Final Exam Flashcards

1
Q

Firewalls can stop hackers from breaking into your system

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Firewalls can stop internet traffic that appears to be from a legitimate source

A

false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Firewalls can stop viruses and worms that spread through the internet

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Firewalls can stop spyware being put on your system

A

false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Firewalls can stop viruses and worms that are spread through email

A

false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Lists the types of traffic authorized to pass through the firewall

A

Firewall access policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

________ is developed from the organization’s information security risk assessment and policy, and a broad specification of which traffic types the organization needs to support

A

Firewall access policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Firewalls cannot protect when

____ or ____

A

Traffic that does not cross it (routing around, internal traffic)

when misconfigured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Malware can disable:
A) Software Firewalls
B) Hardware Firewalls
C) Antivirus checkers

A

A & C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Firewalls can stop/control
A) Pings
B) Packet sniffing
C) Outbound network traffic

A

A & C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This type of firewall filtering makes decisions on a packet-by-packet basis

A

Packet Filtering (no state information is saved)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

________ is the simplest and most efficient type of firewall filtering

A

Packet Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are packet filtering rules based on?

A

Information contained in the network packet

  • Source IP
  • Destination IP
  • Source & Dest transport level address
  • IP protocol field
  • interface
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the 2 default policies of firewall packet filtering?

A

Discard (prohibit unless explicitly allowed)

Forward (permit unless explicitly forbidden) -> easier to manage, but less secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the advantages of a Packet Filtering firewall?

A
  • Simplicity

* Typically transparent to users and very fast

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the disadvantages of a Packet Filtering firewall?

A
  • Cannot protect against attacks that use application specific vulnerabilities
  • Limited logging functionality
  • Vulnerable to attacks and exploits that take advantage of TCP/IP
  • Susceptible to security breaches caused by improper configuration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Packet filtering countermeasure:

_____ discard packets with an inside source address if the packet arrives on an external interface

A

IP Address spoofing countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Packet filtering countermeasure:

____ discard all packets in which the source destination specifies the route

A

Source routing attacks countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Packet filtering countermeasure:

_____ enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header

A

Tiny fragment attack countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Packet Filtering

In order for a fragmented packet to be successfully reassembled at the destination, each fragment must obey the following rules:

A) Must not share a common fragment identification number

B) Each fragment must say what place or offset is in the original unfragmented packet

C) Each fragment must tell the length of the data carried in the fragment

D) The fragment does not need to know whether more fragments follow this one

A

B & C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

a _______ firewall uses a connection state table

A

stateful inspection firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

______ acts as a relay of application level traffic (basically a man or system in the middle)

A

Application-level gateway (or application proxy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Application level gateways tend to be more secure than packet filters

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Application level gateways may restrict application features supported

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
An Application level gateway can generically filter traffic for any application
False; must have proxy code for specific applications
26
A packet filtering firewall is typically configured to filter packets going in both directions
true
27
A prime disadvantage of an application-level gateway is the additional processing overhead on each connection
true
28
A packet filtering firewall can decide if the current packet is allowed based on another packet it has just examined
false
29
A stateful inspection firewall needs to keep track of information of an active connection in order to decide on the current packet
true
30
A _______ serves as a platform for an application-level gateway, and is a system identified as a critical strong point in the network's securty
bastion host
31
__________ firewalls are used to secure an individual host
host based firewalls
32
The primary role of a personal firewall is to ___________
deny unauthorized remote access
33
______ hides the system from the internet by dropping unsolicited communication packets
stealth mode
34
A company has a conventional firewall in place on its network. Which (if any) of these situations requires an additional personal firewall: A) An employee uses a laptop on the company network and at home B) An employee uses a desktop on the company network to access websites worldwide C) A remote employee uses a desktop to create a VPN on the company's secure network D) None of the above, in each case the employee's computer is protected by the company firewall
A & C
35
Typically the systems in the _____ require or foster external connectivity such as the corporate web site, an e-mail server, or a DNS server A) DMZ B) IP protocol field C) boundary firewall D) VPN
A) DMZ
36
A _______ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control A) packet filtering firewall B) distributed firewall C) Boundary firewall D) VPN
B) distributed firewall
37
Technology and other safeguards for cyber security are largely defensive in nature. The only way they can impact a threat source is by increasing the work factor for an attacker. Can laws be used to reduce the magnitude of threats? A) YES, laws can provide criminal sanctions agains those who commit cyber crime B) NO, cyber crime has increased even as new laws have been put in place
A) YES P3L3
38
Cyber crime is a big problem. According to a recent report, what is an estimate of the cost of cybercrime for the United States? A) 10 billion dollars B) over 100 billion dollars
B) Over 100 billion dollars P3L3
39
The Computer Fraud and Abuse Act (CFAA) was used to prosecute the creator of the Melissa virus and he was sentenced in a federal prison and fined by using its provisions. What abuse was perpetrated by the Virus? A) Data stored on computers was destroyed B) Denial of service attacks that made computers unusable
B) Denial of service attacks that make computers unusable P3L3
40
Several people have argued about the overly general and vague language of the CFAA. For example, how exactly is unauthorized access defined? In one case, a company sued its competitor because the competitor's employees create a trial subscription and downloaded data that was available to its subscribers. Do you think this is a violation of unauthorized access? A) No, because the data was publicly available B) Yes, because it potentially can cause financial loss to the company that sued its competition
A) No, because the data was publicly available P3L3
41
The DCMA includes exclusions for researchers, but companies have threatened to sue researchers who wanted to publish work related to circumvention of anti-piracy technologies. Which of these is an example of such a threat under the DCMA: A) Prof. Ed Felten's research on audio watermarking removal by RIAA B) A research project done by MIT students that found vulnerabilities in the MBTA
A) Prof. Ed Felten's research on audio watermarking removal by RIAA P3L3
42
By mistake, a friend sends sensitive health data in an email to you (wrong attachment). You should not read the information in the attached document because: A) Professional code of ethics requires you to respect the privacy of others B) You can be liable under CFAA
A) Professional code of ethics requires you to respect privacy of others P3L3
43
US_CERT follows a responsible disclosure process for vulnerabilities reported to it. Such a process must: A) Make vulnerability information available to everyone who may be affected by it immediately B) Provide a certain period of time for the vendor of the vulnerable system to develop a patch
B) Provide a certain period of time for the vendor of the vulnerable system to develop a patch
44
A 2015 Pew survey of American adults' attitudes about privacy. What percentage feel that it is important that they be able to control who gets information about them A) 50% B) 25% C) 90%
C) 90% P3L3
45
In 2014, the European Court of Justice ruled that EU citizens have the "right to be forgotten" on the internet. For example, Google must not return links to information that can be shown to be "inaccurate, inadequate, irrelevant, or excessive". Which one of the following is an example of information that Google decided not to return as a search result to meet the ECJ ruling? A) Story about criminal conviction that was quashed on appeal B) A doctor requesting removal of links to newspaper stories about botched procedures performed by him
A) Story about criminal conviction that was quashed on appeal P3L3
46
The Electronic Frontier Foundation (EFF) ranks websites with privacy scores based on how they deal with issues related to privacy. It gate AT&T one of the lowest scores (1 out of 5 scores). What explains this low score? A) Does not disclose data retention policies B) Does not use industry best-practices C) Does not tell users about government data demands
A) does not disclose data retention policies and C) Does not tell users about government data demands P3L3
47
Does Google's privacy policy disclose data retention policy?
No P3L3
48
Poor privacy is good for bad guys because they can use information about you to craft: A) targeted phishing attacks B) Gain access to your online accounts
A & B P3L3
49
The FTC charged Fandango, the online move ticket purchasing company, for not protecting user privacy. This action was taken because Fandango: A) Shared user data without informing users B) Did not secure user data
B) did not secure user data P3L3
50
If a company tracks your activities based on your machine's IP address, on possible defense against it is to: A) Disable cookies B) Use Tor
B) Use Tor P3L3
51
Cyber security planning and management in an enterprise must define allowed computer and network use by employees. Georgia Tech's computer and network use policy strives to do this for students, faculty, and staff. What is required by this policy A) Georgia tech passwords should be changed periodically B) A compromise of a computer should be reported to someone responsible for cyber security at Georgia Tech C) Georgia Tech computers cannot be used to download illegal content (e.g. child porm)
A) Georgia tech passwords should be changed periodically B) A compromise of a computer should be reported to someone responsible for cyber security at Georgia Tech C) Georgia Tech computers cannot be used to download illegal content (e.g. child porm) P3L1
52
A botnet operator compromises a number of computers in a company. The malware executed by the bots only sends large amounts of spam email but does not exfiltrate sensitive data or interfere with legitimate activities. What is the appropriate action: A) The company should detect and prevent abuse of its resources by unauthorized parties B) Since it poses no risk to company's sensitive data or normal ops it can be ignored
A) the company should detect and prevent abuse of its resources by unauthorized parties P3L1
53
A news story in 2014 reported that an inspector general's report gave the VA a failing grade for the 16th straight year. The CIO of VA discussed a number of challenges that could explain this grade. What are some possible reasons? A) The need to manage cyber security for over a million devices, each running many services B) lack of sense of urgency in fixing cyber vulnerabilities C) Choosing to support key functions even when this could introduce vulnerabilities
A) the need to manage cyber security for over a million devices, each running many services and C) Choosing to support key functions even when this could introduce vulnerabilities P3L1
54
Chief Information Security Officer (CISO) is the executive who is responsible for information security in a company. Did target, the major retailer, have a CISO when it suffered the serious breach?
No. P3L1
55
Does Georgia Tech's computer and network use policy prohibit personal use of university resources?
No. P3L1
56
GATech systems store student data such as grades. The Institute must protect such data due to: A) Regulatory reasons (FERPA) B) Because the data is sensitive it can only be disclosed to the student and his/her family
A) Regulatory reasons (FERPA) P3L1
57
Anthem suffered a breach in 2015. Based on an analysis of its response to the breach, did Anthem respond well?
Yes. P3L1
58
A company stores sensitive customer data. The impact of a breach of such data must include: A) Cost of purchasing identity theft protection for customers B) Loss of business due to reduced customer confidence C) Compensation for new cyber security personnel the company hires to better manage cyber security in the future
A) Cost of purchasing identity theft protection for customers and B) loss of business due to reduced customer confidence P3L1
59
A company is considering 2 possible IDS solutions to reduce its exposure to attacks on its network. The first one costs $100K and reduces risk exposure by $150K. The second costs $250K but reduces exposure by $500K. Which would you recommend?
The more expensive one. P3L1
60
Risk leverage =
(Risk exposure without control - Risk exposure with control)/ cost of control P3L1
61
Cyber insurance is not very popular. Based on a 2014 survey, what percentage of customers of major insurance brokers were interested in buying cyber insurance? A) Less than 25% B) over 50%
A) less than 25% P3L1
62
Are cyber security budgets increasing as the number of reported incidents increase?
No. P3L1
63
An example of a proactive security measure is: A) Making sure the company complies with all regulatory requirements B) Chief risk officer (CRO) of the company addressing cyber risk regularly at highest level (eg board) when other risks are discussed
B) Chief risk officer addressing the board P3L1
64
Cookies are created by ads that run on websites
true P3L2
65
Cookies are created by websites a user is visiting
true P3L2
66
Cookies are compiles pieces of code
false P3L2
67
Cookies can be used as a form of virus
false P3L2
68
Cookies can be used as a form of spyware
true P3L2
69
A web browser can be attacked by any website that it visits
true P3L2
70
Even if a browser of compromised, the rest of the computer is still secure
false P3L2
71
Web servers can be compromised because of exploits on web applications
true P3L2
72
When a user's browser visits a compromised or malicious site, a malicious script is returned
true P3L2
73
To prevent XSS, any user input must be checked and preprocessed before it is used
true P3L2
74
Checking the HTTP referrer header to see if the request comes from an authorized page can protect against XSRF
true P3L2
75
Using a synchronizer token pattern where a token for each request is embedded by the web application in all HTML forms and verified on the server side can protect agains XSRF
true P3L2
76
Logging off immediately after using a web application can protect against XSRF
true P3L2
77
Not allowing the browser to save username/password and not allowing web sites to remember user login can protect against XSRF
true P3L2
78
Not using the same browser to access sensitive web sites and to surf the web freely can protect against XSRF
true P3L2
79
________ is the better way to prevent SQL injection
Whitelisting to allow only well-defined set of safe values P3L2
80
Eavesdropping is a security threat to WiFi security
true P2 L11
81
Injecting bogus messages is a threat to WiFi security
true P2 L11
82
Replaying previously recorded messages is a threat to WiFi security
true P2 L11
83
Illegitimate access to the network and its services is a threat to WiFi securty
true P2 L11
84
Denial-of-service is a threat to Wifi security
true P2 L11
85
What are the security threats to WiFi?
``` Eavesdropping injecting bogus messages replaying previously recorded messages illegitimate access to the network and its services denial of service ``` P2 L11
86
_____ is the security standard that should be used for WiFi
WPA2 P2 L11
87
What are the 3 operating systems with the most vulnerabilities in 2014?
Apple Mac OS X Apple iOS Linux Kernel
88
In iOS, all cryptographic keys are stored in flash memory
false P2 L11
89
in iOS, trusted boot can verify the kernel before it is run
true P2 L11
90
in iOS, all files of an app are encrypted using the same key
false P2 L11
91
How were researches able to bypass Apple's App Store security in 2013?
Uploaded an app that morphed into malware after it passed the review process. P2 L11
92
What weakness were exploited by researchers in the Apple apps security in 2015?
The malware was uploadable to the Apple Apps store The malware was able to bypass Sandbox security The malware was able to hijack browser extensions and collect passwords P2 L11
93
in iOS, each app runs in a sandbox and has its own home directory for its files
true P2 L11
94
All iOS apps must be reviewed and approved by Apple
true P2 L11
95
iOS apps can be self-signed by app developers
false P2 L11
96
Android apps can be self-signed
true P2 L11
97
Android apps can have more powerful permissions than iOS apps
true P2 L11
98
IP spoofing is useful for ____________ communication
unidirectional P2 L10
99
IPsec can assure that ___________________
A router advertisement comes from an authorized router a routing update is not forged a redirect message comes from the router to which the initial packet was sent P2 L10
100
Encapsulated Security Payload (ESP) can be used in A) encryption only mode B) authentication only mode C) encryption and authentication mode
A, B, and C P2 L10
101
Encapsulated Security Payload (ESP) can provide both confidentiality and integrity protection
true P2 L10
102
If the authentication option of ESP is chosen, message integrity code is computed before encryption
false P2 L10
103
To protect the confidentiality and integrity of the whole original IP packet, we can use ESP with the authentication option in tunnel mode
true P2 L10
104
In Authentication Header, the integrity hash covers the IP header
true P2 L10
105
The security association, SA, specifies a two-way security arrangements between the sender and receiver
false P2 L10
106
Security Parameter Index (SPI) is used to help receiver identify the Security Association (SA) to unprocess the IPSec packet
true P2 L10
107
If the sequence number of the IPSec header is greater than the largest number of the current anti-reply window the packet is rejected
false P2 L10
108
If the sequence number in the IPSec header is smaller than the smallest umber of the current anti-replay window the packet is rejected
true P2 L10
109
The Diffie-Hellman key exchange is restricted to two party communication only
false P2 L10
110
An IKE SA needs to be established before IPSec SAs can be negotiated
true P2 L10
111
The identity of the responder and receiver and the messages they have exchanged need to be authenticated (authentication and key exchange)
true P2 L10
112
With perfect forward secrecy, the IPSec SA keys are based on the IKE shared secret established in phase I.
false P2 L10
113
Most browsers come equipped with SSL and most web servers have implemented the protocol
true P2 L10
114
Since TLS is for the transport later, it relies on IPSec, which is for the IP later
false P2 L10
115
In most applications of TLS or SSL, public keys are used for authentication and key exchange
true P2 L10
116
The challenge values used an an authentication protocol can be repeatedly used in multiple sessions
false P2 L9
117
The authentication messages can be captured and replayed by an adversary
true P2 L9
118
Authentication can be one-way, e.g. only authenticating Alice to Bob
true P2 L9
119
A reflection attack is a form of man-in-the-middle-attack
true P2 L9
120
To defeat a reflection attack, we can use an odd number as a challenge from the initiator and an even number from the responder
true P2 L9
121
We can use signing with public keys to achieve mutual authentication
true P2 L9
122
A session key should be a secret and unique to the session
true P2 L9
123
Authentication should be accomplished before the session key exchange
true P2 L9
124
A key benefit of using KDC (Key distribution center) is scalability
true P2 L9
125
In order to for Bob to verify Alice's public key, the certificate authority must be online
false (just need the CA's public key, which may be cached) P2 L9
126
Signing the message exchanges in Diffie-Helman eliminates the man-in-the-middle attack during session key exchange.
true P2 L9
127
Kerberos provides authentication and access control
true P2 L9
128
Kerberos distributes session keys
true P2 L9
129
To avoid over-exposure of a user's master key, Kerberos uses a per-day key and a ticket-granting-ticket
true P2 L9
130
The authenticators used in requests to KDC and application server can be omitted in Kerberos
false P2 L9
131
Access to any network resource requires a ticket issued by the KDC in Kerberos
true P2 L9
132
if the length of a hash is 128 bits, then how many messages does an attack need to search in order to find two that share the same hash?
2^64 (the square root of 2 to the 128th) P2 L8
133
The one-way has function is important not only in message authentication, but also in digital signatures
false (in digital signatures, the input plain-text is sent anyway) P2 L8
134
SHA processes the input one block at a time, but each block goes through the same processing
true P2 L8
135
HMAC is secure provided that the embedded hash function has good cryptographic strengths such as one-way and collision-resistance
true P2 L8
136
What is the additive inverse of 8 MOD 20
12 The number that when we add 8 to, 8 MOD 20 results in 0 P2 L7
137
what is the multiplicative inverse of 3 MOD 17
6 Given X, find Y such that X*Y MOD N = 1 P2 L7
138
if n=21, what is totient(n)
12 find relatively prime factors of n 21 = 3 * 7, (3-1)*(7-1) = 12 P2 L7
139
Use the totient technique to find c: c = 7^27 MOD 30
this is the same as 7 ^ (27 MOD totient(30)) totient(30) = totient(3) * totient(10) = 2 * (2-1)(5-1) = 2 * 4 = 8 27 MOD 8 = 3 7^3 (MOD 30) = 343 MOD 30 = 13 P2 L7
140
RSA Given p = 3 and q = 11 A) compute n B) compute totient(n) Assume e = 7 C) compute d D) what is the public key E) what is the private key
``` A) n = p*q = 33 B) totient(n) = (3-1)*(11-1) = 20 C) d = (e * d) MOD totient(n) = 1 = (7 * d) MOD 21 = 1; d = 3 D) (e, n) = (7, 33) E) (d, n) = (3, 33) ``` P2 L7
141
What is the RSA encryption formula for value X?
public key = (e, n) (X ** e) MOD n P2 L7
142
What is the RSA decryption formula for value X?
private key = (d, n) (X ** d) MOD n P2 L7
143
When implementing RSA, it is best to use: A) Your own custom software, to ensure a secure system B) use the standard libraries for RSA
B) P2 L7
144
In Diffie Helman, Alice and Bob agree to use prime q = 23 and primitive root alpha = 5 Alice choses secret A = 6, and Bob chooses secret B = 15. What number does Alice send Bob? What number does Bob send Alice?
Alice sends bob (5^6) mod 23 = 8 Bob sends Alice (5^15) mod 23 = 19 P2 L7
145
RSA is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n
true P2 L7
146
If someone invents a very efficient method to factor large integers, then RSA becomes insecure
true P2 L7
147
The Diffie-Helman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms
true P2 L7
148
The Diffie-Helman key exchange protocol is vulnerable to a man-in-the-middle attack because it does not authenticate the participants
true P2 L7
149
RSA and Diffie-Helman are the only public-key algoritms
false P2 L7
150
A block cipher should use substitution to achieve confusion
true P2 L6
151
A block cipher should user _______ to achieve diffusion
permutation P2 L6
152
a block cipher should use a few rounds, each with a combination of _________ and ____________
substitution, permutation P2 L6
153
Block cipher algorithms should be kept secret
false P2 L6
154
An S-box substitutes a ____ bit value with a ____ bit value
6 bit value with a 4 bit value using a predefined table P2 L6
155
To decrypt using DES, the same algorithm is used, but with per-round keys are used in the reverse order
true P2 L6
156
With triple-DES, the effective key length can be 56, 112, and 168
true P2 L6
157
Each round of DES contains both substitution and permutation operations
true P2 L6
158
The logics behind S-boxes are well-known and verified
false; they've been kept secret P2 L6
159
To decrypt using AES, just run the same algorithm in the same order of operations
false (algorithm is run in reverse) P2 L6
160
Each operation or stage in AES is reversible
true P2 L6
161
AES can support key length of ___, ___, ____
128, 192, 256 P2 L6
162
AES is much more efficient than Triple DES
true P2 L6
163
Which is more secure, CBC or ECB?
CBC P2 L6
164
We can protect both confidentiality and integrity protection with CBC by using just one key
false P2 L6
165
If the only form of attack that that could be made on an algorithm is brute-force, then the way to counter such attacks would be to ______________
use a longer key length P2 L5
166
What weaknesses can be exploited in the Vigenere cipher
It uses repeating key letters, The length of the key can be determined using frequency analysis P2 L5
167
Which of the following characteristics would improve password security? A) Use a one-way hash function B) Should not use the avalanche effect C) Should only check to see that the hash function output is the same as stored output
A) Use a one-way hash function C) should only check to see that the hash function output is the same stored output P2 L5
168
Attack: | A method to determine the encryption function by analyzing known phrases and their encryption
linear cryptanalysis P2 L5
169
Attack: | Analyzing the effect of changes in input on the encrypted output
differential cryptanalysis P2 L5
170
Attack: | Compare the cipher texts with its known plaintext
chosen-plaintext attacks P2 L5
171
Attack: | A method where a specific known plaintext is compared to its ciphertext
Known-plaintext attacks P2 L5
172
Asymmetric encryption is better for: A) provide confidentiality of a message B) securely distribute a session key C) scalability
B) securely distribute a session key C) scalability P2 L5
173
Symmetric encryption can only be used to provide confidentiality
false P2 L5
174
Public-key encryption can be used to create digital signatures
true P2 L5
175
Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained
false P2 L5
176
The secret key is input to the encryption algorithm
true P2 L5
177
_______ tries to stop intrusion from happening | Firewall or IDS
firewall P2 L4
178
_______ tries to evaluate an intrusion after it has happened | Firewall or IDS
IDS P2 L4
179
_______ watches for intrusions that start within the system | Firewall or IDS
IDS P2 L4
180
_______ limits access between networks to prevent intrusion
Firewall P2 L4
181
An intruder can also be referred to as a hacker or cracker
true P2 L4
182
Activists are either individuals or members of an organized crime group with a goal of financial reward
false P2 L4
183
Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion
true P2 L4
184
Those who hack into computer do so for the thrill of it or for status
false P2 L4
185
Intruders typically use steps from a common attack methodology
true P2 L4
186
This backdoor is hard to detect because it modifies machine code
Object code backdoors P2 L4
187
This backdoor can only be used by the person who created it, even if it is discovered by others
Asymmetric backdoors P2 L4
188
This backdoor inserts backdoors into other programs during compilation
Compiler backdoors P2 L4
189
The longer an anomaly detection system is in use, the more it learns about network activity
true P2 L4
190
If malicious activity looks like normal traffic to the anomaly detection system, it will not detect an attack
true P2 L4
191
False positives from an anomaly detection system can become a problem, normal usage can be mistaken for an attack
true P2 L4
192
With signature based detection, new threats can be detected immediately
false P2 L4
193
With signature based detection, when a new virus is identified, it must be added to the signature databases
true P2 L4
194
Signature-based detection systems can only detect an intrusion attempt if it matches a pattern that is in the database
true P2 L4
195
Which of the following could be considered an anomaly to a typical network A) An IP address B) A port address C) Packet length D) Flag setting
All of them P2 L4
196
with _________, any action that does not fit the normal behavior profile is considered an attack
statistical intrusion detection P2 L4
197
with _________, any action that is not classified as normal is considered to be an attack
knowledge based intrusion detection P2 L4
198
_______ anomaly detection detects attacks similar to past attacks
machine learning intrusion detection P2 L4
199
One of the weaknesses of anomalous intruder detection is that a system must learn what is normal behavior. WHile it is learning this, the network is vulnerable to attack. What can be done to mitigate this weakness?
use a firewall. P2 L4
200
In the thriving 0-day attack marketplace hackers sell information on software vulnerabilities. Can you guess some of the buyers? A) Apple B) Google C) Microsoft, D) U.S. Government
all P2 L4
201
with a(n) _______ attack, an attacker sends various kinds of packets to probe a system or network for vulnerability that can be exploited
scanning attack P2 L4
202
with a(n) _______ attack, the attack attempts to slow down or completely shut down a target so as to disrupt the service for legitimate users
DOS P2 L4
203
with a(n) _______ attack, an attacker gains unauthorized control of a system
penetration P2 L4
204
Can you think of a way to reduce the impact of excessive reporting on a system's administrator?
Prioritize the alerts P2 L4
205
Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified
true P2 L4
206
The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.
true P2 L4
207
Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior
false P2 L4
208
A network IDS sensor monitors a copy of network traffic, the actual traffic does not pass through the devices
true P2 L4
209
Network-based intrusion detection can make use of signature detection and anomaly detection
true P2 L4
210
When using sensors, which of the following is considered good practice? A) Set the IDS level to the highest sensitivity to detect every attack B) Monitor both outbound and inbound traffic C) Use a shared network resource to gather NIDS data D) NIDS sensors are not turnkey solutions, system administrators must interpret alerts
B) monitor both outbound and inbound traffic D) NIDS sensors are not turnkey solutions, system administrators must interpret alerts P2 L4
211
A common location for a NIDS sensor is just inside the external firewall
true P2 L4
212
A honeypot can be a workstation that a user uses for work
false P2 L4
213
There is no benefit of deploying a NIDS or honeypot outside of the firewall
false P2 L4
214
To improve detection performance, an IDS should reduce false alarm rate while detecting as many intrusions as possible
true P2 L4
215
to improve detection performance, an IDS should apply detection models at all unfiltered packet data directly.
false P2 L4
216
to improve detection performance, an IDS should apply detection models at processed event data that has higher base rate
true P2 L4
217
To defeat an IDS, attackers can send a huge amount of traffic
true P2 L4
218
To defeat an IDS, attackers can embed attack in packets which cause non-uniform processing by different operating systems, e.g. bad checksum, overlapping fragments
true P2 L4
219
To defeat an IDS, attackers can send traffic that purposely matches detection rules
true P2 L4
220
To defeat an IDS, attackers can send a packet that would trigger a buffer-overload in the IDS code
true P2 L4
221
The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function.
true
222
A firewall can serve as the platform for IPSec.
true
223
A packet filtering firewall is typically configured to filter packets going in both directions.
true
224
A prime disadvantage of an application-level gateway is the additional processing overhead on each connection.
true
225
A DMZ is one of the internal firewalls protecting the bulk of the enterprise network.
false
226
The _______ defines the transport protocol. A. destination IP address B. source IP address C. interface D. IP protocol field
D
227
A _________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.
circuit-level
228
Typically the systems in the ________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server.
DMZ
229
A _______ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.
Distributed firewall
230
The ________ attack is designed to circumvent filtering rules that depend on TCP header information.
tiny fragment
231
Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.
true
232
To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.
true
233
An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.
false
234
A common location for a NIDS sensor is just inside the external firewall.
true
235
Network-based intrusion detection makes use of signature detection and anomaly detection.
true
236
Symmetric encryption is used primarily to provide confidentiality.
true
237
Two of the most important applications of public-key encryption are digital signatures and key management.
true
238
The secret key is one of the inputs to a symmetric-key encryption algorithm.
true
239
The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.
true
240
Public-key algorithms are based on simple operations on bit patterns.
false
241
A _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.
host-based IDS
242
_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
Signature detection
243
_______ involves the collection of data relating to the behavior of legitimate users over a period of time.
Anomaly detection
244
A(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.
inline-sensor
245
The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.
analyzer
246
On average, ________ of all possible keys must be tried in order to achieve success with a brute-force attack.
half
247
If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to ________ .
use longer keys
248
________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.
message authentication
249
The purpose of a ________ is to produce a ?fingerprint? of a file, message, or other block of data.
hash function
250
A _________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.
digital signature
251
Symmetric encryption is also referred to as secret-key or single-key encryption.
true
252
The ciphertext-only attack is the easiest to defend against.
true
253
A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.
true
254
AES uses a Feistel structure.
false
255
Each block of 64 plaintext bits is encoded independently using the same key? is a description of the CBC mode of operation.
false
256
Timing attacks are only applicable to RSA.
false
257
Using PKCS (public-key cryptography standard), when RSA encrypts the same message twice, different ciphertexts will be produced.
true
258
The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms
true
259
A key exchange protocol is vulnerable to a man-in-the-middle attack if it does not authenticate the participants.
true
260
Just like RSA can be used for signature as well as encryption, Digital Signature Standard can also be used for encryption
false
261
In general, public key based encryption is much slower than symmetric key based encryption.
true
262
________ is the original message or data that is fed into the encryption process as input.
plaintext
263
Which of the following would allow an attack that to know the (plaintext of) current message must be the same as one previously transmitted because their ciphtertexts are the same? A. CBC B. ECB C. CFB D. OFB
B
264
________ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.
Key distribution technique
265
Which of the following feature can only be provided by public-key cryptography? A. Confidentiality protection B. Integrity protection C. Non-repudiation D. None of the above
C
266
Cryptographic systems are generically classified by _______. A. the type of operations used for transforming plaintext to ciphertext B. the number of keys used C. the way in which the plaintext is processed D. all of the above
D
267
________ attacks have several approaches, all equivalent in effort to factoring the product of two primes.
mathematical
268
________ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number.
timing attacks
269
_________ was the first published public-key algorithm.
Diffie-helman
270
The principal attraction of ________ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead.
ECC
271
SHA is perhaps the most widely used family of hash functions.
true
272
SHA-1 is considered to be very secure.
false
273
HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strengths.
true
274
The additive constant numbers used in SHA-512 are random-looking and are hardcoded in the algorithm.
true
275
The strong collision resistance property subsumes the weak collision resistance property.
true
276
Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES and AES.
true
277
A hash function such as SHA-1 was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key.
true
278
It is a good idea to use sequentially increasing numbers as challenges in security protocols.
false
279
Assuming that Alice and Bob have each other?s public key. In order to establish a shared session key, Alice just needs to generate a random k, encrypt k using Bob?s public key, and send the encrypted k to Bob and then Bob will know he has a key shared with Alice.
false
280
In security protocol, an obvious security risk is that of impersonation.
true
281
In Kerberos, the authentication server shares a unique secret key with each authorized computer on the network.
true
282
In Kerberos, each human user has a master key shared with the authentication server, and the key is usually derived from the user's password.
true
283
In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user?s master key.
true
284
Kerberos ticket-granting ticket is never expired.
false
285
Kerberos does not support inter-realm authentication.
false
286
SHA-1 produces a hash value of _______ bits.
160
287
Issued as RFC 2104, _______ has been chosen as the mandatory-to-implement MAC for IP Security.
HMAC
288
The DSS makes use of the _______ and presents a new digital signature technique, the Digital Signature Algorithm (DSA).
SHA-1
289
The purposes of a security protocol include: A. Authentication B. Key-exchange C. Negotiate crypto algorithms and parameters D. All the above
D
290
Which of the following scenario requires a security protocol: A. log in to mail.google.com B. connecting to work from home using a VPN C. Both A and B
C
291
In IPSec, packets can be protected using ESP or AH but not both at the same time.
false
292
In IPSec, if A uses DES for traffic from A to B, then B must also use DES for traffic from B to A.
false
293
In IPSec, the sequence number is used for preventing replay attacks.
true
294
Most browsers come equipped with SSL and most Web servers have implemented the protocol.
true
295
Even web searches have (often) been in HTTPS.
true
296
In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic.
true
297
Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes.
true
298
iOS has no vulnerability.
false
299
In iOS, each file is encrypted using a unique, per-file key.
true
300
In iOS, an app can run its own dynamic, run-time generated code.
false
301
The App Store review process can guarantee that no malicious iOS app is allowed into the store for download.
false
302
In iOS, each app runs in its own sandbox.
true
303
In Android, all apps have to be reviewed and signed by Google.
false
304
In Android, an app will never be able to get more permission than what the user has approved.
false
305
Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates).
false
306
The most complex and important part of TLS is the ________.
handshake protocol
307
_______ is a list that contains the combinations of cryptographic algorithms supported by the client.
CipherSuite
308
ESP supports two modes of use: transport and ________.
tunnel
309
A benefit of IPsec is ________. A. that it is below the transport layer and transparent to applications B. there is no need to revoke keying material when users leave the organization C. it can provide security for individual users if needed D. all of the above
D
310
The ______ field in the outer IP header indicates whether the association is an AH or ESP security association.
protocol identifier
311
A cookie can be used to authenticate a user to a web site so that the user does not have to type in his password for each connection to the site.
true
312
Malicious JavaScripts is a major threat to browser security.
true
313
XSS is possible when a web site does not check user input properly and use the input in an outgoing html page.
true
314
XSS can perform many types of malicious actions because a malicious script is executed at user?s browser.
true
315
XSRF is possible when a user has a connection to a malicious site while a connection to a legitimate site is still alive.
true
316
In XSRF, the malicious site can send malicious script to execute in the user?s browser by embedding the script in a hidden iframe.
true
317
It is easy for the legitimate site to know if a request is really from the (human) user.
false
318
SQL injection attacks only lead to information disclosure.
false
319
Using an input filter to block certain characters is an effective way to prevent SQL injection attacks.
false
320
SQL injection is yet another example that illustrates the importance of input validation.
true
321
Organizational security objectives identify what IT security outcomes should be achieved.
true
322
Since the responsibility for IT security is shared across the organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.
true
323
Legal and regulatory constraints may require specific approaches to risk assessment.
true
324
One asset may have multiple threats and a single threat may target multiple assets.
true
325
It is likely that an organization will not have the resources to implement all the recommended controls.
true
326
The IT security management process ends with the implementation of controls and the training of personnel.
false
327
The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations.
true
328
The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users.
true
329
An IT security plan should include details of ________. A. risks B. recommended controls C. responsible personnel D. all of the above
D
330
______ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries.
Anonymization