Mid Term Exam

Question 1

What is the most likely weak link when using asymmetric encryption for verifying message integrity and nonrepudiation?

Question 1 options:

the source of the public keys

the integrity of the private keys

the use of the sender’s private key

the hashing algorithm used to generate a message digest

Answer 1

the source of the public keys *

Question 2

If you see a /16 in the header of a snort rule, what does it mean?

Question 2 options:

the detected signature is 16 bits in length

the size of the log file is 16 MB

the subnet mask is 255.255.0.0

a maximum of 16 log entries should be kept

Answer 2

the subnet mask is 255.255.0.0 *

Question 3

Which layer does wireless communication rely heavily upon?

Question 3 options:

LLC sublayer of the Transport layer

MAC sublayer of the Network layer

LLC sublayer of the Data Link layer

MAC sublayer of the Data Link layer

Answer 3

MAC sublayer of the Data Link layer *

Question 4

In which type of attack do attackers intercept the transmissions of two communicating nodes without the user’s knowledge?

Question 4 options:

brute force

rogue device

wardriver

man-in-the-middle

Answer 4

man-in-the-middle *

Question 5

Which of the following is a valid IPv6 address?

Question 5 options:

1080::8:800:200C:417A

5510:ABCD::34:1::2

24::5B1A::346C

5BA4:2391:0:0:4C3E

Answer 5

1080::8:800:200C:417A *

Question 6

Which binary signaling technique uses a scheme in which zero voltage represents a 0 bit and the voltage for a 1 bit does not drop back to zero before the end of the bit period?

Question 6 options:

RTZ

polar NRZ

NRZ

polar RTZ

Answer 6

NRZ *

Question 7

Which of the following is a reason that UDP is faster than TCP?

Question 7 options:

it doesn’t use port numbers

it doesn’t guarantee delivery

the header is smaller

it has a higher priority on the network

Answer 7

it doesn’t guarantee delivery *

Question 8

To determine best path, routers use metrics such as the value of the first octet of the destination IP address.

Question 8 options:
True
False

Answer 8

False *

Question 9

The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?

Question 9 options:

training period

profile monitoring

traffic normalizing

baseline scanning

Answer 9

training period *

Question 10

Which of the following types of traffic does NOT travel through routers?

Question 10 options:

DNS zone transfers

network route information

ARP requests

SNMP status information

Answer 10

ARP requests *

Question 11

Which security tool works by recognizing signs of a possible attack and sending notification to an administrator?

Question 11 options:

DiD

IDPS

VPN

DMZ

Answer 11

IDPS *

Question 12

The Fresnel zone is the dispersal pattern of waves as they travel from sending to receiving antennas.

Question 12 options:
True
False

Answer 12

False *

Question 13

A hactivist can best be described as which of the following?

Question 13 options:

deface Web sites by leaving messages for their friends to read

an unskilled programmer that spreads malicious scripts

consider themselves seekers of knowledge

use DoS attacks on Web sites with which they disagree

Answer 13

use DoS attacks on Web sites with which they disagree *

Question 14

Which type of scan has the FIN, PSH, and URG flags set?

Question 14 options:

SYN Scan

FIN scan

Xmas scan

Null scan

Answer 14

Xmas scan *

Question 15

In which frequency range are you likely to find WLANs?

Question 15 options:

3-30 MHz

2.9-30 GHz

30-300 GHz

174-328 MHz

Answer 15

2.9-30 GHz *

Question 16

Which of the following is NOT a suggested practice before using a newly configured wireless network?

Question 16 options:

change the manufacturer’s default key

change the administrator password

alter the default channel

use the default encryption method

Answer 16

use the default encryption method *

Question 17

An NIDPS can tell you whether an attack attempt on the host was successful.

Question 17 options:
True
False

Answer 17

False *

Question 18

Which of the following is the IPv6 loopback address?

Question 18 options:

::FFFF

000:000::

::1

1000:127:0:0:1

Answer 18

::1 *

Question 19

Which of the following is true about ACLs on Cisco routers?

Question 19 options:

there is an implicit deny any statement at the end of the ACL

there is an explicit permit any statement at the beginning of the ACL

ACLs bound to an interface apply to inbound and outbound traffic by default

ACLs are processed in reverse order so place high priority statements last

Answer 19

there is an implicit deny any statement at the end of the ACL *

Question 20

Why might you want to allow extra time for setting up the database in an anomaly-based system?

Question 20 options:

to add your own custom rule base

the installation procedure is usually complex and time consuming

to allow a baseline of data to be compiled

it requires special hardware that must be custom built

Answer 20

to allow a baseline of data to be compiled *

Question 21

Which of the following is a command you would find in an anti-spoofing ACL for network 172.31.0.0/16?

Question 21 options:

permit ICMP any any redirect

deny TCP 172.31.0.0 0.0.0.0 any log

permit IP any 172.31.0.0 0.0.255.255 log

deny IP 172.31.0.0 0.0.255.255 any log

Answer 21

deny IP 172.31.0.0 0.0.255.255 any log -

Question 22

Which of the following is the first step in the digital signature process where Mike sends a message to Sophie?

Question 22 options:

Sophie encrypts Mike’s message with Mike’s public key

Sophie compares the message digest she calculated to Mike’s message

a message digest of Mike’s message is calculated using a hashing algorithm

the message digest is encrypted by Mike’s private key

Answer 22

a message digest of Mike’s message is calculated using a hashing algorithm -

Question 23

How does the CVE standard make network security devices and tools more effective?

Question 23 options:

they can share information about attack signatures

it requires you to use compatible devices from one vendor

the layered approach makes attacks nearly impossible

it warns an attacker that your site is being monitored

Answer 23

they can share information about attack signatures *

Question 24

Which of the following is true about an NIDPS versus an HIDPS?

Question 24 options:

an NIDPS can compare audit log records

an HIDPS can detect intrusion attempts on the entire network

an HIDPS can detect attacks not caught by an NIDPS

an NIDPS can determine if a host attack was successful x

Answer 24

an HIDPS can detect intrusion attempts on the entire network -

Question 25

Wireless networks use the CSMA/CD media access method.

Question 25 options:
True
False

Answer 25

False *

Question 26

Which of the following is true about static routes?

Question 26 options:

they are created by routing protocols

the metric is higher than a dynamic route

they are used for stub networks

they change automatically as the network changes

Answer 26

they are used for stub networks *

Question 27

With which access control method do system administrators establish what information users can share?

Question 27 options:

administrative access control

discretionary access control

mandatory access control

role-based access control

Answer 27

mandatory access control -

Question 28

Which of the following is an IDPS security best practice?

Question 28 options:

log files for HIDPSs should be kept local

communication between IDPS components should be encrypted

all sensors should be assigned IP addresses

to prevent false positives, only test the IDPS at initial configuration

Answer 28

communication between IDPS components should be encrypted *

Question 29

Which of the following is the description of a land attack?

Question 29 options:

an illegal TCP flag is found in the segment header

the attacker uses an undefined protocol number

source and destination IP address/port are the same

the local host source address occurs in the packet

Answer 29

source and destination IP address/port are the same *

Question 30

What feature in ICMPv6 replaces ARP in IPv4?

Question 30 options:

Authentication Header

Neighbor Discovery

Multicast Listener Discovery

Echo Request

Answer 30

Neighbor Discovery *

Question 31

What is a Basic Service Set?

Question 31 options:

a group of wireless devices served by a single AP

wireless devices set up as a basic ad-hoc network

a wireless network that does not use an AP

multiple APs are set up to provide some overlap

Answer 31

a group of wireless devices served by a single AP *

Question 32

Which of the following is NOT a category of suspicious TCP/IP packet?

Question 32 options:

bad header information

suspicious data payload

suspicious CRC value

single-packet attacks

Answer 32

suspicious CRC value *

Question 33

f you are subnetting a class B network, what subnet mask will yield 64 subnets?

Question 33 options:

255.255.252.0

255.255.192.0

255.255.224.0

255.255.64.0

Answer 33

255.255.252.0 *

Question 34

With discretionary access control, network users can share information with other users, making it riskier than MAC.

Question 34 options:
True
False

Answer 34

True *

Question 35

Which of the following is true about extended IP ACLs?

Question 35 options:

the ‘established’ keyword is not available except on standard ACLs

they should be applied to an interface close to the traffic source

you can apply multiple outbound ACLs on a single interface

the default inverse mask for the source is 0.0.0.0

Answer 35

they should be applied to an interface close to the traffic source *

Question 36

Which of the following makes a single pass on data and generates a 128-bit hash value displayed as a 32-character hexadecimal number and is used in VPNs?

Question 36 options:

RC4

Message Digest 5

Twofish

RSA

Answer 36

Message Digest 5*

Question 37

What is an advantage of the anomaly detection method?

Question 37 options:

easy to understand and less difficult to configure than a signature-based system x

system can detect attacks from inside the network by people with stolen accounts

makes use of signatures of well-known attacks

after installation, the IDPS is trained for several days or weeks

Answer 37

the system can detect attacks from inside the network by people with stolen accounts. -

Question 38

Which wireless transmission method uses a hopping code?

Question 38 options:

infrared

FHSS

OFDM

narrowband

Answer 38

FHSS *

Question 39

Why might you want your security system to provide nonrepudiation?

Question 39 options:

to prevent an unauthorized user from logging into the system

to trace the origin of a worm spread through email

so a user can’t deny sending or receiving a communication

to prevent a user from capturing packets and viewing sensitive information

Answer 39

so a user can’t deny sending or receiving a communication *

Question 40

What is the packet called where a Web browser sends a request to the Web server for Web page data?

Question 40 options:

HTML RELAY

HTTP GET

HTML SEND

HTTP XFER

Answer 40

HTTP GET *

Question 41

Packet fragmentation is not normal, and can only occur if an attack has been initiated.

Question 41 options:
True
False

Answer 41

True *

Question 42

Which of the following is true about MAC addresses in a wireless network?

Question 42 options:

you can change a WNICs MAC address with software

you need to configure the MAC address before you use the WNIC

MAC address filtering will stop a determined attacker

MAC addresses are Network layer identities

Answer 42

you can change a WNICs MAC address with software *

Question 43

IPv4 and IPv6 headers are interoperable.

Question 43 options:
True
False

Answer 43

False *

Question 44

Which of the following is true about IEEE 802.11i?

Question 44 options:

temporal key integrity protocol is used for encryption

it uses PMK to generate data encryption keys

it uses WEP2 for authentication and encryption

it uses a symmetric block cipher for encryption

Answer 44

it uses a symmetric block cipher for encryption *

Question 45

Which of the following is NOT information that a packet filter uses to determine whether to block a packet?

Question 45 options:

protocol

port

checksum

IP address

Answer 45

checksum *

Question 46

Which of the following is true about the steps in setting up and using an IDPS?

Question 46 options:

anomaly-based systems come with a database of attack signatures

false positives do not compromise network security

sensors placed on network segments will always capture every packet

alerts are sent when a packet doesn’t match a stored signature

Answer 46

false positives do not compromise network security. -

Question 47

Which of the following is a type of cryptanalysis that applies primarily to block ciphers but can also be used against stream ciphers and hashing functions and works by examining how differences in input affect the output?

Question 47 options:

XSL

differential

related key

integral

Answer 47

differential *

Question 48

Which of the following was developed as a way of enabling Web servers and browsers to exchange encrypted information and uses a hashed message authentication code to increase security?

Question 48 options:

SSH

SSL

IPsec

TLS

Answer 48

TLS -

Question 49

In a passive attack, cryptanalysts eavesdrop on transmissions but don’t interact with parties exchanging information.

Question 49 options:
True
False

Answer 49

True *

Question 50

Which of the following causes of signal loss is defined as differences in density between air masses over distance?

Question 50 options:

scattering

absorption

refraction

reflection

Answer 50

refraction *