FinalExam

advertisement

Name:

IST/CSC 485 Final Exam

Matching (Cumulative)

1.What firewall technology performs bandwidth management and allows the administrator to prioritize some types of network traffic over other types to ensure it gets through to the destination?

A. NAT

B. Qos

C. PAT

D. MAC

2.Name the network authentication system that Microsoft began using on it’s domain controllers with

Windows Server 2003 and has continued to be a strong authentication method for them until this day.

This is a multi-step authentication process that is resistant to man in the middle attacks as well as injection attacks.

A. SSH

B. Telnet

C. Kerberos

D. SMTP

3.

What should an administrator of a linux server use to connect to the server to manage it? This is an encrypted service that is not sent in plain text and is therefore more secure.

A. Telnet

B. FTP

C. SNMP

D. SSH

4.OSSEC, the IDS that we installed as a lab in class, is an example of what type of IDS?

A. Host based IDS

B. Network based IDS

C. Security Onion based IDS

D. Transistor based IDS

5.On a linux email server, it is often suggested that Sendmail be replaced by a simpler and more secure Linux email system, what is that email system?

A. Postfix

B. Exchange

C. OWA

D. hMail

6.

What type of attack is generally accomplished when doing ARP poisoning?

A. Man In The Middle

B. SQL Injection

C. Buffer Overflow

D. P2P

7.What is one way that attackers may try to bypass a signature based IDS?

A. Changing the date on the packet

B. Launching a “Hail Mary” attack in Metasploit

C. Using Nessus to check for vulnerabilities

D. Encoding the data in a non-ASCII format

8.What Linux command can be run to display all listening ports as well as active connections, what process and file is behind that connection, as well as the user that the process is being run as?

A. Netstat

B. DF

C. LS

D. LSOF

9.

This InfoSec topic deals with making sure that information has not been changed by an unauthorized user.

A. Confidentiality

B. Integrity

C. Availability

D. DNS

10.True / False: The first generation of firewalls were able to keep up with active network sessions which put their functionality at layer 4.

11.What set of permissions in Windows does modify include? (Mark all that apply)

A. Read

B. Write

C. Execute

D. List Folder Contents

E. Delete

F. Transpose

12.What set of permissions in Windows does full control include? (Mark all that apply)

A. Read

B. Write

C. Execute

D. List Folder Contents

E. Delete

F. Transpose

13.

What are the 3 zones of trust usually used in tod ay’s networks, at a minimum? (Check All That Apply)

____ Outside Zone

____ Inside Zone

____ FPD

____ DMZ

14.This type of firewall is capable of handling more than just ip and port blocking, it also handles antivirus, anti-spam, web content filtering, intrusion detection, and malware blocking.

A. DNS

B. Snort

C. OSSEC

D. UTM

15.In Linux, where are the service daemons scripts usually stored?

A. /var

B. /var/log

C. /etc

D. /etc/init.d

16.

What option did we use in Wireshark to rebuild emails and webpages so we could read what was being sent. We would right click a packet and then click _______?

A. Filter DNS

B. Follow SNMP Stream

C. Follow TCP Stream

D. Filter ARP

17.This VPN technology allows a user to browse the Internet as well as using the corporate VPN at the same time.

A. Bifurcation bending

B. Signal Streaming

C. Split Tunneling

D. Breaking Banter

18.Given the standard 802.11b/g frequency range, what 3 channels can be used in the same area and not have frequency overlap? (Select 3)

A. 1

B. 5

C. 6

D. 8

E. 10

F. 11

G. 15

H. 16

19.In Linux, where are the scripts located that get run at system startup?

A. /etc/start

B. /var/start

C. /etc/rc.d

D. /var/rc.d

20.

Which of the following statements are true about security risks?

_____ A. Risks should be reduced to an acceptable level

_____ B. Risks should be eliminated

21.

According to our text, which one of the following groups is responsible for more loss?

_____ A. Insiders

_____ B. Outsiders

22.This technology term refers to the practice of a wireless access point receiving an ACK for every successful transmission. The purpose of this is to avoid collisions on the wireless network and to allow everyone to have a chance to talk on the network.

A. MCSE/A+

B. CCNA/SC

C. CISSP/MA

D. CSMA/CA

23.In Linux, in what file are the password hashes stored for each user?

A. /etc/password

B. /etc/shadow

C. /etc/user

D. /etc/hosts

24.

True/False: Toyota is known historically for manufacturing very secure locking systems for their automobiles.

25.In order for your network based IDS to receive and process packets that were originally intended for other hosts, 2 conditions must be met, what are they? (Select 2)

A. The network card must be in promiscuous mode

B. The SMTP network driver must be installed in the kernel

C. The TCP/IP stack must be properly reversed so that the network card will recognize it

D. You must have a SPAN/mirror port setup on the switch (or you can use a hub instead)

26.In class, while reviewing chapter 20, we watched a presentation about a person who was able to circumvent network electronic door locks. What basic vulnerability was he using to unlock the doors on command?

A. Buffer Overflow

B. SYN Flooding

C. Packet Malformation

D. TCP Sequence Prediction

27.

This is the seminal law on computer crimes. It is designed to protect the confidentiality, integrity, and availability of data and systems. It targets attackers and others who access or attempt to access computers without authorization and inflict some measure of damage.

A. USA Patriot Act

B. USA CIA Cyber Crimes Law

C. Health Insurance Portability and Accountability Act HIPAA

D. Computer Fraud and Abuse Act (CFAA)

28.What is the main difference between an IDS and an IPS?

A. IDS’s use databases while IPS’s do not

B. IDS’s use DNS while IPS’s do not

C. IPS’s try to block attacks while IDS’s merely alert to their presence

D. IDS’s try to block attacks while IPS’s merely alert to their presence

29.This suite is a free set of encryption libraries and applications to make limited use of them.

A. DNS

B. DHCP

C. TCP Wrappers

D. OpenSSL

30.

Match the following set of regulations with their industry or target audience.

____ HIPPA

____ Sarbanes-Oxley Act

____ Gramm-Leach-Bliley Act

____ NERC CIP

____ PCI/DSS

A. Payment card industry (credit cards)

B. The financial industry (banking)

C. Electric companies (power plants, etc)

D. Health care industry

E. Publicly traded corporations

31.These types of IDS’s look for known malicious commands or data in a network packets payload.

A. Anomaly-Detection

B. Buffer Overflow-Detection

C. Signature-Detection

D. DDOS-Detection

32.These are simply configuration files that provide settings (or mark them “undefined” for major security configuration choices. They can be applied to one or many computers.

A. Trusts

B. Security Templates

C. Password Policy Core

D. Gold Security Code

33.

Name this security policy: All computer systems that connect to the network must display a message before connecting the user to the network. One of the benefits of this is to obtain consent from the user for monitoring and making sure they understand they don ’t have an expectation of privacy on your network.

A. Failed Login Account Disabling

B. Password Expiration

C. Inactive Screen Lock

D. Login Message

34.With this type of NAT, multiple computers on the inside of a firewall can share a pool of outside global addresses. However, you are limited to the total number of global addresses for different inside computers being able to talk at the same time.

A. Dynamic NAT

B. Static NAT

C. PAT

D. DAT

35.This position is an executive staff member with ultimate accountability for all security efforts for the entire business.

A. Chief Executive Officer

B. Chief Information Security Officer

C. Security Engineer

D. Chief Information Planning Officer

36.

Match the following IT/InfoSec standards with their corresponding descriptions.

____ COBIT (Control Objectives for Information and related Technology

____ ISO 27000 Series

____ NIST (National Institute of Standards and Technology)

A. Provides a set of special publications to assist industry, government, and academic organizations with following best practices. These are security-specific publications and include things like how to secure Wi-Fi or your webserver.

B. Is not about Information Security specifically, but is a general IT best practice standard. Often would be used by high level executives to align business goals with IT goals.

C. Is a set of Information security standards that provide a set of frameworks for developing a security program from concept to maturity. This shows you everything you need when created a infosec program from scratch.

Matching (Section 4)

37.This is the process of identifying, extracting, preserving, and reporting data obtained from a computer system.

A. Forensic Analysis

B. Forensic Backup

C. Incident Response

D. Encryption

38.The ultimate goal of any ____ is to contain, recover, and resume normal operations as quickly and smoothly as possible.

A. DNS

B. Hot Zone

C. Incident Response Plan

D. Incident Analysis Plan

39. What are the 4 items the book mentions can be recovered from a live system when doing forensic analysis?

A. Running Processes

B. Open Files

C. Files in Slack Space

D. CUP activity and system memory

E. Network connections

40. What are automated packages that create back doors, remove incriminating log entries, and alter system binaries to hide the intruder’s presence?

A. Spyware

B. Deep Freeze

C. Dynamic System

D. Rootkit

41. What type of backup is a system image or bit-stream backup of a system?

A. Partition Backup

B. NTFS Backup

C. Forensic Backup

D. Filesystem Clone

42. What is not a solution given in the book to prevent SQL injections?

A. Filter all input fields for apostrophes

B. Filter all input fields for SQL commands

C. Limit input field length

D. Limit use of numbers

43. AES is an example of what type of encryption?

A. Asymmetric

B. Symmetric

C. Boolean

D. Hashing

44. Which is NOT a concern dealing with web application security?

A. SQL Injection

B. Forms and scripts

C. Cookies and Session Management

D. Cisco AAA authorization

45.This type of cryptography uses one key (the same key) to do both the encrypting and decrypting of a message.

A. Pad key

B. Symmetric key

C. Public Key

D. Crypto Key

46.What is a database technique used to change input fields that are part of web forms- it is mostly used to bypass custom logins to web sites.

A. Packet Inspection

B. DDOS

C. Malware

D. SQL injection

47.An administrator should strive to run an application with...

A. The fewest privileges possible

B. The most privileges possible

C. The fewest resources possible

D. The most resources possible

48.This type of cryptography uses two keys, one to do the encrypting and another key to do the decrypting.

A. Pad key

B. Symmetric key

C. Public Key

D. Crypto Key

49.What is implemented differently by each server-side scripting technology, but in general they start when the user enters the web site, and they end when the user closes the browser or the session times out.

A. SQL injection

B. Cross Site Scripting

C. Web sessions

D. PHP Global Variables

50.In encryption what is the name for the disguised message?

A. Crypt

B. Key

C. Code

D. Cipher

Short Answer (Cumulative)

1.Describe what client isolation on a wireless network means and why is this useful in securing a wireless network.

2.

Explain what using chroot does to a service and why you would use it.

3.

What does the acronym CIA stand for and how does each word relate to information security.

4.Explain the difference between anomaly-detection IDSs and signature-detection IDSs. List an advantage and a disadvantage for each.

5.

Explain what TCP wrappers are and what you can do with them once a service is set up to use TCP wrappers.

6.

Explain what ARP poisoning is, the process that happens during a successful ARP poisoning attack, and and useful ways to mitigate it.

Short Answer (Section 4)

1.Describe symmetric key cryptography and the basic process that text goes through while being encrypted and decrypted.

2.Explain what happens during an SQL injection attack including what happens with the web form and what happens with the SQL commands on the server.

3.Explain what happens during a forensic backup and why this is different than copying all the files off the drive to another drive for later investigation.

Download