Mid Term Exam Flashcards
86%
What is the most likely weak link when using asymmetric encryption for verifying message integrity and nonrepudiation?
Question 1 options:
the source of the public keys
the integrity of the private keys
the use of the sender’s private key
the hashing algorithm used to generate a message digest
the source of the public keys *
If you see a /16 in the header of a snort rule, what does it mean?
Question 2 options:
the detected signature is 16 bits in length
the size of the log file is 16 MB
the subnet mask is 255.255.0.0
a maximum of 16 log entries should be kept
the subnet mask is 255.255.0.0 *
Which layer does wireless communication rely heavily upon?
Question 3 options:
LLC sublayer of the Transport layer
MAC sublayer of the Network layer
LLC sublayer of the Data Link layer
MAC sublayer of the Data Link layer
MAC sublayer of the Data Link layer *
In which type of attack do attackers intercept the transmissions of two communicating nodes without the user’s knowledge?
Question 4 options:
brute force
rogue device
wardriver
man-in-the-middle
man-in-the-middle *
Which of the following is a valid IPv6 address?
Question 5 options:
1080::8:800:200C:417A
5510:ABCD::34:1::2
24::5B1A::346C
5BA4:2391:0:0:4C3E
1080::8:800:200C:417A *
Which binary signaling technique uses a scheme in which zero voltage represents a 0 bit and the voltage for a 1 bit does not drop back to zero before the end of the bit period?
Question 6 options:
RTZ
polar NRZ
NRZ
polar RTZ
NRZ *
Which of the following is a reason that UDP is faster than TCP?
Question 7 options:
it doesn’t use port numbers
it doesn’t guarantee delivery
the header is smaller
it has a higher priority on the network
it doesn’t guarantee delivery *
To determine best path, routers use metrics such as the value of the first octet of the destination IP address.
Question 8 options:
True
False
False *
The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?
Question 9 options:
training period
profile monitoring
traffic normalizing
baseline scanning
training period *
Which of the following types of traffic does NOT travel through routers?
Question 10 options:
DNS zone transfers
network route information
ARP requests
SNMP status information
ARP requests *
Which security tool works by recognizing signs of a possible attack and sending notification to an administrator?
Question 11 options:
DiD
IDPS
VPN
DMZ
IDPS *
The Fresnel zone is the dispersal pattern of waves as they travel from sending to receiving antennas.
Question 12 options:
True
False
False *
A hactivist can best be described as which of the following?
Question 13 options:
deface Web sites by leaving messages for their friends to read
an unskilled programmer that spreads malicious scripts
consider themselves seekers of knowledge
use DoS attacks on Web sites with which they disagree
use DoS attacks on Web sites with which they disagree *
Which type of scan has the FIN, PSH, and URG flags set?
Question 14 options:
SYN Scan
FIN scan
Xmas scan
Null scan
Xmas scan *
In which frequency range are you likely to find WLANs?
Question 15 options:
3-30 MHz
2.9-30 GHz
30-300 GHz
174-328 MHz
2.9-30 GHz *
Which of the following is NOT a suggested practice before using a newly configured wireless network?
Question 16 options:
change the manufacturer’s default key
change the administrator password
alter the default channel
use the default encryption method
use the default encryption method *
An NIDPS can tell you whether an attack attempt on the host was successful.
Question 17 options:
True
False
False *
Which of the following is the IPv6 loopback address?
Question 18 options:
::FFFF
000:000::
::1
1000:127:0:0:1
::1 *
Which of the following is true about ACLs on Cisco routers?
Question 19 options:
there is an implicit deny any statement at the end of the ACL
there is an explicit permit any statement at the beginning of the ACL
ACLs bound to an interface apply to inbound and outbound traffic by default
ACLs are processed in reverse order so place high priority statements last
there is an implicit deny any statement at the end of the ACL *
Why might you want to allow extra time for setting up the database in an anomaly-based system?
Question 20 options:
to add your own custom rule base
the installation procedure is usually complex and time consuming
to allow a baseline of data to be compiled
it requires special hardware that must be custom built
to allow a baseline of data to be compiled *
Which of the following is a command you would find in an anti-spoofing ACL for network 172.31.0.0/16?
Question 21 options:
permit ICMP any any redirect
deny TCP 172.31.0.0 0.0.0.0 any log
permit IP any 172.31.0.0 0.0.255.255 log
deny IP 172.31.0.0 0.0.255.255 any log
deny IP 172.31.0.0 0.0.255.255 any log -
Which of the following is the first step in the digital signature process where Mike sends a message to Sophie?
Question 22 options:
Sophie encrypts Mike’s message with Mike’s public key
Sophie compares the message digest she calculated to Mike’s message
a message digest of Mike’s message is calculated using a hashing algorithm
the message digest is encrypted by Mike’s private key
a message digest of Mike’s message is calculated using a hashing algorithm -
How does the CVE standard make network security devices and tools more effective?
Question 23 options:
they can share information about attack signatures
it requires you to use compatible devices from one vendor
the layered approach makes attacks nearly impossible
it warns an attacker that your site is being monitored
they can share information about attack signatures *
Which of the following is true about an NIDPS versus an HIDPS?
Question 24 options:
an NIDPS can compare audit log records
an HIDPS can detect intrusion attempts on the entire network
an HIDPS can detect attacks not caught by an NIDPS
an NIDPS can determine if a host attack was successful x
an HIDPS can detect intrusion attempts on the entire network -
Wireless networks use the CSMA/CD media access method.
Question 25 options:
True
False
False *
Which of the following is true about static routes?
Question 26 options:
they are created by routing protocols
the metric is higher than a dynamic route
they are used for stub networks
they change automatically as the network changes
they are used for stub networks *
With which access control method do system administrators establish what information users can share?
Question 27 options:
administrative access control
discretionary access control
mandatory access control
role-based access control
mandatory access control -
Which of the following is an IDPS security best practice?
Question 28 options:
log files for HIDPSs should be kept local
communication between IDPS components should be encrypted
all sensors should be assigned IP addresses
to prevent false positives, only test the IDPS at initial configuration
communication between IDPS components should be encrypted *
Which of the following is the description of a land attack?
Question 29 options:
an illegal TCP flag is found in the segment header
the attacker uses an undefined protocol number
source and destination IP address/port are the same
the local host source address occurs in the packet
source and destination IP address/port are the same *
What feature in ICMPv6 replaces ARP in IPv4?
Question 30 options:
Authentication Header
Neighbor Discovery
Multicast Listener Discovery
Echo Request
Neighbor Discovery *
What is a Basic Service Set?
Question 31 options:
a group of wireless devices served by a single AP
wireless devices set up as a basic ad-hoc network
a wireless network that does not use an AP
multiple APs are set up to provide some overlap
a group of wireless devices served by a single AP *
Which of the following is NOT a category of suspicious TCP/IP packet?
Question 32 options:
bad header information
suspicious data payload
suspicious CRC value
single-packet attacks
suspicious CRC value *
f you are subnetting a class B network, what subnet mask will yield 64 subnets?
Question 33 options:
255.255.252.0
255.255.192.0
255.255.224.0
255.255.64.0
255.255.252.0 *
With discretionary access control, network users can share information with other users, making it riskier than MAC.
Question 34 options:
True
False
True *
Which of the following is true about extended IP ACLs?
Question 35 options:
the ‘established’ keyword is not available except on standard ACLs
they should be applied to an interface close to the traffic source
you can apply multiple outbound ACLs on a single interface
the default inverse mask for the source is 0.0.0.0
they should be applied to an interface close to the traffic source *
Which of the following makes a single pass on data and generates a 128-bit hash value displayed as a 32-character hexadecimal number and is used in VPNs?
Question 36 options:
RC4
Message Digest 5
Twofish
RSA
Message Digest 5*
What is an advantage of the anomaly detection method?
Question 37 options:
easy to understand and less difficult to configure than a signature-based system x
system can detect attacks from inside the network by people with stolen accounts
makes use of signatures of well-known attacks
after installation, the IDPS is trained for several days or weeks
the system can detect attacks from inside the network by people with stolen accounts. -
Which wireless transmission method uses a hopping code?
Question 38 options:
infrared
FHSS
OFDM
narrowband
FHSS *
Why might you want your security system to provide nonrepudiation?
Question 39 options:
to prevent an unauthorized user from logging into the system
to trace the origin of a worm spread through email
so a user can’t deny sending or receiving a communication
to prevent a user from capturing packets and viewing sensitive information
so a user can’t deny sending or receiving a communication *
What is the packet called where a Web browser sends a request to the Web server for Web page data?
Question 40 options:
HTML RELAY
HTTP GET
HTML SEND
HTTP XFER
HTTP GET *
Packet fragmentation is not normal, and can only occur if an attack has been initiated.
Question 41 options:
True
False
True *
Which of the following is true about MAC addresses in a wireless network?
Question 42 options:
you can change a WNICs MAC address with software
you need to configure the MAC address before you use the WNIC
MAC address filtering will stop a determined attacker
MAC addresses are Network layer identities
you can change a WNICs MAC address with software *
IPv4 and IPv6 headers are interoperable.
Question 43 options:
True
False
False *
Which of the following is true about IEEE 802.11i?
Question 44 options:
temporal key integrity protocol is used for encryption
it uses PMK to generate data encryption keys
it uses WEP2 for authentication and encryption
it uses a symmetric block cipher for encryption
it uses a symmetric block cipher for encryption *
Which of the following is NOT information that a packet filter uses to determine whether to block a packet?
Question 45 options:
protocol
port
checksum
IP address
checksum *
Which of the following is true about the steps in setting up and using an IDPS?
Question 46 options:
anomaly-based systems come with a database of attack signatures
false positives do not compromise network security
sensors placed on network segments will always capture every packet
alerts are sent when a packet doesn’t match a stored signature
false positives do not compromise network security. -
Which of the following is a type of cryptanalysis that applies primarily to block ciphers but can also be used against stream ciphers and hashing functions and works by examining how differences in input affect the output?
Question 47 options:
XSL
differential
related key
integral
differential *
Which of the following was developed as a way of enabling Web servers and browsers to exchange encrypted information and uses a hashed message authentication code to increase security?
Question 48 options:
SSH
SSL
IPsec
TLS
TLS -
In a passive attack, cryptanalysts eavesdrop on transmissions but don’t interact with parties exchanging information.
Question 49 options:
True
False
True *
Which of the following causes of signal loss is defined as differences in density between air masses over distance?
Question 50 options:
scattering
absorption
refraction
reflection
refraction *