MIS 4850 Systems Security
Final Exam Review Questions
Access Control and Site Security
1. Which of the following operating systems does not provide RAM buffer protection?
a) Windows Vista
b) Windows XP Professional
c) Windows NT
d) Windows 2000
e) None of the above
2. With which of the following operating systems the login password can be bypassed by
hitting the escape key?
a) Windows Vista
b) Windows XP Professional
c) Windows NT
d) Windows 2000
e) None of the above
3. Which of the following is true about Access cards that are designed for two-factor
authentication?
a) their PINs are usually short like 4 characters for instance
b) a 4-character PIN is too risky for access cards
c) if an access card is lost, the best security measure is to cancel or disable it
d) None of the above
4. You need to implement a wireless network with 3 Access Points and 13 wireless laptops.
How many SSIDs need to be used in order to have all devices be part of the same WLAN?
a. Three different SSIDs
b. One same SSID
c. 16 different SSIDs
d. None of the above.
5.
In a wireless network that uses WEP (Wired Equivalent Privacy) to provide wireless
security, which of the following may authenticate to an access point?
a) Only the administrator.
b) Only users with the correct WEP key.
c) Only users within the company.
d) Anyone can authenticate.
7.
Users must type PINs when they use their access cards. This is an example of …
a.
b.
c.
d.
e.
piggybacking
one-factor authentication
weak authentication
three-factor authentication
None of the above
8.
A user walks up to a door, has his or her face scanned, and is admitted through the door.
Assume nothing else. This is an example of...
a.
verification
b.
certification
c.
None of the above
9.
How could we prevent someone from installing a sniffer where wires connect to a
switch?
a.
Use newer switches
b.
install sniffer detection systems
c.
use switches with non-standard ports
d.
use optical fiber instead of UTP
e.
lock telecommunications closets
10.
It may be possible to find media containing sensitive corporate data through...
a.
Data digging
b.
two-factor recognition
c.
sensitivity analysis
d.
Shredding
e.
None of the above
Explanation: This is dumpster diving.
11.
The network administrator created a group account. He added all employees with last
name beginning with letter A, B, or C to the group. He then created another group
account and added all the other employees to it. He finally assigned access rights to the
groups. What access control strategy did he use?
a) Mandatory Access Control
b) Role Based Access Control
c) Discretionary Access Control
d) Logic Based Access Control
e) None of the above
Explanation: This is List-Based Access Control.
TCP/IP Internetworking
14.
Which of the following is true in TCP/IP-based encapsulation?
a.
Requests are encapsulated in TCP segments
b.
Frames are encapsulated in packets
c.
Neither a. nor b.
d.
Both a and b.
15.
If Layer N receives a message, which layer de-encapsulates the message?
a.
N+1
b.
N
c.
N-1
d.
Any of the above
e.
None of the above
16.
When it receives, which of the following does a router do first?
a.
encapsulate
b.
decapsulate (or de-encapsulate)
c.
Neither a. nor b.
d.
Both a. and b.
17.
Which of the following is connectionless?
a.
IP
c.
TCP
d.
None of the above.
18.
With classful IP addresses, the network part of a class B IP address is ___ bits long.
a.
8
b.
24
d.
32
e.
None of the above
19.
How many messages are sent in a TCP opening?
a.
One
b.
Two (the message and its acknowledgement)
c.
Four
d.
None of the above
Explanation: Three messages are sent altogether in an opening
21.
How many messages are sent in an abrupt TCP close, i.e. in a Reset?
a.
Two (the message and its acknowledgement)
b.
Three
c.
Four
d.
None of the above
24.
What do we call messages at the Transport layer?
a.
Frames
b.
Packets
c.
Both of the above.
d.
Neither a. nor b.
Explanation: They are called segments (i.e. TCP segments) or datagrams (i.e. UDP
datagrams)
25.
A host sends a TCP segment with source port number 25 and destination port number
64562.
Which of the following is true? (Choose all correct answers)
a) The source host is a client computer
b) The source host is an email server
c) The destination host is a client computer
d) The destination host is a server computer
e) The source host is a web server
26. Use the ADDing technique to determine the logical network that computer A (IP address
192.168.1.5 with subnet mask 255.255.255.128) belongs to.
--------------------------- 32 bit notation ---------------------- Dotted decimal
IP address:
Mask:
Network:
27. Use the ADDing technique to determine the logical network that computer B (IP address
192.168.2.3 with subnet mask 255.255.255.128) belongs to.
--------------------------- 32 bit notation ---------------------- Dotted decimal
IP address:
Mask:
Network:
28. Are both computers on the same logical network? Why?
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
Attacks
29. In preparing his attack, the attacker used the ping command to determine whether or not a
specific target computer is connected and responsive. Which of the following did the attacker
do?
a) Network scanning
b) Port scanning
c) Fingerprinting
d) Host scanning
e) None of the above
30. In preparing his attack, the attacker used a IP Scanning software called fPing to determine
whether or not computers with IP addresses in the range 220.35.36.1 to 220.35.36.20 are
connected and responsive. Which of the following did the attacker do?
a) Network scanning
b) Port scanning
c) Fingerprinting
d) Host scanning
e) None of the above
Explanation: host scanning could be done for a single host or for multiple hosts
using a range of IP addresses.
31. In preparing his attack, the attacker sent normal HTTP requests to a web server. Then, he
spent some time analyzing the protocol-related information in the response received from the
web server in order to determine the kind of software installed on the web server. Which of the
following did the attacker do?
a) Active fingerprinting
b) Protocol fingerprinting
c) Passive fingerprinting
d) None of the above
32. An attacker is trying to guess a 4-character long password that is all numbers? What is the
total number of combinations to guess?
a) 4000
b) 10000
c) 8000
d) None of the above
Explanation: 10ˆ4 =10000. The 10 is because there are 10 different numbers (0 to 10).
33. Collecting information using the Government EDGAR system and by visiting a potential
target organization’s web site is considered…
a) Passive fingerprinting
b) Random information gathering
c) Unobtrusive information gathering
d) None of the above
34. An attacker sends an attack message to a target computer using IP fragmentation. The attack
message is about 80000 bytes. What kind of attack did the attacker attempted?
a) Teardrop attacks
b) Ping of Death attack
c) Land attack
d) None of the above
35. Which of the following do Denial of Service attacks primarily attempt to jeopardize?
a) confidentiality
b) integrity
c) availability
36. SYN flooding is effective because…...
a. of an asymmetry in the work that the sender and receiver must do.
b. the basic protocol is flawed
c. SYN messages are encapsulated and so cannot be traced back to the attacker
d. it is based on DDoS
37. Which of the following determines which operating system is installed on a system by
analyzing its response to certain network traffic?
a. OS scanning.
b. Reverse engineering.
c. Fingerprinting
d. Host hijacking.
38. Which of the following is a DoS (Denial of Service) attack that exploits TCP's three-way
handshake for new connections?
a. SYN flooding
b. Ping of death attack.
c. LAND attack.
d. Buffer overflow attack.
Firewalls
40. What does a firewall use to ensure that each packet is part of an established TCP
(Transmission Control Protocol) session?
a) a packet filter.
b) a static filtering.
c) a stateful filtering.
d) a circuit level gateway.
41.
Ingress filtering is used to filter packets...
a. coming into the network from an external network
b. going out of the network to an external network
c. Both a. and b.
42.
Static packet filter firewalls examine...
a. IP headers
b. application messages
c. connections
d. All of the above.
Exhibit 1
Figure 1: Access Control List (ACL) for INGRESS Filtering at a border firewall
Trusted network
60.47.3.1
60.47.3.5
Firewall
60.47.3.2
Untrusted
network
60.47.3.9
1
2
3
4
5
6
7
8
9
10
If Source IP Address = 10.*.*.*, DENY [Private IP Address Range]
If Source IP Address = 172.16.*.* to 172.31.*.*, DENY [Private IP Address Range]
If Source IP Address = 192.168.*.*, DENY [Private IP Address Range]
If source IP address = 60.47.*.*, DENY [internal address range]
If TCP SYN=1 AND FIN=1, DENY [crafted attack packet]
If Destination IP Address = 60.47.3.9 AND TCP Destination Port = 80 or 443, PASS
If TCP SYN = 1 and ACK = 0, DENY [Attempt to open connection from the outside]
If TCP Destination Port = 20, DENY
If TCP Destination Port = 135 Trough 139, DENY
If TCP destination port = 513, DENY [UNIX rlogin without password]
11
12
If UDP Destination Port = 69, DENY [Trivial FTP; no login necessary]
DENY ALL
43. Given the Exhibit shown above, which of the following is true?
a) Rule 1 can be deleted without jeopardizing security because, anyway, the Deny All
will stop any incoming message with a source IP address in the 10.*.*.* range.
b) Deleting Rule 1 would allow a packet with a source IP address in the 10.*.*.*
range to pass in certain cases.
c) None of the above.
44. Given the Exhibit, what specific service could someone using the source IP address
192.168.3.7 get access to in case Rule 3 is removed from the ACL? (Circle all correct answers).
a) email service
b) HTTP webservice
c) ftp service
d) secure HTTP webservice
e) All of the above
45. What is the purpose of Rule 4 in the ACL shown in the Exhibit?
a) to prevent messages with source IP address in the internal address range from passing
b) to deny access to any incoming packet destined to any internal server computer
c) to prevent outsiders from using internal IP addresses in spoofing attacks
d) None of the above.
46. As the network administrator in charge of configuring the company’s firewall, you have to
change the ACL in the Exhibit to add a rule that allows packet destined to a an internal secured
web server (HTTPS) that has the 60.47.3.7 IP address to pass. (Note: the Appendix list
TCP/UDP ports for common services). Write down the rule:
______________________________________________________________________________
47. Where the rule you wrote down should be inserted in the ACL?
a) Anywhere before Rule 7
b) between Rule 5 and Rule 6
c) between Rule 4 and Rule 5
Host Hardening
48.
use
To know how to install an operating system with secure configuration options, you would
a.
b.
c.
d.
a security baseline
a standard
a security template
a wizard
49.
In a Windows network, which of the following could be used to implement security
measures on multiple computers through a domain?
a. Policy Maker
b. GPO
c. Domain ACL
Explanation: Group policies are used. Group policies are configured in a group policy
object or GPO.
50.
UNIX command-line interfaces are called _____.
a.
versions
b.
shells
c.
GUIs
d.
distributions
e.
windows
51.
Cisco’s operating system for its routers and most of its managed switches is...
a) UNIX
b) LINUX
c) Windows
d) None of the above
Explanation: It’s IOS
52.
Traditionally, default installations of operating systems _____.
a. turn on many infrequently used services to ease management labor
b. turn off most infrequently used services to reduce RAM and processing
requirements
c. All of the above
53.
In Windows, when files are encrypted using Encrypted File System, an attacker who
breaks in can still get a copy of the files and easily read the content.
a) True
b) False
Element of Cryptography
54.
Jason sends a message to Kristin using public key encryption for confidentiality. What
key will Jason use to encrypt the message?
a.
b.
c.
d.
Jason’s private key
Jason’s public key
Kristin’s Public key
None of the above
55.
Which of the following is needed in order to encrypt the following message that you want
to send to a business partner? “The total amount to be paid for order #C1222 is
$23,000.00” (Circle all that apply)
b.
c.
d.
e.
56.
Encryption is used for _____.
a.
b.
c.
57.
a ciphertext
a key
an authenticator
an encryption method or algorithm
confidentiality
authentication
Both of the above.
In symmetric encryption in a two-way dialog, how many keys are used in total for
confidentiality?
a.
b.
c.
one
two
four
58.
Which of the following do cryptographic systems protect?
a) Data stored on local storage media (like hard drives) from access by unauthorized
users
b) Data being transmitted from point A to point B in a network
c) Both a and b
59.
Based on how encryption systems work, which of the following is the worst thing that
could happen?
a)
An attacker gets a copy of the encryption and decryption algorithms
b)
An attacker gets the decryption key
c)
a and b are equally damaging
60. Which of the following is true about the difference between hashing and encryption?
(Choose all the apply)
a) In encryption, the output is similar in length to the input
b) In hashing, the output is similar in length to the input
c) In encryption, the output is of a fixed short length, regardless of input
d) In hashing, the output is of a fixed short length, regardless of the input
Cryptographic systems
61. What are the four stages of cryptographic systems?
a) Encapsulation
b) Initial negotiation of security parameters
c) Initial or mutual authentication
d) Key exchange or key agreement
e) Ongoing communication
62. Which of the following provides security at the transport layer?
a) IPsec
b) PPTP
c) SSL/TLS
d) Kerberos
63. Transmitting over the Internet with added security is the definition of _____.
a) tunneling
b) IPsec
c) PPTP
d) a VPN
64. Which of the following is true when comparing SSL/TLS to IPSec? (Choose all that apply)
a) SSL/TLS operated at the Transport layer whereas IPSec operates ate the Internet layer.
b) SSL/TLS operated at the Internet layer whereas IPSec operates ate the Transport layer.
c) SSL/TLS is usually used to secure applications or services like Webservice and email.
d) IPSec can protect all kind of Transport layer messages and Application layer messages.
65. The result of hashing can be turned back to the original string.
T
F
66. Encryption is usually used in the initial negotiation phase of
cryptographic systems.
T
F
67. Once the partners are engaged in the ongoing communication phase there
is, usually, no need for the partners to do another authentication since the
communication is safe.
T
F
Applications Security
68. In e-mail operation, what computer transmits messages directly to the receiver’s computer
upon request?
a) Sender’s computer
b) Sender’s mail server
c) Receiver’s mail server
d) None of the above
69. You want to connect to a mail server to download emails that were sent to you by your
friends. Which of the following protocols would be used for communication with the mail
server?
a) Simple Mail Transport Protocol
b) Internet Message Access Protocol
c) Extended transfer Protocol
d) None of the above
70. Which of the following protocols is used for communication between the sender’s computer
and the sender’s email server?
a) Simple Mail Transport Protocol
b) Internet Message Access Protocol
c) Extended transfer Protocol
d) None of the above
71. Which of the following protocols is used for communication between the sender’s email
server and the receiver’s email server?
a) Simple Mail Transport Protocol
b) Internet Message Access Protocol
c) Extended transfer Protocol
d) None of the above
72. Which of the following is true about using the PGP cryptographic system for e-mail
encryption?
a) It is not widely built into client email programs
b) Even if PGP is not built into their email client programs, users can still use PGP as separate
program to handle secure communication
c) Users can only use it for encryption/decryption if it is built into their email client programs.
d) Both a and b
e) None of the above
73. X.509 is a public-key cryptographic system that uses a hierarchical approach based on
certificate authority. Which of the following is true about X.509 and PGP?
a) Both X.509 and PGP use digital signature and public-key encryption.
b) With X.509, the sender public key is obtained from a trusted third party
c) With PGP, the sender’s public key could be obtained without referring to a third party
d) All of the above
e) None of the above
74. Your company has decided to use S/MIME to secure email communication. Your advice is
needed to proceed with the implementation of the S/MIME-based secure email communication.
Which of the following will be among your list of advice?
a) S/MIME doesn’t use web trust. It uses another authentication method instead.
b) A good web trust infrastructure (or circles of trust) must be implemented.
c) None of the above
75. Assume that the home directory for the www.homeschool.com web site is
C:\homeschool\web. Which of the following URL could be typed in the Address text box of a
web browser to get the report.htm file located in the report directory which is a subdirectory
under the home directory?
e) www.report.homeschool.com
f) www.report.homeschool.com/report
g) www.report.homeschool.com/report/report.htm
h) www.homeschool/Web/report/report.htm
i) None of the above
76. Write down the URL to retrieve the file experience.htm under the experience directory on the
host www.knowledge.com.
____________________________________________________________________________
77. CGI requires the use of specific scripting languages like Javascript and VBscript. T
F