Weaknesses 3-20

Question 1

What is the appropriate default level for an access control mechanism?

Answer 1

No access

Question 2

The Vigenere cipher was developed in 16th century France. What does it use as a key?

Answer 2

A secret word

Question 3

How are FDDI and FDDI-2 different?

Answer 3

FDDI-2 allows for fixed bandwidth to be assigned

Question 4

SSL requires what kind of infrastructure for certificate authorities and certificates?

Answer 4

PKI - Public Key Infrastructure

Question 5

In 1976 Diffie and Hellman introduced what cryptography technology?

Answer 5

Electronic Key Distribution - Diffie-Hellmen key exchange

Question 6

What three types of attacks fall under the umbrella of timing attacks?

Answer 6

Between the lines, NAK, and line disconnect

Question 7

TRUE/FALSE - SYN attack is considered a timing attack

Answer 7

FALSE

Question 8

Allowing one object to have two security classifications requires what?

Answer 8

Polyinstantiation

Question 9

TRUE / FALSE - PPTP can only work over IP

Answer 9

TRUE

Question 10

What is the first step in an audit?

Answer 10

Determine goals

Question 11

During what step of the penetration testing process do you perform port scans and identify resources?

Answer 11

Enumeration

Question 12

TRUE/FALSE - TPM uses two types of internal memory for specific purposes. Persistent memory, which is static and contains the endorsement key / storage key — and Versatile memory, which is dynamic and contains attestation key, platform configuration hashes, and storage keys

Answer 12

TRUE

Question 13

What are the six phases of a project?

Answer 13

Initiate project, perform BIA, create strategy, create plan, implement, test, maintain

Question 14

What is the difference between 802.11a and 802.11b?

Answer 14

802.11a works in 5GHz range and provides faster data transfer speed than 802.11b

Question 15

If a company has high turnover rate, which access control structure is best?

Answer 15

Role base

Question 16

Determining what a user can access based on the data, not the subject’s identity, is called what?

Answer 16

Content-based access control

Question 17

What is the main purpose of information risk management (IRM)?

Answer 17

It is the process of identifying, assessing, and reducing the risk to an acceptable level

Question 18

Which group states that the internet is a privilege and should be treated and used with respect?

Answer 18

Internet Architecture board

Question 19

What is the goal of Operational security?

Answer 19

To keep production in proper working order, and protecting the hardware and media from unauthorized access.

Question 20

What is the difference between confusion and diffusion?

Answer 20

Confusion is carried out with substitution, diffusion is carried out through transposition

Question 21

A virus that affects both a boot record and files in a directory is called what?

Answer 21

Multipartite

Question 22

What is the proper steps in selecting and implementing a new computer project?

Answer 22

Evaluation, certification, acredidation

Question 23

What architecture type is used when an external router is used to filter traffic before it enters the network and another screening service is used to monitor traffic before it enters the internal network

Answer 23

Screened-subnet

Question 24

Why are network sniffers dangerous to an environment?

Answer 24

Their presence and activities are not auditable

Question 25

During which phase of the software development life cycle should attack surface analysis and threat modeling be performed?

Answer 25

Design

Question 26

What is the difference between OSA and SKA?

Answer 26

SKA requires a WEP encryption key

Question 27

What is the product of data mining?

Answer 27

Meta data

Question 28

If an organization has a formal media library, which individual is reponsible for the overall security and protection of the media?

Answer 28

Media librarian

Question 29

TRUE/FALSE - The volume of data is a critical factor in DLP

Answer 29

FALSE