Quiz3_Answers Flashcards

1
Q

For a given desired strength of a cryptographic system, which one of the following will provide it with the smallest key?

A. ECC

B. RSA

A

A. ECC (Elliptic curve)- 160 bits

Size comparable with others with equal protection: RSA is 1088bits DSA is 1025 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?

A. Stream ciphers

B. Hashing

C. Steganography

D. Block ciphers

A

B. Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:

A. Symmetric cryptography

B. Salting

C. Private key cryptography

D. Sessionizing

A

B. Salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?

A. TCP/IP

B. SET

C. SSL

D. SSH

A

C. SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following provides the strongest authentication security on a wireless network?

A. WPA2

B. HMAC

C. Disable SSID broadcast

D. WEP

A

A. WPA2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is used to verify data integrity?

A. RSA

B. AES

C. RC4

D. SHA

A

D. SHA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following can be implemented with multiple bit strength?

A. MD4

B. AES

C. DES

D. SHA1

A

B. AES

AES uses key lengths and block sizes of 128, 192, and 256 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following would provide the STRONGEST encryption?

A. ECC

B. RSA

C. One Time Pad

D. AES

A

C. One Time Pad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following components MUST be trusted by all parties in PKI?

A. CA

B. Key escrow

C. Private key

D. Recovery key

A

A. CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?

A. Certificate Authority

B. Registration Authority

C. Certificate Revocation List

D. Key Escrow

A

A. Certificate Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?

A. CA

B. RA

C. CRL

D. Private key

A

C. CRL

Certificate Revocation List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following malware types may require user interaction, does not hide itself, and is commonly identied by marketing pop-ups based on browsing habits?

A. Virus

B. Adware

C. Rootkit

D. Botnet

A

B. Adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone’s boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?

A. Trojan

B. Virus

C. Rootkit

D. Zero-Day

A

B. Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?

A. Smurf

B. Backdoor

C. Logic Bomb

D. Spyware

A

D. Spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?

A. Logic bomb

B. Rootkit

C. Backdoor

D. SPIM

A

B. Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).

A. Logic Bomb

B. Botnet

C. Backdoor

D. Rootkit

A

A. Logic Bomb

C. Backdoor

17
Q

A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs:

  1. 10.3.16
  2. 10.3.23
  3. 178.24.26
  4. 24.94.83

These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring?

A. XMAS

B. DOS

C. DDOS

D. XSS

A

C. DDOS

18
Q

An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause?

A. DoS

B. Trojan

C. Spyware

D. Priviliage Escalation

A

A. DoS

19
Q

Which of the following attacks could be used to initiate a subsequent man-in-the- middle attack?

A. Dos

B. Replay

C. Brute Force

D. ARP poisoning

A

B. Replay

20
Q

A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?

A. Vishing

B. Phishing

C. Whaling

D. SPAM

A

B. Phishing

21
Q

A company’s employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?

A. Digital Signatures

B. Digital Certificates

C. AntiVirus Software

D. Spam Filter

A

A. Digital Signatures

22
Q

A security administrator develops a web page and limits input into the fields on the web page as well as filters special characters in output. The administrator is trying to prevent which of the following attacks?

A. Fuzzing

B. Spooffing

C. XSS

D. Pharming

A

C. XSS

23
Q

Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

A. Session hijacking and XML injection

B. Buffer overflow and XSS

C. Cookies and attachments

D. SQL injection

A

D. SQL injection

24
Q

A malicious individual is attempting to write too much data to an application’s memory. Which of the following describes this type of attack?

A. Buffer overflow

B. XSRF

C. SQL injection

D. Zero day

A

A. Buffer overflow

25
Q

Which of the following was launched against a company based on the following IDS log? 122.41.15.252 - - [21/May/2012:00:17:20 +1200] “GET /index.php? username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A AAA HTTP/1.1” 200 2731 “http://www.company.com/cgibin/ forum/commentary.pl/noframes/read/209” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)”

A. SQL injection

B. Online password attack

C. XSS attack

D. Buffer overflow attack

A

D. Buffer overflow attack