IST 462
Final Exam
Part 2
NAME ___________________
True/False
Indicate whether the statement is true or false.
____
1. Removing a rootkit from an infected computer is extremely difficult.
____
2. Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail
attachment to start the infection.
____
3. JavaScript resides inside HTML documents.
____
4. One of the most important steps in hardening an operating system to resist attacks is to apply updates.
____
5. Signed Java applets by default run in the sandbox and are restricted regarding what they can do.
____
6. As a packet leaves a network, NAT removes the private IP address from the sender’s packet and replaces it
with an alias IP address.
____
7. IEEE 802.11 WEP shared secret keys must be a minimum of 32 bits in length.
____
8. Mandatory Access Control (MAC) model is the least restrictive access control model.
____
9. Rule Based Access Control is often used for managing user access to one or more systems.
____ 10. Although ACLs can be associated with any type of object, these lists are most often viewed in relation to files
maintained by the operating system.
____ 11. Authorization is the process that determines whether the user has the authority to carry out certain tasks.
____ 12. Keystroke dynamics can be used to authenticate a user to a local desktop computer but not to a Web site.
____ 13. One example of cognitive biometrics requires the user to identify specific faces.
____ 14. Determining vulnerabilities often depends upon the background and experience of the assessor.
____ 15. Permissions inheritance becomes less complicated with GPOs.
____ 16. System event logs will document any unsuccessful events and the most significant successful events.
____ 17. A baseline is a reference set of data against which operational data is compared.
____ 18. Hashing is the same as creating a checksum.
____ 19. With most symmetric ciphers, the final step is to combine the cipher stream with the plaintext to create the
ciphertext.
____ 20. DES is approximately 100 times faster than RSA in software and between 1,000 and 10,000 times as fast in
hardware.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 21. Under the _____ , healthcare enterprises must guard protected health information and implement policies and
procedures to safeguard it, whether it be in paper or electronic format.
a. HIPAA
c. HCPA
b. HLPDA
d. USHIPA
____ 22. COPPA requires operators of online services or Web sites designed for children under the age of _____ to
obtain parental consent prior to the collection, use, disclosure, or display of a child’s personal information.
a. 8
c. 13
b. 10
d. 16
____ 23. The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.
a. Nimda
c. Love Bug
b. Slammer
d. Code Red
____ 24. A ____ virus can interrupt almost any function executed by the computer operating system and alter it for its
own malicious purposes.
a. companion
c. resident
b. file infector
d. boot
____ 25. A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical
event.
a. Trojan
c. macro virus
b. logic bomb
d. metamorphic virus
____ 26. Live migration can be used for ____; if the demand for a service or application increases, then network
managers can quickly move this high-demand virtual machine to another physical server with more RAM or
CPU resources.
a. live virtualization
c. real-time virtualization
b. online virtualization
d. load balancing
____ 27. In a ____ attack, attackers use hundreds or thousands of computers in an attack against a single computer or
network.
a. centered
c. distributed
b. local
d. remote
____ 28. A(n) ____ is a small Web browser window that appears over the Web site that is being viewed.
a. swarm
c. popup
b. torrent
d. applet
____ 29. The most common protocol suite used today for networks as well as the Internet is ____.
a. TCP/IP
c. SNMP
b. SMTP
d. DNS
____ 30. One approach to substituting a fraudulent IP address is to target the external DNS server and is called ____.
a. DNS spoofing
c. zone transfer
b. DNS transfer
d. DNS poisoning
____ 31. ____ is the name given to a wireless technology that uses short-range RF transmissions.
a. Bluetooth
c. Scatternet
b. Piconet
d. Wi-fi
____ 32. The goal of ____ is to prevent computers with sub-optimal security from potentially infecting other
computers through the network.
a. subnetting
c. NAC
b. NAT
d. PAT
____ 33. A ____ is a computer typically located in a DMZ that is loaded with software and data files that appear to be
authentic, yet they are actually imitations of real data files.
a. proxy server
c. reverse proxy
b. honeypot
d. HIDS
____ 34. ____ are designed to inspect traffic, and based on their configuration or security policy, they can drop
malicious traffic.
a. NIDS
c. NIPS
b. HIPS
d. HIDS
____ 35. With ____ scanning, a wireless device simply listens for a beacon frame for a set period of time.
a. active
c. reactive
b. broadcast
d. passive
____ 36. The ____ model is considered a more “real world” approach than the other models to structuring access
control.
a. Discretionary Access Control (DAC)
c. Mandatory Access Control (MAC)
b. Rule Based Access Control (RBAC)
d. Role Based Access Control (RBAC)
____ 37. Known as a ____ lock, this lock extends a solid metal bar into the door frame for extra security.
a. tailgate
c. deadbolt
b. preset
d. cipher
____ 38. A(n) ____ uses an unsecured public network, such as the Internet, as if it were a secure private network.
a. RAS
c. EAP
b. VPN
d. LDAP
____ 39. Known as ____, this in effect takes a snapshot of the security of the organization as it now stands.
a. risk identification
c. threat identification
b. risk mitigation
d. vulnerability appraisal
____ 40. The ____ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.
a. Single Loss Expectancy (SLE)
c. Asset Value (AV)
b. Exposure Factor (EF)
d. Annualized Loss Expectancy (ALE)
____ 41. A(n) ____ port indicates that no process is listening at this port.
a. listening
c. closed
b. open
d. blocked
____ 42. ____ are software tools that can identify all the systems connected to a network.
a. Port scanners
c. ICMP mappers
b. Network mappers
d. ICMP scanners
____ 43. ____ is a “common language” for the exchange of information regarding security vulnerabilities.
a. XML
c. SQL
b. OVAL
d. HTML
____ 44. ____ allows the administrator to configure a switch to redirect traffic that occurs on some or all ports to a
designated monitoring port on the switch.
a. Sniffing
c. Protocol analyzer
b. Port mirroring
d. NIC mirroring
____ 45. ____ servers are intermediate hosts through which Web sites are accessed.
a. NIDS
c. Proxy
b. Authentication
d. HIPS
____ 46. A(n) ____ is an occurrence within a software system that is communicated to users or other programs outside
the operating system.
a. thread
c. event
b. entry
d. call
____ 47. ____ are operational actions that are performed by the operating system, such as shutting down the system or
starting a service.
a. System events
c. System functions
b. System calls
d. System processes
____ 48. Changing the original text to a secret message using cryptography is known as ____.
a. encryption
c. ciphertext
b. decryption
d. cleartext
____ 49. The simplest type of stream cipher is a ____ cipher. It simply substitutes one letter or character for another.
a. transposition
c. permutation
b. substitution
d. homoalphabetic
____ 50. ____ is essentially a chip on the motherboard of the computer that provides cryptographic services.
a. EFS
c. BitLocker
b. TPM
d. AES