Chapter 11 2 The three basic network access points into most organizational

16.

Threat of intrusion comes from ____________.

a. the government

b. crackers

c. outside of the organization

d. both inside and outside of the organization

e. inside of the organization

17.

The key principle in preventing disruption, destruction and disaster is ___________.

a. redundancy

b. control spreadsheet

c. IDS

d. anti-virus software

e. prevention controls

18.

A(n) ___________ is one of the most common examples of redundancy built into a network

to help reduce the impact of disruption.

a. network cloaking device

b. backup punch card reader

c. uninterruptible power supply

d. service level agreement

e. help desk

19.

A (n) ______ is a special type of virus that spreads itself without human intervention.

a. snake

b. worm

c. Trojan horse

d. boot sector virus

e. stealth virus

20.

A ____________ is a situation in which a hacker attempts to disrupt the network by sending

messages to the network that prevent normal users’ messages from being processed.

a. denial-of-service attack

b. service level agreement

c. virus

d. spamming

e. scamming

21.

Which of the following is not a type of intruder who attempts to gain intrusion to computer

networks?

a. Delphi team member

b. script kiddies

c. crackers

d. professional hackers

e. organization employees

22.

Which of the following is not a method for deterring intrusion?

a. training end users not to divulge passwords

b. using a smart card in conjunction with a password to gain access to a computer

system

c. using biometric devices to gain access to a computer system

d. using a security software package that logs out users if that user is ‘idle’ for a certain

amount of time

e. performing social engineering

23.

The three basic network access points into most organizational networks are from the

Internet, from LANs inside of the organization and ________________.

a. WLANs

b. intranet

c. extranet

d. WAN

e. none of the above

24.

Which of the following type of media is least susceptible to eavesdropping?

a. fiber optics

b. twisted pair

c. microwave

d. infrared

e. coaxial cable

25.

Which of the following are usually the first choice for eavesdropping?

a. unshielded twisted pair

b. shielded twisted pair

c. local cables owned by the organization

d. wireless LANs

e. fiber optics

26.

For Ethernet networks, a _______ switch can make eavesdropping more difficult.

a. secure

b. Trojan horse

c. proxy

d. spoofing

e. spamming

27.

Which of the following is not a method for deterring outside intruders from gaining access to

the organization’s office or network equipment facilities?

a. locks on network circuits after working hours

b. passwords that disable the screen and keyboard of a computer

c. secured network cabling behind walls and above ceilings

d. use of armored cable

e. unlocked wiring closet for network devices

28.

A sniffer program is a:

a. type of macro-virus

b. small peep-hole in a door or wall to allow a security guard to sniff the area with his

or her nose before entering a secure area or location

c. used in a call-back modem

d. a program that records all LAN messages received for later (unauthorized) analysis

e. secure hub program

29.

_______________ is an encryption standard that uses a total of 168 bits as the key.

a. Triple DES

b. Dial-back

c. WEP

d. EAP

e. Ciphering

30.

__________ refers to the process of translating between one set of private addresses inside a

network and a set of public address outside the network.

a. Translation

b. Conversion

c. Network address translation

d. Proxy translation

e. IP conversion.

31.

A __________ is a router or special purpose computer that examines packets flowing into

and out of a network and restricts access to the organization’s network.

a. firewall

b. token system

c. ANI

d. call-back modem

e. firefighter

32.

A(n) ____________ examines the source and destination address of every network packet

that passes through it.

a. packet level firewall

b. mullion server

c. ANI system

d. IP spoofing system

e. application level firewall

33.

IP spoofing means to:

a. fool the target computer and any intervening firewall into believing that messages

from the intruder’s computer are actually coming from an authorized user inside the

organization’s network

b. clad or cover the internal processing (IP) lines with insulating material to shield the

IP lines from excess heat or radiation

c. illegally tape or listen in on telephone conversations

d. detect and prevent denial-of-service attacks

e. act as an intermediate host computer between the Internet and the rest of the

organization’s networks

34.

A(n) ____________ acts an intermediate host computer or gateway between the Internet and

the rest of the organization’s networks.

a. application level firewall

b. bullion server

c. ANI system

d. IP spoofing systems

e. packet level firewall

35.

A(n) _________ is a type of application level firewall that is transparent so that no other

computer notices that it is on the network.

a. ANI system

b. NAT firewall

c. IP spoofing bridge

d. packet level firewall

e. smart hub

36.

A security hole is a(n):

a. malfunction or bug in an application program that allows data to be seen or accessed

by unauthorized users

b. small peep-hole in a door or wall to allow a security guard to examine an individual

before allowing that individual access to a secure area or location

c. packet-level firewall

d. missing or absent protected mode addressing restrictions on user programs during

multitasking or multithreaded program execution

e. ANI system

37.

Spyware, adware and DDOS agents are three types of:

a. IP spoofing attacks

b. Denial-of-service attacks

c. Trojans

d. Physical security threats

e. Intrusion prevention detection approaches

38.

A way to prevent intrusion by disguising information through algorithms is:

a. spoofing

b. call-back access

c. encryption

d. disk elevatoring

e. disk mirroring

39.

Encryption is the process of:

a. transmission of information over secure lines in analog form to prevent illegal access

b. detecting errors in messages by means of mathematical rules

c. correcting errors in message by means of mathematical rules

d. disguising information by the use of mathematical rules, known as algorithms

e. preventing errors in messages by means of logical rules

40.

A symmetric encryption system has two parts: the key and the ____________.

a. algorithm

b. spamming method

c. IP spoofer

d. clearance code

e. smart card bits

41.

A brute force attack against an encryption system:

a. tries to gain access by trying every possible key

b. is called RC4

c. is also known as 3DES

d. always uses the Rijndael algorithm

e. is part of the Advanced Encyrption Standard

42.

DES:

a. is maintained by ISO

b. refers to Date Electronic Security

c. is a commonly used symmetric encryption algorithm that was developed in the mid-

1970s

d. was developed by a joint effort that included Microsoft

e. is an asymmetric algorithm

43.

__________ provide authentication which can legally prove who sent a message over a

network.

a. Digital signatures

b. DES keys

c. Directory keys

d. Screen names

e. User Ids

44.

A __________ is a trusted organization that can vouch for the authenticity of the person or

the organization using the authentication.

a. disaster recovery firm

b. DES company

c. directory company

d. certificate authority

e. fingerprint advisory board

45.

IP Security Protocol:

a. is focused on Web applications

b. is primarily used to encrypt e-mail

c. is a policy which makes public key encryption work on the Internet

d. sits between IP at the network layer and TCP/UDP at the transport layer

e. operates in entrapment mode

46.

Which of the following is a mode that is used by IPSec?

a. exchange

b. sniffer

c. tunnel

d. creeper

e. firefighter

47.

Which of the following is not true about one-time passwords?

a. Users’ pagers can receive them.

b. They can be used in conjunction with a token system.

c. The user must enter the one-time password to gain access or the connection is

terminated.

d. This is a good security solution for users who travel frequently and who must have

secure dial-in access.

e. They create a packet level firewall on the system.

48.

Which of the following is not a type of intrusion prevention system?

a. network-based

b. data link-based

c. application-based

d. host-based

e. none of the above is an appropriate answer

49.

A fundamental technique to determine if an intrusion is in progress in a stable network is:

a. anomaly detection

b. armoring cable

c. RSA algorithm

d. patching

e. scanning a user’s fingerprint

50.

To snare intruders, many organizations now use _________ techniques.

a. entrapment

b. hacker

c. Trojan horse

d. cracker

e. DES

51.

The use of computer analysis techniques to gather evidence for criminal and/or civil trials is

known as:

a. Trojan horse

b. sniffing

c. tunneling

d. computer forensics

e. misuse detection

52.

According to Symantec, more than 50% of all targeted companies had fewer than 2,500

employees because they

a. often have weaker security.

b. have more assets.

c. are more likely to have credit card numbers available.

d. are likely off-shore.

e. have lower bandwidth

53.

The use of hacking techniques to bring attention to a larger political or social goal is referred

to as

a. hacking

b. ethical politics

c. hacktivism

d. social engineering

e. brute force attacks

54.

Which of the following is not considered one of the five most common business impacts?

a. Financial

b. Productivity

c. Reputation

d. Social

e. Safety

55.

_______________ describes how an asset can be compromised by one specific threat.

a. Threat scenarios

b. Threat plans

c. Threat hacks

d. Threat contingencies

e. Threat attacks

56.

We can calculate the relative ___________, by multiplying the impact score by the

likelihood.

a. rootkit

b. authentication

c. risk score

d. risk assessment

e. risk event

Short Answer and Essay Questions:

1. Using a chart format, describe 8 possible threats to a data network (such as

hardware, software, files, circuits, internal personnel, physical security, external

people, and users). Describe 8 possible solutions to these conceivable threats.

2. How does a packet level firewall work? Describe the proxy server function, the

packet layer firewall function, the DMZ and the architecture of this design.

3. What is a packet level firewall as compared to a NAT firewall and as compared to

an applications layer firewall?

4. What is IP spoofing?

5. Explain how a Trojan horse works.

6. Compare and contrast symmetric and asymmetric encryption.

7. Describe how symmetric encryption works, draw a chart of this approach. How

does DES differ from 3DES? From RC4? From AES?

8. Compare and contrast DES and public key encryption.

9. Describe how asymmetric encryption works, using a chart to help to explain this

approach.

10. What is PKI and why is it important?

11. How does PGP differ from SSL? How does SSL differ from IPsec? Compare

and contrast IPSec tunnel mode and IPSec transfer mode.

12. Describe five biometric technologies. How can a biometric enhance security in a

network? What are some of the advantages and disadvantages of biometrics?

13. How does a network manager utilize a user profile?

14. What is social engineering?

15. What is the difference between a network-based IPS, host-based IPS and

application-based IPS?

16. How does IPS anomaly detection differ from misuse detection?

17. What is a honey pot?

18. Some people think that CERT’s posting of security alerts causes more break ins

than it prevents. What are the pros and cons of this argument? Do you think

CERT should continue to post security holes?

19. What are the most important servers to protect on a network and why?

20. Describe the three main reasons why there has been an increase in computer

security over the past few years.

21. List three risk assessment frameworks that are commonly used.

22. Describe the four risk control strategies and when you might use each one.