Midterm Exam deck

Question 1

In FISMA, ________ is done internally by the organization.

Answer 1

both certification and accreditationn

Question 2

Quantum key distribution ________.

• creates a major threat to many traditional cryptographic methods
• Both is a way to deliver enormously long keys to communication partners and creates a major threat to many traditional cryptographic methods
• *is a way to deliver enormously long keys to communication partners

Answer 2

is a way to deliver enormously long keys to communication partners

Question 3

Port scanning software does the following:
*The software is used to catch external threats
The software divulges vulnerable ports
*
The software divulges open ports

Answer 3

The software divulges open ports

Question 4

Which of the following are types of countermeasures?
Preventative
Detective
Corrective
all of these?

Answer 4

all of these: Preventative
Detective
Corrective

Question 5

________ are programs that attach themselves to legitimate programs.

Answer 5

viruses

Question 6

The ultimate goal of a DoS attack is to ________.

Answer 6

cause harm

Question 7

Which of the following measures offers strong security?
*Using spread spectrum transmission in 802.11
Turning off SSID broadcasting
WEP
all of these
none of these

Answer 7

none of these

Question 8

A planned series of actions in a corporation is a(n) ________.

Answer 8

sequence

Question 9

The primary weapon in a DoS attack is the:
*icmp ping
dns poisoning
mac flooding
arp poisoning

Answer 9

ICMP Ping packet set at 65000 bytes

Question 10

A commonly SSL/TLS-aware application is ________.

Answer 10

webservice

Question 11

Mandatory vacations should be enforced ________.

Answer 11

to reduce the possibility of collusion between employees

Question 12

A botmaster can remotely ________.

Answer 12

Both fix a bug in the bots and update bots with new functionality

Question 13

Which of the following can be used as a keying method?

Answer 13

Public key encryption for confidentiality

Question 14

________ is a random string of 40 to 4,000 bits (ones and zeros) used to encrypt messages.

Answer 14

key

Question 15

Digital signatures are used for ________ authentication.

Answer 15

message-by-message

Question 16

________ security uses the RC4 cipher in encryption for confidentiality and the Temporal Key Integrity Protocol for keying and rekeying.

Answer 16

WEP

Question 17

A program that gives the attacker remote access control of your computer is specifically called a ________

Answer 17

RAT

Question 18

Which of the following statements accurately describes RC4?
*
RC4 is very slow.
RC4 uses a large amount of RAM.
RC4 can use a broad range of key lengths.
All of these

Answer 18

RC4 can use a broad range of key lengths

Question 19

The most popular public key encryption cipher is ________

Answer 19

RSA

Question 20

WLAN DoS attacks are designed to affect the ________ of the network.

Answer 20

availability

Question 21

Firms still choose to use WPA in order to ________.
*avoid configuration expenses for access points
avoid configuration expenses for wireless clients
-Both avoid configuration expenses for access points and avoid configuration expenses for wireless clients
*Neither avoid configuration expenses for access points nor avoid configuration expenses for wireless clients

Answer 21

Correct Both avoid configuration expenses for access points and avoid configuration expenses for wireless clients

Question 22

________ can spread through e-mail attachments.

• viruses
• viruses and worms
• Worms

Answer 22

*viruses and worms

Question 23

In SSL/TLS, a specific set of protocols that a particular cryptographic system will use to provide protection is called a ________.

Answer 23

cipher suite

Question 24

Which encryption method does MS-CHAP use?

symetric, public / neither, both?

Answer 24

neither

Question 25

Which of the following is one of the key lengths offered by AES

• 112 bits
• 192 bits
• both
• neither

Answer 25

neither 112 or 192 bits. (256 is the start of AES)

Question 26

Companies transmit over the wireless LANs because WLANs ________.

Answer 26

are secure

Question 27

The stage of the plan-protect response cycle that consumes the most time is

Answer 27

protecting

Question 28

________ is the use of mathematical operations to protect messages travelling between parties or stored on a computer

Answer 28

cryptography

Question 29

Strong RSA keys are at least ________ bits long.

Answer 29

1024 bits long

Question 30

Audits place special attention on ________.

Answer 30

compliance avoidance

Question 31

COSO focuses on ________.

Answer 31

corporate internal and financial controls

Question 32

The worst problem with classic risk analysis is that ________.

Answer 32

we cannot estimate the annualized rate of occurrence

Question 33

MS-CHAP is used for ________ authentication.

Answer 33

initial

Question 34

Which of the following is one of the effective key lengths in 3DES?
*112 bits
*56
100
non of these

Answer 34

112 bits

Question 35

A digital certificate ________.

Answer 35

gives the subject’s public key

Question 36

A digital \_\_\_\_\_\_\_\_, by itself, provides authentication.
*	
signature
certificate
Both signature and certificate
neither

Answer 36

neither signature or certification

Question 37

In public key encryption for authentication, the supplicant uses ________ to encrypt.

Answer 37

the supplicant’s private key

Question 38

CobiT focuses on \_\_\_\_\_\_\_\_.
**corporate governance
Correct controlling entire IT function
IT security governance
All of these about equally

Answer 38

Correct controlling entire IT function

Question 39

Cyberwar consists of computer-based attacks conducted by ________

Answer 39

national govs.

Question 40

Public key encryption is \_\_\_\_\_\_\_\_.?
*complex
slow
expensive
Correct All of these

Answer 40

all of these

Question 41

Firewalls will drop ________.

Answer 41

provable attack packets

Question 42

Most packets are part of the ________ state.

Answer 42

Neither connection opening nor connection closing

Question 43

In ________ filtering, the firewall examines packets entering the network from the outside.
*engress
8egressneiher

Answer 43

ingress