectivity and transport of cloud services between cloud consumers and cloud service providers

Cloud carrier or Cloud Provider

a consequence of a buffer overflow error is _________

Corruption of data used by the program unexpected transfer of control in the program

The principal element of a mobile security strategy

D. All of the above A. Device Security B. Client traffic security C. Barrier security D. All of the above

______ is the recommended technique for wireless network security

D. All of the above A. Using encryption B. Using anti-virus and anti-spyware software C. Turning off identifier broadcasting D. All of the above

Kerberos uses the _______ encryption algorithm

DES

_____ strengthens the protection of copyrighted materials in digital format

DMCA

Like TKIP, CCMP provides two services: message integrity and ________.

Data confidentiality

The principal threats to wireless transmission are altering or inserting message and

Disruption and eavesdropping

The wireless environment lends itself to a ______ attack because it is so easy for the attacker to direct multiple wireless messages at the target.

DoS

_____ can be copyrighted.

Dramatic works, software-related works, architectural works, (all the above)

Countermeasures for eavesdropping are Choose TWO.

Encryption and Signal Hiding Techniques

_______ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves

Environment variables

An attacker can generally determine in advance exactly where the targeted buffer will be located in the stack frame of the function in which it is defined.

False

Search engines support Https

False

_______ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, reducing the number of authentications needed by the user.

Federation

____________ is a tool used to automatically identify potentially vulnerable programs

Fuzzing

The most complex part of TLS is the _____.

Handshake Protocol

Choose TWO mobile device security threats

Interaction with other systems and Using any available network

IP-level security encompasses three functional areas: one of the functional areas is authentication, choose the remaining two functional areas

Key management and confidentiality

_____ defines a number of content formats, which standardize representations for the support of multimedia e-mail.

MIME

At its most fundamental level the Internet mail architecture consists of a user world in the form of _________.

MUA

The SSL Record Protocol provides two services for SSL connections

Message integrity and confidentiality

NIST SP 800-145 defines three cloud service models expect one

Network as a Service (Naas)

An example of a(n) __________ attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance

Network injection

A _______ for an invention is the grant of a property right to the inventor.

Patent

a _________ cloud provides service to customers in the form of a platform on which the customer's applications can run

Platform as a Service

a _________ infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services

Public cloud

The final form of the 802.11i standard is referred to as

RSN

Match the following: S/MIMe digital signature Kerberos Public key infrastructure (PKI) A. the defacto standard for remote authentication. B. formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. C. security enhancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security. D. the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography

S/MIME: C Digital signature: B Kerberos: A publickey infrastructure: D

the use of _________ avoids the complexity of software installation, maintenance, upgrades, and patches

SaaS

An integer value unique within the issuing CA that is unambiguously associated with the certificate is the ________.

Serial number

a stack buffer overflow is also referred to as __________

Stack smashing

SSL and TLS rely on

TCP

The basic tool that permits widespread use of S/MIME is ________.

The public-key certificate

Cloud computing gives you the ability to expand and reduce resources according to your specific service requirement

True

Computer technology has involved the creation of new types of entities for which no agreed ethical rules have previously been formed

True

Computers as targets is a form of crime that involves an attack on data integrity, system integrity, data confidentiality, privacy, or availability.

True

Data must be secured while in transit, in use, and at rest

True

The ticket-granting ticket is encrypted with a secret key known only to the AS and the TGS.

True

ESP supports two modes of use: transport and _________.

Tunnel

Three types of patents are

Utility, design, plant

In order to accelerate the introduction of strong security into WLANs the Wi-Fi Alliance promulgated ________, a set of security mechanisms that eliminates most 802.11 security issues, as a Wi-Fi standard.

WPA

_______ certificates are used in most network security applications, including IP security, secure sockets layer, secure electronic transactions, and S/MIME.

X.509

The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _______ vulnerability

XSS reflection

Program input data may be broadly classified as

binary and textual

Measured service and rapid elasticity are essential characteristics of

cloud computing

__________ aim to prevent or detect buffer overflows by instrumenting programs when they are compiled.

compile-time defenses

__________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table.

guard pages

The buffer is located __________ .

in the heap, in the data section of the process, on the stack, (all the above)

_______ is a program flaw that occurs when program input data can accidentally or deliberately influence the flow of execution of the program

injection attack

Incorrect handling of program _______ is one of the most common failings in software security.

input

Program _______ refers to any source of data that originates outside the program and whose value is not explicitly known by the programmer when the code was written.

input

Any intangible asset that consists of human knowledge and ideas is _______.

intellectual property

a stead reduction in memory available on the heap to the point where it is completely exhausted is known as a ________

memory leak

The _____ used a buffer overflow exploit in "fingerd" as one of its attack mechanisms

morris internet worm

the _______ cloud deployment model is the most secure option

private

________ defenses aim to detect and abort attacks in existing programs

run-time

Defensive programming is sometimes referred to as

secure programming

Two key areas of concern for any input are the

size and the meaning and interpretation

buffer overflow attacks are one of the most common attacks seen

true

software security is closely related to software quality and reliability

true

the major advantage of the public cloud is cost

true

The wireless environment consists of three components that provide point of attack: the wireless client, the transmission medium and

wireless access point.


Related study sets

Chapter 15 sports psych (Team cohesion in sport)

View Set

Theatre Quiz 1 "Facade Stages" and "The Theatre of Greece"

View Set

Chapter 4- Age of Religious Wars Nolan's Practice

View Set

World History AP 2013 Released Exam

View Set

Chapter 3: Providing equal employment opportunity and a safe workplace

View Set

ATI Med Surg Proctored Exam Practice Qs

View Set

Chapter 5 - Effects of Long-Term Exposure to Radiation

View Set