security
true
A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it. T or f?
false
A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer.
public key infrastructure
A framework for all of the entities involved in digital certificates for digital certificate management is known as:
whatever' OR full_name LIKE '%Mia%'
Choose the SQL injection statement example below that could be used to find specific users:
false
Encryption is the practice of transforming information so that it is secure and cannot be accessed by unauthorized parties.T or F?
512
If using the MD5 hashing algorithm, what is the length to which each message is padded?
confidentiality, availibility and integrity
List and describe three of the characteristics of information that must be protected by information security?
hierarchical, distributed, and bridge trust model
List the three PKI trust models that use a CA.
open source intelligence
Select the term that best describes automated attack software?
HIPAA
Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?
crypto service providers
What allows an application to implement an encryption algorithm for execution?
avoidance, transfer, mitigate, accept
What are the four different risk response techniques?
authentication, confidentiality, key management
What are the three areas of protection provided by IPSEC?
cross site scripting, cross site forgery
What are the two types of cross-site attacks? (Choose all that apply.)
availability, authentication, non-repudiation, and integrity
What four basic protections can cryptography support?
blowfish
What is a block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits?
master secret
What is used to create session keys?
technical controls
What process describes using technology as a basis for controlling the access and usage of sensitive data?
desctruction
What process will remove all private and public keys along with the user's identification information in the CA?
IPsec
What protocol below supports two encryption modes: transport and tunnel?
ARP
What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?
extentions
What technology expands the normal capabilities of a web browser for a specific webpage?
TPM
What technology uses a chip on the motherboard of the computer to provide cryptographic services?
defensein depth
What term describes a layered security approach that provides the comprehensive protection?
silver bullet
What term refers to an action that provides an immediate solution to a problem by cutting through the complexity that surrounds it?
local host table, external DNS server
What two locations can be a target for DNS poisoning? (Choose all that apply.)
man in the browser
What type of attack intercepts communication between parties to steal or manipulate the data?
third party trust
What type of trust model is used as the basis for most digital certificates used on the Internet?
PGP
What widely used commercial asymmetric cryptography software can be used for encrypting files and email messages?
DNS
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:
whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
Which SQL injection statement example below could be used to discover the name of the table?
whatever' AND email IS NULL; --
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?
Gramm-Leach-Bliley Act
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?
brokers and competitors
Which of the following are considered threat actors?
elliptical curve and digital signature
Which of the following are considered to be common asymmetric cryptographic algorithms? (Choose al
man in the middle and replay attacks
Which of the following are considered to be interception attacks? (Choose all that apply.)
RSA
Which of the following asymmetric cryptography algorithms is most commonly used?
domain validation digital certificate
Which of the following certificates verifies the identity of the entity that has control over the domain name?
ISO, COBIT, RFC
Which of the following is a common security framework?
Online certification status protocol, certificate revocation list
Which of the following is a valid way to check the status of a certificate? (Choose all that apply.)
extended validation
Which of the following is an enhanced type of domain digital certificate?
nonce
Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session?
protect the public key
Which of the following is not one of the functions of a digital signature?
information security
Which term below is frequently used to describe the tasks of securing information that is in a digital format?
smurf attack
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?
sponge
Which type of cryptographic algorithm takes an input string of any length, and returns a string of any requested variable length?
diversity, simplicity, layering
fundamental security principle?
HMAC
hat type of message authentication code uses hashing to authenticate the sender by using both a hash function and a secret cryptographic key?
160
he SHA-1 hashing algorithm creates a digest that is how many bits in length?
public key cryptography
what alternative term can be used to describe asymmetric cryptographic algorithms?
advanced persistent threat
what class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period?
