Chapter 11 1 Business continuity planning refers primarily to ensuring 

subject Type Homework Help
subject Pages 9
subject Words 1976
subject Authors Alan Dennis, Alexandra Durcikova, Jerry FitzGerald

Unlock document.

This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
page-pf1
Chapter 11
Network Security
True-False Questions
The following are possible True/False questions for tests. The statement is given and the answer
is provided in square brackets. The level of difficulty (easy, medium, hard) and the section(s)
relevant to the topic are also furnished.
1.
Security on a network not only means being able to prevent a hacker from breaking into your
computer but also includes being able to recover from temporary service problems or from
natural disasters.
2.
The rise of the Internet has increased significantly the potential vulnerability of an
organization’s assets.
3.
The CERT was established at Carnegie Mellon University.
4.
A recent study by CSO Magazine and the Computer Security Institute stated that the average
loss suffered by businesses because of computer security breaches was approximately
$350,000.
5.
Confidentiality refers to the protection of the organizational data from unauthorized
disclosure of customer and proprietary data.
page-pf2
6.
Integrity is not a primary goal of security.
7.
Business continuity planning refers primarily to ensuring availability, with some aspects of
data integrity.
8.
Confidentiality is not a threat to business continuity.
9.
Intrusion refers to confidentiality and integrity of data
10.
Controls are mechanisms that reduce or eliminate threats to network security.
11.
Corrective controls reveal or discover unwanted events.
12.
Preventive controls mitigate or stop a person from acting or an event from occurring.
page-pf3
13.
A threat to the data communications network is any potential adverse occurrence that can do
harm, interrupt the systems using the network, or cause a monetary loss to the organization.
14.
Companies have learned that threats from hacking from its own employees occur about as
often as by outsiders.
15.
A denial-of-service attack occurs when someone external blocks access to your network.
16.
An uninterruptible power supply utilizes a second redundant disk for every disk on the
server.
17.
Disk mirroring writes duplicate copies of all data on at least two different disks.
18.
The best solution for planning for disaster recovery is to have a fully redundant backup
network placed in a different location that would not be threatened by the same natural or
man-made disaster that would destroy the original network.
page-pf4
19.
Macro viruses can spread when an infected file is opened.
20.
Researchers estimate that only one or two new viruses are developed every week.
21.
The denial-of-service attack disrupts the network by flooding the network with messages so
that regular messages cannot be processed.
22.
DoS attackers generally use fake source IP addresses, making it harder to identify the DoS
messages.
23.
Fault-intolerant servers contain many redundant components to prevent failure.
24.
Crackers are casual hackers with a limited knowledge of computer security.
page-pf5
25.
The most common access point used by attackers to gain access to an organization’s network
is the dial-up access via a modem.
26.
Physical security of an organization’s IT resources is not an important element in preventing
intrusion to an internal LAN.
27.
Network cables are the easiest target for eavesdropping.
28.
Triple DES uses a total of 512 bits as the key.
29.
An intruder uses TCP spoofing to send packets to a target computer requesting certain
privileges be granted to some user.
30.
A packet-level firewall examines the source and destination address of every network packet
that passes though the firewall
page-pf6
31.
With application level firewalls, any access that has not been disabled is permitted.
32.
A NAT firewall uses an address table to translate private IP addresses used inside the
organization into proxy data link layer addressed used on the Internet.
33.
A security hole is a bug that permits intrusion to a computer.
34.
A patch is a software solution to correct a security hole
35.
Microsoft’s Windows operating system meets A1 level security.
36.
A Trojan horse allows a user to access a computer from a remote location.
37.
Decryption is the process of converting plaintext into ciphertext.
page-pf7
38.
Asymmetric encryption uses the same key to encrypt and decrypt an message..
39.
A brute-force attack is a method of trying to guess the correct password by trying every
possible key.
40.
DES is a commonly used symmetric encryption algorithm developed in the mid-1990s by the
American government in conjunction with IBM.
41.
When using a digital signature, the sender encrypts the message with their private key and
the recipient decrypts the message with the sender’s public key.
42.
A certificate authority is a trusted organization that can vouch for the authenticity of a person
or organization.
43.
Secure Sockets Layer is an encryption standard designed for use on the Web.
page-pf8
44.
In transport mode, IPSec encrypts the entire IP packet.
45.
Biometric systems scan the user to ensure that the user is the sole individual authorized to
access the network account.
46.
Social engineering refers to creating a team that solves virus problems.
47.
The most common authentication protocol used today is Kerberos.
48.
A host based intrusion prevention system (IPS) monitors activity on the server and reports
intrusions to the IPS management console.
49.
An asset can be compromised by more than one threat, so it is common to have more than
one threat scenario for each asset.
page-pf9
MULTIPLE CHOICE
The following are possible multiple-choice questions for tests. The question is posed and the
answer is provided under the choices. The level of difficulty (easy, medium, hard) and the
section(s) relevant to the topic is also furnished.
1.
Which of the following is not one of the major categories (or sub-categories) into which
network security threats can be placed?
a. disruption
b. destruction
c. controlled chaos
d. intrusion
e. disaster
2.
In recent years, management’s concern about the adequacy of current control and security
mechanisms used in a data communications environment has:
a. decreased because the new sophisticated technology is far more secure than the old
manual methods
b. remained the same because management was always deeply interest in control and
security
c. decreased because of the change in moral and ethical codes in the U.S. to a kinder
and gentler society
d. increased because this commitment to data communications has changed the
potential vulnerability of the organization’s assets
e. remained the same because there are very few threats to data communications
3.
An example of _____ of data would be if a computer virus eliminated files on that computer.
a. disruption
b. controlled chaos
c. intrusion
d. destruction
e. disaster
page-pfa
4.
A tornado that eliminates a network control center would be an example of a natural
__________
a. disaster
b. disruption
c. controlled chaos
d. destruction
e. intrusion
5.
Often, incidents of ___________ involve employees of the organization, surprisingly
enough.
a. intrusion
b. disruption
c. controlled chaos
d. destruction
e. disaster
6.
A network switch failure is an example of a(n) ________ threat.
a. internal
b. disruptive
c. causal
d. intrusion
e. disaster
7.
A hacker gaining access to organizational data files and resources is an example of a(n)
____________ threat.
a. disruptive
b. controlled chaos
c. disruptive
d. intrusion
e. disaster
page-pfb
8.
Developing _______ helps develop a secure network.
a. rules
b. controls
c. network maps
d. vendor documentation
e. service level agreements
9.
_________ controls stop a person from acting.
a. detective
b. corrective
c. mitigating
d. preventive
e. backup
10.
________ controls discover unwanted events.
a. preventive
b. corrective
c. detective
d. mitigating
e. backup
11.
________ controls fix a trespass into the network.
a. corrective
b. detective
c. preventive
d. mitigating
e. backup
page-pfc
12.
A ___________ assigns levels of risk to various threats to network security by comparing the
nature of the threats to the controls designed to reduce them.
a. risk assessment
b. backplane
c. mitigating control factor analysis
d. control verification worksheet
e. control test plan
13.
A(n) _________ is something of value and can be either hardware or software.
a. asset
b. service level agreement
c. threat
d. security plan
e. network design
14.
A(n) ____________, is an information system that is critical to the survival of an
organization.
a. network plan
b. accounting system
c. IDS
d. mission critical application
e. firewall
15.
A(n) __________ is any potential adverse occurrence that can do harm, interrupt the system
using the network to cause monetary loss to the organization.
a. asset
b. service level agreement
c. threat
d. security plan
e. network design

Trusted by Thousands of
Students

Here are what students say about us.

Copyright ©2022 All rights reserved. | CoursePaper is not sponsored or endorsed by any college or university.