IST 462 Final Exam Part 2 NAME ___________________ True/False Indicate whether the statement is true or false. ____ 1. Removing a rootkit from an infected computer is extremely difficult. ____ 2. Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection. ____ 3. JavaScript resides inside HTML documents. ____ 4. One of the most important steps in hardening an operating system to resist attacks is to apply updates. ____ 5. Signed Java applets by default run in the sandbox and are restricted regarding what they can do. ____ 6. As a packet leaves a network, NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address. ____ 7. IEEE 802.11 WEP shared secret keys must be a minimum of 32 bits in length. ____ 8. Mandatory Access Control (MAC) model is the least restrictive access control model. ____ 9. Rule Based Access Control is often used for managing user access to one or more systems. ____ 10. Although ACLs can be associated with any type of object, these lists are most often viewed in relation to files maintained by the operating system. ____ 11. Authorization is the process that determines whether the user has the authority to carry out certain tasks. ____ 12. Keystroke dynamics can be used to authenticate a user to a local desktop computer but not to a Web site. ____ 13. One example of cognitive biometrics requires the user to identify specific faces. ____ 14. Determining vulnerabilities often depends upon the background and experience of the assessor. ____ 15. Permissions inheritance becomes less complicated with GPOs. ____ 16. System event logs will document any unsuccessful events and the most significant successful events. ____ 17. A baseline is a reference set of data against which operational data is compared. ____ 18. Hashing is the same as creating a checksum. ____ 19. With most symmetric ciphers, the final step is to combine the cipher stream with the plaintext to create the ciphertext. ____ 20. DES is approximately 100 times faster than RSA in software and between 1,000 and 10,000 times as fast in hardware. Multiple Choice Identify the choice that best completes the statement or answers the question. ____ 21. Under the _____ , healthcare enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format. a. HIPAA c. HCPA b. HLPDA d. USHIPA ____ 22. COPPA requires operators of online services or Web sites designed for children under the age of _____ to obtain parental consent prior to the collection, use, disclosure, or display of a child’s personal information. a. 8 c. 13 b. 10 d. 16 ____ 23. The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion. a. Nimda c. Love Bug b. Slammer d. Code Red ____ 24. A ____ virus can interrupt almost any function executed by the computer operating system and alter it for its own malicious purposes. a. companion c. resident b. file infector d. boot ____ 25. A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event. a. Trojan c. macro virus b. logic bomb d. metamorphic virus ____ 26. Live migration can be used for ____; if the demand for a service or application increases, then network managers can quickly move this high-demand virtual machine to another physical server with more RAM or CPU resources. a. live virtualization c. real-time virtualization b. online virtualization d. load balancing ____ 27. In a ____ attack, attackers use hundreds or thousands of computers in an attack against a single computer or network. a. centered c. distributed b. local d. remote ____ 28. A(n) ____ is a small Web browser window that appears over the Web site that is being viewed. a. swarm c. popup b. torrent d. applet ____ 29. The most common protocol suite used today for networks as well as the Internet is ____. a. TCP/IP c. SNMP b. SMTP d. DNS ____ 30. One approach to substituting a fraudulent IP address is to target the external DNS server and is called ____. a. DNS spoofing c. zone transfer b. DNS transfer d. DNS poisoning ____ 31. ____ is the name given to a wireless technology that uses short-range RF transmissions. a. Bluetooth c. Scatternet b. Piconet d. Wi-fi ____ 32. The goal of ____ is to prevent computers with sub-optimal security from potentially infecting other computers through the network. a. subnetting c. NAC b. NAT d. PAT ____ 33. A ____ is a computer typically located in a DMZ that is loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files. a. proxy server c. reverse proxy b. honeypot d. HIDS ____ 34. ____ are designed to inspect traffic, and based on their configuration or security policy, they can drop malicious traffic. a. NIDS c. NIPS b. HIPS d. HIDS ____ 35. With ____ scanning, a wireless device simply listens for a beacon frame for a set period of time. a. active c. reactive b. broadcast d. passive ____ 36. The ____ model is considered a more “real world” approach than the other models to structuring access control. a. Discretionary Access Control (DAC) c. Mandatory Access Control (MAC) b. Rule Based Access Control (RBAC) d. Role Based Access Control (RBAC) ____ 37. Known as a ____ lock, this lock extends a solid metal bar into the door frame for extra security. a. tailgate c. deadbolt b. preset d. cipher ____ 38. A(n) ____ uses an unsecured public network, such as the Internet, as if it were a secure private network. a. RAS c. EAP b. VPN d. LDAP ____ 39. Known as ____, this in effect takes a snapshot of the security of the organization as it now stands. a. risk identification c. threat identification b. risk mitigation d. vulnerability appraisal ____ 40. The ____ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period. a. Single Loss Expectancy (SLE) c. Asset Value (AV) b. Exposure Factor (EF) d. Annualized Loss Expectancy (ALE) ____ 41. A(n) ____ port indicates that no process is listening at this port. a. listening c. closed b. open d. blocked ____ 42. ____ are software tools that can identify all the systems connected to a network. a. Port scanners c. ICMP mappers b. Network mappers d. ICMP scanners ____ 43. ____ is a “common language” for the exchange of information regarding security vulnerabilities. a. XML c. SQL b. OVAL d. HTML ____ 44. ____ allows the administrator to configure a switch to redirect traffic that occurs on some or all ports to a designated monitoring port on the switch. a. Sniffing c. Protocol analyzer b. Port mirroring d. NIC mirroring ____ 45. ____ servers are intermediate hosts through which Web sites are accessed. a. NIDS c. Proxy b. Authentication d. HIPS ____ 46. A(n) ____ is an occurrence within a software system that is communicated to users or other programs outside the operating system. a. thread c. event b. entry d. call ____ 47. ____ are operational actions that are performed by the operating system, such as shutting down the system or starting a service. a. System events c. System functions b. System calls d. System processes ____ 48. Changing the original text to a secret message using cryptography is known as ____. a. encryption c. ciphertext b. decryption d. cleartext ____ 49. The simplest type of stream cipher is a ____ cipher. It simply substitutes one letter or character for another. a. transposition c. permutation b. substitution d. homoalphabetic ____ 50. ____ is essentially a chip on the motherboard of the computer that provides cryptographic services. a. EFS c. BitLocker b. TPM d. AES