Infosec

Question 1

A bot is a computer compromised by malware and under the control of a bot master (attacker). (T or F)

Answer 1

True

Question 2

The best defense against being an unwitting participant in a DDoS attack is to prevent your systems from being compromised. TF

Answer 2

True

Question 3

Botnet command-and-control must be centralized, i.e., all bots communicate with a central server(s). TF

Answer 3

False

Question 4

Both static and dynamic analyses are needed in order to fully understand malware behaviors. TF

Answer 4

False

Question 5

The domain name(s) of the command and control server(s) of a botnet are pre-determined for the lifetime of the botnet. TF

Answer 5

False

Question 6

Some APT attacks last for years before they are detected. TF

Answer 6

True

Question 7

If we find that a botnet server is located in country X, we can be certain that criminals within country X control the botnet.

Answer 7

False

Question 8

A firewall can serve as the platform for IPSec.

Answer 8

True

Question 9

A packet filtering firewall is typically configured to filter packets going in both directions.

Answer 9

True

Question 10

A prime disadvantage of an application-level gateway is the additional processing overhead on each connection.

Answer 10

True

Question 11

A DMZ is one of the internal firewalls protecting the bulk of the enterprise network.

Answer 11

False

Question 12

A Botnet can use \_\_\_\_\_\_\_ for command-and-control.
 A.Email	
 B.HTTP	
 C.IRC	
 D.All the above

Answer 12

D.All the above

Question 13

In a \_\_\_\_\_\_ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system.
 A.SYN flood	
 B.DNS amplification	
 C.poison packet	
 D.UDP flood

Answer 13

B.DNS amplification

Question 14

Characteristics of APT include \_\_\_\_\_\_.
 A.Using zero-day exploit	
 B.Low-and-slow	
 C.Targeting high-value data	
 D.All the above

Answer 14

D.All the above

Question 15

The \_\_\_\_\_\_\_ defines the transport protocol.
 A.destination IP address	
 B.source IP address	
 C.interface	
 D.IP protocol field

Answer 15

D.IP protocol field

Question 16

A \_\_\_\_\_\_\_\_\_ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.
 A.packet filtering	
 B.stateful inspection	
 C.application-level	
 D.circuit-level

Answer 16

D.circuit-level

Question 17

Typically the systems in the \_\_\_\_\_\_\_\_ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server.
 A.DMZ	
 B.IP protocol field	
 C.boundary firewall	
 D.VPN

Answer 17

A.DMZ

Question 18

A \_\_\_\_\_\_\_ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.
 A.packet filtering firewall	
 B.distributed firewall	
 C.personal firewall	
 D.stateful inspection firewall

Answer 18

B.distributed firewall

Question 19

The \_\_\_\_\_\_\_\_ attack is designed to circumvent filtering rules that depend on TCP header information.
 A.tiny fragment	
 B.address spoofing	
 C.source routing	
 D.bastion host

Answer 19

A.tiny fragment

Question 20

The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function.

Answer 20

True

Question 21

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

Answer 21

T

Question 22

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

Answer 22

T

Question 23

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

Answer 23

F

Question 24

A common location for a NIDS sensor is just inside the external firewall.

Answer 24

T

Question 25

Network-based intrusion detection makes use of signature detection and anomaly detection.

Answer 25

T

Question 26

Symmetric encryption is used primarily to provide confidentiality.

Answer 26

T

Question 27

Two of the most important applications of public-key encryption are digital signatures and key management.

Answer 27

T

Question 28

The secret key is one of the inputs to a symmetric-key encryption algorithm.

Answer 28

T

Question 29

The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.

Answer 29

T

Question 30

Public-key algorithms are based on simple operations on bit patterns.

Answer 30

T

Question 31

A \_\_\_\_\_\_\_ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.
 A.host-based IDS	
 B.security intrusion	
 C.network-based IDS	
 D.intrusion detection

Answer 31

A.host-based IDS

Question 32

\_\_\_\_\_\_\_ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
 A.Profile based detection	
 B.Signature detection	
 C.Threshold detection	
 D.Anomaly detection

Answer 32

B.Signature detection

Question 33

\_\_\_\_\_\_\_ involves the collection of data relating to the behavior of legitimate users over a period of time.
 A.Profile based detection	
 B.Signature detection	
 C.Threshold detection	
 D.Anomaly detection

Answer 33

D.Anomaly detection

Question 34

A(n) \_\_\_\_\_\_ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.
 A.passive sensor	
 B.analysis sensor	
 C.LAN sensor	
 D.inline sensor

Answer 34

D.inline sensor

Question 35

The \_\_\_\_\_\_ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.
 A.data source	
 B.sensor	
 C.operator	
 D.analyzer

Answer 35

D.analyzer

Question 36

On average, \_\_\_\_\_\_\_\_ of all possible keys must be tried in order to achieve success with a brute-force attack.
 A.one-fourth	
 B.half	
 C.two-thirds	
 D.three-fourths

Answer 36

B.half

Question 37

\_\_\_\_\_\_\_\_ is a procedure that allows communicating parties to verify that received or stored messages are authentic.
 A.Cryptanalysis	
 B.Decryption	
 C.Message authentication	
 D.Collision resistance

Answer 37

C.Message authentication

Question 38

The purpose of a \_\_\_\_\_\_\_\_ is to produce a ?fingerprint? of a file, message, or other block of data.
 A.secret key	
 B.digital signature	
 C.keystream	
 D.hash function

Answer 38

D.hash function

Question 39

A \_\_\_\_\_\_\_\_\_ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.
 A.digital signature	
 B.keystream	
 C.one-way hash function	
 D.secret key

Answer 39

A.digital signature

Question 40

If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to \_\_\_\_\_\_\_\_ .
 A.use longer keys	
 B.use shorter keys	
 C.use more keys	
 D.use less keys

Answer 40

A.use longer keys

Question 41

Symmetric encryption is also referred to as secret-key or single-key encryption

Answer 41

T

Question 42

The ciphertext-only attack is the easiest to defend against.

Answer 42

T

Question 43

A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.

Answer 43

T

Question 44

AES uses a Feistel structure.

Answer 44

F

Question 45

Each block of 64 plaintext bits is encoded independently using the same key? is a description of the CBC mode of operation.

Answer 45

F

Question 46

Timing attacks are only applicable to RSA.

Answer 46

F

Question 47

Using PKCS (public-key cryptography standard), when RSA encrypts the same message twice, different ciphertexts will be produced.

Answer 47

T

Question 48

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms

Answer 48

T

Question 49

A key exchange protocol is vulnerable to a man-in-the-middle attack if it does not authenticate the participants.

Answer 49

T

Question 50

Just like RSA can be used for signature as well as encryption, Digital Signature Standard can also be used for encryption.

Answer 50

F

Question 51

In general, public key based encryption is much slower than symmetric key based encryption.

Answer 51

T

Question 52

\_\_\_\_\_\_\_\_ is the original message or data that is fed into the encryption process as input.
 A.Plaintext	
 B.Encryption algorithm	
 C.Decryption algorithm	
 D.Ciphertext

Answer 52

A.Plaintext

Question 53

Which of the following would allow an attack that to know the (plaintext of) current message must be the same as one previously transmitted because their ciphtertexts are the same?
 A.CBC	
 B.ECB	
 C.CFB	
 D.OFB

Answer 53

B.ECB

Question 54

\_\_\_\_\_\_\_\_ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.
 A.Session key	
 B.Subkey	
 C.Key distribution technique	
 D.Ciphertext key

Answer 54

C.Key distribution technique

Question 55

Which of the following feature can only be provided by public-key cryptography?
 A.Confidentiality protection	
 B.Integrity protection	
 C.Non-repudiation	
 D.None of the above

Answer 55

C.Non-repudiation

Question 56

Cryptographic systems are generically classified by _______.
A.the type of operations used for transforming plaintext to ciphertext
B.the number of keys used
C.the way in which the plaintext is processed
D.all of the above

Answer 56

D.all of the above

Question 57

tion 17 of 20
5.0 Points
\_\_\_\_\_\_\_\_ attacks have several approaches, all equivalent in effort to factoring the product of two primes.
 A.Mathematical	
 B.Brute-force	
 C.Chosen ciphertext	
 D.Timing

Answer 57

A.Mathematical

Question 58

\_\_\_\_\_\_\_\_ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number.
 A.Digital standards	
 B.Mathematical attacks	
 C.Ciphers	
 D.Timing attacks

Answer 58

D.Timing attacks

Question 59

\_\_\_\_\_\_\_\_\_ was the first published public-key algorithm.
 A.NIST	
 B.Diffie-Hellman	
 C.RC4	
 D.RSA

Answer 59

B.Diffie-Hellman

Question 60

The principal attraction of \_\_\_\_\_\_\_\_ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead.
 A.ECC	
 B.MD5	
 C.Diffie-Hellman	
 D.none of the above

Answer 60

A.ECC

Question 61

SHA is perhaps the most widely used family of hash functions.

Answer 61

T

Question 62

SHA-1 is considered to be very secure.

Answer 62

F

Question 63

HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strengths.

Answer 63

T

Question 64

The additive constant numbers used in SHA-512 are random-looking and are hardcoded in the algorithm.

Answer 64

T

Question 65

The strong collision resistance property subsumes the weak collision resistance property.

Answer 65

T

Question 66

Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES and AES.

Answer 66

T

Question 67

A hash function such as SHA-1 was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key.

Answer 67

T

Question 68

It is a good idea to use sequentially increasing numbers as challenges in security protocols.

Answer 68

F

Question 69

Assuming that Alice and Bob have each other?s public key. In order to establish a shared session key, Alice just needs to generate a random k, encrypt k using Bob?s public key, and send the encrypted k to Bob and then Bob will know he has a key shared with Alice.

Answer 69

F

Question 70

In security protocol, an obvious security risk is that of impersonation.

Answer 70

F

Question 71

In Kerberos, the authentication server shares a unique secret key with each authorized computer on the network.

Answer 71

T

Question 72

In Kerberos, each human user has a master key shared with the authentication server, and the key is usually derived from the user’s password.

Answer 72

T

Question 73

In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user?s master key.

Answer 73

T

Question 74

The ticket-granting ticket is never expired.

Answer 74

F

Question 75

Kerberos does not support inter-realm authentication.

Answer 75

B

Question 76

SHA-1 produces a hash value of \_\_\_\_\_\_\_ bits.
 A.256	
 B.160	
 C.384	
 D.180

Answer 76

B.160

Question 77

Issued as RFC 2104, \_\_\_\_\_\_\_ has been chosen as the mandatory-to-implement MAC for IP Security.
 A.RSA	
 B.SHA-3	
 C.DSS	
 D.HMAC

Answer 77

D.HMAC

Question 78

The DSS makes use of the \_\_\_\_\_\_\_ and presents a new digital signature technique, the Digital Signature Algorithm (DSA).
 A.HMAC	
 B.XOR	
 C.RSA	
 D.SHA-1

Answer 78

D.SHA-1

Question 79

The purposes of a security protocol include:
A.Authentication
B.Key-exchange
C.Negotiate crypto algorithms and parameters
D.All the above

Answer 79

D.All the above

Question 80

Which of the following scenario requires a security protocol:
A.log in to mail.google.com
B.connecting to work from home using a VPN
C.Both A and B

Answer 80

C.Both A and B

Question 81

In IPSec, if A uses DES for traffic from A to B, then B must also use DES for traffic from B to A.

Answer 81

F

Question 82

In IPSec, the sequence number is used for preventing replay attacks.

Answer 82

T

Question 83

Most browsers come equipped with SSL and most Web servers have implemented the protocol.

Answer 83

T

Question 84

In IPSec, packets can be protected using ESP or AH but not both at the same time.

Answer 84

F

Question 85

Even web searches have (often) been in HTTPS.

Answer 85

T

Question 86

In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic.

Answer 86

T

Question 87

Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes.

Answer 87

T

Question 88

iOS has no vulnerability.

Answer 88

F

Question 89

In iOS, each file is encrypted using a unique, per-file key.

Answer 89

T

Question 90

In iOS, an app can run its own dynamic, run-time generated code.

Answer 90

F

Question 91

The App Store review process can guarantee that no malicious iOS app is allowed into the store for download.

Answer 91

F

Question 92

In iOS, each app runs in its own sandbox.

Answer 92

T

Question 93

In Android, all apps have to be reviewed and signed by Google.

Answer 93

F

Question 94

In Android, an app will never be able to get more permission than what the user has approved.

Answer 94

F

Question 95

Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates).

Answer 95

F

Question 96

The most complex and important part of TLS is the \_\_\_\_\_\_\_\_.
 A.signature	
 B.message header	
 C.payload	
 D.handshake protocol

Answer 96

D.handshake protocol

Question 97

\_\_\_\_\_\_\_ is a list that contains the combinations of cryptographic algorithms supported by the client.
 A.Compression method	
 B.Session ID	
 C.CipherSuite	
 D.All of the above

Answer 97

C.CipherSuite

Question 98

ESP supports two modes of use: transport and \_\_\_\_\_\_\_\_.
 A.padding	
 B.tunnel	
 C.payload	
 D.sequence

Answer 98

B.tunnel

Question 99

A benefit of IPsec is ________.
A.that it is below the transport layer and transparent to applications
B.there is no need to revoke keying material when users leave the organization
C.it can provide security for individual users if needed
D.all of the above

Answer 99

Not A

Question 100

The \_\_\_\_\_\_ field in the outer IP header indicates whether the association is an AH or ESP security association.
 A.protocol identifier	
 B.security parameter index	
 C.IP destination address	
 D.sequence path counter

Answer 100

A.protocol identifier

Question 101

A cookie can be used to authenticate a user to a web site so that the user does not have to type in his password for each connection to the site.

Answer 101

T

Question 102

Malicious JavaScripts is a major threat to browser security.

Answer 102

T

Question 103

XSS is possible when a web site does not check user input properly and use the input in an outgoing html page.

Answer 103

T

Question 104

XSS can perform many types of malicious actions because a malicious script is executed at user?s browser.

Answer 104

T

Question 105

XSRF is possible when a user has a connection to a malicious site while a connection to a legitimate site is still alive.

Answer 105

T

Question 106

In XSRF, the malicious site can send malicious script to execute in the user?s browser by embedding the script in a hidden iframe.

Answer 106

T

Question 107

It is easy for the legitimate site to know if a request is really from the (human) user.

Answer 107

F

Question 108

SQL injection attacks only lead to information disclosure.

Answer 108

F

Question 109

Using an input filter to block certain characters is an effective way to prevent SQL injection attacks.

Answer 109

F

Question 110

SQL injection is yet another example that illustrates the importance of input validation.

Answer 110

T

Question 111

Organizational security objectives identify what IT security outcomes should be achieved.

Answer 111

T

Question 112

Since the responsibility for IT security is shared across the
organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

Answer 112

T

Question 113

Legal and regulatory constraints may require specific approaches to risk assessment.

Answer 113

T

Question 114

One asset may have multiple threats and a single threat may target multiple assets.

Answer 114

T

Question 115

It is likely that an organization will not have the resources to implement all the recommended controls.

Answer 115

T

Question 116

The IT security management process ends with the implementation of controls and the training of personnel.

Answer 116

F

Question 117

The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations.

Answer 117

T

Question 118

The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users.

Answer 118

T

Question 119

An IT security plan should include details of \_\_\_\_\_\_\_\_.
 A.risks	
 B.recommended controls	
 C.responsible personnel	
 D.all of the above

Answer 119

D.all of the above

Question 120

\_\_\_\_\_\_ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries.
 A.Anonymization	
 B.Data transformation	
 C.Immutable audit	
 D.Selective revelation

Answer 120

A.Anonymization