IST 220 Exam 4

Which phase of the plan-protect-respond cycle takes the most amount of time and effort?
A. Plan
B. Protect
C. Respond
D. The phases require about equal amounts of effort

B

Balancing threats against protection costs is called:
A. Risk analysis
B. Economic justification
C. Comprehensive security
D. The Illusion of Cost

A

Attackers only need to find a single weakness to break in. Consequently, companies must:
A. Have insurance
B. Only give minimum permissions
C. Have comprehensive security
D. Do risk analysis

C

Vulnerabilities are occasionally found in even the best security products. Consequently, companies must:
A. Have defense in depth
B. Only give minimum permissions
C. Have comprehensive security
D. Do risk analysis

A

A central firewall management program that pushes changes to firewalls is:
A. A single point of takeover
B. A weakest link
C. Defense in depth
D. Risk analysis thinking

A

A user is allowed to edit files in a particular directory. This is an example of:
A. Authorizations
B. Defense in depth
C. Network segregation
D. Authentication

A

If someone has been properly authenticated, they should receive:
A. All
B. Maximum
C. No
D. Minimum

D

It is most desirable to do access control based on:
A. Individuals
B. Standard authorizations
C. A three-headed dog named Fluffy
D. Roles

D

A policy specifies:
A. Both of these
B. What should be done
C. Neither of these
D. How to do it

B

Policies are separated from implementation to take advantage of:
A. Implementer knowledge
B. The delegation of work principle
C. Minimum permissions
D. Segregation of duties

B

Attacking your own firm occurs in:
A. Vulnerability testing
B. Neither of these
C. War driving
D. Both of these

A

Compliance with ________ is mandatory.
A. Guidelines
B. Neither of these
C. Standards
D. Both of these

C

Major incidents are handled by the:
A. On-duty staff
B. Outside consultant
C. CSIRT
D. FBI

C

The general term for evil software is:
A. All of these
B. Malware
C. Virus
D. Worm

B

________ is the general name for a security flaw in a program.
A. A virus
B. A security fault
C. A vulnerability
D. Malware

C

Users typically can eliminate a vulnerability in one of their programs by:
A. Using an antivirus program
B. Both installing a patch and using an antivirus program
C. Neither installing a patch nor using an antivirus program
D. Installing a patch

D

Vulnerability-based attacks that occur before a patch is available are called ________ attacks.
A. Malware
B. Indefensible
C. Zero-day
D. Stealth

C

What kind of attack is most likely to succeed against a system with no technological vulnerabilities?
A. Malware
B. Neither malware nor social engineering
C. Both malware and social engineering
D. Social engineering

D

A spear phishing attack is usually aimed at:
A. A group
B. An individual
C. Everyone
D. All of these

B

Which of the following attach themselves to other programs?
A. Viruses
B. Both viruses and worms
C. Worms
D. Neither viruses nor worms

A

Which of the following sometimes uses direct propagation between computers?
A. Worms
B. Downloaders
C. Viruses
D. Trojan horses

A

Malware programs that masquerade as system files are called:
A. Trojan horses
B. Viruses
C. Scripts
D. Root malware

A

Pieces of code that are executed after the virus or worm has spread are called:
A. Vulnerabilities
B. Compromises
C. Payloads
D. Exploits

C

In a ________ attack, the attacker encrypts some or all of the victim's hard drive.
A. Virus
B. Ransom
C. DoS
D. Lock

B

________ is a program that can capture passwords as you enter them.
A. Neither a keystroke logger nor data mining software
B. Both a keystroke logger and data mining software
C. Data mining software
D. A keystroke logger

D

In which type of attack does the attacker gather extensive sensitive personal information about its victim?
A. Identity theft
B. Neither identity theft nor credit card number theft
C. Both identity theft and credit card number theft
D. Credit card number theft

A

Which of the following meets the definition of hacking?
A. Neither unauthorized use nor unauthorized purpose
B. Both unauthorized use and unauthorized purpose
C. Unauthorized use
D. Unauthorized purpose

B

DoS attacks attempt to:
A. Steal information from a computer
B. Reduce the availability of a computer
C. Delete files on a computer
D. Hack a computer

B

In a DDoS attack, a ________ sends messages directly to the victim.
A. Botmaster
B. Bot
C. Command and control server
D. All of these

B

________ attacks typically extend over a period of months.
A. APT
B. Malware
C. Spear phishing
D. DDoS

A

What type of attacker are most attackers today?
A. Hackers motivated by a sense of power
B. Cyberterrorists
C. Disgruntled employees and ex-employees
D. Career criminals

D

________ attackers are often well-funded.
A. Disgruntled employee
B. Both disgruntled employee and cybercriminal
C. Neither disgruntled employee nor cybercriminal
D. Cybercriminal

D

Who are the most dangerous types of employees?
A. Manufacturing employees
B. IT security employees
C. Financial employees
D. Former employees

B

Using encryption, you make it impossible for attackers to read your messages even if they intercept them. This is:
A. Neither authentication nor confidentiality
B. Authentication
C. Confidentiality
D. Both authentication and confidentiality

C

A specific encryption method is called a:
A. Schema
B. Key method
C. Code
D. Cipher

D

In encryption, what must be kept secret?
A. Both the cipher and the key
B. The key
C. The cipher
D. Neither the cipher nor the key

B

A type of encryption that requires separate keys for encryption and decryption:
A. None of these
B. Symmetric key encryption
C. Substitution ciphers
D. Asymmetric key encryption

D

In public key encryption, if Bob wants to send Alice a message only she could read, which key should he use?
A. Alice's private key
B. His private key
C. Alice's public key
D. His public key

C

In most encryption, keys must be at least ________ long to be considered safe.
A. 1,280 bits
B. 1,280 bytes
C. 128 bytes
D. 128 bits

D

Electronic signatures provide message-by-message ________.
A. Neither authentication nor confidentiality
B. Authentication
C. Confidentiality
D. Both authentication and confidentiality

B

Secured packets typically receive ________.
A. Message integrity
B. All of these
C. Confidentiality
D. Authentication

B

SSL/TLS is used for ________.
A. Both Web applications and almost all applications
B. Web applications
C. Almost all applications
D. Neither Web applications nor almost all applications

B

In authentication, the ________ is the party trying to prove his or her identity.
A. True party
B. Supplicant
C. All of these
D. Verifier

B

In authentication, ________ are the general name for proofs of identity.
A. Authorizations
B. All of these
C. Credentials
D. Digital certificates

C

The supplicant claims to be ________.
A. An impostor
B. The true party
C. Either the true party or an impostor
D. Neither the true party nor an impostor

B

Authentication should generally be ________.
A. Different for every different resource
B. The same for all resources
C. Appropriate for a specific resource
D. As strong as possible

C

Traditionally, we have told users that passwords ________.
A. Both should have a mix of characters and should be written down so you remember
B. Neither should have a mix of characters nor should be written down so you remember
C. Should have a mix of characters
D. Should be written down so you remember

C

According to NIST, what is now recommended for reusable passwords?
A. That passwords be really long phrases instead of being only 8–12 characters long
B. Neither that passwords be easy to remember nor that they be long phrases
C. That passwords be easy to remember
D. Both that passwords be easy to remember and that they be long phrases

D

For sensitive assets, reusable passwords ________.
A. Should not be used
B. Should contain a truly complex mixture of characters
C. Should be especially long
D. Should be difficult to remember

A

Using bodily measurements for authentication is ________.
A. Mandatory for good security
B. Illegal
C. Biometrics
D. All of these

C

Iris scanning is attractive because of its ________.
A. Precision
B. Both low cost and precision
C. Low cost
D. Neither low cost nor precision

A

Facial recognition is controversial because ________.
A. It can be fooled very easily
B. Neither it can be fooled very easily nor it can be used surreptitiously
C. It can be used surreptitiously
D. Both it can be fooled very easily and it can be used surreptitiously

C

In digital certificate authentication, the supplicant encrypts the challenge message with ________.
A. The true party’s private key
B. The verifier’s private key
C. The supplicant’s private key
D. None of these

C

In digital certificate authentication, the verifier decrypts the challenge message with ________.
A. The true party’s private key
B. The true party’s public key
C. The supplicant’s private key
D. The supplicant’s public key

B

In digital certificate authentication, the verifier gets the key it needs directly from the ________.
A. Verifier
B. Certificate authority
C. True party
D. Supplicant

B

A debit card is secure because it requires two credentials for authentication–the card itself and a PIN. This is called ________.
A. Redundancy
B. Two-factor authentication
C. Segmentation
D. None of these

B

A firewall will drop a packet if it ________.
A. Neither is a definite attack packet nor is a highly probable attack packet
B. Is a definite attack packet
C. Both is a definite attack packet and is a highly probable attack packet
D. Is a highly probable attack packet

B

Stateful packet inspection firewalls are attractive because of their ________.
A. Neither low cost nor ability to base rules on specific application programs
B. Low cost for a given traffic volume
C. Ability to base rules on specific application programs
D. Both low cost for a given traffic volume and ability to base rules on specific application programs

B

When a packet that is part of an ongoing connection arrives at a stateful inspection firewall, the firewall usually ________.
A. Passes the packet, but notifies an administrator
B. Passes the packet
C. Drops the packet and notifies an administrator
D. Drops the packet

B

When a packet that is not part of an ongoing connection and that does not attempt to open a connection arrives at a stateful inspection firewall, the firewall ________.
A. Does not approve the connection
B. Drops the packet
C. Passes the packet
D. Opens a new connection

B

________ is the dominant firewall filtering method used on main border firewalls today.
A. Application content filtering
B. Stateful packet inspection
C. NGFW
D. ACL filtering

B

In SPI firewalls, ACLs are used for packets in the ________ state.
A. Neither connection-opening nor ongoing communication
B. Ongoing communication
C. Both connection-opening and ongoing communication
D. Connection-opening

D

In an SPI firewall, all rules except the last will permit the connection. The last will ________.
A. Either also permit the connection or deny the connection
B. Also permit the connection
C. Deny the connection
D. None of these

C

SPI firewalls are being replaced in large part because they are limited in their ability to detect ________.
A. Piggybacking
B. NAT
C. None of these
D. Port spoofing

D

Which type of firewall filtering collects streams of packets to analyze them as a group?
A. Neither SPI nor NGFW
B. SPI
C. NGFW
D. Both SPI and NGFW

C

Which type of firewall filtering looks at application-layer content?
A. Stateful packet inspection
B. NGFW
C. Both stateful packet inspection and NGFW
D. Neither stateful packet inspection nor NGFW

B

Which type of firewall is more expensive per packet handled?
A. Both SPI and NGFW
B. NGFW
C. Neither SPI nor NGFW
D. SPI

B

If a packet is highly suspicious but NOT a provable attack packet, which device will drop it?
A. Router
B. IDS
C. SPI firewall
D. None of these

D

Which of the following is the most frustrating to use?
A. IDSs
B. NGFW firewalls
C. SPI firewalls
D. Opaque filtering

A

Antivirus programs are designed to detect ________.
A. Worms
B. Viruses
C. Both viruses and worms
D. Neither viruses nor worms

C

In antivirus filtering, the best ways to filter currently use ________.
A. Behavioral detection
B. Signature detection
C. Stateful inspection
D. Application awareness

A

When a user attempts to plug into an Ethernet switch protected by 802.1X, ________.
A. The user will be required to authenticate himself or herself
B. The switch port will freeze
C. The switch will freeze
D. None of these

A

ARP cache poisoning is ________.
A. A man-in-the-middle attack
B. A DoS attack
C. A DDoS attack
D. An illegal login attack

A

If a drive-by hacker succeeds in connecting to an internal access point, the network traffic is ________.
A. Still protected by encryption
B. Still protected by a firewall
C. Both still protected by a firewall and still protected by encryption
D. Neither still protected by a firewall nor still protected by encryption

D

In 802.11i, protection is provided between the client and the ________.
A. Access point
B. Switch
C. Server
D. Router

A

The Wi-Fi Alliance calls 802.11i ________.
A. None of these
B. WPA
C. WEP
D. WPA2

D

Among the various 802.11 security protocols, which one is considered the strongest?
A. WPA
B. WEP
C. 802.11i
D. 802.11s

C

802.11i PSK initial authentication mode was created for ________.
A. Residences with a single access point
B. Corporations with multiple access points
C. Corporations with less than eight access points
D. Residences with less than eight access points

A

802.11i 802.1X initial authentication mode was created for ________.
A. Residences with less than eight access points
B. Residences with a single access point
C. Corporations with less than eight access points
D. Corporations with multiple access points

D

Communication after authentication is protected most strongly if the ________ initial authentication is used.
A. It does not matter which initial authentication mode is used
B. 802.1X
C. PSK
D. WPA

A

In 802.11i ________, hosts must know a shared initial key.
A. Both 802.1X initial authentication mode and PSK initial authentication mode
B. Neither 802.1X initial authentication mode nor PSK initial authentication mode
C. PSK initial authentication mode
D. 802.1X initial authentication mode

C

After two wireless clients authenticate themselves via PSK to an access point, they will use ________ to communicate with the access point.
A. Different pairwise session keys
B. WPA keys
C. An 802.1X key
D. The preshared key

A

Which of the following is a risk in 802.11i PSK mode?
A. A weak passphrase may be selected.
B. Unauthorized sharing of the pre-shared key.
C. Neither Unauthorized sharing of the pre-shared key nor A weak passphrase may be selected
D. Both Unauthorized sharing of the pre-shared key and A weak passphrase may be selected

D

In 802.11i PSK mode, the pass phrase should be at least ________ characters long.
A. 12
B. 8
C. 128
D. 20

D

During the initial authentication process of a wireless connection in 802.1X mode, the authenticator is the ________.
A. None of these
B. Authentication server
C. Wireless access point
D. Wireless client

C

A ________ is an unauthorized internal access point.
A. Binky
B. None of these
C. Shadow
D. Rogue

D

An evil twin access point is usually ________.
A. A database
B. A calculator
C. A laptop computer
D. A spreadsheet

C

If a company uses 802.11i for its core security protocol, an evil twin access point will set up ________ 802.11i connection(s).
A. None of these
B. Two
C. Four
D. One

B

Which of the following secures communication between the wireless computer and the server it wishes to use against evil twin attacks?
A. VPNs
B. 802.1X mode
C. None of these
D. VLANs

A

Which of the following layer(s) are protected using IPSec?
A. Application
B. Data link
C. Both data link and application
D. Neither data link nor application

D

Which of the following is more widely used?
A. Both are about equally widely used.
B. AH
C. ESP

C

Which protects more of the original IP packet?
A. Tunnel mode
B. Transport mode
C. Both provide the same protection to the IP packet

A

IPsec is used for ________ VPNs.
A. Site-to-site
B. Neither remote-access nor site-to-site
C. Both remote-access and site-to-site
D. Remote-access

C

In transport mode, ESP fields surround an IPv4 packet's ________.
A. Data field
B. None of these
C. Entire length
D. Header

A

In tunnel mode, ESP fields surround an IPv4 packet's ________.
A. Entire length
B. Data field
C. Header
D. None of thes

A

In IPsec, agreements about how security will be done are called ________.
A. Tranches
B. Service-level agreements
C. Security contracts
D. Security associations

D

The first stage of IPsec that creates a security association, uses the ________ protocol.
A. SSL/TLS
B. IKE
C. SHA
D. AES

B

SAs in two directions ________.
A. Are always different
B. Can be different
C. Are always the same

B

Which has stronger security?
A. IPsec
B. SSL/TLS
C. Both have about equal security

A

Which is less expensive to implement?
A. IPsec
B. Both cost about the same to implement
C. SSL/TLS

C