MIS 4850 Systems Security Final Exam Review Questions Access Control and Site Security 1. Which of the following operating systems does not provide RAM buffer protection? a) Windows Vista b) Windows XP Professional c) Windows NT d) Windows 2000 e) None of the above 2. With which of the following operating systems the login password can be bypassed by hitting the escape key? a) Windows Vista b) Windows XP Professional c) Windows NT d) Windows 2000 e) None of the above 3. Which of the following is true about Access cards that are designed for two-factor authentication? a) their PINs are usually short like 4 characters for instance b) a 4-character PIN is too risky for access cards c) if an access card is lost, the best security measure is to cancel or disable it d) None of the above 4. You need to implement a wireless network with 3 Access Points and 13 wireless laptops. How many SSIDs need to be used in order to have all devices be part of the same WLAN? a. Three different SSIDs b. One same SSID c. 16 different SSIDs d. None of the above. 5. In a wireless network that uses WEP (Wired Equivalent Privacy) to provide wireless security, which of the following may authenticate to an access point? a) Only the administrator. b) Only users with the correct WEP key. c) Only users within the company. d) Anyone can authenticate. 7. Users must type PINs when they use their access cards. This is an example of … a. b. c. d. e. piggybacking one-factor authentication weak authentication three-factor authentication None of the above 8. A user walks up to a door, has his or her face scanned, and is admitted through the door. Assume nothing else. This is an example of... a. verification b. certification c. None of the above 9. How could we prevent someone from installing a sniffer where wires connect to a switch? a. Use newer switches b. install sniffer detection systems c. use switches with non-standard ports d. use optical fiber instead of UTP e. lock telecommunications closets 10. It may be possible to find media containing sensitive corporate data through... a. Data digging b. two-factor recognition c. sensitivity analysis d. Shredding e. None of the above Explanation: This is dumpster diving. 11. The network administrator created a group account. He added all employees with last name beginning with letter A, B, or C to the group. He then created another group account and added all the other employees to it. He finally assigned access rights to the groups. What access control strategy did he use? a) Mandatory Access Control b) Role Based Access Control c) Discretionary Access Control d) Logic Based Access Control e) None of the above Explanation: This is List-Based Access Control. TCP/IP Internetworking 14. Which of the following is true in TCP/IP-based encapsulation? a. Requests are encapsulated in TCP segments b. Frames are encapsulated in packets c. Neither a. nor b. d. Both a and b. 15. If Layer N receives a message, which layer de-encapsulates the message? a. N+1 b. N c. N-1 d. Any of the above e. None of the above 16. When it receives, which of the following does a router do first? a. encapsulate b. decapsulate (or de-encapsulate) c. Neither a. nor b. d. Both a. and b. 17. Which of the following is connectionless? a. IP c. TCP d. None of the above. 18. With classful IP addresses, the network part of a class B IP address is ___ bits long. a. 8 b. 24 d. 32 e. None of the above 19. How many messages are sent in a TCP opening? a. One b. Two (the message and its acknowledgement) c. Four d. None of the above Explanation: Three messages are sent altogether in an opening 21. How many messages are sent in an abrupt TCP close, i.e. in a Reset? a. Two (the message and its acknowledgement) b. Three c. Four d. None of the above 24. What do we call messages at the Transport layer? a. Frames b. Packets c. Both of the above. d. Neither a. nor b. Explanation: They are called segments (i.e. TCP segments) or datagrams (i.e. UDP datagrams) 25. A host sends a TCP segment with source port number 25 and destination port number 64562. Which of the following is true? (Choose all correct answers) a) The source host is a client computer b) The source host is an email server c) The destination host is a client computer d) The destination host is a server computer e) The source host is a web server 26. Use the ADDing technique to determine the logical network that computer A (IP address 192.168.1.5 with subnet mask 255.255.255.128) belongs to. --------------------------- 32 bit notation ---------------------- Dotted decimal IP address: Mask: Network: 27. Use the ADDing technique to determine the logical network that computer B (IP address 192.168.2.3 with subnet mask 255.255.255.128) belongs to. --------------------------- 32 bit notation ---------------------- Dotted decimal IP address: Mask: Network: 28. Are both computers on the same logical network? Why? ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Attacks 29. In preparing his attack, the attacker used the ping command to determine whether or not a specific target computer is connected and responsive. Which of the following did the attacker do? a) Network scanning b) Port scanning c) Fingerprinting d) Host scanning e) None of the above 30. In preparing his attack, the attacker used a IP Scanning software called fPing to determine whether or not computers with IP addresses in the range 220.35.36.1 to 220.35.36.20 are connected and responsive. Which of the following did the attacker do? a) Network scanning b) Port scanning c) Fingerprinting d) Host scanning e) None of the above Explanation: host scanning could be done for a single host or for multiple hosts using a range of IP addresses. 31. In preparing his attack, the attacker sent normal HTTP requests to a web server. Then, he spent some time analyzing the protocol-related information in the response received from the web server in order to determine the kind of software installed on the web server. Which of the following did the attacker do? a) Active fingerprinting b) Protocol fingerprinting c) Passive fingerprinting d) None of the above 32. An attacker is trying to guess a 4-character long password that is all numbers? What is the total number of combinations to guess? a) 4000 b) 10000 c) 8000 d) None of the above Explanation: 10ˆ4 =10000. The 10 is because there are 10 different numbers (0 to 10). 33. Collecting information using the Government EDGAR system and by visiting a potential target organization’s web site is considered… a) Passive fingerprinting b) Random information gathering c) Unobtrusive information gathering d) None of the above 34. An attacker sends an attack message to a target computer using IP fragmentation. The attack message is about 80000 bytes. What kind of attack did the attacker attempted? a) Teardrop attacks b) Ping of Death attack c) Land attack d) None of the above 35. Which of the following do Denial of Service attacks primarily attempt to jeopardize? a) confidentiality b) integrity c) availability 36. SYN flooding is effective because…... a. of an asymmetry in the work that the sender and receiver must do. b. the basic protocol is flawed c. SYN messages are encapsulated and so cannot be traced back to the attacker d. it is based on DDoS 37. Which of the following determines which operating system is installed on a system by analyzing its response to certain network traffic? a. OS scanning. b. Reverse engineering. c. Fingerprinting d. Host hijacking. 38. Which of the following is a DoS (Denial of Service) attack that exploits TCP's three-way handshake for new connections? a. SYN flooding b. Ping of death attack. c. LAND attack. d. Buffer overflow attack. Firewalls 40. What does a firewall use to ensure that each packet is part of an established TCP (Transmission Control Protocol) session? a) a packet filter. b) a static filtering. c) a stateful filtering. d) a circuit level gateway. 41. Ingress filtering is used to filter packets... a. coming into the network from an external network b. going out of the network to an external network c. Both a. and b. 42. Static packet filter firewalls examine... a. IP headers b. application messages c. connections d. All of the above. Exhibit 1 Figure 1: Access Control List (ACL) for INGRESS Filtering at a border firewall Trusted network 60.47.3.1 60.47.3.5 Firewall 60.47.3.2 Untrusted network 60.47.3.9 1 2 3 4 5 6 7 8 9 10 If Source IP Address = 10.*.*.*, DENY [Private IP Address Range] If Source IP Address = 172.16.*.* to 172.31.*.*, DENY [Private IP Address Range] If Source IP Address = 192.168.*.*, DENY [Private IP Address Range] If source IP address = 60.47.*.*, DENY [internal address range] If TCP SYN=1 AND FIN=1, DENY [crafted attack packet] If Destination IP Address = 60.47.3.9 AND TCP Destination Port = 80 or 443, PASS If TCP SYN = 1 and ACK = 0, DENY [Attempt to open connection from the outside] If TCP Destination Port = 20, DENY If TCP Destination Port = 135 Trough 139, DENY If TCP destination port = 513, DENY [UNIX rlogin without password] 11 12 If UDP Destination Port = 69, DENY [Trivial FTP; no login necessary] DENY ALL 43. Given the Exhibit shown above, which of the following is true? a) Rule 1 can be deleted without jeopardizing security because, anyway, the Deny All will stop any incoming message with a source IP address in the 10.*.*.* range. b) Deleting Rule 1 would allow a packet with a source IP address in the 10.*.*.* range to pass in certain cases. c) None of the above. 44. Given the Exhibit, what specific service could someone using the source IP address 192.168.3.7 get access to in case Rule 3 is removed from the ACL? (Circle all correct answers). a) email service b) HTTP webservice c) ftp service d) secure HTTP webservice e) All of the above 45. What is the purpose of Rule 4 in the ACL shown in the Exhibit? a) to prevent messages with source IP address in the internal address range from passing b) to deny access to any incoming packet destined to any internal server computer c) to prevent outsiders from using internal IP addresses in spoofing attacks d) None of the above. 46. As the network administrator in charge of configuring the company’s firewall, you have to change the ACL in the Exhibit to add a rule that allows packet destined to a an internal secured web server (HTTPS) that has the 60.47.3.7 IP address to pass. (Note: the Appendix list TCP/UDP ports for common services). Write down the rule: ______________________________________________________________________________ 47. Where the rule you wrote down should be inserted in the ACL? a) Anywhere before Rule 7 b) between Rule 5 and Rule 6 c) between Rule 4 and Rule 5 Host Hardening 48. use To know how to install an operating system with secure configuration options, you would a. b. c. d. a security baseline a standard a security template a wizard 49. In a Windows network, which of the following could be used to implement security measures on multiple computers through a domain? a. Policy Maker b. GPO c. Domain ACL Explanation: Group policies are used. Group policies are configured in a group policy object or GPO. 50. UNIX command-line interfaces are called _____. a. versions b. shells c. GUIs d. distributions e. windows 51. Cisco’s operating system for its routers and most of its managed switches is... a) UNIX b) LINUX c) Windows d) None of the above Explanation: It’s IOS 52. Traditionally, default installations of operating systems _____. a. turn on many infrequently used services to ease management labor b. turn off most infrequently used services to reduce RAM and processing requirements c. All of the above 53. In Windows, when files are encrypted using Encrypted File System, an attacker who breaks in can still get a copy of the files and easily read the content. a) True b) False Element of Cryptography 54. Jason sends a message to Kristin using public key encryption for confidentiality. What key will Jason use to encrypt the message? a. b. c. d. Jason’s private key Jason’s public key Kristin’s Public key None of the above 55. Which of the following is needed in order to encrypt the following message that you want to send to a business partner? “The total amount to be paid for order #C1222 is $23,000.00” (Circle all that apply) b. c. d. e. 56. Encryption is used for _____. a. b. c. 57. a ciphertext a key an authenticator an encryption method or algorithm confidentiality authentication Both of the above. In symmetric encryption in a two-way dialog, how many keys are used in total for confidentiality? a. b. c. one two four 58. Which of the following do cryptographic systems protect? a) Data stored on local storage media (like hard drives) from access by unauthorized users b) Data being transmitted from point A to point B in a network c) Both a and b 59. Based on how encryption systems work, which of the following is the worst thing that could happen? a) An attacker gets a copy of the encryption and decryption algorithms b) An attacker gets the decryption key c) a and b are equally damaging 60. Which of the following is true about the difference between hashing and encryption? (Choose all the apply) a) In encryption, the output is similar in length to the input b) In hashing, the output is similar in length to the input c) In encryption, the output is of a fixed short length, regardless of input d) In hashing, the output is of a fixed short length, regardless of the input Cryptographic systems 61. What are the four stages of cryptographic systems? a) Encapsulation b) Initial negotiation of security parameters c) Initial or mutual authentication d) Key exchange or key agreement e) Ongoing communication 62. Which of the following provides security at the transport layer? a) IPsec b) PPTP c) SSL/TLS d) Kerberos 63. Transmitting over the Internet with added security is the definition of _____. a) tunneling b) IPsec c) PPTP d) a VPN 64. Which of the following is true when comparing SSL/TLS to IPSec? (Choose all that apply) a) SSL/TLS operated at the Transport layer whereas IPSec operates ate the Internet layer. b) SSL/TLS operated at the Internet layer whereas IPSec operates ate the Transport layer. c) SSL/TLS is usually used to secure applications or services like Webservice and email. d) IPSec can protect all kind of Transport layer messages and Application layer messages. 65. The result of hashing can be turned back to the original string. T F 66. Encryption is usually used in the initial negotiation phase of cryptographic systems. T F 67. Once the partners are engaged in the ongoing communication phase there is, usually, no need for the partners to do another authentication since the communication is safe. T F Applications Security 68. In e-mail operation, what computer transmits messages directly to the receiver’s computer upon request? a) Sender’s computer b) Sender’s mail server c) Receiver’s mail server d) None of the above 69. You want to connect to a mail server to download emails that were sent to you by your friends. Which of the following protocols would be used for communication with the mail server? a) Simple Mail Transport Protocol b) Internet Message Access Protocol c) Extended transfer Protocol d) None of the above 70. Which of the following protocols is used for communication between the sender’s computer and the sender’s email server? a) Simple Mail Transport Protocol b) Internet Message Access Protocol c) Extended transfer Protocol d) None of the above 71. Which of the following protocols is used for communication between the sender’s email server and the receiver’s email server? a) Simple Mail Transport Protocol b) Internet Message Access Protocol c) Extended transfer Protocol d) None of the above 72. Which of the following is true about using the PGP cryptographic system for e-mail encryption? a) It is not widely built into client email programs b) Even if PGP is not built into their email client programs, users can still use PGP as separate program to handle secure communication c) Users can only use it for encryption/decryption if it is built into their email client programs. d) Both a and b e) None of the above 73. X.509 is a public-key cryptographic system that uses a hierarchical approach based on certificate authority. Which of the following is true about X.509 and PGP? a) Both X.509 and PGP use digital signature and public-key encryption. b) With X.509, the sender public key is obtained from a trusted third party c) With PGP, the sender’s public key could be obtained without referring to a third party d) All of the above e) None of the above 74. Your company has decided to use S/MIME to secure email communication. Your advice is needed to proceed with the implementation of the S/MIME-based secure email communication. Which of the following will be among your list of advice? a) S/MIME doesn’t use web trust. It uses another authentication method instead. b) A good web trust infrastructure (or circles of trust) must be implemented. c) None of the above 75. Assume that the home directory for the www.homeschool.com web site is C:\homeschool\web. Which of the following URL could be typed in the Address text box of a web browser to get the report.htm file located in the report directory which is a subdirectory under the home directory? e) www.report.homeschool.com f) www.report.homeschool.com/report g) www.report.homeschool.com/report/report.htm h) www.homeschool/Web/report/report.htm i) None of the above 76. Write down the URL to retrieve the file experience.htm under the experience directory on the host www.knowledge.com. ____________________________________________________________________________ 77. CGI requires the use of specific scripting languages like Javascript and VBscript. T F