Network Security Essentials Applications and Standards 4e ALL Tests SOLUTIONS AT THE END OF FILE
description
Transcript of Network Security Essentials Applications and Standards 4e ALL Tests SOLUTIONS AT THE END OF FILE
Exam
Name___________________________________
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
1) With the introduction of the computer the need for automated tools for protecting files and other
information stored on the computer became evident.
1)
2) There is a natural tendency on the part of users and system managers to perceive little benefit from
security investment until a security failure occurs.
2)
3) There are clear boundaries between network security and internet security. 3)
4) The CIA triad embodies the fundamental security objectives for both data and for information and
computing services.
4)
5) In developing a particular security mechanism or algorithm one must always consider potential
attacks on those security features.
5)
6) A loss of confidentiality is the unauthorized modification or destruction of information. 6)
7) Patient allergy information is an example of an asset with a moderate requirement for integrity. 7)
8) The more critical a component or service, the higher the level of availability required. 8)
9) Data origin authentication provides protection against the duplication or modification of data
units.
9)
10) The emphasis in dealing with passive attacks is on prevention rather than detection. 10)
11) Data integrity is the protection of data from unauthorized disclosure. 11)
12) Information access threats exploit service flaws in computers to inhibit use by legitimate users. 12)
13) Viruses and worms are two examples of software attacks. 13)
14) A connection-oriented integrity service deals with individual messages without regard to any
larger context and generally provides protection against message modification only.
14)
15) Pervasive security mechanisms are not specific to any particular OSI security service or protocol
layer.
15)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
16) _________ security consists of measures to deter, prevent, detect, and correct security violations
that involve the transmission of information.
A) Internet B) Computer C) Network D) Intranet
16)
1
17) Verifying that users are who they say they are and that each input arriving at the system came from
a trusted source is _________ .
A) accountability B) authenticity C) integrity D) confidentiality
17)
18) __________ assures that systems work promptly and service is not denied to authorized users.
A) Availability B) Integrity
C) System integrity D) Data confidentiality
18)
19) __________ assures that a system performs its intended function in an unimpaired manner, free
from deliberate or inadvertent unauthorized manipulation of the system.
A) System integrity B) Availability
C) Data confidentiality D) Privacy
19)
20) The security goal that generates the requirement for actions of an entity to be traced uniquely to that
entity is _________ .
A) authenticity B) privacy C) accountability D) integrity
20)
21) __________ attacks attempt to alter system resources or affect their operation.
A) Active B) Release of message content
C) Traffic analysis D) Passive
21)
22) A __________ takes place when one entity pretends to be a different entity.
A) masquerade B) passive attack
C) replay D) modification of message
22)
23) X.800 defines _________ as a service that is provided by a protocol layer of communicating open
systems and that ensures adequate security of the systems or of data transfers.
A) integrity B) security service C) replay D) authenticity
23)
24) _________ is a professional membership society with worldwide organizational and individual
membership that provides leadership in addressing issues that confront the future of the Internet
and is the organization home for the groups responsible for Internet infrastructure standards,
including the IETF and the IAB.
A) ITU-T B) ISOC C) ISO D) FIPS
24)
25) The protection of data from unauthorized disclosure is _________ .
A) nonrepudiation B) data confidentiality
C) access control D) authentication
25)
26) __________ is a U.S. federal agency that deals with measurement science, standards, and
technology related to U.S. government use and to the promotion of U.S. private sector innovation.
A) NIST B) ISO C) ITU-T D) ISOC
26)
27) The prevention of unauthorized use of a resource is __________ .
A) data confidentiality B) authentication
C) access control D) nonrepudiation
27)
28) The __________ service addresses the security concerns raised by denial-of-service attacks.
A) routing control B) availability C) event detection D) integrity
28)
2
29) _________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
A) Routing control B) Traffic padding
C) Authentication exchange D) Notarization
29)
30) _________ is a variety of mechanisms used to assure the integrity of a data unit or stream of data
units.
A) Data integrity B) Authentication exchange
C) Event detection D) Trusted functionality
30)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
31) _________ is defined as "the protection afforded to an automated information system in
order to attain
the applicable objectives of preserving the integrity, availability, and confidentiality of
information system resources".
31)
32) Three key objectives that are at the heart of computer security are: confidentiality,
availability, and _________ .
32)
33) An intelligent act that is a deliberate attempt to evade security services and violate the
security policy of a system is an __________ .
33)
34) A loss of _________ is the disruption of access to or use of information or an information
system.
34)
35) __________ is the use of mathematical algorithms to transform data into a form that is not
readily intelligible, in which the transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption keys.
35)
36) Student grade information is an asset whose confidentiality is considered to be highly
important by students and, in the United States, the release of such information is
regulated by the __________.
36)
37) A possible danger that might exploit a vulnerability, a _________ is a potential for
violation of security which exists when there is a circumstance, capability, action, or event
that could breach security and cause harm.
37)
38) A __________ attack attempts to learn or make use of information from the system but does
not affect system resources.
38)
39) The common technique for masking contents of messages or other information traffic so
that opponents, even if they captured the message, could not extract the information from
the message is _________ .
39)
40) Active attacks can be subdivided into four categories: replay, modification of messages,
denial of service, and __________ .
40)
41) X.800 divides security services into five categories: authentication, access control,
nonrepudiation, data integrity and __________ .
41)
3
42) In the context of network security, _________ is the ability to limit and control the access to
host systems and applications via communications links.
42)
43) The __________ is a worldwide federation of national standards bodies that promote the
development of standardization and related activities with a view to facilitating the
international exchange of goods and services and to developing cooperation in the spheres
of intellectual, scientific, technological, and economic activity.
43)
44) __________ prevents either sender or receiver from denying a transmitted message; when a
message is sent the receiver can prove that the alleged sender in fact sent the message and
when a message is received the sender can prove that the alleged receiver in fact received
the message.
44)
45) A __________ is data appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and
protect against forgery.
45)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
46) Public-key encryption is also referred to as conventional encryption, secret-key, or single-key
encryption.
46)
47) The advantage of a block cipher is that you can reuse keys. 47)
48) Ciphertext is the scrambled message produced as output. 48)
49) The security of symmetric encryption depends on the secrecy of the algorithm, not the secrecy of
the key.
49)
50) The ciphertext-only attack is the easiest to defend against because the opponent has the least
amount of information to work with.
50)
51) The Feistel structure is a particular example of the more general structure used by all symmetric
block ciphers.
51)
52) Smaller block sizes mean greater security but reduced encryption/decryption speed. 52)
53) The essence of a symmetric block cipher is that a single round offers inadequate security but that
multiple rounds offer increasing security.
53)
54) Triple DES was first standardized for use in financial applications in ANSI standard X9.17 in 1985. 54)
55) The most commonly used symmetric encryption algorithms are stream ciphers. 55)
56) The principal drawback of 3DES is that the algorithm is relatively sluggish in software. 56)
57) AES uses a Feistel structure. 57)
4
58) Random numbers play an important role in the use of encryption for various network security
applications.
58)
59) The primary advantage of a stream cipher is that stream ciphers are almost always faster and use
far less code than do block ciphers.
59)
60) One desirable property of a stream cipher is that the ciphertext be longer in length than the
plaintext.
60)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
61) A symmetric encryption scheme has _________ ingredients.
A) four B) five C) three D) six
61)
62) _________ is the original message or data that is fed into the algorithm as input.
A) DES B) Ciphertext C) Encryption key D) Plaintext
62)
63) _________ mode requires only the implementation of the encryption algorithm and not the
decryption algorithm.
A) CTR B) CBC C) DKS D) ECB
63)
64) A __________ processes the input elements continuously, producing output one element at a time,
as it goes along.
A) keystream B) stream cipher C) cryptanalysis D) block cipher
64)
65) If both sender and receiver use the same key the system is referred to as _________ encryption.
A) symmetric B) public-key C) asymmetric D) two-key
65)
66) If the sender and receiver each use a different key the system is referred to as __________
encryption.
A) secret-key B) asymmetric C) conventional D) single-key
66)
67) A _________ approach involves trying every possible key until an intelligible translation of the
ciphertext into plaintext is obtained.
A) brute-force B) triple DES C) block cipher D) computational
67)
68) With the ________ mode if there is an error in a block of the transmitted ciphertext only the
corresponding plaintext block is affected.
A) ECB B) CTS C) CBC D) TSR
68)
69) The most common key length in modern algorithms is ________ .
A) 128 bits B) 32 bits C) 256 bits D) 64 bits
69)
70) A ________ takes as input a source that is effectively random and is often referred to as an entropy
source.
A) PSRN B) PRNG C) TRNG D) PRF
70)
71) A symmetric block cipher processes _________ of data at a time.
A) four blocks B) one block C) two blocks D) three blocks
71)
5
72) In _________ mode a counter equal to the plaintext block size is used.
A) CBC B) ECB C) CFB D) CTR
72)
73) The _________ algorithm performs various substitutions and transformations on the plaintext.
A) codebook B) cipher C) keystream D) encryption
73)
74) If the analyst is able to get the source system to insert into the system a message chosen by the
analyst, a _________ attack is possible.
A) known plaintext B) ciphertext only
C) chosen ciphertext D) chosen plaintext
74)
75) The _________ key size is used with the Data Encryption Standard algorithm.
A) 128 bit B) 56 bit C) 32 bit D) 168 bit
75)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
76) The _________ algorithm takes the ciphertext and the same secret key and produces the
original plaintext.
76)
77) A _________ cipher processes the plaintext input in fixed sized blocks and produces a
block of ciphertext of equal size for each plaintext block.
77)
78) With the use of symmetric encryption, the principal security problem is maintaining the
secrecy of the _________ .
78)
79) Three broad categories of cryptographic algorithms are commonly used to create PRNGs:
Asymmetric ciphers, Hash functions and message authentication codes, and ___________ .
79)
80) The process of attempting to discover the plaintext or key is known as _________ . 80)
81) An encryption scheme is __________ if the cost of breaking the cipher exceeds the value of
the encrypted information and/or the time required to break the cipher exceeds the useful
lifetime of the information.
81)
82) The three most important symmetric block ciphers are: triple DES (3DES), the Advanced
Encryption Standard (AES), and the ___________ .
82)
83) The ________ source is drawn from the physical environment of the computer and could
include things such as keystroke timing patterns, disk electrical activity, mouse
movements, and instantaneous values of the system clock.
83)
84) A PRNG takes as input a fixed value called the ________ and produces a sequence of
output bits using a deterministic algorithm.
84)
85) __________ is a stream cipher used in the Secure Sockets Layer/Transport Layer Security
standards that have been defined for communication between Web browsers and servers
and is also used in WEP and WPA protocols.
85)
6
86) In the _________ mode the input to the encryption algorithm is the XOR of the current
plaintext block and the preceeding ciphertext block; the same key is used for each block.
86)
87) Also referred to as conventional encryption, secret-key, or single-key encryption,
_________ encryption was the only type of encryption in use prior to the development of
public-key encryption in the late 1970's.
87)
88) Two requirements for secure use of symmetric encryption are: sender and receiver must
have obtained copies of the secret key in a secure fashion and a strong __________ is
needed.
88)
89) All encryption algorithms are based on two general principles: _________, in which each
element in the plaintext is mapped into another element, and transposition, in which
elements in the plaintext are rearranged.
89)
90) Many symmetric block encryption algorithms including DES have a structure first
described by _________ of IBM in 1973.
90)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
91) Public key algorithms are useful in the exchange of conventional encryption keys. 91)
92) Private key encryption is used to produce digital signatures which provide an enhanced form of
message authentication.
92)
93) The strength of a hash function against brute-force attacks depends solely on the length of the hash
code produced by the algorithm.
93)
94) The two important aspects of encryption are to verify that the contents of the message have not
been altered and that the source is authentic.
94)
95) In the ECB mode of encryption if an attacker reorders the blocks of ciphertext then each block will
still decrypt successfully, however, the reordering may alter the meaning of the overall data
sequence.
95)
96) Message encryption alone provides a secure form of authentication. 96)
97) Because of the mathematical properties of the message authentication code function it is less
vulnerable to being broken than encryption.
97)
98) In addition to providing authentication, a message digest also provides data integrity and performs
the same function as a frame check sequence.
98)
99) Cryptographic hash functions generally execute slower in software than conventional encryption
algorithms such as DES.
99)
100) The main advantage of HMAC over other proposed hash based schemes is that HMAC can be
proven secure, provided that the embedded hash function has some reasonable cryptographic
strengths.
100)
7
101) Public key algorithms are based on mathematical functions rather than on simple operations on bit
patterns.
101)
102) The private key is known only to its owner. 102)
103) The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to
calculate exponentials modulo a prime, it is very easy to calculate discrete logarithms.
103)
104) The key exchange protocol is vulnerable to a man-in-the-middle attack because it does not
authenticate the participants.
104)
105) Even in the case of complete encryption there is no protection of confidentiality because any
observer can decrypt the message by using the sender's public key.
105)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
106) ________ protects against passive attack (eavesdropping).
A) SCR B) Message authentication
C) Encryption D) Obfuscation
106)
107) The most important hash function is ________ .
A) MAC B) ECB C) SHA D) OWH
107)
108) __________ is a procedure that allows communicating parties to verify that received messages are
authentic.
A) Encryption B) Message authentication
C) Passive attack D) ECB
108)
109) If the message includes a _________ the receiver is assured that the message has not been delayed
beyond that normally expected for network transit.
A) shared key B) timestamp
C) error detection code D) sequence number
109)
110) The purpose of a ___________ is to produce a "fingerprint" of a file, message, or other block of data.
A) public key B) message authentication
C) cipher encryption D) hash function
110)
111) It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function with
this property is referred to as __________ .
A) collision resistant B) preimage resistant
C) one-way D) weak collision resistant
111)
112) "It is easy to generate a code given a message, but virtually impossible to generate a message given
a code" describes the __________ hash function property.
A) collision resistant B) strong collision resistant
C) preimage resistant D) second preimage resistant
112)
8
113) The __________ property protects against a sophisticated class of attack known as the birthday
attack.
A) collision resistant B) one-way
C) preimage resistant D) second preimage resistant
113)
114) Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively known as
_________ .
A) SHA-3 B) SHA-1 C) SHA-0 D) SHA-2
114)
115) Public key cryptography is __________ .
A) asymmetric B) one key C) symmetric D) bit patterned
115)
116) The readable message or data that is fed into the algorithm as input is the __________ .
A) encryption algorithm B) plaintext
C) private key D) ciphertext
116)
117) The key used in conventional encryption is typically referred to as a _________ key.
A) cipher B) secret C) primary D) secondary
117)
118) The most widely accepted and implemented approach to public-key encryption, _________ is a
block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n.
A) SHA B) CTR C) RSA D) MD5
118)
119) The purpose of the _________ algorithm is to enable two users to exchange a secret key securely
that then can be used for subsequent encryption of messages and depends on the difficulty of
computing discrete logarithms for its effectiveness.
A) DSS B) Diffie-Hellman
C) Rivest-Adleman D) RSA
119)
120) Based on the use of a mathematical construct known as the elliptic curve and offering equal
security for a far smaller bit size, __________ has begun to challenge RSA.
A) RIPE-160 B) DSS C) ECC D) TCB
120)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
121) Protection against active attack (falsification of data and transactions) is known as
___________ .
121)
122) The __________ property is the "one-way" property and is important if the authentication
technique involves the use of a secret value.
122)
123) The __________ approach has two advantages: it provides a digital signature as well as
message authentication and it does not require the distribution of keys to communicating
parties.
123)
124) Like the MAC, a __________ accepts a variable size message M as input and produces a
fixed size message digest H(M) as output. Unlike the MAC, it does not take a secret key as
input.
124)
9
125) The __________ property guarantees that it is impossible to find an alternative message
with the same hash value as a given message thus preventing forgery when an encrypted
hash code is used.
125)
126) As with symmetric encryption there are two approaches to attacking a secure hash
function: brute-force attack and ___________ .
126)
127) The two most widely used public key algorithms are RSA and _________ . 127)
128) The _________ was developed by NIST and published as a federal information processing
standard in 1993.
128)
129) __________ is a term used to describe encryption systems that simultaneously protect
confidentiality and authenticity (integrity) of communications.
129)
130) The key algorithmic ingredients of __________ are the AES encryption algorithm, the CTR
mode of operation, and the CMAC authentication algorithm.
130)
131) The __________ algorithm accepts the ciphertext and the matching key and produces the
original plaintext.
131)
132) A __________ is when the sender "signs" a message with its private key, which is achieved
by a cryptographic algorithm applied to the message or to a small block of data that is a
function of the message.
132)
133) A _________ is when two sides cooperate to exchange a session key. 133)
134) Using an algorithm that is designed to provide only the digital signature function, the
_________ makes use of the SHA-1 and cannot be used for encryption or key exchange.
134)
135) Bob uses his own private key to encrypt the message. When Alice receives the ciphertext
she finds that she can decrypt it with Bob's public key, thus proving that the message must
have been encrypted by Bob. No one else has Bob's private key and therefore no one else
could have created a ciphertext that could be decrypted with Bob's public key. Therefore
the entire encrypted message serves as a _________ .
135)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
136) For symmetric encryption to work the two parties to an exchange must share the same key, and
that key must be protected from access by others.
136)
137) It is not necessary for a certification authority to maintain a list of certificates issued by that CA that
were not expired but were revoked.
137)
138) A session key is destroyed at the end of a session. 138)
139) Kerberos relies exclusively on asymmetric encryption and makes use of public key encryption. 139)
10
140) The automated key distribution approach provides the flexibility and dynamic characteristics
needed to allow a number of users to access a number of servers and for the servers to exchange
data with each other.
140)
141) If an opponent captures an unexpired service granting ticket and tries to use it they will be denied
access to the corresponding service.
141)
142) The ticket-granting ticket is encrypted with a secret key known only to the authentication server
and the ticket granting server.
142)
143) If the lifetime stamped on a ticket is very short (e.g., minutes) an opponent has a greater
opportunity for replay.
143)
144) Kerberos version 4 did not fully address the need to be of general purpose. 144)
145) One of the major roles of public-key encryption is to address the problem of key distribution. 145)
146) It is not required for two parties to share a secret key in order to communicate securely with
conventional encryption.
146)
147) X.509 is based on the use of public-key cryptography and digital signatures. 147)
148) User certificates generated by a CA need special efforts made by the directory to protect them from
being forged.
148)
149) The principal underlying standard for federated identity is the Security Assertion Markup
Language (SAML) which defines the exchange of security information between online business
partners.
149)
150) Federated identity management is a concept dealing with the use of a common identity
management scheme across multiple enterprises and numerous applications and supporting many
thousands, even millions, of users.
150)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
151) A _________ is a key used between entities for the purpose of distributing session keys.
A) session relay key B) permanent key
C) key distribution center D) symmetric key
151)
152) The __________ knows the passwords of all users and stores these in a centralized database and
also shares a unique secret key with each server.
A) authentication server B) ticket server
C) management server D) key distribution server
152)
153) Once the authentication server accepts the user as authentic it creates an encrypted _________
which is sent back to the client.
A) ticket B) access code C) key D) password
153)
11
154) In order to solve the problem of minimizing the number of times that a user has to enter a
password and the problem of a plaintext transmission of the password a __________ server is used.
A) authentication B) access code
C) ticket granting D) password ciphering
154)
155) In order to prevent an opponent from capturing the login ticket and reusing it to spoof the TGS, the
ticket includes a __________ indicating the date and time at which the ticket was issued.
A) validation B) timestamp C) realm D) certificate
155)
156) A ___________ is a service or user that is known to the Kerberos system and is identified by its
principal name.
A) Kerberos realm B) Kerberos key
C) Kerberos ticket D) Kerberos principal
156)
157) Kerberos version 4 requires the use of ____________ .
A) MAC address B) Ethernet link address
C) IP address D) ISO network address
157)
158) Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ .
A) PCBC B) CBC C) KDC D) PKI
158)
159) A random value to be repeated to assure that the response is fresh and has not been replayed by an
opponent is the __________ .
A) rtime B) option C) nonce D) realm
159)
160) Used in most network security applications the __________ standard has become universally
accepted for formatting public-key certificates.
A) IETF B) X.509 C) X.905 D) PKIX
160)
161) Containing the hash code of the other fields encrypted with the CA's private key, the __________
covers all of the other fields of the certificate and includes the signature algorithm identifier.
A) extension B) subject unique identifier
C) issuer unique identifier D) signature
161)
162) The _________ extension lists policies that the certificate is recognized as supporting, together with
optional qualifier information.
A) directory attribute B) authority key identifier
C) policy mappings D) certificate policies
162)
163) _________ are entities that obtain and employ data maintained and provided by identity and
attribute providers, which are often used to support authorization decisions and to collect audit
information.
A) CAs B) Principals
C) Federations D) Data Consumers
163)
164) An __________ manages the creation and maintenance of attributes such as passwords and
biometric information.
A) identity provider B) authorizing agent
C) authenticator D) attribute service
164)
12
165) __________ is a centralized, automated approach to provide enterprise wide access to resources by
employees and other authorized individuals, with a focus of defining an identity for each user,
associating attributes with the identity, and enforcing a means by which a user can verify identity.
A) PKIX management B) Registration authority
C) Federated managing authority D) Identity management
165)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
166) The strength of any cryptographic system rests with the _________ technique, a term that
refers to the means of delivering a key to two parties that wish to exchange data without
allowing others to see the key.
166)
167) A __________ indicates the length of time for which a ticket is valid (e.g., eight hours). 167)
168) When two end systems wish to communicate they establish a logical connection and, for
the duration of that logical connection, all user data are encrypted with a one-time
__________ which is destroyed at the end of the session.
168)
169) After determining which systems are allowed to communicate with each other and
granting permission for the two systems to establish a connection, the _________ provides
a one-time session key for that connection.
169)
170) Rather than building elaborate authentication protocols at each server, _________ provides
a centralized authentication server whose function is to authenticate users to servers and
servers to users.
170)
171) A __________ server issues tickets to users who have been authenticated to the
authentication server.
171)
172) A __________ is a set of managed nodes that share the same Kerberos database which
resides on the Kerberos master computer system that is located in a physically secure
room.
172)
173) Kerberos version 5 defines all message structures by using __________ and Basic Encoding
Rules (BER), which provide an unambiguous byte ordering.
173)
174) The technical deficiencies of Kerberos version 4 are: double encryption, PCBC encryption,
session keys and __________ .
174)
175) A _________ is the client's choice for an encryption key to be used to protect this specific
application session.
175)
176) A _________ consists of a public key plus a user ID of the key owner, with the whole block
signed by a trusted third party which is typically a CA that is trusted by the user
community.
176)
177) __________ defines a framework for the provision of authentication services by the X.500
directory to its users and defines alternative authentication protocols based on the use of
public-key certificates.
177)
13
178) The _________ exentsion is used only in certificates for CAs issued by other CAs and
allows an issuing CA to indicate that one or more of that issuer's policies can be considered
equivalent to another policy used in the subject CAs domain.
178)
179) With a principal objective of enabling secure, convenient and efficient acquisition of public
keys, __________ is the set of hardware, software, people, policies, and procedures needed
to create, manage, store, distribute, and revoke digital certificates based on asymmetric
cryptography.
179)
180) __________ is a process where authentication and permission will be passed on from one
system to another, usually across multiple enterprises, thereby reducing the number of
authentications needed by the user.
180)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
181) SSl/TLS includes protocol mechanisms to enable two TCP users to determine the security
mechanisms and services they will use.
181)
182) Unlike traditional publishing environments, the Internet is three-way and vulnerable to attacks on
the Web servers.
182)
183) Sessions are used to avoid the expensive negotiation of new security parameters for each
connection that shares security parameters.
183)
184) Microsoft Explorer originated SSL. 184)
185) The World Wide Web is fundamentally a client/server application running over the Internet and
TCP/IP intranets.
185)
186) One way to classify Web security threats is in terms of the location of the threat: Web server, Web
browser, and network traffic between browser and server.
186)
187) The encryption of the compressed message plus the MAC must increase the content length by more
than 1024 bytes.
187)
188) The Change Cipher Spec Protocol is one of the three SSL-specific protocols that use the SSL Record
Protocol.
188)
189) The SSL Record Protocol is used before any application data is transmitted. 189)
190) The first element of the CipherSuite parameter is the key exchange method. 190)
191) The certificate message is required for any agreed on key exchange method except fixed
Diffie-Hellman.
191)
192) Phase 3 completes the setting up of a secure connection of the Handshake Protocol. 192)
193) The shared master secret is a one-time 48-byte value generated for a session by means of secure
key exchange.
193)
14
194) The TLS Record Format is the same as that of the SSL Record Format. 194)
195) Server authentication occurs at the transport layer, based on the server possessing a public/private
key pair.
195)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
196) The SSL Internet standard version is called _________ .
A) TLS B) SLP C) SSH D) HTTP
196)
197) The most complex part of SSL is the __________ .
A) Change Cipher Spec Protocol B) Handshake Protocol
C) Alert Protocol D) SSL Record Protocol
197)
198) _________ attacks include impersonating another user, altering messages in transit between client
and server and altering information on a Web site.
A) Active B) Shell C) Passive D) Psuedo
198)
199) The symmetric encryption key for data encrypted by the client and decrypted by the server is a
_________ .
A) client write key B) server write key
C) sequence key D) master key
199)
200) _________ provides secure, remote logon and other secure client/server facilities.
A) TLS B) SLP C) HTTPS D) SSH
200)
201) An SSL session is an association between a client and a server and is created by the ___________ .
A) administrator B) user
C) Spec Protocol D) Handshake Protocol
201)
202) An arbitrary byte sequence chosen by the server to identify an active or resumable session state is a
_________ .
A) session identifier B) compression
C) cipher spec D) peer certificate
202)
203) The _________ is used to convey SSL-related alerts to the peer entity.
A) Handshake Protocol B) Alert Protocol
C) SSL Record Protocol D) Change Cipher Spec Protocol
203)
204) With each element of the list defining both a key exchange algorithm and a CipherSpec, the list that
contains the combination of cryptographic algorithms supported by the client in decreasing order
of preference is the __________ .
A) Random B) CipherSuite C) Session ID D) Version
204)
205) Phase _________ of the Handshake Protocol establishes security capabilities.
A) 4 B) 2 C) 3 D) 1
205)
206) The __________ approach is vulnerable to man-in-the-middle attacks.
A) Fortezza B) Anonymous Diffie-Hellman
C) Ephemeral Diffie-Hellman D) Fixed Diffie-Hellman
206)
15
207) The final message in phase 2, and one that is always required, is the ___________ message, which is
sent by the server to indicate the end of the server hello and associated messages.
A) goodbye B) server_done C) no_certificate D) finished
207)
208) Defined as a Proposed Internet Standard in RFC 2246, _________ is an IETF standardization
initiative whose goal is to produce an Internet standard version of SSL.
A) CCSP B) SHA-1 C) SSH D) TLS
208)
209) A Pseudorandom Function takes as input:
A) a seed value B) a secret value
C) an identifying label D) all of the above
209)
210) _________ is organized as three protocols that typically run on top of TCP for secure network
communications and are designed to be relatively simple and inexpensive to implement.
A) SSL B) SSI C) SSH D) TLS
210)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
211) __________ provides security services between Transport Layer Protocol and applications
that use TCP.
211)
212) The _________ Protocol allows the server and client to authenticate each other and to
negotiate an encryption and MAC algorithm along with cryptographic keys to be used to
protect data sent in an SSL Record.
212)
213) _________ attacks include eavesdropping on network traffic between browser and server
and gaining access to information on a Web site that is supposed to be restricted.
213)
214) __________ provides confidentiality using symmetric encryption and message integrity
using a message authentication code.
214)
215) The _________ takes an application message to be transmitted, fragments the data into
manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a
header, and transmits the resulting unit in a TCP segment.
215)
216) __________ refers to the combination of HTTP and SSL to implement secure
communication between a Web browser and a Web server.
216)
217) Two important SSL concepts are the SSL session and the SSL _________ . 217)
218) Three standardized schemes that are becoming increasingly important as part of Web
commerce and that focus on security at the transport layer are: SSL/TLS, HTTPS, and
_________.
218)
219) Three higher-layer protocols defined as part of SSL and used in the management of SSL
exchanges are: The Handshake Protocol, The Change Cipher Spec Protocol, and the
__________ .
219)
16
220) _________ would appear to be the most secure of the three Diffie-Hellman options because
it results in a temporary, authenticated key.
220)
221) A signature is created by taking the hash of a message and encrypting it with the sender's
_________ .
221)
222) The handshake is complete and the client and server may begin to exchange application
layer data after the server sends its finished message in phase _________ of the Handshake
Protocol.
222)
223) _________ require a client write MAC secret, a server write MAC secret, a client write key,
a server write key, a client write IV, and a server write IV, which are generated from the
master secret in that order.
223)
224) TLS makes use of a pseudorandom function referred to as __________ to expand secrets
into blocks of data for purposes of key generation or validation.
224)
225) __________ allows the client to set up a "hijacker" process that will intercept selected
application-level traffic and redirect it from an unsecured TCP connection to a secure SSH
tunnel.
225)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
226) IEEE 802.11 is a standard for wireless LANs. 226)
227) A basic service set may be isolated or it may connect to a backbone distribution system through an
access point, which functions as a bridge and a relay point.
227)
228) WAP was not designed to work with all wireless network technologies. 228)
229) The integration service enables transfer of data between a station on an IEEE 802.11 LAN and a
station on an integrated IEEE 802.x LAN.
229)
230) One notable approach to WAP assumes that the mobile device implements TLS over TCP/IP and
the wireless network supports transfer of IP packets.
230)
231) The DS can be a switch, a wired network, or a wireless network. 231)
232) The pairwise master key is derived from the group key. 232)
233) IEEE 802.11 defines seven services that need to be provided by the wireless LAN to achieve
functionality equivalent to that which is inherent to wired LANs.
233)
234) Ports are logical entities defined within the authenticator and refer to physical network
connections.
234)
235) The actual method of key generation depends on the details of the authentication protocol used. 235)
17
236) The WAP architecture is designed to cope with the two principal limitations of wireless Web
access: the limitations of the mobile node and the high data rates of wireless digital networks.
236)
237) WML presents mainly text-based information that attempts to capture the essence of the Web page. 237)
238) WTLS provides security services between the mobile device and the WAP gateway. 238)
239) The WTLS Record Protocol takes user data from the next higher layer and encapsulates these data
in a PDU.
239)
240) The most complex part of Wireless Transport Layer Security is the Change Cipher Spec Protocol. 240)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
241) The term used for certified 802.11b products is ___________ .
A) WEP B) Wi-Fi C) WPA D) WAP
241)
242) The layer of the IEEE 802 reference model that includes such functions as encoding/decoding of
signals and bit transmission/reception is the _________ .
A) control layer B) logical link layer
C) media access layer D) physical layer
242)
243) A WML _________ is similar to an HTML page in that it is identified by a URL and is the unit of
content transmission.
A) card B) unit C) page D) deck
243)
244) WAP security is primarily provided by the __________ which provides security services between
the mobile device and the WAP gateway to the Internet.
A) WTLS B) MSDU C) CCMP D) TKIP
244)
245) The function of the __________ is to on transmission assemble data into a frame, on reception
disassemble frame and perform address recognition and error detection, and govern access to the
LAN transmission medium.
A) media access control layer B) physical layer
C) transmission layer D) logical layer
245)
246) The master session key is also known as the __________ key.
A) STA B) GTK C) MIC D) AAA
246)
247) The __________ is the information that is delivered as a unit between MAC users.
A) DS B) BSS C) MPDU D) MSDU
247)
248) The __________ layer keeps track of which frames have been successfully received and retransmits
unsuccessful frames.
A) transmission B) media access control
C) physical layer D) logical link control
248)
18
249) The purpose of the discovery phase in the ___________ is for a STA and an AP to recognize each
other, agree on a set of security capabilities, and establish an association for future communication
using those security capabilities.
A) WPA B) WAE C) TKIP D) RSN
249)
250) The specification of a protocol along with the chosen key length is known as a __________ .
A) cipher suite B) extended service
C) distribution system D) RSN
250)
251) The _________ is used to ensure the confidentiality of the GTK and other key material in the 4-Way
Handshake.
A) TK B) EAPOL-KEK C) MIC key D) EAPOL-KCK
251)
252) The PMK is used to generate the _________ which consists of three keys to be used for
communication between a STA and AP after they have been mutually authenticated.
A) PTK B) PSK C) AAA Key D) GTK
252)
253) _________ is a standard to provide mobile users of wireless phones and other wireless terminals
access to telephony and information services including the Internet and the Web.
A) WEP B) WML C) WPA D) WAP
253)
254) _________ was designed to describe content and format for presenting data on devices with limited
bandwidth, limited screen size, and limited user input capability and to work with telephone
keypads, styluses, and other input devices common to mobile, wireless communication.
A) WPA B) WAE C) WAP D) WML
254)
255) The __________ is used to convey WTLS-related alerts to the peer entity.
A) Counter Mode MAC Protocol B) Cipher Spec Protocol
C) Alert Protocol D) WAP Protocol
255)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
256) __________ specifies security standards for IEEE 802.11 LANs including authentication,
data integrity, data confidentiality, and key management.
256)
257) The _________ is a universal open standard developed to provide mobile users of wireless
phones and other wireless terminals such as pages and personal digital assistants access to
telephony and information services including the Internet and the Web.
257)
258) __________ is the primary service used by stations to exchange MPDUs when the MPDUs
must traverse the DS to get from a station in one BSS to a station in another BSS.
258)
259) To certify interoperability for 802.11b products an industry consortium named the
__________ was formed.
259)
260) The __________ function is the logical function that determines when a station operating
within a BSS is permitted to transmit and may be able to receive PDUs.
260)
261) Derived from the GMK, the _________ is used to provide confidentiality and integrity
protection for multicast/broadcast user traffic.
261)
19
262) An __________ is a set of one or more interconnected BSSs and integrated LANs that
appear as a single BSS to the LLC layer at any station associated with one of these BSSs.
262)
263) The __________ layer is responsible for detecting errors and discarding any frames that
contain errors.
263)
264) The smallest building block of a wireless LAN is a __________ which consists of wireless
stations executing the same MAC protocol and competing for access to the same shared
wireless medium.
264)
265) In order to accelerate the introduction of strong security into WLANs, the Wi-Fi Alliance
promulgated __________ as a set of security mechanisms for the Wi-Fi standard.
265)
266) The MPDU authentication phase consists of three phases. They are: connect to AS, EAP
exchange and _________ .
266)
267) Forming a hierarchy beginning with a master key from which other keys are derived
dynamically and used for a limited period of time, __________ are used for communication
between a pair of devices typically between a STA and an AP.
267)
268) The MPDU exchange for distributing pairwise keys is known as the _________ which the
STA and SP use to confirm the existence of the PMK, to verify the selection of the cipher
suite, and to derive a fresh PTK for data sessions.
268)
269) Consisting of tools and formats that are intended to ease the task of developing
applications and devices supported by WAP, the ________ specifies an application
framework for wireless devices such as mobile telephones, pagers, and PDAs.
269)
270) The WAP Programming Model is based on three elements: the client, the original server,
and the _________ .
270)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
271) PGP incorporates tools for developing public-key certificate management and a public-key trust
model.
271)
272) PGP provides confidentiality through the use of asymmetric block encryption. 272)
273) E-mail is the most common distributed application that is widely used across all architectures and
vendor platforms.
273)
274) As a default, PGP compresses the message after applying the signature but before encryption. 274)
275) Each PGP entity must maintain a file of its own public/private key pairs as well as a file of private
keys of correspondents.
275)
276) A means of generating predictable PGP session keys is needed. 276)
20
277) To enhance security an encrypted message is not accompanied by an encrypted form of the session
key that was used for message encryption.
277)
278) A message component includes the actual data to be stored or transmitted as well as a filename and
a timestamp that specifies the time of creation.
278)
279) PGP has a very rigid public-key management scheme. 279)
280) The key legitimacy field is derived from the collection of signature trust fields in the entry. 280)
281) Only single user IDs may be associated with a single public key on the public-key ring. 281)
282) The MIME-Version field must have the parameter value 1.0 in order for the message to conform to
RFCs 2045 and 2046.
282)
283) For the text type of body no special software is required to get the full meaning of the text aside
from support of the indicated character set.
283)
284) The objective of MIME Transfer Encodings is to provide reliable delivery across the largest range of
environments.
284)
285) Native form is a format, appropriate to the content type, that is standardized for use between
systems.
285)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
286) __________ is an Internet standard approach to e-mail security that incorporates the same
functionality as PGP.
A) MIME B) HTTPS C) DKIM D) S/MIME
286)
287) PGP provides authentication through the use of _________ .
A) symmetric block encryption B) radix-64
C) asymmetric block encryption D) digital signatures
287)
288) PGP provides e-mail compatibility using the __________ encoding scheme.
A) radix-64 B) MIME
C) digital signature D) symmetric block
288)
289) The __________ enables the recipient to determine if the correct public key was used to decrypt the
message digest for authentication.
A) key ID of the sender's public key B) leading two octets of message digest
C) filename D) timestamp
289)
290) Key IDs are critical to the operation of PGP and __________ key IDs are included in any PGP
message that provides both confidentiality and authentication.
A) two B) six C) four D) three
290)
21
291) MIME is an extension to the ________ framework that is intended to address some of the problems
and limitations of the use of SMTP.
A) RFC 821 B) RFC 3852 C) RFC 4871 D) RFC 5322
291)
292) The ________ MIME field is a text description of the object with the body which is useful when the
object is not readable as in the case of audio data.
A) Content-Description B) Content-Type
C) Content-ID D) Content-Transfer-Encoding
292)
293) The __________ field is used to identify MIME entities uniquely in multiple contexts.
A) Content-Description B) Content-ID
C) Content-Transfer- Encoding D) Content-Type
293)
294) Video content will be identified as _________ type.
A) JPEG B) MPEG C) GIF D) BMP
294)
295) The __________ subtype is used when the different parts are independent but are to be transmitted
together. They should be presented to the receiver in the order that they appear in the mail
message.
A) multipart/alternative B) multipart/digest
C) multipart/parallel D) multipart/mixed
295)
296) For the __________ subtype the order of the parts is not significant.
A) multipart/mixed B) multipart/digest
C) multipart/alternative D) multipart/parallel
296)
297) S/MIME cryptographic algorithms use __________ to specify requirement level.
A) SHOULD and MIGHT B) SHOULD and MUST
C) CAN and MUST D) SHOULD and CAN
297)
298) E-banking, personal banking, e-commerce server, software validation and membership-based
online services all fall into the VeriSign Digital ID _________ .
A) Class 2 B) Class 4 C) Class 3 D) Class 1
298)
299) The _________ accepts the message submitted by a Message User Agent and enforces the policies of
the hosting domain and the requirements of Internet standards.
A) Message Transfer Agent B) Mail Submission Agent
C) Mail Delivery Agent D) Message Store
299)
300) Typically housed in the user's computer, a _________ is referred to as a client e-mail program or a
local network e-mail server.
A) Message Store B) Message User Agent
C) Mail Submission Agent D) Message Transfer Agent
300)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
301) ___________ is an open-source, freely available software package for e-mail security. 301)
302) The key legitimacy field, the signature trust field and the owner trust field are each
contained in a structure referred to as a ___________ .
302)
22
303) PGP provides compression using the __________ algorithm. 303)
304) To provide transparency for e-mail applications, an encrypted message may be converted
to an ASCII string using _________ conversion.
304)
305) PGP makes use of four types of keys: public keys, private keys, one-time session keys, and
___________ symmetric keys.
305)
306) Computed by PGP, a _________ field indicates the extent to which PGP will trust that this
is a valid public key for this user; the higher the level of trust, the stronger the binding of
this user ID to this key.
306)
307) __________ is a security enhancement to the MIME Internet e-mail format standard based
on technology from RSA Data Security.
307)
308) The __________ MIME field describes the data contained in the body with sufficient detail
that the receiving user agent can pick an appropriate agent or mechanism to represent the
data to the user or otherwise deal with the data in an appropriate manner.
308)
309) The _________ type refers to other kinds of data, typically either uninterpreted binary data
or information to be processed by a mail-based application.
309)
310) The _________ transfer encoding is useful when the data consists largely of octets that
correspond to printable ASCII characters.
310)
311) The _________ transfer encoding, also known as radix-64 encoding, is a common one for
encoding arbitrary binary data in such a way as to be invulnerable to the processing by
mail-transport programs.
311)
312) A _________ is formed by taking the message digest of the content to be signed and then
encrypting that with the private key of the signer, which is then encoded using base64
encoding.
312)
313) S/MIME provides the following functions: enveloped data, signed data, clear signed data,
and ________ .
313)
314) A specification for cryptographically signing e-mail messages permitting a signing
domain to claim responsibility for a message in the mail stream, _________ allow message
recipients to verify the signature by querying the signer's domain directly to retrieve the
appropriate public key and thereby confirming that the message was attested to by a party
in possession of the private key for the signing domain.
314)
315) The _________ is a directory lookup service that provides a mapping between the name of
a host on the Internet and its numerical address.
315)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
316) IP security is a capability that can be added to either current version of the Internet Protocol by
means of additional headers.
316)
23
317) The principal feature of IPsec is that it can encrypt and/or authenticate all traffic at the IP level. 317)
318) Transport mode provides protection to the entire IP packet. 318)
319) Additional padding may be added to provide partial traffic flow confidentiality by concealing the
actual length of the payload.
319)
320) Authentication must be applied to the entire original IP packet. 320)
321) An end user whose system is equipped with IP security protocols can make a local call to an ISP
and gain secure access to a company network.
321)
322) Both tunnel and transport modes can be accommodated by the encapsulating security payload
encryption format.
322)
323) An individual SA can implement both the AH and the ESP protocol. 323)
324) By implementing security at the IP level an organization can ensure secure networking not only for
applications that have security mechanisms but also for the many security ignorant applications.
324)
325) IPSec can guarantee that all traffic designated by the network administrator is authenticated but
cannot guarantee that it is encrypted.
325)
326) Any traffic from the local host to a remote host for purposes of an IKE exchange bypasses the IPsec
processing.
326)
327) IPsec is executed on a packet-by-packet basis. 327)
328) The Payload Data Field is designed to deter replay attacks. 328)
329) The Security Parameters Index identifies a security association. 329)
330) The default automated key management protocol for IPsec is referred to as ISAKMP/Oakley. 330)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
331) Authentication applied to the entire original IP packet is _________ .
A) transport mode B) security mode C) cipher mode D) tunnel mode
331)
332) _________ defines a number of techniques for key management.
A) KMP B) IKE C) SKE D) KEP
332)
333) Authentication applied to all of the packet except for the IP header is _________ .
A) tunnel mode B) transport mode
C) association mode D) security mode
333)
24
334) The __________ mechanism assures that a received packet was in fact transmitted by the party
identified as the source in the packet header and assures that the packet has not been altered in
transit.
A) confidentiality B) key management
C) authentication D) security
334)
335) __________ provides the capability to secure communications across a LAN, across private and
public WANs, and across the Internet.
A) IKE B) ISA C) IPsec D) IAB
335)
336) The _________ facility enables communicating nodes to encrypt messages to prevent
eavesdropping by third parties.
A) authentication B) confidentiality
C) security D) key management
336)
337) The key management mechanism that is used to distribute keys is coupled to the authentication
and privacy mechanisms only by way of the _________ .
A) ESP B) SPD C) IAB D) SPI
337)
338) A _________ is a one way relationship between a sender and a receiver that affords security
services to the traffic carried on it.
A) SAD B) SPI C) SA D) SPD
338)
339) The means by which IP traffic is related to specific SAs is the _________ .
A) TRS B) SAD C) SPD D) SPI
339)
340) _________ consists of an encapsulating header and trailer used to provide encryption or combined
encryption/authentication. The current specification is RFC 4303.
A) ISA B) SPI C) IPsec D) ESP
340)
341) _________ identifies the type of data contained in the payload data field by identifying the first
header in that payload.
A) Sequence Header B) Security Parameters Index
C) Payload Data D) Next Header
341)
342) A value chosen by the responder to identify a unique IKE SA is a _________ .
A) Responder Cookie B) Message ID
C) Flag D) Initiator SPI
342)
343) IKE key determination employs __________ to ensure against replay attacks.
A) nonces B) groups C) cookies D) flags
343)
344) The __________ payload contains either error or status information associated with this SA or this
SA negotiation.
A) Notify B) Nonce C) Encrypted D) Configuration
344)
345) The _________ payload allows peers to identify packet flows for processing by IPsec services.
A) Traffic Selector B) Vendor ID
C) Configuration D) Extensible Authentication Protocol
345)
25
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
346) IPsec encompasses three functional areas: authentication, key management, and
__________ .
346)
347) _________ mode is used when one or both ends of an SA are a security gateway, such as a
firewall or router that implements IPsec.
347)
348) IPsec policy is determined primarily by the interaction of two databases: The security
policy database and the __________ .
348)
349) Confidentiality is provided by an encryption format known as __________ . 349)
350) A __________ attack is one in which an attacker obtains a copy of an authenticated packet
and later transmits it to the intended destination.
350)
351) Authentication makes use of the _________ message authentication code. 351)
352) A security association is uniquely identified by three parameters: Security Protocol
Identifier, IP Destination Address, and ________ .
352)
353) The __________ facility is concerned with the secure exchange of keys. 353)
354) _________ can be used to provide confidentiality, data origin authentication,
connectionless integrity, an anti-replay service, and traffic flow confidentiality.
354)
355) IPsec provides security services at the ________ layer by enabling a system to select
required security protocols, determine the algorithms to use for the services and put in
place any cryptographic keys required to provide the requested services.
355)
356) The selectors that determine a Security Policy Database are: Name, Local and Remote
Ports, Next Layer Protocol, Remote IP Address, and _________ .
356)
357) The term _________ refers to a sequence of SAs through which traffic must be processed to
provide a desired set of IPsec services.
357)
358) Generic in that it does not dictate specific formats, the _________ is a key exchange
protocol based on the Diffie-Hellman algorithm with added security.
358)
359) Three different authentication methods can be used with IKE key determination: Public
key encryption, symmetric key encryption, and _________ .
359)
360) At any point in an IKE exchange the sender may include a _________ payload to request
the certificate of the other communicating entity.
360)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
361) Unauthorized intrusion into a computer system or network is one of the most serious threats to
computer security.
361)
26
362) A Trojan horses and viruses are confined to network based attacks. 362)
363) Intrusion detection involves detecting unusual patterns of activity or patterns of activity that are
known to correlate with intrusions.
363)
364) Statistical approaches attempt to define proper behavior and rule-based approaches attempt to
define normal or expected behavior.
364)
365) The main advantage of the use of statistical profiles is that a prior knowledge of security flaws is
not required.
365)
366) One important element of intrusion prevention is password management. 366)
367) The ID determines the privileges accorded to the user. 367)
368) Insider attacks are among the easiest to detect and prevent. 368)
369) The hacking community is a strong meritocracy in which status is determined by level of
competency.
369)
370) Penetration identification is an approach developed to detect deviation from previous usage
patterns.
370)
371) A weakness of the IDES approach is its lack of flexibility. 371)
372) To be of practical use an intrusion detection system should detect a substantial percentage of
intrusions while keeping the false alarm rate at an acceptable level.
372)
373) System administrators can stop all attacks and hackers from penetrating their systems by installing
software patches periodically.
373)
374) Password crackers rely on the fact that some people choose easily guessable passwords. 374)
375) Traditional hackers usually have specific targets, or at least classes of targets in mind. 375)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
376) Software trespass can take the form of a _________ .
A) virus B) all of the above C) Trojan horse D) worm
376)
377) A _________ is an individual who is not authorized to use the computer and who penetrates a
system's access controls to exploit a legitimate user's account.
A) Misfeasor B) Sniffer
C) Clandestine User D) Masquerader
377)
378) _________ involves counting the number of occurrences of a specific event type over an interval of
time.
A) Threshold detection B) Rule-based detection
C) Resource usage D) Profile-based system
378)
27
379) A ________ is a legitimate user who accesses data, programs, or resources for which such access is
not authorized, or who is authorized for such access but misuses his or her privileges.
A) Misfeasor B) Masquerader
C) Clandestine User D) Emissary
379)
380) The simplest statistical test is to measure the _________ of a parameter over some historical period
which would give a reflection of the average behavior and its variability.
A) Markov process B) time series
C) multivariate D) mean and standard deviation
380)
381) _________ detection focuses on characterizing the past behavior of individual users or related
groups of users and then detecting significant deviations.
A) Profile-based anomaly B) Action condition
C) Statistical anomaly D) Threshold
381)
382) A ________ is an individual who seizes supervisory control of the system and uses this control to
evade auditing and access controls or to suppress audit collection.
A) Misfeasor B) Mole
C) Clandestine User D) Masquerader
382)
383) The _________ model is used to establish transition probabilities among various states, such as
looking at transitions between certain commands.
A) Markov process B) Multivariate
C) Operational D) Profile-based
383)
384) The _________ is based on a judgment of what is considered abnormal rather than an automated
analysis of past audit records.
A) Operational model B) Markov process
C) Time series D) Mean and standard deviation
384)
385) The ________ is an audit collection module operating as a background process on a monitored
system whose purpose is to collect data on security related events on the host and transmit these to
the central manager.
A) intruder alert module B) LAN monitor agent module
C) central manager module D) host agent module
385)
386) The _________ prevents duplicate passwords from being visible in the password file. Even if two
users choose the same password, those passwords will be assigned at different times.
A) rule based intrusion detection B) salt
C) honeypot D) audit record
386)
387) An operation such as login, read, perform, I/O or execute that is performed by the subject on or
with an object is the _________ audit record field.
A) Object B) Resource-usage
C) Subject D) Action
387)
28
388) A ________ is used to measure the current value of some entity. Examples include the number of
logical connections assigned to a user application and the number of outgoing messages queued for
a user process.
A) Counter B) Interval timer
C) Gauge D) Resource utilization
388)
389) A ________ model is based on correlations between two or more variables.
A) Operational B) Multivariate
C) Markov process D) Mean and Standard Deviation
389)
390) The most promising approach to improved password security is __________ .
A) a reactive password checking strategy B) a proactive password checker
C) user education D) computer generated passwords
390)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
391) __________ systems have been developed to provide early warning of an intrusion so that
defensive action can be taken to prevent or minimize damage.
391)
392) _________ detection involves the collection of data relating to the behavior of legitimate
users over a period of time. Statistical tests are applied to observed behavior to determine
with a high level of confidence whether that behavior is not legitimate user behavior.
392)
393) The three classes of intruders identified by Anderson are: Masquerader, Misfeasor, and
_________ .
393)
394) Password files can be protected in one of two ways: One-way function or __________ . 394)
395) Metrics that are useful for profile-based intrusion detection are: counter, gauge, resource
utilization, and _________ .
395)
396) _________ is based on the assumption that the behavior of the intruder differs from that of
a legitimate user in ways that can be quantified.
396)
397) Two types of audit records used are Detection-specific audit records and _________ audit
records.
397)
398) _________ techniques detect intrusion by observing events in the system and applying a set
of rules that lead to a decision regarding whether a given pattern of activity is or is not
suspicious.
398)
399) Designed to lure a potential attacker away from critical systems ____________ are decoy
systems that divert an attacker from accessing critical systems, collect information about
the hacker's activity, and encourage the attacker to stay on the system long enough for
administrators to respond.
399)
400) The focus of the __________ is to define data formats and exchange procedures for sharing
information of interest to intrusion detection and response systems and to management
that may need to interact with them.
400)
29
401) A _________ strategy is one in which the system periodically runs its own password
cracker to find guessable passwords.
401)
402) A fundamental tool for intrusion detection is the _________ record. 402)
403) An example of a metric used for profile-based intrusion detection is _________ which is a
non-negative integer that may be incremented but not decremented until it is reset by
management action. Examples include the number of logins by a single user during an
hour, the number of times a given command is executed during a single user session, and
the number of password failures during a minute.
403)
404) _________ identification takes a very different approach to intrusion detection. The key
feature of such systems is the use of rules for identifying known penetration or
penetrations that would exploit known weaknesses. Typically the rules used in these
systems are specific to the machine and operating system.
404)
405) One of the most important results from probability theory is known as ________ which is
used to calculate the probability that something really is the case, given evidence in favor
of it.
405)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
406) In addition to propagation a worm usually performs some unwanted function. 406)
407) Viruses, logic bombs, and backdoors are examples of independent malicious software. 407)
408) Malware is another name for Malicious Software. 408)
409) Bot programs are activated by a trigger. 409)
410) An encrypted virus is a virus that mutates with every infection, making detection by the signature
of the virus impossible.
410)
411) Backdoors become threats when unscrupulous programmers use them to gain unauthorized access. 411)
412) Macro viruses infect documents, not executable portions of code. 412)
413) A multipartite virus uses multiple methods of infection or transmission to maximize the speed of
contagion and the severity of the attack.
413)
414) Spyware is software that collects information from a computer and transmits it to another system. 414)
415) The success of the digital immune system depends on the ability of the virus analysis machine to
detect new and innovative virus strains.
415)
416) Like heuristics or fingerprint based scanners, behavior blocking software integrates with the
operating system of a ghost computer and monitors program behavior in real time for malicious
actions.
416)
30
417) Stealth is not a term that applies to a virus as such but, rather, refers to a technique used by a virus
to evade detection.
417)
418) The generic decryption system is a comprehensive approach to virus protection developed by IBM
and refined by Symantec.
418)
419) A behavior blocker can block suspicious software in real time thus giving it an advantage over such
established antivirus detection techniques as fingerprinting or heuristics.
419)
420) The challenge in coping with DDoS attacks is the sheer number of ways in which they can operate. 420)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
421) Malicious software that needs a host program is referred to as _________ .
A) flooders B) blended C) logic bomb D) parasitic
421)
422) The sheer number of ways in which they can operate make coping with _________ attacks
challenging because the countermeasures must evolve with the threat.
A) DDoS B) Slammer C) logic bomb D) peer
422)
423) A _________ is a secret entry point into a program that allows someone who is aware of it to gain
access without going through the usual security access procedures.
A) multipartite B) Trojan horse C) hatch D) backdoor
423)
424) A _________ is used when the programmer is developing an application that has an authentication
procedure or a long setup requiring the user to enter many different values to run the application.
A) direct trap B) mobile entrance
C) maintenance hook D) boot door
424)
425) _________ are used to attack networked computer systems with a large volume of traffic to carry
out a denial-of-service attack.
A) Keyloggers B) Exploits C) Bots D) Flooders
425)
426) ________ attacks make computer systems inaccessible by flooding servers, networks, or even end
user systems with useless traffic so that legitimate users can no longer gain access to those
resources.
A) DDoS B) Flooder C) Backdoor D) PWC
426)
427) A _________ virus is a form of virus explicitly designed to hide itself from detection by antivirus
software.
A) stealth B) encrypted C) polymorphic D) metamorphic
427)
428) _________ is a mass mailing e-mail worm that installs a backdoor in infected computers thereby
enabling hackers to gain remote access to data such as passwords and credit card numbers.
A) Sobig.f B) Code Red C) Mydoom D) Slammer
428)
429) The IDEAL solution to the threat of viruses is __________ .
A) prevention B) identification C) removal D) detection
429)
31
430) _________ antivirus programs are memory resident programs that identify a virus by its actions
rather than its structure in an infected program.
A) Second generation B) First generation
C) Fourth generation D) Third generation
430)
431) Unlike heuristics or fingerprint based scanners,the _________ integrates with the operating system
of a host computer and monitors program behavior in real time for malicious actions.
A) generic decryption B) behavior blocking software
C) mobile code D) digital immune system
431)
432) The _________ worm exploits a security hole in the Microsoft Internet Information Server to
penetrate and spread to other hosts. It also disables the system file checker in Windows.
A) Warezov B) Code Red C) Slammer D) Mydoom
432)
433) In a __________ attack the slave zombies construct packets requiring a response that contains the
target's IP address as the source IP address in the packet's IP header. These packets are sent to
uninfected machines that respond with packets directed at the target machine.
A) blended B) direct DDoS
C) internal resource D) reflector DDoS
433)
434) Mobile phone worms communicate through Bluetooth wireless connections or via the _________ .
A) PWC B) SQL C) TRW D) MMS
434)
435) Worm propagation proceeds through __________ phases.
A) 4 B) 5 C) 2 D) 3
435)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
436) __________ is software that is intentionally included or inserted in a system for a harmful
purpose.
436)
437) Worms and bot programs are examples of __________ malicious software programs. 437)
438) A __________ attack is an attempt to prevent legitimate users of a service from using that
service.
438)
439) __________ software is essentially fragments of programs that cannot exist independently
of some actual application program, utility, or system program.
439)
440) The _________ is code embedded in some legitimate program that is set to "explode" when
certain conditions are met. Examples of such conditions that can be used as triggers are the
presence or absence of certain files, a particular day of the week or date, or a particular
user running the application.
440)
441) Advertising that is integrated into software that can result in pop-up ads or redirection of a
browser to a commercial site is called _________ .
441)
442) The Nimda attack, erroneously referred to as a worm, uses four distribution methods:
Windows shares, Web servers, Web clients, and __________ .
442)
32
443) A computer virus has three parts: infection mechanism, trigger, and __________ . 443)
444) _________ technology enables the antivirus program to easily detect even the most
complex polymorphic viruses while maintaining fast scanning speeds.
444)
445) Two major trends in Internet technology that have had an increasing impact on the rate of
virus propagation in recent years are: integrated mail systems and _________ systems.
445)
446) _________ software runs on server and desktop computers and is instructed through
policies set by the network administrator to let benign actions take place but to intercede
when unauthorized or suspicious actions occur.
446)
447) A network worm exhibits the same characteristics as a computer virus: a dormant phase, a
propagation phase, a __________ phase, and an execution phase.
447)
448) In a ________ attack an attacker is able to recruit a number of hosts throughout the Internet
to simultaneously or in a coordinated fashion launch an attack upon the target.
448)
449) There are three lines of defense against DDoS attacks: Attack prevention and preemption
(before the attack), Attack source traceback and identification (during and after the attack),
and __________ (during the attack).
449)
450) _________ exploits randomness in picking destinations to connect to as a way of detecting
if a scanner is in operation. It is suitable for deployment in high-speed, low cost network
devices and is effective against the common behavior seen in worm scans.
450)
TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.
451) A firewall may be designed to operate as a filter at the level of IP packets or may operate at a
higher protocol layer.
451)
452) The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP
header.
452)
453) The direction control determines the types of Internet services that can be accessed, inbound or
outbound.
453)
454) The firewall cannot fully protect against internal threats. 454)
455) A firewall may not act as a packet filter. 455)
456) A stateful packet inspection firewall reviews the same packet information as a packet filtering
firewall but also records information about TCP connections.
456)
457) One advantage of a packet filtering firewall is its simplicity. 457)
458) Packet filter firewalls examine upper layer data therefore they can prevent attacks that employ
application specific vulnerabilities or functions.
458)
33
459) Due to the small number of variables used in access control decisions packet filter firewalls are
susceptible to security breaches caused by improper configurations.
459)
460) Packet filters tend to be more secure than application level gateways. 460)
461) A circuit level proxy can be a stand alone system or it can be a specialized function performed by
an application level gateway for certain applications.
461)
462) An example of application level gateway implementation is the SOCKS package. 462)
463) Firewall functionality can also be implemented as a software module in a router or LAN switch. 463)
464) The primary role of the personal firewall is to deny unauthorized remote access to the computer. 464)
465) The external firewall adds more stringent filtering capability in order to protect enterprise servers
and workstations from external attack.
465)
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
466) _________ can be an effective means of protecting a local system or network of systems from
network based security threats while at the same time affording access to the outside world via
wide area networks and the Internet.
A) SOCKS B) Firewalls C) Proxys D) VPNs
466)
467) The _________ is the address of the system that originated the IP packet.
A) IP protocol field
B) Interface
C) Source IP address
D) Source and destination transport level address
467)
468) The technique that controls how particular services are used is the _________ control. The firewall
may filter e-mail to eliminate spam, or it may enable external access to only a portion of the
information on a local Web server.
A) direction B) service C) behavior D) user
468)
469) The _________ is the transport level port number which defines applications such as SNMP or
TELNET.
A) Interface
B) IP protocol field
C) Source IP address
D) Source and destination transport level address
469)
470) A _________ firewall applies a set of rules to each incoming and outgoing IP packet and then
forwards or discards the packet.
A) stateful inspection B) distributed
C) packet filtering D) host-based
470)
471) The __________ defines the transport protocol.
A) source IP address B) IP protocol field
C) destination IP address D) interface
471)
34
472) The _________ attack is designed to circumvent filtering rules that depend on TCP header
information.
A) network layer address spoofing B) tiny fragment
C) source routing D) IP address spoofing
472)
473) A typical use of a _________ is a situation in which the system administrator trusts the internal
users.
A) stateful inspection firewall. B) packet filtering firewall
C) application level gateway D) circuit level gateway
473)
474) SOCKS is defined in _________ as "a framework for client server applications in both the TCP and
UDP domains to conveniently and securely use the services of a network firewall".
A) RFC 1024 B) RFC 1935 C) RFC 1928 D) RFC 1046
474)
475) Available in many operating systems or provided as an add on package, a ________ is a software
module used to secure an individual host and also filters and restricts the flow of packets.
A) host based firewall B) DMZ
C) circuit level gateway D) application level gateway
475)
476) An important aspect of a distributed firewall configuration is _________ .
A) change control B) security monitoring
C) configuration alerting D) network frame locking
476)
477) A ________ is a single router between internal and external networks with stateless or full packet
filtering. This arrangement is typical for SOHO applications.
A) host resident firewall B) DMZ
C) screening router D) single bastion T
477)
478) Common for large businesses and government organizations, the ________ configuration is
required for Australian government use.
A) Double bastion inline B) Double bastion T
C) Single bastion T D) Single bastion inline
478)
479) ________ has a third network interface on bastion to a DMZ where externally visible servers are
placed. This is a common appliance configuration for medium to large organizations.
A) single bastion inline B) double bastion T
C) double bastion inline D) single bastion T
479)
480) The iTunes Music Sharing inbound service is port number ________ .
A) 3031 B) 5298 C) 3869 D) 5297
480)
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question.
481) A _________ forms a barrier through which the traffic going in each direction must pass
and dictates which traffic is authorized to pass.
481)
482) The four general techniques that firewalls use to control access and enforce the site's
security policy are: service control, direction control, user control, and __________ control.
482)
35
483) Common for large businesses and government organizations, the _________ configuration
sandwiches the DMZ between bastion firewalls.
483)
484) The default _________ policy increases ease of use for end users but provides reduced
security because the security administrator must, in essence, react to each new security
threat as it becomes known.
484)
485) A __________ attack is where the source station specifies the route that a packet should
take as it crosses the Internet in the hopes that this will bypass security measures that do
not analyze the source routing information.
485)
486) A _________ firewall configuration involves stand alone firewall devices plus host based
firewalls working together under a central administrative control.
486)
487) Four types of firewalls are: Packet filtering, stateful inspection, circuit level proxy and
_________ .
487)
488) A _________ packet firewall tightens up the rules for TCP traffic by creating a directory of
outbound TCP connections. There is an entry for each currently established connection
and the packet filter will now allow incoming traffic to high numbered ports only for those
packets that fit the profile of one of the entries in this directory.
488)
489) A _________ sets up two TCP connections, one between itself and a TCP user on an inner
host and one between itself and a TCP user on an outside host. Once the two connections
are established TCP segments from one connection are relayed to the other without
examining the contents.
489)
490) Typically serving as a platform for an application level or circuit level gateway, a ________
is a system identified by the firewall administrator as a critical strong point in the
network's security.
490)
491) A ________ firewall controls the traffic between a personal computer or workstation on one
side and the Internet or enterprise network on the other side.
491)
492) Between an internal firewall and an external firewall are one or more networked devices in
a region referred to as a _________ . Systems that are externally accessible but need some
protection are usually located in this area.
492)
493) A _________ consists of a set of computers that interconnect by means of a relatively
unsecure network and that make use of encryption and special protocols to provide
security.
493)
494) _________ firewalls include personal firewall software and firewall software on servers.
Such firewalls can be used alone or as part of an in-depth firewall deployment.
494)
495) A ________ is a single firewall device between an internal and external router. The firewall
may implement stateful filters and/or application proxies. This is the typical firewall
appliance configuration for small to medium sized organizations.
495)
36
Answer Key
Testname: UNTITLED1
1) TRUE
2) TRUE
3) FALSE
4) TRUE
5) TRUE
6) FALSE
7) FALSE
8) TRUE
9) FALSE
10) TRUE
11) FALSE
12) FALSE
13) TRUE
14) FALSE
15) TRUE
16) A
17) B
18) A
19) A
20) C
21) A
22) A
23) B
24) B
25) B
26) A
27) C
28) B
29) B
30) A
31) Computer Security
32) integrity
33) attack
34) availability
35) Encipherment
36) Family Educational Rights and Privacy Act (FERPA)
37) threat
38) passive
39) encryption
40) masquerade
41) data confidentiality
42) access control
43) International Organization for Standardization (ISO)
44) Nonrepudiation
45) digital signature
46) FALSE
47) TRUE
48) TRUE
49) FALSE
50) TRUE
1
Answer Key
Testname: UNTITLED1
51) TRUE
52) FALSE
53) TRUE
54) TRUE
55) FALSE
56) TRUE
57) FALSE
58) TRUE
59) TRUE
60) FALSE
61) B
62) D
63) A
64) B
65) A
66) B
67) A
68) A
69) A
70) C
71) B
72) D
73) D
74) D
75) B
76) decryption
77) block
78) key
79) Symmetric block ciphers
80) cryptanalysis
81) computationally secure
82) Data Encryption Standard (DES)
83) entropy
84) seed
85) RC4
86) cipher block chaining (CBC)
87) symmetric
88) encryption algorithm
89) substitution
90) Horst Feistel
91) TRUE
92) FALSE
93) TRUE
94) FALSE
95) TRUE
96) FALSE
97) TRUE
98) TRUE
99) FALSE
100) TRUE
2
Answer Key
Testname: UNTITLED1
101) TRUE
102) TRUE
103) FALSE
104) TRUE
105) TRUE
106) C
107) C
108) B
109) B
110) D
111) A
112) C
113) A
114) D
115) A
116) B
117) B
118) C
119) B
120) C
121) message authentication
122) preimage resistant
123) public-key
124) hash function
125) second preimage resistant
126) cryptanalysis
127) Diffie-Hellman
128) Secure Hash Algorithm (SHA)
129) Authenticated encryption
130) CCM
131) decryption
132) digital signature
133) key exchange
134) Digital Signature Standard (DSS)
135) digital signature
136) TRUE
137) FALSE
138) TRUE
139) FALSE
140) TRUE
141) FALSE
142) TRUE
143) FALSE
144) TRUE
145) TRUE
146) FALSE
147) TRUE
148) FALSE
149) TRUE
150) TRUE
3
Answer Key
Testname: UNTITLED1
151) B
152) A
153) A
154) C
155) B
156) D
157) C
158) A
159) C
160) B
161) D
162) D
163) D
164) D
165) D
166) key distribution
167) lifetime
168) session key
169) key distribution center (KDC)
170) Kerberos
171) ticket-granting
172) Kerberos realm
173) Abstract Syntax Notation One (ASN.1)
174) password attacks
175) subkey
176) (public-key) certificate
177) X.509
178) policy mappings
179) public-key infrastructure (PKI)
180) Federation
181) TRUE
182) FALSE
183) TRUE
184) FALSE
185) TRUE
186) TRUE
187) FALSE
188) TRUE
189) FALSE
190) TRUE
191) FALSE
192) FALSE
193) TRUE
194) TRUE
195) TRUE
196) A
197) B
198) A
199) A
200) D
4
Answer Key
Testname: UNTITLED1
201) D
202) A
203) B
204) B
205) D
206) B
207) B
208) D
209) D
210) C
211) Secure Socket Layer (SSL)
212) Handshake
213) Passive
214) SSL/TLS
215) SSl Record Protocol
216) HTTPS
217) connection
218) SSH
219) Alert Protocol
220) Ephemeral Diffie-Hellman
221) private key
222) 4
223) CipherSpecs
224) Pseudorandom Function (PRF)
225) Local forwarding
226) TRUE
227) TRUE
228) FALSE
229) FALSE
230) TRUE
231) TRUE
232) FALSE
233) FALSE
234) TRUE
235) TRUE
236) FALSE
237) TRUE
238) TRUE
239) TRUE
240) FALSE
241) B
242) D
243) D
244) A
245) A
246) D
247) D
248) D
249) D
250) A
5
Answer Key
Testname: UNTITLED1
251) B
252) A
253) D
254) D
255) C
256) IEEE 802.11i
257) Wireless Application Protocol (WAP)
258) Distribution
259) Wireless Ethernet Compatibility Alliance (WECA)
260) coordination
261) Group Temporal Key (GTK)
262) extended service set (ESS)
263) media access control (MAC)
264) basic service set (BSS)
265) Wi-Fi Protected Access (WPA)
266) secure key delivery
267) pairwise keys
268) 4-way handshake
269) Wireless Application Environment (WAE)
270) gateway
271) TRUE
272) FALSE
273) TRUE
274) TRUE
275) FALSE
276) FALSE
277) FALSE
278) TRUE
279) FALSE
280) TRUE
281) FALSE
282) TRUE
283) FALSE
284) TRUE
285) FALSE
286) D
287) D
288) A
289) B
290) A
291) D
292) A
293) B
294) B
295) D
296) D
297) B
298) C
299) B
300) B
6
Answer Key
Testname: UNTITLED1
301) Pretty Good Privacy (PGP)
302) trust flag byte
303) ZIP
304) radix-64
305) passphrase-based
306) key legitimacy
307) Secure/Multipurpose Internet Mail Extension (S/MIME)
308) Content-Type
309) application
310) quoted-printable
311) base64
312) digital signature
313) signed and enveloped data
314) DomainKeys Identified Mail (DKIM)
315) Domain Name System (DNS)
316) TRUE
317) TRUE
318) FALSE
319) TRUE
320) FALSE
321) TRUE
322) TRUE
323) FALSE
324) TRUE
325) FALSE
326) TRUE
327) TRUE
328) FALSE
329) TRUE
330) TRUE
331) D
332) B
333) B
334) C
335) C
336) B
337) D
338) C
339) C
340) D
341) D
342) A
343) A
344) A
345) A
346) confidentiality
347) Tunnel
348) security association database (SAD)
349) encapsulating security payload
350) replay
7
Answer Key
Testname: UNTITLED1
351) HMAC
352) Security Parameters Index (SPI)
353) key management
354) Encapsulating Security Payload
355) IP
356) Local IP Address
357) security association bundle
358) Oakley Key Determination Protocol
359) digital signatures
360) Certificate Request
361) TRUE
362) FALSE
363) TRUE
364) FALSE
365) TRUE
366) TRUE
367) TRUE
368) FALSE
369) TRUE
370) FALSE
371) TRUE
372) TRUE
373) FALSE
374) TRUE
375) FALSE
376) B
377) D
378) A
379) A
380) D
381) A
382) C
383) A
384) A
385) D
386) B
387) D
388) C
389) B
390) B
391) Intrusion detection
392) Statistical anomaly
393) Clandestine user
394) Access control
395) interval timer
396) Intrusion detection
397) Native
398) Rule-based
399) honeypots
400) IETF Intrusion Detection Working Group
8
Answer Key
Testname: UNTITLED1
401) reactive password checking
402) audit
403) Counter
404) Rule-based penetration
405) Bayes' theorem
406) TRUE
407) FALSE
408) TRUE
409) TRUE
410) FALSE
411) TRUE
412) TRUE
413) FALSE
414) TRUE
415) TRUE
416) FALSE
417) TRUE
418) FALSE
419) TRUE
420) TRUE
421) D
422) A
423) D
424) C
425) D
426) A
427) A
428) C
429) A
430) D
431) B
432) B
433) D
434) D
435) D
436) Malicious software
437) independent
438) denial of service (DoS)
439) Parasitic
440) logic bomb
441) adware
442) E-mail
443) payload
444) Generic decryption (GD)
445) mobile program
446) Behavior blocking
447) triggering
448) DDoS
449) Attack detection and filtering
450) Threshold random walk scan detection (TRW)
9
Answer Key
Testname: UNTITLED1
451) TRUE
452) TRUE
453) FALSE
454) TRUE
455) FALSE
456) TRUE
457) TRUE
458) FALSE
459) TRUE
460) FALSE
461) TRUE
462) FALSE
463) TRUE
464) TRUE
465) FALSE
466) B
467) C
468) C
469) D
470) C
471) B
472) B
473) D
474) C
475) B
476) B
477) C
478) B
479) D
480) C
481) firewall
482) behavior
483) double bastion inline
484) forward
485) source routing
486) distributed
487) application proxy
488) stateful inspection
489) circuit level gateway
490) bastion host
491) personal
492) DMZ (demilitarized zone)
493) virtual private network (VPN)
494) Host resident
495) single bastion inline
10