E5 Security

Question 1

Why are weak passwords a significant problem in networks?

Answer 1

Because hackers can get in and cause troubles

Question 2

List three true measures of password quality.

Answer 2

Is it easy for you to remember? Is it difficult to guess? Is it difficult for others to remember?

Question 3

What is a dictionary attack?

Answer 3

It is using a long list of likely passwords in hope of finding one that works

Question 4

List two types of bad passwords.

Answer 4

(a) anything short, (b) anything in a dictionary

Question 5

What do I recommend for a password?

Answer 5

Initials of a familiar phrase

Question 6

What is a high-value password?

Answer 6

A password to protect a high-value asset.

Question 7

What is a low-value password?

Answer 7

A password to protect a low-value asset

Question 8

Does it matter if a low-value password is easy to guess?

Answer 8

Not much

Question 9

List four ways to prove identity.

Answer 9

What you have. What you know. What you are. What you can do.

Question 10

What is multi-factor authentication?

Answer 10

Several UNRELATED factors must be presented.

Question 11

What is single sign-on?

Answer 11

You authenticate once and then receive credentials that are (a) used on related website (b) in place of authenticating again.

Question 12

What is a hacker?

Answer 12

Someone that goes beyond the routine ways of using a tool.

Question 13

Is hacking bad?

Answer 13

no

Question 14

What does black hat mean?

Answer 14

It means a bad-guy hacker

Question 15

What does white hat mean?

Answer 15

It means the good-guy (ethical) hacker

Question 16

What is pen testing?

Answer 16

penetration testing

Question 17

What are symmetric keys?

Answer 17

Encryption keys that cancel each other out are symmetric.

Question 18

What does rot13 stand for?

Answer 18

rotate thirteen

Question 19

How does rot13 work?

Answer 19

Each letter is replaced by the one 13 places away.

Question 20

Who knows Alice’s public key?

Answer 20

everybody

Question 21

Who knows Alice’s private key?

Answer 21

alice

Question 22

How do you send a private message to Bob?

Answer 22

Encrypt it with Bob’s public key.

Question 23

What is the purpose of encrypting a message?

Answer 23

Prevent others from understanding it.

Question 24

What is the purpose of signing a message?

Answer 24

Prove authorship.

Question 25

How do you sign a message?

Answer 25

Encrypt it with your private key.

Question 26

How does signing prove authorship?

Answer 26

Only with the person with a private key could have encrypted it. They must be the source.

Question 27

How can Bob send a private, authenticated message to Alice?

Answer 27

First, encrypt it with Bob’s private key to prove authorship. Second, encrypt the result with Alice’s public key to provide privacy.

Question 28

Why are public-key systems special?

Answer 28

They let us create a shared secret between parties that did not already know each other.

Question 29

Why is RSA special?

Answer 29

It easily creates good public key.

Question 30

What is a prime number?

Answer 30

A number with no proper factors.

Question 31

Why are prime numbers used in encryption?

Answer 31

It is easy to multiply two large prime numbers, but it is difficult to find the original numbers.

Question 32

What does the RSA private key consist of?

Answer 32

Two large prime numbers are chosen.They are the private key

Question 33

What does the RSA public key consist of?

Answer 33

The large number of the private key are multiplied together. The result is the public key

Question 34

If RSA is so great, why are other things used?

Answer 34

other things are faster

Question 35

Is http considered to be secure? Why?

Answer 35

No. Traffic (data) is not encrypted.

Question 36

Is https considered to be secure? Why?

Answer 36

Yes. Traffic (data) is encrypted.

Question 37

What does SSL stand for?

Answer 37

secure socket layers

Question 38

What does TLS stand for?

Answer 38

transport layer security

Question 39

How does SSL protect confidentiality of a TCP connection?

Answer 39

Traffic is encrypted to hide its meaning

Question 40

What is an Outside Threat?

Answer 40

A threat by a machine outside your LAN

Question 41

What is a botnet?

Answer 41

A network of computers comtrolled by a hacker, usually without the knowledge of their real owners.

Question 42

For what two things are botnets commonly used?

Answer 42

Sending spam, Doing attacks

Question 43

What does DDOS stand for?

Answer 43

distributed denial of service

Question 44

What is a zombie?

Answer 44

a computer that is part of a botnet.

Question 45

What does PWN stand for?

Answer 45

own

Question 46

What is an Inside Threat?

Answer 46

A threat by a machine inside your LAN

Question 47

What two things does server mean?

Answer 47

A program that provides service, a computer where such a program runs.

Question 48

How can firewalls mitigate network attacks against servers?

Answer 48

They can control the number of incoming requests based on IP address.

Question 49

How can firewalls mitigate network attacks against clients?

Answer 49

They can prevent all uninvited access from outside the LAN.

Question 50

What does DMZ stand for?

Answer 50

demilitarized zone

Question 51

What service does DMZ provide?

Answer 51

It directs unexpected network traffic on all ports to one designated machine.

Question 52

What service does port forwarding provide?

Answer 52

It directs unexpected network traffic on a few ports to a designated machine.

Question 53

How can sharing your Wi-Fi be dangerous?

Answer 53

Bad people might get directly into your LAN. This bypasses your main Firewall.