Final Exam

Question 1

Firewalls can stop hackers from breaking into your system

Answer 1

true

Question 2

Firewalls can stop internet traffic that appears to be from a legitimate source

Answer 2

false

Question 3

Firewalls can stop viruses and worms that spread through the internet

Answer 3

true

Question 4

Firewalls can stop spyware being put on your system

Answer 4

false

Question 5

Firewalls can stop viruses and worms that are spread through email

Answer 5

false

Question 6

Lists the types of traffic authorized to pass through the firewall

Answer 6

Firewall access policy

Question 7

________ is developed from the organization’s information security risk assessment and policy, and a broad specification of which traffic types the organization needs to support

Answer 7

Firewall access policy

Question 8

Firewalls cannot protect when

____ or ____

Answer 8

Traffic that does not cross it (routing around, internal traffic)

when misconfigured

Question 9

Malware can disable:
A) Software Firewalls
B) Hardware Firewalls
C) Antivirus checkers

Answer 9

A & C

Question 10

Firewalls can stop/control
A) Pings
B) Packet sniffing
C) Outbound network traffic

Answer 10

A & C

Question 11

This type of firewall filtering makes decisions on a packet-by-packet basis

Answer 11

Packet Filtering (no state information is saved)

Question 12

________ is the simplest and most efficient type of firewall filtering

Answer 12

Packet Filtering

Question 13

What are packet filtering rules based on?

Answer 13

Information contained in the network packet

• Source IP
• Destination IP
• Source & Dest transport level address
• IP protocol field
• interface

Question 14

What are the 2 default policies of firewall packet filtering?

Answer 14

Discard (prohibit unless explicitly allowed)

Forward (permit unless explicitly forbidden) -> easier to manage, but less secure

Question 15

What are the advantages of a Packet Filtering firewall?

Answer 15

• Simplicity

* Typically transparent to users and very fast

Question 16

What are the disadvantages of a Packet Filtering firewall?

Answer 16

• Cannot protect against attacks that use application specific vulnerabilities
• Limited logging functionality
• Vulnerable to attacks and exploits that take advantage of TCP/IP
• Susceptible to security breaches caused by improper configuration

Question 17

Packet filtering countermeasure:

_____ discard packets with an inside source address if the packet arrives on an external interface

Answer 17

IP Address spoofing countermeasure

Question 18

Packet filtering countermeasure:

____ discard all packets in which the source destination specifies the route

Answer 18

Source routing attacks countermeasure

Question 19

Packet filtering countermeasure:

_____ enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header

Answer 19

Tiny fragment attack countermeasure

Question 20

Packet Filtering

In order for a fragmented packet to be successfully reassembled at the destination, each fragment must obey the following rules:

A) Must not share a common fragment identification number

B) Each fragment must say what place or offset is in the original unfragmented packet

C) Each fragment must tell the length of the data carried in the fragment

D) The fragment does not need to know whether more fragments follow this one

Answer 20

B & C

Question 21

a _______ firewall uses a connection state table

Answer 21

stateful inspection firewall

Question 22

______ acts as a relay of application level traffic (basically a man or system in the middle)

Answer 22

Application-level gateway (or application proxy)

Question 23

Application level gateways tend to be more secure than packet filters

Answer 23

true

Question 24

Application level gateways may restrict application features supported

Answer 24

true

Question 25

An Application level gateway can generically filter traffic for any application

Answer 25

False; must have proxy code for specific applications

Question 26

A packet filtering firewall is typically configured to filter packets going in both directions

Answer 26

true

Question 27

A prime disadvantage of an application-level gateway is the additional processing overhead on each connection

Answer 27

true

Question 28

A packet filtering firewall can decide if the current packet is allowed based on another packet it has just examined

Answer 28

false

Question 29

A stateful inspection firewall needs to keep track of information of an active connection in order to decide on the current packet

Answer 29

true

Question 30

A _______ serves as a platform for an application-level gateway, and is a system identified as a critical strong point in the network’s securty

Answer 30

bastion host

Question 31

__________ firewalls are used to secure an individual host

Answer 31

host based firewalls

Question 32

The primary role of a personal firewall is to ___________

Answer 32

deny unauthorized remote access

Question 33

______ hides the system from the internet by dropping unsolicited communication packets

Answer 33

stealth mode

Question 34

A company has a conventional firewall in place on its network. Which (if any) of these situations requires an additional personal firewall:

A) An employee uses a laptop on the company network and at home

B) An employee uses a desktop on the company network to access websites worldwide

C) A remote employee uses a desktop to create a VPN on the company’s secure network

D) None of the above, in each case the employee’s computer is protected by the company firewall

Answer 34

A & C

Question 35

Typically the systems in the _____ require or foster external connectivity such as the corporate web site, an e-mail server, or a DNS server

A) DMZ
B) IP protocol field
C) boundary firewall
D) VPN

Answer 35

A) DMZ

Question 36

A _______ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control

A) packet filtering firewall
B) distributed firewall
C) Boundary firewall
D) VPN

Answer 36

B) distributed firewall

Question 37

Technology and other safeguards for cyber security are largely defensive in nature. The only way they can impact a threat source is by increasing the work factor for an attacker. Can laws be used to reduce the magnitude of threats?

A) YES, laws can provide criminal sanctions agains those who commit cyber crime

B) NO, cyber crime has increased even as new laws have been put in place

Answer 37

A) YES

P3L3

Question 38

Cyber crime is a big problem. According to a recent report, what is an estimate of the cost of cybercrime for the United States?

A) 10 billion dollars
B) over 100 billion dollars

Answer 38

B) Over 100 billion dollars

P3L3

Question 39

The Computer Fraud and Abuse Act (CFAA) was used to prosecute the creator of the Melissa virus and he was sentenced in a federal prison and fined by using its provisions. What abuse was perpetrated by the Virus?

A) Data stored on computers was destroyed

B) Denial of service attacks that made computers unusable

Answer 39

B) Denial of service attacks that make computers unusable

P3L3

Question 40

Several people have argued about the overly general and vague language of the CFAA. For example, how exactly is unauthorized access defined? In one case, a company sued its competitor because the competitor’s employees create a trial subscription and downloaded data that was available to its subscribers. Do you think this is a violation of unauthorized access?

A) No, because the data was publicly available

B) Yes, because it potentially can cause financial loss to the company that sued its competition

Answer 40

A) No, because the data was publicly available

P3L3

Question 41

The DCMA includes exclusions for researchers, but companies have threatened to sue researchers who wanted to publish work related to circumvention of anti-piracy technologies. Which of these is an example of such a threat under the DCMA:

A) Prof. Ed Felten’s research on audio watermarking removal by RIAA

B) A research project done by MIT students that found vulnerabilities in the MBTA

Answer 41

A) Prof. Ed Felten’s research on audio watermarking removal by RIAA

P3L3

Question 42

By mistake, a friend sends sensitive health data in an email to you (wrong attachment). You should not read the information in the attached document because:

A) Professional code of ethics requires you to respect the privacy of others

B) You can be liable under CFAA

Answer 42

A) Professional code of ethics requires you to respect privacy of others

P3L3

Question 43

US_CERT follows a responsible disclosure process for vulnerabilities reported to it. Such a process must:

A) Make vulnerability information available to everyone who may be affected by it immediately

B) Provide a certain period of time for the vendor of the vulnerable system to develop a patch

Answer 43

B) Provide a certain period of time for the vendor of the vulnerable system to develop a patch

Question 44

A 2015 Pew survey of American adults’ attitudes about privacy. What percentage feel that it is important that they be able to control who gets information about them

A) 50%
B) 25%
C) 90%

Answer 44

C) 90%

P3L3

Question 45

In 2014, the European Court of Justice ruled that EU citizens have the “right to be forgotten” on the internet. For example, Google must not return links to information that can be shown to be “inaccurate, inadequate, irrelevant, or excessive”. Which one of the following is an example of information that Google decided not to return as a search result to meet the ECJ ruling?

A) Story about criminal conviction that was quashed on appeal

B) A doctor requesting removal of links to newspaper stories about botched procedures performed by him

Answer 45

A) Story about criminal conviction that was quashed on appeal

P3L3

Question 46

The Electronic Frontier Foundation (EFF) ranks websites with privacy scores based on how they deal with issues related to privacy. It gate AT&T one of the lowest scores (1 out of 5 scores). What explains this low score?

A) Does not disclose data retention policies

B) Does not use industry best-practices

C) Does not tell users about government data demands

Answer 46

A) does not disclose data retention policies

and

C) Does not tell users about government data demands

P3L3

Question 47

Does Google’s privacy policy disclose data retention policy?

Answer 47

No

P3L3

Question 48

Poor privacy is good for bad guys because they can use information about you to craft:

A) targeted phishing attacks

B) Gain access to your online accounts

Answer 48

A & B

P3L3

Question 49

The FTC charged Fandango, the online move ticket purchasing company, for not protecting user privacy. This action was taken because Fandango:

A) Shared user data without informing users

B) Did not secure user data

Answer 49

B) did not secure user data

P3L3

Question 50

If a company tracks your activities based on your machine’s IP address, on possible defense against it is to:

A) Disable cookies

B) Use Tor

Answer 50

B) Use Tor

P3L3

Question 51

Cyber security planning and management in an enterprise must define allowed computer and network use by employees. Georgia Tech’s computer and network use policy strives to do this for students, faculty, and staff. What is required by this policy

A) Georgia tech passwords should be changed periodically

B) A compromise of a computer should be reported to someone responsible for cyber security at Georgia Tech

C) Georgia Tech computers cannot be used to download illegal content (e.g. child porm)

Answer 51

A) Georgia tech passwords should be changed periodically

B) A compromise of a computer should be reported to someone responsible for cyber security at Georgia Tech

C) Georgia Tech computers cannot be used to download illegal content (e.g. child porm)

P3L1

Question 52

A botnet operator compromises a number of computers in a company. The malware executed by the bots only sends large amounts of spam email but does not exfiltrate sensitive data or interfere with legitimate activities. What is the appropriate action:

A) The company should detect and prevent abuse of its resources by unauthorized parties

B) Since it poses no risk to company’s sensitive data or normal ops it can be ignored

Answer 52

A) the company should detect and prevent abuse of its resources by unauthorized parties

P3L1

Question 53

A news story in 2014 reported that an inspector general’s report gave the VA a failing grade for the 16th straight year. The CIO of VA discussed a number of challenges that could explain this grade. What are some possible reasons?

A) The need to manage cyber security for over a million devices, each running many services

B) lack of sense of urgency in fixing cyber vulnerabilities

C) Choosing to support key functions even when this could introduce vulnerabilities

Answer 53

A) the need to manage cyber security for over a million devices, each running many services

and

C) Choosing to support key functions even when this could introduce vulnerabilities

P3L1

Question 54

Chief Information Security Officer (CISO) is the executive who is responsible for information security in a company. Did target, the major retailer, have a CISO when it suffered the serious breach?

Answer 54

No.

P3L1

Question 55

Does Georgia Tech’s computer and network use policy prohibit personal use of university resources?

Answer 55

No.

P3L1

Question 56

GATech systems store student data such as grades. The Institute must protect such data due to:

A) Regulatory reasons (FERPA)

B) Because the data is sensitive it can only be disclosed to the student and his/her family

Answer 56

A) Regulatory reasons (FERPA)

P3L1

Question 57

Anthem suffered a breach in 2015. Based on an analysis of its response to the breach, did Anthem respond well?

Answer 57

Yes.

P3L1

Question 58

A company stores sensitive customer data. The impact of a breach of such data must include:

A) Cost of purchasing identity theft protection for customers

B) Loss of business due to reduced customer confidence

C) Compensation for new cyber security personnel the company hires to better manage cyber security in the future

Answer 58

A) Cost of purchasing identity theft protection for customers

and

B) loss of business due to reduced customer confidence

P3L1

Question 59

A company is considering 2 possible IDS solutions to reduce its exposure to attacks on its network. The first one costs $100K and reduces risk exposure by $150K. The second costs $250K but reduces exposure by $500K. Which would you recommend?

Answer 59

The more expensive one.

P3L1

Question 60

Risk leverage =

Answer 60

(Risk exposure without control - Risk exposure with control)/ cost of control

P3L1

Question 61

Cyber insurance is not very popular. Based on a 2014 survey, what percentage of customers of major insurance brokers were interested in buying cyber insurance?

A) Less than 25%
B) over 50%

Answer 61

A) less than 25%

P3L1

Question 62

Are cyber security budgets increasing as the number of reported incidents increase?

Answer 62

No.

P3L1

Question 63

An example of a proactive security measure is:

A) Making sure the company complies with all regulatory requirements

B) Chief risk officer (CRO) of the company addressing cyber risk regularly at highest level (eg board) when other risks are discussed

Answer 63

B) Chief risk officer addressing the board

P3L1

Question 64

Cookies are created by ads that run on websites

Answer 64

true

P3L2

Question 65

Cookies are created by websites a user is visiting

Answer 65

true

P3L2

Question 66

Cookies are compiles pieces of code

Answer 66

false

P3L2

Question 67

Cookies can be used as a form of virus

Answer 67

false

P3L2

Question 68

Cookies can be used as a form of spyware

Answer 68

true

P3L2

Question 69

A web browser can be attacked by any website that it visits

Answer 69

true

P3L2

Question 70

Even if a browser of compromised, the rest of the computer is still secure

Answer 70

false

P3L2

Question 71

Web servers can be compromised because of exploits on web applications

Answer 71

true

P3L2

Question 72

When a user’s browser visits a compromised or malicious site, a malicious script is returned

Answer 72

true

P3L2

Question 73

To prevent XSS, any user input must be checked and preprocessed before it is used

Answer 73

true

P3L2

Question 74

Checking the HTTP referrer header to see if the request comes from an authorized page can protect against XSRF

Answer 74

true

P3L2

Question 75

Using a synchronizer token pattern where a token for each request is embedded by the web application in all HTML forms and verified on the server side can protect agains XSRF

Answer 75

true

P3L2

Question 76

Logging off immediately after using a web application can protect against XSRF

Answer 76

true

P3L2

Question 77

Not allowing the browser to save username/password and not allowing web sites to remember user login can protect against XSRF

Answer 77

true

P3L2

Question 78

Not using the same browser to access sensitive web sites and to surf the web freely can protect against XSRF

Answer 78

true

P3L2

Question 79

________ is the better way to prevent SQL injection

Answer 79

Whitelisting to allow only well-defined set of safe values

P3L2

Question 80

Eavesdropping is a security threat to WiFi security

Answer 80

true

P2 L11

Question 81

Injecting bogus messages is a threat to WiFi security

Answer 81

true

P2 L11

Question 82

Replaying previously recorded messages is a threat to WiFi security

Answer 82

true

P2 L11

Question 83

Illegitimate access to the network and its services is a threat to WiFi securty

Answer 83

true

P2 L11

Question 84

Denial-of-service is a threat to Wifi security

Answer 84

true

P2 L11

Question 85

What are the security threats to WiFi?

Answer 85

Eavesdropping
injecting bogus messages
replaying previously recorded messages
illegitimate access to the network and its services
denial of service

P2 L11

Question 86

_____ is the security standard that should be used for WiFi

Answer 86

WPA2

P2 L11

Question 87

What are the 3 operating systems with the most vulnerabilities in 2014?

Answer 87

Apple Mac OS X
Apple iOS
Linux Kernel

Question 88

In iOS, all cryptographic keys are stored in flash memory

Answer 88

false

P2 L11

Question 89

in iOS, trusted boot can verify the kernel before it is run

Answer 89

true

P2 L11

Question 90

in iOS, all files of an app are encrypted using the same key

Answer 90

false

P2 L11

Question 91

How were researches able to bypass Apple’s App Store security in 2013?

Answer 91

Uploaded an app that morphed into malware after it passed the review process.

P2 L11

Question 92

What weakness were exploited by researchers in the Apple apps security in 2015?

Answer 92

The malware was uploadable to the Apple Apps store
The malware was able to bypass Sandbox security
The malware was able to hijack browser extensions and collect passwords

P2 L11

Question 93

in iOS, each app runs in a sandbox and has its own home directory for its files

Answer 93

true

P2 L11

Question 94

All iOS apps must be reviewed and approved by Apple

Answer 94

true

P2 L11

Question 95

iOS apps can be self-signed by app developers

Answer 95

false

P2 L11

Question 96

Android apps can be self-signed

Answer 96

true

P2 L11

Question 97

Android apps can have more powerful permissions than iOS apps

Answer 97

true

P2 L11

Question 98

IP spoofing is useful for ____________ communication

Answer 98

unidirectional

P2 L10

Question 99

IPsec can assure that ___________________

Answer 99

A router advertisement comes from an authorized router

a routing update is not forged

a redirect message comes from the router to which the initial packet was sent

P2 L10

Question 100

Encapsulated Security Payload (ESP) can be used in

A) encryption only mode
B) authentication only mode
C) encryption and authentication mode

Answer 100

A, B, and C

P2 L10

Question 101

Encapsulated Security Payload (ESP) can provide both confidentiality and integrity protection

Answer 101

true

P2 L10

Question 102

If the authentication option of ESP is chosen, message integrity code is computed before encryption

Answer 102

false

P2 L10

Question 103

To protect the confidentiality and integrity of the whole original IP packet, we can use ESP with the authentication option in tunnel mode

Answer 103

true

P2 L10

Question 104

In Authentication Header, the integrity hash covers the IP header

Answer 104

true

P2 L10

Question 105

The security association, SA, specifies a two-way security arrangements between the sender and receiver

Answer 105

false

P2 L10

Question 106

Security Parameter Index (SPI) is used to help receiver identify the Security Association (SA) to unprocess the IPSec packet

Answer 106

true

P2 L10

Question 107

If the sequence number of the IPSec header is greater than the largest number of the current anti-reply window the packet is rejected

Answer 107

false

P2 L10

Question 108

If the sequence number in the IPSec header is smaller than the smallest umber of the current anti-replay window the packet is rejected

Answer 108

true

P2 L10

Question 109

The Diffie-Hellman key exchange is restricted to two party communication only

Answer 109

false

P2 L10

Question 110

An IKE SA needs to be established before IPSec SAs can be negotiated

Answer 110

true

P2 L10

Question 111

The identity of the responder and receiver and the messages they have exchanged need to be authenticated

(authentication and key exchange)

Answer 111

true

P2 L10

Question 112

With perfect forward secrecy, the IPSec SA keys are based on the IKE shared secret established in phase I.

Answer 112

false

P2 L10

Question 113

Most browsers come equipped with SSL and most web servers have implemented the protocol

Answer 113

true

P2 L10

Question 114

Since TLS is for the transport later, it relies on IPSec, which is for the IP later

Answer 114

false

P2 L10

Question 115

In most applications of TLS or SSL, public keys are used for authentication and key exchange

Answer 115

true

P2 L10

Question 116

The challenge values used an an authentication protocol can be repeatedly used in multiple sessions

Answer 116

false

P2 L9

Question 117

The authentication messages can be captured and replayed by an adversary

Answer 117

true

P2 L9

Question 118

Authentication can be one-way, e.g. only authenticating Alice to Bob

Answer 118

true

P2 L9

Question 119

A reflection attack is a form of man-in-the-middle-attack

Answer 119

true

P2 L9

Question 120

To defeat a reflection attack, we can use an odd number as a challenge from the initiator and an even number from the responder

Answer 120

true

P2 L9

Question 121

We can use signing with public keys to achieve mutual authentication

Answer 121

true

P2 L9

Question 122

A session key should be a secret and unique to the session

Answer 122

true

P2 L9

Question 123

Authentication should be accomplished before the session key exchange

Answer 123

true

P2 L9

Question 124

A key benefit of using KDC (Key distribution center) is scalability

Answer 124

true

P2 L9

Question 125

In order to for Bob to verify Alice’s public key, the certificate authority must be online

Answer 125

false (just need the CA’s public key, which may be cached)

P2 L9

Question 126

Signing the message exchanges in Diffie-Helman eliminates the man-in-the-middle attack during session key exchange.

Answer 126

true

P2 L9

Question 127

Kerberos provides authentication and access control

Answer 127

true

P2 L9

Question 128

Kerberos distributes session keys

Answer 128

true

P2 L9

Question 129

To avoid over-exposure of a user’s master key, Kerberos uses a per-day key and a ticket-granting-ticket

Answer 129

true

P2 L9

Question 130

The authenticators used in requests to KDC and application server can be omitted in Kerberos

Answer 130

false

P2 L9

Question 131

Access to any network resource requires a ticket issued by the KDC in Kerberos

Answer 131

true

P2 L9

Question 132

if the length of a hash is 128 bits, then how many messages does an attack need to search in order to find two that share the same hash?

Answer 132

2^64 (the square root of 2 to the 128th)

P2 L8

Question 133

The one-way has function is important not only in message authentication, but also in digital signatures

Answer 133

false

(in digital signatures, the input plain-text is sent anyway)

P2 L8

Question 134

SHA processes the input one block at a time, but each block goes through the same processing

Answer 134

true

P2 L8

Question 135

HMAC is secure provided that the embedded hash function has good cryptographic strengths such as one-way and collision-resistance

Answer 135

true

P2 L8

Question 136

What is the additive inverse of 8 MOD 20

Answer 136

12

The number that when we add 8 to, 8 MOD 20 results in 0

P2 L7

Question 137

what is the multiplicative inverse of 3 MOD 17

Answer 137

6

Given X, find Y such that X*Y MOD N = 1

P2 L7

Question 138

if n=21, what is totient(n)

Answer 138

12

find relatively prime factors of n

21 = 3 * 7, (3-1)*(7-1) = 12

P2 L7

Question 139

Use the totient technique to find c:

c = 7^27 MOD 30

Answer 139

this is the same as 7 ^ (27 MOD totient(30))

totient(30) = totient(3) * totient(10) = 2 * (2-1)(5-1) = 2 * 4 = 8

27 MOD 8 = 3

7^3 (MOD 30) =
343 MOD 30 = 13

P2 L7

Question 140

RSA

Given p = 3 and q = 11

A) compute n
B) compute totient(n)

Assume e = 7
C) compute d

D) what is the public key
E) what is the private key

Answer 140

A) n = p*q = 33
B) totient(n) = (3-1)*(11-1) = 20
C) d = (e * d) MOD totient(n) = 1 = (7 * d) MOD 21 = 1; d = 3
D) (e, n) = (7, 33)
E) (d, n) = (3, 33)

P2 L7

Question 141

What is the RSA encryption formula for value X?

Answer 141

public key = (e, n)
(X ** e) MOD n

P2 L7

Question 142

What is the RSA decryption formula for value X?

Answer 142

private key = (d, n)
(X ** d) MOD n

P2 L7

Question 143

When implementing RSA, it is best to use:

A) Your own custom software, to ensure a secure system
B) use the standard libraries for RSA

Answer 143

B)

P2 L7

Question 144

In Diffie Helman, Alice and Bob agree to use prime q = 23 and primitive root alpha = 5

Alice choses secret A = 6, and Bob chooses secret B = 15.

What number does Alice send Bob?
What number does Bob send Alice?

Answer 144

Alice sends bob (5^6) mod 23 = 8

Bob sends Alice (5^15) mod 23 = 19

P2 L7

Question 145

RSA is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n

Answer 145

true

P2 L7

Question 146

If someone invents a very efficient method to factor large integers, then RSA becomes insecure

Answer 146

true

P2 L7

Question 147

The Diffie-Helman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms

Answer 147

true

P2 L7

Question 148

The Diffie-Helman key exchange protocol is vulnerable to a man-in-the-middle attack because it does not authenticate the participants

Answer 148

true

P2 L7

Question 149

RSA and Diffie-Helman are the only public-key algoritms

Answer 149

false

P2 L7

Question 150

A block cipher should use substitution to achieve confusion

Answer 150

true

P2 L6

Question 151

A block cipher should user _______ to achieve diffusion

Answer 151

permutation

P2 L6

Question 152

a block cipher should use a few rounds, each with a combination of _________ and ____________

Answer 152

substitution, permutation

P2 L6

Question 153

Block cipher algorithms should be kept secret

Answer 153

false

P2 L6

Question 154

An S-box substitutes a ____ bit value with a ____ bit value

Answer 154

6 bit value with a 4 bit value using a predefined table

P2 L6

Question 155

To decrypt using DES, the same algorithm is used, but with per-round keys are used in the reverse order

Answer 155

true

P2 L6

Question 156

With triple-DES, the effective key length can be 56, 112, and 168

Answer 156

true

P2 L6

Question 157

Each round of DES contains both substitution and permutation operations

Answer 157

true

P2 L6

Question 158

The logics behind S-boxes are well-known and verified

Answer 158

false; they’ve been kept secret

P2 L6

Question 159

To decrypt using AES, just run the same algorithm in the same order of operations

Answer 159

false (algorithm is run in reverse)

P2 L6

Question 160

Each operation or stage in AES is reversible

Answer 160

true

P2 L6

Question 161

AES can support key length of ___, ___, ____

Answer 161

128, 192, 256

P2 L6

Question 162

AES is much more efficient than Triple DES

Answer 162

true

P2 L6

Question 163

Which is more secure, CBC or ECB?

Answer 163

CBC

P2 L6

Question 164

We can protect both confidentiality and integrity protection with CBC by using just one key

Answer 164

false

P2 L6

Question 165

If the only form of attack that that could be made on an algorithm is brute-force, then the way to counter such attacks would be to ______________

Answer 165

use a longer key length

P2 L5

Question 166

What weaknesses can be exploited in the Vigenere cipher

Answer 166

It uses repeating key letters,

The length of the key can be determined using frequency analysis

P2 L5

Question 167

Which of the following characteristics would improve password security?

A) Use a one-way hash function
B) Should not use the avalanche effect
C) Should only check to see that the hash function output is the same as stored output

Answer 167

A) Use a one-way hash function

C) should only check to see that the hash function output is the same stored output

P2 L5

Question 168

Attack:

A method to determine the encryption function by analyzing known phrases and their encryption

Answer 168

linear cryptanalysis

P2 L5

Question 169

Attack:

Analyzing the effect of changes in input on the encrypted output

Answer 169

differential cryptanalysis

P2 L5

Question 170

Attack:

Compare the cipher texts with its known plaintext

Answer 170

chosen-plaintext attacks

P2 L5

Question 171

Attack:

A method where a specific known plaintext is compared to its ciphertext

Answer 171

Known-plaintext attacks

P2 L5

Question 172

Asymmetric encryption is better for:

A) provide confidentiality of a message
B) securely distribute a session key
C) scalability

Answer 172

B) securely distribute a session key
C) scalability

P2 L5

Question 173

Symmetric encryption can only be used to provide confidentiality

Answer 173

false

P2 L5

Question 174

Public-key encryption can be used to create digital signatures

Answer 174

true

P2 L5

Question 175

Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained

Answer 175

false

P2 L5

Question 176

The secret key is input to the encryption algorithm

Answer 176

true

P2 L5

Question 177

_______ tries to stop intrusion from happening

Firewall or IDS

Answer 177

firewall

P2 L4

Question 178

_______ tries to evaluate an intrusion after it has happened

Firewall or IDS

Answer 178

IDS

P2 L4

Question 179

_______ watches for intrusions that start within the system

Firewall or IDS

Answer 179

IDS

P2 L4

Question 180

_______ limits access between networks to prevent intrusion

Answer 180

Firewall

P2 L4

Question 181

An intruder can also be referred to as a hacker or cracker

Answer 181

true

P2 L4

Question 182

Activists are either individuals or members of an organized crime group with a goal of financial reward

Answer 182

false

P2 L4

Question 183

Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion

Answer 183

true

P2 L4

Question 184

Those who hack into computer do so for the thrill of it or for status

Answer 184

false

P2 L4

Question 185

Intruders typically use steps from a common attack methodology

Answer 185

true

P2 L4

Question 186

This backdoor is hard to detect because it modifies machine code

Answer 186

Object code backdoors

P2 L4

Question 187

This backdoor can only be used by the person who created it, even if it is discovered by others

Answer 187

Asymmetric backdoors

P2 L4

Question 188

This backdoor inserts backdoors into other programs during compilation

Answer 188

Compiler backdoors

P2 L4

Question 189

The longer an anomaly detection system is in use, the more it learns about network activity

Answer 189

true

P2 L4

Question 190

If malicious activity looks like normal traffic to the anomaly detection system, it will not detect an attack

Answer 190

true

P2 L4

Question 191

False positives from an anomaly detection system can become a problem, normal usage can be mistaken for an attack

Answer 191

true

P2 L4

Question 192

With signature based detection, new threats can be detected immediately

Answer 192

false

P2 L4

Question 193

With signature based detection, when a new virus is identified, it must be added to the signature databases

Answer 193

true

P2 L4

Question 194

Signature-based detection systems can only detect an intrusion attempt if it matches a pattern that is in the database

Answer 194

true

P2 L4

Question 195

Which of the following could be considered an anomaly to a typical network

A) An IP address
B) A port address
C) Packet length
D) Flag setting

Answer 195

All of them

P2 L4

Question 196

with _________, any action that does not fit the normal behavior profile is considered an attack

Answer 196

statistical intrusion detection

P2 L4

Question 197

with _________, any action that is not classified as normal is considered to be an attack

Answer 197

knowledge based intrusion detection

P2 L4

Question 198

_______ anomaly detection detects attacks similar to past attacks

Answer 198

machine learning intrusion detection

P2 L4

Question 199

One of the weaknesses of anomalous intruder detection is that a system must learn what is normal behavior. WHile it is learning this, the network is vulnerable to attack. What can be done to mitigate this weakness?

Answer 199

use a firewall.

P2 L4

Question 200

In the thriving 0-day attack marketplace hackers sell information on software vulnerabilities. Can you guess some of the buyers?

A) Apple
B) Google
C) Microsoft,
D) U.S. Government

Answer 200

all

P2 L4

Question 201

with a(n) _______ attack, an attacker sends various kinds of packets to probe a system or network for vulnerability that can be exploited

Answer 201

scanning attack

P2 L4

Question 202

with a(n) _______ attack, the attack attempts to slow down or completely shut down a target so as to disrupt the service for legitimate users

Answer 202

DOS

P2 L4

Question 203

with a(n) _______ attack, an attacker gains unauthorized control of a system

Answer 203

penetration

P2 L4

Question 204

Can you think of a way to reduce the impact of excessive reporting on a system’s administrator?

Answer 204

Prioritize the alerts

P2 L4

Question 205

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified

Answer 205

true

P2 L4

Question 206

The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.

Answer 206

true

P2 L4

Question 207

Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior

Answer 207

false

P2 L4

Question 208

A network IDS sensor monitors a copy of network traffic, the actual traffic does not pass through the devices

Answer 208

true

P2 L4

Question 209

Network-based intrusion detection can make use of signature detection and anomaly detection

Answer 209

true

P2 L4

Question 210

When using sensors, which of the following is considered good practice?

A) Set the IDS level to the highest sensitivity to detect every attack
B) Monitor both outbound and inbound traffic
C) Use a shared network resource to gather NIDS data
D) NIDS sensors are not turnkey solutions, system administrators must interpret alerts

Answer 210

B) monitor both outbound and inbound traffic

D) NIDS sensors are not turnkey solutions, system administrators must interpret alerts

P2 L4

Question 211

A common location for a NIDS sensor is just inside the external firewall

Answer 211

true

P2 L4

Question 212

A honeypot can be a workstation that a user uses for work

Answer 212

false

P2 L4

Question 213

There is no benefit of deploying a NIDS or honeypot outside of the firewall

Answer 213

false

P2 L4

Question 214

To improve detection performance, an IDS should reduce false alarm rate while detecting as many intrusions as possible

Answer 214

true

P2 L4

Question 215

to improve detection performance, an IDS should apply detection models at all unfiltered packet data directly.

Answer 215

false

P2 L4

Question 216

to improve detection performance, an IDS should apply detection models at processed event data that has higher base rate

Answer 216

true

P2 L4

Question 217

To defeat an IDS, attackers can send a huge amount of traffic

Answer 217

true

P2 L4

Question 218

To defeat an IDS, attackers can embed attack in packets which cause non-uniform processing by different operating systems, e.g. bad checksum, overlapping fragments

Answer 218

true

P2 L4

Question 219

To defeat an IDS, attackers can send traffic that purposely matches detection rules

Answer 219

true

P2 L4

Question 220

To defeat an IDS, attackers can send a packet that would trigger a buffer-overload in the IDS code

Answer 220

true

P2 L4

Question 221

The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function.

Answer 221

true

Question 222

A firewall can serve as the platform for IPSec.

Answer 222

true

Question 223

A packet filtering firewall is typically configured to filter packets going in both directions.

Answer 223

true

Question 224

A prime disadvantage of an application-level gateway is the additional processing overhead on each connection.

Answer 224

true

Question 225

A DMZ is one of the internal firewalls protecting the bulk of the enterprise network.

Answer 225

false

Question 226

The _______ defines the transport protocol.

A. destination IP address
B. source IP address
C. interface
D. IP protocol field

Answer 226

D

Question 227

A _________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.

Answer 227

circuit-level

Question 228

Typically the systems in the ________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server.

Answer 228

DMZ

Question 229

A _______ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.

Answer 229

Distributed firewall

Question 230

The ________ attack is designed to circumvent filtering rules that depend on TCP header information.

Answer 230

tiny fragment

Question 231

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

Answer 231

true

Question 232

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

Answer 232

true

Question 233

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

Answer 233

false

Question 234

A common location for a NIDS sensor is just inside the external firewall.

Answer 234

true

Question 235

Network-based intrusion detection makes use of signature detection and anomaly detection.

Answer 235

true

Question 236

Symmetric encryption is used primarily to provide confidentiality.

Answer 236

true

Question 237

Two of the most important applications of public-key encryption are digital signatures and key management.

Answer 237

true

Question 238

The secret key is one of the inputs to a symmetric-key encryption algorithm.

Answer 238

true

Question 239

The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.

Answer 239

true

Question 240

Public-key algorithms are based on simple operations on bit patterns.

Answer 240

false

Question 241

A _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.

Answer 241

host-based IDS

Question 242

_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

Answer 242

Signature detection

Question 243

_______ involves the collection of data relating to the behavior of legitimate users over a period of time.

Answer 243

Anomaly detection

Question 244

A(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

Answer 244

inline-sensor

Question 245

The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

Answer 245

analyzer

Question 246

On average, ________ of all possible keys must be tried in order to achieve success with a brute-force attack.

Answer 246

half

Question 247

If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to ________ .

Answer 247

use longer keys

Question 248

________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.

Answer 248

message authentication

Question 249

The purpose of a ________ is to produce a ?fingerprint? of a file, message, or other block of data.

Answer 249

hash function

Question 250

A _________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.

Answer 250

digital signature

Question 251

Symmetric encryption is also referred to as secret-key or single-key encryption.

Answer 251

true

Question 252

The ciphertext-only attack is the easiest to defend against.

Answer 252

true

Question 253

A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.

Answer 253

true

Question 254

AES uses a Feistel structure.

Answer 254

false

Question 255

Each block of 64 plaintext bits is encoded independently using the same key? is a description of the CBC mode of operation.

Answer 255

false

Question 256

Timing attacks are only applicable to RSA.

Answer 256

false

Question 257

Using PKCS (public-key cryptography standard), when RSA encrypts the same message twice, different ciphertexts will be produced.

Answer 257

true

Question 258

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms

Answer 258

true

Question 259

A key exchange protocol is vulnerable to a man-in-the-middle attack if it does not authenticate the participants.

Answer 259

true

Question 260

Just like RSA can be used for signature as well as encryption, Digital Signature Standard can also be used for encryption

Answer 260

false

Question 261

In general, public key based encryption is much slower than symmetric key based encryption.

Answer 261

true

Question 262

________ is the original message or data that is fed into the encryption process as input.

Answer 262

plaintext

Question 263

Which of the following would allow an attack that to know the (plaintext of) current message must be the same as one previously transmitted because their ciphtertexts are the same?

A. CBC

B. ECB

C. CFB

D. OFB

Answer 263

B

Question 264

________ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.

Answer 264

Key distribution technique

Question 265

Which of the following feature can only be provided by public-key cryptography?

A. Confidentiality protection

B. Integrity protection

C. Non-repudiation

D. None of the above

Answer 265

C

Question 266

Cryptographic systems are generically classified by _______.

A. the type of operations used for transforming plaintext to ciphertext

B. the number of keys used

C. the way in which the plaintext is processed

D. all of the above

Answer 266

D

Question 267

________ attacks have several approaches, all equivalent in effort to factoring the product of two primes.

Answer 267

mathematical

Question 268

________ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number.

Answer 268

timing attacks

Question 269

_________ was the first published public-key algorithm.

Answer 269

Diffie-helman

Question 270

The principal attraction of ________ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead.

Answer 270

ECC

Question 271

SHA is perhaps the most widely used family of hash functions.

Answer 271

true

Question 272

SHA-1 is considered to be very secure.

Answer 272

false

Question 273

HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strengths.

Answer 273

true

Question 274

The additive constant numbers used in SHA-512 are random-looking and are hardcoded in the algorithm.

Answer 274

true

Question 275

The strong collision resistance property subsumes the weak collision resistance property.

Answer 275

true

Question 276

Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES and AES.

Answer 276

true

Question 277

A hash function such as SHA-1 was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key.

Answer 277

true

Question 278

It is a good idea to use sequentially increasing numbers as challenges in security protocols.

Answer 278

false

Question 279

Assuming that Alice and Bob have each other?s public key. In order to establish a shared session key, Alice just needs to generate a random k, encrypt k using Bob?s public key, and send the encrypted k to Bob and then Bob will know he has a key shared with Alice.

Answer 279

false

Question 280

In security protocol, an obvious security risk is that of impersonation.

Answer 280

true

Question 281

In Kerberos, the authentication server shares a unique secret key with each authorized computer on the network.

Answer 281

true

Question 282

In Kerberos, each human user has a master key shared with the authentication server, and the key is usually derived from the user’s password.

Answer 282

true

Question 283

In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user?s master key.

Answer 283

true

Question 284

Kerberos ticket-granting ticket is never expired.

Answer 284

false

Question 285

Kerberos does not support inter-realm authentication.

Answer 285

false

Question 286

SHA-1 produces a hash value of _______ bits.

Answer 286

160

Question 287

Issued as RFC 2104, _______ has been chosen as the mandatory-to-implement MAC for IP Security.

Answer 287

HMAC

Question 288

The DSS makes use of the _______ and presents a new digital signature technique, the Digital Signature Algorithm (DSA).

Answer 288

SHA-1

Question 289

The purposes of a security protocol include:

A. Authentication

B. Key-exchange

C. Negotiate crypto algorithms and parameters

D. All the above

Answer 289

D

Question 290

Which of the following scenario requires a security protocol:

A. log in to mail.google.com

B. connecting to work from home using a VPN

C. Both A and B

Answer 290

C

Question 291

In IPSec, packets can be protected using ESP or AH but not both at the same time.

Answer 291

false

Question 292

In IPSec, if A uses DES for traffic from A to B, then B must also use DES for traffic from B to A.

Answer 292

false

Question 293

In IPSec, the sequence number is used for preventing replay attacks.

Answer 293

true

Question 294

Most browsers come equipped with SSL and most Web servers have implemented the protocol.

Answer 294

true

Question 295

Even web searches have (often) been in HTTPS.

Answer 295

true

Question 296

In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic.

Answer 296

true

Question 297

Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes.

Answer 297

true

Question 298

iOS has no vulnerability.

Answer 298

false

Question 299

In iOS, each file is encrypted using a unique, per-file key.

Answer 299

true

Question 300

In iOS, an app can run its own dynamic, run-time generated code.

Answer 300

false

Question 301

The App Store review process can guarantee that no malicious iOS app is allowed into the store for download.

Answer 301

false

Question 302

In iOS, each app runs in its own sandbox.

Answer 302

true

Question 303

In Android, all apps have to be reviewed and signed by Google.

Answer 303

false

Question 304

In Android, an app will never be able to get more permission than what the user has approved.

Answer 304

false

Question 305

Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates).

Answer 305

false

Question 306

The most complex and important part of TLS is the ________.

Answer 306

handshake protocol

Question 307

_______ is a list that contains the combinations of cryptographic algorithms supported by the client.

Answer 307

CipherSuite

Question 308

ESP supports two modes of use: transport and ________.

Answer 308

tunnel

Question 309

A benefit of IPsec is ________.

A. that it is below the transport layer and transparent to applications

B. there is no need to revoke keying material when users leave the organization

C. it can provide security for individual users if needed

D. all of the above

Answer 309

D

Question 310

The ______ field in the outer IP header indicates whether the association is an AH or ESP security association.

Answer 310

protocol identifier

Question 311

A cookie can be used to authenticate a user to a web site so that the user does not have to type in his password for each connection to the site.

Answer 311

true

Question 312

Malicious JavaScripts is a major threat to browser security.

Answer 312

true

Question 313

XSS is possible when a web site does not check user input properly and use the input in an outgoing html page.

Answer 313

true

Question 314

XSS can perform many types of malicious actions because a malicious script is executed at user?s browser.

Answer 314

true

Question 315

XSRF is possible when a user has a connection to a malicious site while a connection to a legitimate site is still alive.

Answer 315

true

Question 316

In XSRF, the malicious site can send malicious script to execute in the user?s browser by embedding the script in a hidden iframe.

Answer 316

true

Question 317

It is easy for the legitimate site to know if a request is really from the (human) user.

Answer 317

false

Question 318

SQL injection attacks only lead to information disclosure.

Answer 318

false

Question 319

Using an input filter to block certain characters is an effective way to prevent SQL injection attacks.

Answer 319

false

Question 320

SQL injection is yet another example that illustrates the importance of input validation.

Answer 320

true

Question 321

Organizational security objectives identify what IT security outcomes should be achieved.

Answer 321

true

Question 322

Since the responsibility for IT security is shared across the
organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

Answer 322

true

Question 323

Legal and regulatory constraints may require specific approaches to risk assessment.

Answer 323

true

Question 324

One asset may have multiple threats and a single threat may target multiple assets.

Answer 324

true

Question 325

It is likely that an organization will not have the resources to implement all the recommended controls.

Answer 325

true

Question 326

The IT security management process ends with the implementation of controls and the training of personnel.

Answer 326

false

Question 327

The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations.

Answer 327

true

Question 328

The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users.

Answer 328

true

Question 329

An IT security plan should include details of ________.

A. risks

B. recommended controls

C. responsible personnel

D. all of the above

Answer 329

D

Question 330

______ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries.

Answer 330

Anonymization