Ctc 452 Midterm II – Flashcards

Unlock all answers in this set

Unlock answers
question
Which of the following is NOT a phase in the system development life cycle? a. need assessment b. security audit c. system implementation d. performance monitoring
answer
b. security audit
question
Which of the following is considered an asset? a. hacker b. unpatched Web server c. disgruntled employee d. intellectual property
answer
d. intellectual property
question
What is considered the first step in formulating a security policy? a. risk analysis b. elimination of threats c. risk reduction d. system monitoring
answer
a. risk analysis
question
Which of the following is NOT among the six factors needed to create a risk analysis? a. threats b. consequences c. personal profiles d. probabilities
answer
c. personal profiles
question
Which of the following would be considered a vulnerability? a. installation of a firewall b. antivirus software c. Internet-connected computer d. spyware
answer
c. Internet-connected computer
question
Which is the best defines residual risk? a. risk that occurs as a result of new vulnerabilities b. the amount of risk remaining after countermeasure are implemented c. a vulnerability for which the risk has been reduced to zero d. the cost of implementing solutions to an assess risk
answer
b. the amount of risk remaining after countermeasures are implemented
question
Which of the following is a network's ability to detect attacks when they occur and to evaluate the extent of damage and compromise? a. resistance b. recovery c. recognition d. reliability
answer
c. recognition
question
Which is the best defined as the ability of a system to continue operations despite a failure? a. fault tolerance b. vulnerabilities analysis c. reliability audit d. adaptation and evolution
answer
a. fault tolerance
question
Which of the following is NOT a step in threat and risk assessment? a. Asset definition b. Recommendation c. Resolution d. Threat assessment
answer
c. Resolution
question
Which of the following best describes a Monte Carlos simulation? a. a technique for simulating an attack on a system b. a formula that estimates the cost of countermeasures c. a procedural system that simulates a catastrophe d. an analytical method that simulates a real-life system for risk analysis
answer
d. an analytical method that simulates a real-life system for risk analysis
question
Which of the following shows how devices are connected and includes an IP allocation register? a. hardware inventory b. topology map c. asset table d. security policy
answer
b. topology map
question
Which of the following defines how employees should use the organization's computing resources? a. Network and Internet Policy b. Email and Spam Policy c. Computing and Resource Policy d. Acceptable Use Policy
answer
d. Acceptable Use Policy
question
Which of the following requires you to assist police by appearing in court or producing evidence? a. subpoena b. search warrant c. the 4th amendment d. de facto agent
answer
a. subpoena
question
Which of the following best describes ROI? a. the chance that a threat will result in lost money b. how long before an investment will pay for itself c. the cost of mitigating a threat d. the benefits of setting security priorities
answer
b. how long before an investment will pay for itself
question
The process of reviewing records of network computer activity is called which of the following? a. monitoring b. archiving c. auditing d. recording
answer
c. auditing
question
What makes IP spoofing possible for computers on the Internet? a. network address translation b. the lack of authentication c. the 32-bit address space d. the DNS hierarchy
answer
b. the lack of authentication
question
What type of attack exploits a lack of bounds checking on the size of data stored in an array? a. buffer overflow b. SQL injection c. phishing d. ActiveX control
answer
a. buffer overflow
question
What type of attack involves plaintext scripting that affects database? a. phishing b. ActiveX control c. Java applet d. SQL injection
answer
d. SQL injection
question
What type of attack displays false information masquerading as legitimate data? a. Java applet b. phishing c. buffer overflow d. SQL inection
answer
b. phishing
question
Which of the following is NOT a step you should take to prevent attackers from exploiting SQL security holes? a. limit table b. use stored procedures c. use standard naming conventions d. place the database server in a DMZ
answer
C. use standard naming conventions
question
Which variation on phishing modifies the user's host file to redirect traffic? a. spear phishing b. pharming c. DNS phishing d. hijacking
answer
b. pharming
question
What type of DNS server is authoritative for a specific domain? a. primary b. secondary c. read-only d. initial
answer
a. primary
question
What is zone transfer? a. the movement of e-mail from one domain to another b. updating a secondary DNS server c. backing up an SQL data file d. copying host file data to another system
answer
b. updating a secondary DNS server
question
What type of DNS configuration prevents internal zone information from being stored on an Internet-accessible server? a. read-only zone b. anti-phishing DNS c. caching DNS zone d. split-DNS architecture
answer
d. split-DNS architecture
question
Which of the following is a top-level digital certificate in the PKI chain? a. security-aware resolver b. trust anchor c. DNSSEC resolver d. RRSIG record
answer
b. trust anchor
question
Which aspect of hardening a Window Web server allows you to restrict access to the web server based on IP address? a. authentication b. NTFS permissions c. access control d. data confidentiality
answer
c. access control
question
Which of the following is NOT a recommended security setting for Apache Web servers? a. harden the underlying OS b. create Web groups c. use the default standard Web page error messages d. disable HTTP traces
answer
c. use the default standard Web page error messages
question
Which VPN protocol leverages Web-based applicaitons? a. PPTP b. L2TP C. SSL d. IPsec
answer
C. SSL
question
Which VPN protocol is a poor choice for high-performance network with many hosts due to vulnerabilities in MS-CHAP? a. SSL b. L2TP c. IPsec d. PPTP
answer
d. PPTP
question
Which VPN protocol used UDP 1701 and does not provide confidentiality and authentication? a. IPsec b. L2TP c. PPTP d. SSL
answer
b. L2TP
question
Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet? a. PPTP b. L2TP c. IPsec d. SSL
answer
c. IPsec
question
Which of the following is defined as realation ship between two or more entities that describes how they will use the security services to communicate? a. pairing b. security association c. internet key exchange d. tunnel ANS: B PTS:1 REF: 394
answer
b. security association
question
Which IPsec component is software that handles the tasks of encrypting, authenticating, descrying, and checking packets? a. ISAKMP b. IKE c. IPsec driver d. Oakley protocol
answer
c. IPsec driver
question
Which IPsec component authentication TCP/IP packets to ensure data integrity? a. AH b. ESP c. IKE d. ISAKMP
answer
a. AH
question
What are the two modes in which IPsec can be configured to run? a. transit and gateway b. client and server c. header and payload d. tunnel and transport
answer
d. tunnel and transport
question
Which of the following is true about SSL? a. it uses shared-key encryption only b. it uses sockets to communicate between client and server c. it operates at the Data Link layer d. it uses IPsec to provide authentication
answer
b. it uses sockets to communicate between client and server
question
Which of the following is an improvement of TLS over SSL? a. requires less processing power b. uses a single hashing algorithm for all the data c. uses only asymmetric encryption d. adds a hashed message authentication code
answer
d. adds a hashed message authentication code
question
Which VPN topology is also known as a hub-and-spoke configuration? a. bus b. partial mesh c. star d. full mesh
answer
c. star
question
Which of the following is a disadvantage of putting the VPN on a firewall? a. centralized control of network access security b. more configuration mistakes c. VPN and firewall use the same configuration tools d. Internet and VPN traffic compete for resources
answer
d. Internet and VPN traffic compete for resources
question
What was created to address the problem of remote clients not meeting an organization's VPN security standards? a. split b. VPN quarantine c. IPsec filters d. GRE isolation
answer
b. VPN quarantine
question
Which of the following is best described as software that prioritizes and schedules requests and then distributes them to servers based on each server's current load and processing power. a. server pooling software b. traffic distribution filter c. priority server farm d. load-balancing software
answer
d. load-balancing software
question
Where should network management systems generally be placed? a. out of band b. in the DMZ c. on the perimeter d. in the server farm
answer
a. out of band
question
In what type of attack are zombies usually put to use? a. buffer overrun b. virus c. DDoS d. spoofing
answer
c. DDoS
question
What should you consider installing if you want to inspect packets as they leave the network? a. security workstation b. RIP router c. filtering proxy d. reverse firewall
answer
d. reverse firewall
question
Which type of firewall configuration protects public servers by isolating them from the internal network? a. screened subnet DMZ b. dual-homed host c. screening router d. reverse firewall
answer
a. screened subnet DMZ
question
Which type of security device can speed up Web page retrieval and shield hosts on internal network? a. caching firewall b. proxy server c. caching-only DNS server d. DMZ intermediary
answer
b. proxy server
question
Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers? a. Layer 7 switch b. translation gateway c. proxy server d. ICMP redirector
answer
c. proxy server
question
Which of the following is a disadvantage of using a proxy server? a. shields internal host IP address b. slows Web page access c. may require client configuration d. cannot filter based on packet content
answer
c. may require client configuration
question
Which of the following best describes a bastion host? a. a host with two or more network interfaces b. a computer on the perimeter network that is highly protected c. a computer running a standard OS that also has proxy software installed d. a computer running only embedded firmware ANS: B PTS;1 REF: 359
answer
b. a computer on the perimeter network that is highly protected
question
What is a critical step you should take on the OS you choose for a bastion host? a. ensure all security patches are installed b. make sure it is the last OS version c. choose an obscure OS with which attackers are unfamiliar d. customize the OS for bastion operation
answer
a. ensure all security patches are installed
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New