General Security

Question 1

4 Phases of DITSCAP and NIACAP accreditation

Answer 1

1. Definition”

Question 2

A weakness in a system which might be exploited

Answer 2

Vulnerability

Question 3

ALE

Answer 3

Annualized Loss Expectancy

Question 4

Also called a maintenance hook

Answer 4

Trap door

Question 5

An event that can cause harm to a system and create a loss of C, I , A

Answer 5

Threat

Question 6

Are SSL and TLS compatible?

Answer 6

no

Question 7

Are SSL sessions stateful or stateless?

Answer 7

stateful

Question 8

ARO

Answer 8

Annualized Rate of Occurence

Question 9

At the Network Interface layer, what is the packet of information placed on the wire known as?

Answer 9

a frame

Question 10

At what OSI layer (and above) must networked computers share a common protocol?

Answer 10

data link and above

Question 11

Attack that exploits difference in time when a security control is applied and a service is used

Answer 11

TOC/TOU attack

Question 12

Biba, Clark Wilson, and Non?Interference models cover what aspect of security

Answer 12

Integrity

Question 13

Combination of ITSEC, TCSEC, and Canada’s CTCPEC

Answer 13

Common Criteria

Question 14

Consolidation of power should not be allowed in a secure system, this is called

Answer 14

Separation (or segregation) of duties

Question 15

Design where a component failure allows the system to continue to function

Answer 15

Fault?tolerant

Question 16

Design where a failure causes non?critical processes to terminate, and system runs in a degraded state

Answer 16

Fail?soft or Resilient

Question 17

Design where a failure causes termination of processes to protect the system from compromise

Answer 17

Fail?safe

Question 18

Design where a failure causes the system to use backup spare components to compensate for failed ones

Answer 18

Fail?over

Question 19

Do hashing algorithms protect files from unauthorized viewing?

Answer 19

no, only verify files have not been changed

Question 20

Does DSS use symmetric or asymmetric keys?

Answer 20

asymmetric

Question 21

Does L2TP require IP connectivity?

Answer 21

no

Question 22

Does PPTP require IP connectivity?

Answer 22

yes

Question 23

Does TLS use the same ports for encrypted and unencrypted data?

Answer 23

no

Question 24

EF

Answer 24

Exposure Factor

Question 25

European counterpart to TCSEC

Answer 25

ITSEC (Information Technology Security Evaluation Criteria)

Question 26

Execution and memory space assigned to each process is called a _______ _______

Answer 26

Protection Domain

Question 27

From what does RSA derive its strength?

Answer 27

the difficulty of factoring large numbers

Question 28

How are asymmetric algorithms used for authentication?

Answer 28

authenticator sends a random number (nonce) to receiver, who encrypts it with their private key

Question 29

How are digital signatures implemented?

Answer 29

a hash is created and encrypted with the creator’s private key

Question 30

How are RSA and DES used together?

Answer 30

RSA is used to encrypt the key for transmission; DES is used for message encryption

Question 31

How can source routing be defended against?

Answer 31

routers can be configured to discard source?routed packets

Question 32

How do the RADIUS client and server avoid sending their shared secret across the network?

Answer 32

shared secret is hashed and hash is sent

Question 33

How does a host respond to a FIN packet if the scanned port is open? Closed?

Answer 33

open: packet discarded; closed: RST

Question 34

How does a host respond to a TCP connect scann if the scanned port is open? Closed?

Answer 34

open: SYN?ACK; closed: RST

Question 35

How does an 802.1x authenticator handle authentication traffic?

Answer 35

Passes it to a RADIUS server for authentication

Question 36

How does an application?level firewall handle different protocols?

Answer 36

with a proxy program for each protocol

Question 37

How does an XMAS scan work?

Answer 37

a variety of TCP packets are sent to elicit a response

Question 38

How does CHAP work?

Answer 38

server sends random value to client; client uses MD5 to create hash with ID, random value, and shared secret; client sends hash to server; server performs same function and compares values

Question 39

How is source routing used by attackers?

Answer 39

used to route packets around security devices

Question 40

In a 128?bit WEP key, how long is the actual secret key?

Answer 40

104 bits? the first 24 bits are used for the Initialization Vector (IV)

Question 41

In a bridge CA architecture, what is the CA that connects to a bridge CA called?

Answer 41

a principal CA

Question 42

In biometric scanning, what is the crossover rate?

Answer 42

error percentage when Type I and II errors are equal

Question 43

In MAC, of read?up, read?down, write?up, and write?down, which two are legal? Which two are illegal?

Answer 43

legal? read?down, write?up”

Question 44

In MAC, what is read?up?

Answer 44

the ability of users in lower security categories to read information in higher categories

Question 45

In relation to AAA, what is CIA?

Answer 45

Confidentiality, Integrity, Availability

Question 46

Is 802.11g backwards?compatible with 802.11a and 802.11b?

Answer 46

backwards?compatible with 802.11b only at 11 Mbps

Question 47

Is L2TP usually implemented through hardware or software?

Answer 47

hardware

Question 48

Is PPTP usually implemented through hardware or software?

Answer 48

software

Question 49

Is RSA a public? or private?key system?

Answer 49

public?key

Question 50

ITSEC separately evaluates ____ and _____

Answer 50

Functionality and Assurance

Question 51

Lack of parameter checking leaves a system vulnerable to this type of attack

Answer 51

Buffer overflow

Question 52

No Read Up, No Write Down describes what Security Model

Answer 52

Bell LaPadula

Question 53

Non?repudiation has been compared to what real?world version of authentication?

Answer 53

using a public notary

Question 54

Observing the timer value in the TCP stack makes what possible?

Answer 54

determining the OS in use, useful in planning attacks

Question 55

Operates at the highest level of information classification where all users must have clearances for the highest level

Answer 55

System High mode

Question 56

Operating system loaded without the front?end security enabled, is only done in this mode

Answer 56

Single?user mode

Question 57

Operators are given varying assignments for a time period, then their assignment changes. This is called

Answer 57

Rotation of duties

Question 58

Programming technique used to encapsulate methods and data in an object

Answer 58

Information Hiding

Question 59

Required tracking of changes to a system under B2, B3, and A1 is called

Answer 59

Configuation Management

Question 60

Separation of duties, least privilege, personnel security, configuration control, Record retention, are examples of what type of controls?

Answer 60

Administrative Controls

Question 61

SLE

Answer 61

Single Loss Expectancy

Question 62

Software controls, media controls, hardware controls, physical access controls are examples of what type of controls?

Answer 62

Operations Controls

Question 63

System component that manages and enforces access controls on objects

Answer 63

Reference Monitor

Question 64

TCSEC Discretionary Protection (two classes)

Answer 64

C1 (User logon, Groups allowed)”

Question 65

TCSEC level that addresses both covert storage and timing channels

Answer 65

B3, A1

Question 66

TCSEC Level that addresses covert storage channels

Answer 66

B2

Question 67

TCSEC Mandatory Protection (three classes)

Answer 67

B1 (MAC)”

Question 68

TCSEC Minimal Protection (one class)

Answer 68

D (Minimal Protection)

Question 69

TCSEC Verified Protection (one class)

Answer 69

A1 (Mathematical model must be proven)

Question 70

The Boundary that separates the TCB from the rest of the system.

Answer 70

Security Perimeter

Question 71

The ITSEC subject of an evaluation is called the ___ __ _____

Answer 71

Target of Evaluation (TOE)

Question 72

This Access Control model specifies the rights that a subject can transfer to an object, or that a subject can take from another subject.

Answer 72

Take?Grant model

Question 73

This recovery mode permits access by only privileged users from privileged terminals

Answer 73

Maintenance mode

Question 74

This refers to the data left on media after erasure

Answer 74

Data Remanence

Question 75

This standard includes levels of assurance, from D (Least secure) to A (Most secure)

Answer 75

TCSEC (Trusted Computer Security Evaluation Criteria)

Question 76

This type of recovery is required for only B3 and A1 TCSEC levels

Answer 76

Trusted Recovery

Question 77

Two operators are needed to perform a function. This is called

Answer 77

Dual Control

Question 78

Two operators review and approve each other’s work. This is called

Answer 78

Two?man control

Question 79

Unit of evaluations levels in the Common Criteria

Answer 79

Evaluation Assurance Level”

Question 80

What advantage does compulsory tunneling provide?

Answer 80

allows VPN connections to be concentrated over fewer high?capacity lines

Question 81

What advantage does LEAP have over EAP?

Answer 81

LEAP allows for mutual authentication

Question 82

What advantage does LEAP have over EAP?

Answer 82

LEAP allows for mutual authentication

Question 83

What advantage does RADIUS have over TACACS+?

Answer 83

better vendor support and implementation

Question 84

What advantage does TACACS+ have over RADIUS?

Answer 84

better security

Question 85

What advantage does TACACS+ have over TACACS?

Answer 85

multi?factor authentication

Question 86

What advantages do hand geometry scans have over fingerprint scans?

Answer 86

they are faster, cleaner, and less invasive

Question 87

What algorithm does AES use?

Answer 87

Rijndael

Question 88

What are DAT drives primarily used for?

Answer 88

basic network backups

Question 89

What are most fire extinguishers loaded with?

Answer 89

FE?36

Question 90

What are QIC tapes primarily used for?

Answer 90

backing up standalone computers

Question 91

What are the advantages and disadvantages of retinal scanning?

Answer 91

most reliable but most invasive

Question 92

What are the five main services provided by firewalls?

Answer 92

packet filtering; application filtering; proxy server; circuit?level; stateful inspection

Question 93

What are the four layers of the TCP/IP suite? How do they map to the OSI model?

Answer 93

Application > Application?Session”

Question 94

What are the four WAP layers?

Answer 94

Wireless Application Environment (WAE); Wireless Session Layer (WSL); Wireless Transport Layer Security (WTLS); Wireless Transport Layer (WTL)

Question 95

What are the seven stages in a certificate life cycle?

Answer 95

certificate enrollment; distribution; validation; revocation; renewal; destruction; auditing

Question 96

What are the six steps to incident response?

Answer 96

Preparation; Identification; Containment; Eradication; Recovery; Follow?Up

Question 97

What are the three A’s in computer forensics?

Answer 97

Acquire, Authenticate, Analyze

Question 98

What are the three components of AAA?

Answer 98

Authentication, Authorization, Access Control

Question 99

What are the three major classification levels with MAC?

Answer 99

Top Secret; Confidential; Unclassified

Question 100

What are the three major components of SSH?

Answer 100

Transport Layer protocol (SSH?TRANS); User authentication protocol (SSH?USERAUTH); connection protocol (SSH?CONN)

Question 101

What are the three types of NAT?

Answer 101

static NAT; dynamic NAT; overloading NAT

Question 102

What are the two advantages of block ciphers over stream ciphers?

Answer 102

they are faster and more secure

Question 103

What are the two basic types of DoS attacks?

Answer 103

flaw exploitation attacks and flooding attacks

Question 104

What are the two encryption modes for IPSec?

Answer 104

Transport, where only the data is encrypted; and Tunneling, where the entire packet is encrypted

Question 105

What are the two main components of L2TP?

Answer 105

L2TP Access Controller (LAC) and L2TP Network Server (LNS)

Question 106

What are the two main types of firewalls?

Answer 106

application?level and network?level

Question 107

What are the two most popular hashing routines in use today?

Answer 107

MD5 and SHA?1

Question 108

What are the two parts of a Key Distribution Center?

Answer 108

An authentication server (AS) and a ticket?granting server (TGS)

Question 109

What are the two types of network?level firewalls?

Answer 109

packet filters and stateful packet inspection

Question 110

What are the two types of symmetric algorithms?

Answer 110

block and stream

Question 111

What are tokens also known as?

Answer 111

One?time passwords

Question 112

What are two characteristics of a null scan?

Answer 112

TCP sequence number set to 0; no TCP flags set

Question 113

What can be done to reduce the effects of half?open attacks?

Answer 113

reduce the time a port waits for a response

Question 114

What disadvantage does CRL have that OCSP addresses?

Answer 114

updates must be downloaded frequently to be accurate

Question 115

What disadvantage does CRL have the OCSP addresses?

Answer 115

updates must be downloaded frequently to be accurate

Question 116

What disadvantage does speech recognition have?

Answer 116

easier to spoof than other biometric techniques

Question 117

What do BSS and ESS stand for?

Answer 117

Basic Service Set and Extended Service Set

Question 118

What DoD classification does DAC map to?

Answer 118

Level?C classification

Question 119

What DoD classification does MAC map to?

Answer 119

Level?B classification

Question 120

What does 802.1x do?

Answer 120

provides an authentication framework for wired and wirelss networks

Question 121

What does an attacker need to conduct ARP cache poisoning?

Answer 121

physical connectivity to a local segment

Question 122

What does CHAP use for authentication?

Answer 122

hashing

Question 123

What does chargen do?

Answer 123

responds to packets on UDP port 19 with random characters

Question 124

What does echo do?

Answer 124

responds to packets on UDP port 7

Question 125

What does ESS offer that BSS does not?

Answer 125

the ability to roam between AP’s

Question 126

What does IPSec require to be scaleable?

Answer 126

a PKI

Question 127

What does IPSec use for authentication and key exchange?

Answer 127

Diffie?Hellman

Question 128

What does IPSec use for encryption?

Answer 128

40?bit DES algorithm

Question 129

What does PGP use in place of a CA?

Answer 129

a web of trust””

Question 130

What does S/FTP use for encryption?

Answer 130

SSL

Question 131

What does WEP stand for?

Answer 131

Wired Equivalent Protection

Question 132

What drawback do heuristic?based IDS’s have?

Answer 132

higher rate of false positives

Question 133

What encryption does S/MIME use?

Answer 133

RSA

Question 134

What encryption scheme does WEP use?

Answer 134

RC4

Question 135

What four trust models do PKI’s fall into?

Answer 135

heirarchical; network/mesh; trust list; key ring

Question 136

What frequency does 802.11b operate at?

Answer 136

2.4 GHz

Question 137

What frequency does 802.11g operate at?

Answer 137

2.4 GHz

Question 138

What happens if an application?level protocol doesn’t have a proxy program for a given protocol?

Answer 138

the protocol can’t pass through the firewall

Question 139

What IP layer do man?in?the?middle attacks take place at?

Answer 139

internet layer

Question 140

What IP layer do SYN floods occur at?

Answer 140

transport layer

Question 141

What IP layers do DoS attacks occur at?

Answer 141

any layer

Question 142

What is a bastion host?

Answer 142

a gateway in a DMZ used to secure an internal network

Question 143

What is a key difference in security between MAC and DAC?

Answer 143

In MAC, a user who can access a file cannot necessarily copy it

Question 144

What is a TCP ACK scan used for?

Answer 144

determining if a port is filtered by a firewall

Question 145

What is a teardrop attack?

Answer 145

a type of DoS attack using a false fragmentation offset value

Question 146

What is a window scan?

Answer 146

a scan that attempts to determine the OS in use by its default TCP window size

Question 147

What is AES?

Answer 147

Advanced Encryption Standard? algorithm used by US government for sensitive but unclassified information

Question 148

What is an AUP?

Answer 148

Acceptable Use Policy

Question 149

What is an FTP bounce?

Answer 149

running scans against other computers through a vulnerable FTP server

Question 150

What is an open relay?

Answer 150

an SMTP relay that does not restrict access to authenticated users

Question 151

What is an open relay?

Answer 151

an SMTP relay that does not restrict access to authenticated users

Question 152

What is an SIV?

Answer 152

System Integrity Verifier? IDS that monitors critical system files for modification

Question 153

What is Authenticode?

Answer 153

a method of signing ActiveX controls

Question 154

What is Authenticode?

Answer 154

a method of signing ActiveX controls

Question 155

What is bytestream?

Answer 155

data from Application layer is segmented into datagrams that source and destination computers will support

Question 156

What is compulsory tunneling?

Answer 156

situation where VPN server chooses the endpoint of a communication

Question 157

What is CRL?

Answer 157

Certificate Revokation list? list of subscribers to a PKI and their certificate status

Question 158

What is DEN?

Answer 158

Directory?Enabled Networking? specification for how to store network information in a central location

Question 159

What is ECC?

Answer 159

Elliptical Curve Cryptography? public?key cryptographic method which generates smaller, faster, and more secure keys

Question 160

What is FE?13 used for?

Answer 160

explosion prevention

Question 161

What is FE?13 used for?

Answer 161

explosion prevention

Question 162

What is hashing?

Answer 162

changing a character string into a shorter fixed?length value or key

Question 163

What is HTTPS?

Answer 163

HTTP over SSL

Question 164

What is IDEA?

Answer 164

International Data Encryption Algorithm? a 128?bit private?key encryption system

Question 165

What is IGMP used for?

Answer 165

multicasting

Question 166

What is key escrow?

Answer 166

administration of a private key by a trusted third party

Question 167

What is MD5 designed for?

Answer 167

digital signatures

Question 168

What is OCSP?

Answer 168

Online Certificate Status Protocol? a replacement for CRL

Question 169

What is PEM?

Answer 169

Privacy Enhanced Mail? public?key encryption similar to S/MIME

Question 170

What is PGP primarily used for?

Answer 170

email encryption

Question 171

What is port mirroring?

Answer 171

on switches, the ability to map the input and output of one or more ports to a single port

Question 172

What is smurfing?

Answer 172

broadcasting echo requests with a falsified source address, overwhelming the owner of the address

Question 173

What is source routing?

Answer 173

Sender defines hops a packet must travel through

Question 174

What is TACACS?

Answer 174

Terminal Access Controller Access Control System

Question 175

What is the hidden node” problem?”

Answer 175

When a wireless client cannot see the network due to interference.

Question 176

What is the difference between S?HTTP and SSL?

Answer 176

S?HTTP is designed to send individual messages securely; SSL sets up a secure connection between two computers

Question 177

What is the DSS?

Answer 177

Digital Signature Standard? provides for non?repudiation of messages

Question 178

What is the first step in risk analysis?

Answer 178

identifying assets

Question 179

What is the key length for Blowfish?

Answer 179

variable length

Question 180

What is the main difference between S/MIME and PGP?

Answer 180

S/MIME relies upon a CA for public key distribution

Question 181

What is the maximum capacity of 4mm DAT?

Answer 181

40 Gb

Question 182

What is the maximum capacity of 8mm tapes?

Answer 182

50 Gb

Question 183

What is the maximum capacity of DLT?

Answer 183

220 Gb

Question 184

What is the maximum capacity of QIC?

Answer 184

20 GB

Question 185

What is the maximum capacity of Travan?

Answer 185

40 Gb

Question 186

What is the maximum length of a valid IP datagram?

Answer 186

64K

Question 187

What is the maximum throughput of 802.11a?

Answer 187

54 Mbps

Question 188

What is the maximum throughput of 802.11b?

Answer 188

11 Mbps

Question 189

What is the maximum throughput of 802.11g?

Answer 189

54 Mbps

Question 190

What is the most effective way of enforcing security in a dialup network?

Answer 190

require callback

Question 191

What is the primary limitation of symmetric cryptography?

Answer 191

key distribution

Question 192

What is the RFC?recommended size of an IP datagram?

Answer 192

576 bytes

Question 193

What is the standard key length for 3DES?

Answer 193

168 bits

Question 194

What is the standard key length for DES?

Answer 194

56 bits

Question 195

What is the standard key length for IDEA?

Answer 195

128 bits

Question 196

What is the top priority in computer forensics?

Answer 196

document each step taken

Question 197

What is TLS?

Answer 197

Transport?Layer Security? a successor to SSL

Question 198

What is unique about the network/mesh model of PKI?

Answer 198

multiple parties must be present before access to the token is granted

Question 199

What is WML?

Answer 199

Wireless Markup Language? used to create pages for WAP

Question 200

What is WML?

Answer 200

Wireless Markup Language? used to create pages for WAP

Question 201

What is X.509 used for?

Answer 201

digital certificates

Question 202

What kind of algorithm is 3DES?

Answer 202

symmetric

Question 203

What kind of encryption does AES use?

Answer 203

private?key

Question 204

What kind of encryption does HTTPS use?

Answer 204

40?bit RC4

Question 205

What language are most new smart card applications written in?

Answer 205

Java

Question 206

What language is normally used to write CGI scripts?

Answer 206

Perl

Question 207

What limitation do application?level firewalls create for proprietary software?

Answer 207

proprietary software often uses proprietary protocols, which often can’t pass the firewall

Question 208

What limitation does IPSec have?

Answer 208

only supports unicast transmissions

Question 209

What makes non?repudiation a stronger version of authentication?

Answer 209

non?repudiation comes from a third party

Question 210

What mathematical fact does a birthday attack rely on?

Answer 210

it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset

Question 211

What might be indicated by packets from an internal machine with an external source address in the header?

Answer 211

machine is being used in a DoS/DDoS attack

Question 212

What might be indicated by packets from an internal machine with an external source address in the header?

Answer 212

machine is being used in a DoS/DDoS attack

Question 213

What model is DEN based on?

Answer 213

Common Information Model (CIM)

Question 214

What OS do most PBX’s use?

Answer 214

UNIX

Question 215

What OSI layer do stateful firewalls reside at?

Answer 215

network layer

Question 216

What port do DNS lookups use?

Answer 216

UDP port 53

Question 217

What port do DNS zone transfers use?

Answer 217

TCP port 53

Question 218

What port does echo use?

Answer 218

port 7

Question 219

What port does FTP use for data?

Answer 219

port 20

Question 220

What port does HTTPS use?

Answer 220

TCP 443

Question 221

What port does L2TP use?

Answer 221

UDP 1701

Question 222

What port does LDAP use?

Answer 222

TCP/UDP port 389

Question 223

What port does LDAPS use?

Answer 223

TCP/UDP port 636

Question 224

What port does NNTP use?

Answer 224

TCP/UDP 119

Question 225

What port does POP3 use?

Answer 225

port 110

Question 226

What port does RADIUS use?

Answer 226

port 1812

Question 227

What port does SMTP use?

Answer 227

port 25

Question 228

What port does SNMP use?

Answer 228

port 161

Question 229

What port does SSH use?

Answer 229

port 22

Question 230

What port does TACACS use?

Answer 230

port 49

Question 231

What port does Telnet use?

Answer 231

port 23

Question 232

What port does the chargen exploit use?

Answer 232

TCP 19

Question 233

What ports are commonly used for NetBIOS names and sessions?

Answer 233

TCP/UDP 137, 138, 139

Question 234

What ports do DHCP and BOOTP use?

Answer 234

TCP/UDP ports 67 and 68

Question 235

What ports does DNS use?

Answer 235

TCP and UDP 53

Question 236

What ports does FTP use?

Answer 236

ports 20 and 21

Question 237

What protocol does 802.1x use for authentication?

Answer 237

EAP

Question 238

What protocol does 802.1x use for authentication?

Answer 238

EAP

Question 239

What protocol does IPSec use to exchange keys?

Answer 239

Internet Key Exchange (IKE)

Question 240

What protocol does RADIUS use?

Answer 240

UDP

Question 241

What protocol does TACACS+ use?

Answer 241

TCP

Question 242

What protocol is being pushed as an open standard for IM?

Answer 242

SIMPLE

Question 243

What protocol is replacing PPTP?

Answer 243

L2TP

Question 244

What security advantage do managed hubs provide over other hubs?

Answer 244

they can detect physical configuration changes and report them

Question 245

What security hole does RIPv1 pose?

Answer 245

RIPv1 does not allow router passwords

Question 246

What security hole does SPAP have?

Answer 246

remote server can be impersonated

Question 247

What security problem does FTP have?

Answer 247

authentication sent in cleartext

Question 248

What security weakness does SPAP have?

Answer 248

does not protect against remote server impersonation

Question 249

What size is an MD5 hash?

Answer 249

128 bits

Question 250

What sort of attack does TACACS+’s lack of integrity checking make it vulnerable to?

Answer 250

replay attacks

Question 251

What sort of devices normally use TACACS?

Answer 251

network infrastructure devices

Question 252

What standard is LDAP based on?

Answer 252

X500

Question 253

What TCP sequence number does an XMAS scan use?

Answer 253

0

Question 254

What three basic router/firewall measures will reduce the effects of a DoS attack?

Answer 254

egress filtering, ingress filtering, and disabling IP?directed broadcasting

Question 255

What three methods are used to determine VLAN membership on the local switch?

Answer 255

port?based; MAC?based; protocol?based

Question 256

What three people were involved in the creation of RSA?

Answer 256

Rivest, Shamir, Adleman

Question 257

What three protocols are routinely layered over TLS?

Answer 257

IMAP, POP3, and SMTP

Question 258

What three tape types offer high capacity and rapid data transfer?

Answer 258

8mm, DLT, and LTO

Question 259

What three utilities comprise SSH?

Answer 259

SSH, Slogon, SCP

Question 260

What two algorithm options exist for PGP?

Answer 260

RSA and Diffie?Hellman

Question 261

What two bit strengths is SSL available in?

Answer 261

40?bit and 128?bit

Question 262

What two bit strengths is SSL available in?

Answer 262

40?bit and 128?bit

Question 263

What two encryption standards is AES designed to replace?

Answer 263

DES and 3DES

Question 264

What two layers does TLS consist of?

Answer 264

TLS Record Protocol and TLS Handshake Protocol

Question 265

What two methods are used to determine VLAN membership on a remote switch?

Answer 265

implicit, based on MAC address; explicit, where the first switch adds a tag

Question 266

What two methods do IDS’s use to detect and analyze attacks?

Answer 266

misuse detection and anomoly detection

Question 267

What two pieces of information comprise a socket?

Answer 267

source IP address and source port

Question 268

What two protocols were combined to form L2TP?

Answer 268

Microsoft’s PPTP and Cisco’s L2F

Question 269

What two services are provided by IPSec?

Answer 269

Authentication Header (AH) and Encapsulating Security Payload (ESP)

Question 270

What two strengths does SSL come in?

Answer 270

40?bit and 128?bit

Question 271

What two types of certificates does S/MIME use?

Answer 271

PKCS #7 certificates for message content and X.509v3 for source authentication

Question 272

What type of access control do most commercial OS’s use?

Answer 272

DAC

Question 273

What type of encryption does PGP use?

Answer 273

PKI

Question 274

What type of encryption does PGP use?

Answer 274

PKI

Question 275

What type of encryption does SSH use?

Answer 275

RSA PKI

Question 276

What type of encryption does SSL use?

Answer 276

RSA PKI

Question 277

What type of encryption is AES?

Answer 277

symmetric

Question 278

What type of encryption is Kerberos?

Answer 278

symmetric

Question 279

What type of IDS will likely detect a potential attack first? Why?

Answer 279

Network?based IDS: runs in real?time

Question 280

What type of media access control does 802.11 use?

Answer 280

collision avoidance

Question 281

What type of network is CHAP primarily used on?

Answer 281

PPP

Question 282

What type of network is extremely vulnerable to Man in the Middle attacks?

Answer 282

wireless

Question 283

What version of BIND allows for mutual authentication?

Answer 283

BINDv9

Question 284

Which hashing algorithm is more secure, MD5 or SHA?1?

Answer 284

SHA?1

Question 285

Which is faster, application?level or network?level firewalls?

Answer 285

network?level firewalls

Question 286

Which of the five router services do e?mail gateways provide?

Answer 286

application filtering

Question 287

Who created RC2 and RC4?

Answer 287

Rivest

Question 288

Who defines a certificate’s life cycle?

Answer 288

the issuing CA

Question 289

Who developed PGP?

Answer 289

Phillip R. Zimmerman

Question 290

Who developed SSL?

Answer 290

Netscape

Question 291

Why are VLAN’s considered broadcast domains?

Answer 291

all hosts on the VLAN can broadcast to all other hosts on the VLAN

Question 292

Why can hand geometry only be used for verification, rather than identification?

Answer 292

hand geometry is not unique

Question 293

Why do routers help limit the damage done by sniffing and MITM attacks?

Answer 293

They send data to a specific subnet only

Question 294

Why is detecting statistical anomolies a good approach to intrusion detection?

Answer 294

don’t have to understand the root cause of the anomolies

Question 295

Why is detecting statistical anomolies a good approach to intrusion detection?

Answer 295

don’t have to understand the root cause of the anomolies

Question 296

With biometric scanning, what is accepting a user who should be rejected called?

Answer 296

Type II error

Question 297

With biometric scanning, what is rejecting a valid user called?

Answer 297

Type I error