Practice B

Question 1

the now defunct Department of Defense standard that described computer system security was ___, aka Orange Book, which was later supplemented with a standard for Network security called ___, aka Red Book. This became the basis for the European standard called ___ now used internationally

Answer 1

TCSEC; Trusted Network Interpretation; ITSEC

Question 2

the ___ is an international standard used to test the security of IT products. It assigns an ___ to each product tested

Answer 2

International Common Criteria; Evaluation Assurance Level (EAL)

Question 3

TLS was introduced after SSL was found to be vulnerable to the ___ exploit

Answer 3

POODLE

Question 4

a ___ attack can be used to hide a spoofing attack

Answer 4

DoS

Question 5

the ___ is a common standard for describing vulnerabilities, and the ___ provides a naming system for those vulnerabilities

Answer 5

Security Content Automation Protocol (SCAP);

Common Vulnerabilities and Exposures (CVE)

Question 6

switches forward ___ of data and use ___ to make forwarding decisions, they also divide a network into separate ___ domains

Answer 6

Frames (and multicast frames); MAC addresses of the destination device; collision

Question 7

the Business Continuity Plan Policy statement should be written by ___

Answer 7

C-level executives

Question 8

only RIPv2 supports ___ authentication

Answer 8

MD5

Question 9

___, aka Orange Book was used to ___, whereas the ___ is concerned with IT product security standards

Answer 9

TCSEC; evaluate security systems; International Common Criteria

Question 10

ITSEC begins by describing what is included in the ___, which includes all components of a system responsible for security

Answer 10

Trusted Computing Base (TCB)

Question 11

Remote Procedure Calls (RPC) are handled by OSI layer ___

Answer 11

Session (remotely initiates a session)

Question 12

transient authentication refers to ___

Answer 12

something you have

Question 13

a ___ fire suppression system is actually safer than a FM-200 system in a data center

Answer 13

FE-13

Question 14

___ can not only detect a TCP flood, but reset the connection

Answer 14

Network Based Intrusion Detection System (NIDS)

Question 15

___ in Object Oriented Programming allows data to be processed differently depending on the data type

Answer 15

polymorphism

Question 16

running different VLAN’s on the same switch introduces the risk of ___

Answer 16

VLAN hopping

Question 17

___ delegates 3rd party authenticated access to resources but doesn’t share password information

Answer 17

OAuth

Question 18

although nonces are used in many protocols to introduce randomness and complexity, one application that doesn’t use them is ___

Answer 18

salting

Question 19

a rainbow table attack is considered a type of ___ attack

Answer 19

brute force

Question 20

a circuit-level firewall operates on OSI layer

Answer 20

5 - Session

Question 21

only a ___ site can serve as part of a DR plan

Answer 21

hot

Question 22

in a ___, a process with a lower security level can participate in an unauthorized exchange of sensitive information with a higher security level

Answer 22

covert storage channel

Question 23

frequency analysis might be a good option for ___ cryptoanalysis

Answer 23

cipher text only

Question 24

IPSec uses ___ to verify integrity of data packets

Answer 24

Authentication Headers (AH)

Question 25

___ documents define the technical aspects of a security program, including any hardware and software that is required

Answer 25

standards