Midterm Exam deck Flashcards
In FISMA, ________ is done internally by the organization.
both certification and accreditationn
Quantum key distribution ________.
- creates a major threat to many traditional cryptographic methods
- Both is a way to deliver enormously long keys to communication partners and creates a major threat to many traditional cryptographic methods
- *is a way to deliver enormously long keys to communication partners
is a way to deliver enormously long keys to communication partners
Port scanning software does the following:
*The software is used to catch external threats
The software divulges vulnerable ports
*
The software divulges open ports
The software divulges open ports
Which of the following are types of countermeasures? Preventative Detective Corrective all of these?
all of these: Preventative
Detective
Corrective
________ are programs that attach themselves to legitimate programs.
viruses
The ultimate goal of a DoS attack is to ________.
cause harm
Which of the following measures offers strong security?
*Using spread spectrum transmission in 802.11
Turning off SSID broadcasting
WEP
all of these
none of these
none of these
A planned series of actions in a corporation is a(n) ________.
sequence
The primary weapon in a DoS attack is the: *icmp ping dns poisoning mac flooding arp poisoning
ICMP Ping packet set at 65000 bytes
A commonly SSL/TLS-aware application is ________.
webservice
Mandatory vacations should be enforced ________.
to reduce the possibility of collusion between employees
A botmaster can remotely ________.
Both fix a bug in the bots and update bots with new functionality
Which of the following can be used as a keying method?
Public key encryption for confidentiality
________ is a random string of 40 to 4,000 bits (ones and zeros) used to encrypt messages.
key
Digital signatures are used for ________ authentication.
message-by-message
________ security uses the RC4 cipher in encryption for confidentiality and the Temporal Key Integrity Protocol for keying and rekeying.
WEP
A program that gives the attacker remote access control of your computer is specifically called a ________
RAT
Which of the following statements accurately describes RC4?
*
RC4 is very slow.
RC4 uses a large amount of RAM.
RC4 can use a broad range of key lengths.
All of these
RC4 can use a broad range of key lengths
The most popular public key encryption cipher is ________
RSA
WLAN DoS attacks are designed to affect the ________ of the network.
availability
Firms still choose to use WPA in order to ________.
*avoid configuration expenses for access points
avoid configuration expenses for wireless clients
-Both avoid configuration expenses for access points and avoid configuration expenses for wireless clients
*Neither avoid configuration expenses for access points nor avoid configuration expenses for wireless clients
Correct Both avoid configuration expenses for access points and avoid configuration expenses for wireless clients
________ can spread through e-mail attachments.
- viruses
- viruses and worms
- Worms
*viruses and worms
In SSL/TLS, a specific set of protocols that a particular cryptographic system will use to provide protection is called a ________.
cipher suite
Which encryption method does MS-CHAP use?
symetric, public / neither, both?
neither
Which of the following is one of the key lengths offered by AES
- 112 bits
- 192 bits
- both
- neither
neither 112 or 192 bits. (256 is the start of AES)
Companies transmit over the wireless LANs because WLANs ________.
are secure
The stage of the plan-protect response cycle that consumes the most time is
protecting
________ is the use of mathematical operations to protect messages travelling between parties or stored on a computer
cryptography
Strong RSA keys are at least ________ bits long.
1024 bits long
Audits place special attention on ________.
compliance avoidance
COSO focuses on ________.
corporate internal and financial controls
The worst problem with classic risk analysis is that ________.
we cannot estimate the annualized rate of occurrence
MS-CHAP is used for ________ authentication.
initial
Which of the following is one of the effective key lengths in 3DES? *112 bits *56 100 non of these
112 bits
A digital certificate ________.
gives the subject’s public key
A digital \_\_\_\_\_\_\_\_, by itself, provides authentication. * signature certificate Both signature and certificate neither
neither signature or certification
In public key encryption for authentication, the supplicant uses ________ to encrypt.
the supplicant’s private key
CobiT focuses on \_\_\_\_\_\_\_\_. **corporate governance Correct controlling entire IT function IT security governance All of these about equally
Correct controlling entire IT function
Cyberwar consists of computer-based attacks conducted by ________
national govs.
Public key encryption is \_\_\_\_\_\_\_\_.? *complex slow expensive Correct All of these
all of these
Firewalls will drop ________.
provable attack packets
Most packets are part of the ________ state.
Neither connection opening nor connection closing
In ________ filtering, the firewall examines packets entering the network from the outside.
*engress
8egressneiher
ingress
