Study sets, textbooks, questions
Upgrade to remove ads
Network Security Unit 2, Network Security Unit 1
Terms in this set (201)
In order to implement MAC, a strict user and data classification scheme is required. T/F
VPNs protect packets by performing IP ____, the process of enclosing a packet within another one that has different IP source and destination information.
Which access control principle is most frequently associated with data classification?
Need to know
Biometrics (retinal scans, fingerprints, and the like) are mainly used for ____ by large security-minded entities such as banking institutions and credit card centers for regulating access to sensitive information, but biometrics are also gaining ground in the general corporate world.
Point-to-Point Protocol (PPP) over Secure Sockets Layer (SSL) and Point-to-Point Protocol (PPP) over Secure Shell (SSH) are two ____-based methods for creating VPNs.
IPSec ____ use a complex set of security protocols to protect information, including Internet Key Exchange (IKE), which provides for the exchange of security keys between the machines in the VPN.
PPTP provides stronger protection than L2TP. T/F
Which centralized authentication method is the latest and strongest version of a set of authentication protocols developed by Cisco Systems?
A(n) ____ is a list of authorization rights attached to an object - in other words, who can access that device or application and what can they do with it.
Access Control List (ACL)
____ are hardware devices or software modules that perform encryption to secure data, perform authentication to make sure the host requesting the data is an approved user of the VPN, and perform encapsulation to protect the integrity of the information being sent.
Separation of duties reduces the chance of an individual violating information security policy and breaching the confidentiality, integrity, and availability of information. T/F
The growth and widespread use of the Internet has been coupled with the use of encryption technology to produce a solution for specific types of private communication channels: ____.
Virtual Private Networks (VPNs)
Some VPNs use the term ____ to describe everything in the protected network behind the gateway.
A ____ attack is time-intensive, so they are rarely aimed at the target system in general.
Which access control principle restricts users to having access appropriate to the level required for their assigned duties?
Which centralized authentication method uses UDP?
A ____ is an automatic phone-dialing program that dials every phone number in a configured range (e.g., from 555-1000 to 555-2000) and checks to see if a person, answering machine, or modem answers.
Which term refers to two connections over a VPN line?
Client authentication is similar to user authentication but with the addition of ____.
Most personal computer operating systems use the mandatory access control (MAC) model. T/F
Which level in the U.S. military data classification scheme applies to any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security?
A bank's automated teller machine (ATM), which restricts authorized users to simple account queries, transfers, deposits, and withdrawals is an example of ____ access control.
Constrained user interface
Which authentication method is used when you want a client to be authenticated for each session?
Which access control process documents the activities of the authenticated individual and systems?
Today, the widespread acceptance of IPSec with the IKE system means that proprietary protocols are used far more often. T/F
A ____ is one in which the computer system enforces the controls without the input or intervention of the system or data owner.
Mandatory Access Control (MAC)
Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures. T/F
Under the guise of justice, some less scrupulous administrators may even be tempted to ____, or hack into a hacker's system to find out as much as possible about the hacker.
The size of a signature base is a good measure of an IDPS's effectiveness. T/F
In ____ verification, the higher-order protocols (HTTP, FTP, Telnet) are examined for unexpected packet behavior or improper use.
What does the tcpdump host 192.168.1.100 command do?
It only capture traffic originating from and destined to 192.168.1.100
A ____ is a list of discrete entities that are known to be benign.
The first hurdle a potential IDPS must clear is functioning in your systems environment. T/F
Intrusion ____ consists of activities that deter an intrusion.
A sniffer can decipher encrypted traffic. T/F
By default, tcpdump will just print ____ information.
Because of its ubiquity in UNIX/Linux systems, ____ has become the de facto standard in network sniffing.
The Simple Network Management Protocol contains ____ functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.
Deploying and implementing an IDPS is always a straightforward task. T/F
Wireless sensors are most effective when their ____ overlap.
One tool that provides active intrusion prevention is known as ____.
Most NBA sensors can be deployed in ____ mode only, using the same connection methods (e.g., network tap, switch spanning port) as network-based IDPSs.
In ____, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.
DNS cache poisioning
A ____ resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that network segment much like tcpdump - looking for indications of ongoing or successful attacks.
network-based IDPS (NIDPS)
The tcpdump tool will output both the header and packet contents into ____ format.
One of the best reasons to install a(n) ____ is to provide an organization with overall situational awareness - or a better overall understanding - of the activities that take place on the network.
Blacklists and whitelists are most commonly used in ____ detection and stateful protocol analysis.
A signature-based IDPS examines network traffic in search of patterns that match known ____.
____ applications use a combination of techniques to detect an intrusion and trace it back to its source.
When the measured activity is outside the baseline parameters - exceeding what is called the ____ - the IDPS sends an alert to the administrator.
When a collection of honeypots connects several honeypot systems on a subnet, it may be called a ____.
Which tcpdump option specifies the number of packets to capture?
The use of ____ is required to achieve RSN compliance.
802.11n has a maximum data rate of ____.
Most installed wireless networks use the infrastructure model. T/F
Bluetooth networks are referred to as ____.
Most BSS networks are configured as simple stars. T/F
The primary advantage of the ____ wireless topology configuration is the increased number of connections among stations, which allows greater connectivity.
The primary drawback associated with ad hoc networks is that they are inherently ____.
Ad hoc wireless models rely on the existence of ____ to provide connectivity.
QPSK uses four signal states that are ____ degrees out of phase to carry four signal values.
By default, Bluetooth authenticates connections. T/F
Which notable Bluetooth attack allows a nearby attacker to issue commands to an unsuspecting target phone?
Which technology works by taking the original data stream and breaking it up into small bits, then transmitting each of those on a different frequency channel simultaneously?
Direct-Sequence Spread Spectrum (DSSS)
The improved Bluetooth 2.0 increased the data rate to around ____ Mbps.
What is the branding name for interoperable equipment that is capable of supporting IEEE 802.11i requirements?
Which wireless security protocol is considered to be too weak for use inmost network settings?
What is the largest area of concern with regard to security in ZigBee?
Accidental key reuse
In the mesh wireless topology, there may be no dominant ____.
Which wireless modulation technique combines digital and analog signaling to encode data into radio signals?
In passive mode, the FTP client must listen and wait for the server connection. T/F
____ refers to a new use of existing technologies.
Which HTTP request method retrieves meta-information only from the resource signified in the URI?
What is the best way to make sure data is properly encrypted while in transit?
Use the "secure" flag on all sensitive cookies
____ are collections of IP addresses of known spam sources on the Internet, and they can be easily integrated into most SMTP server configurations.
Real-Time blacklistings (RBLs)
DNS ____ provide a mechanism to divide ownership responsibility among various DNS servers and the organizations they serve.
When properly configured to afford anonymous users only very limited access, the FTP server works well. T/F
With ____ mode, a trusted internal FTP client makes an outgoing request to the FTP server.
In 2010, OWASP determined that ____ attacks were the top risk to Web
What is the best way to secure Telnet?
Do not use Telnet at all
What is the best way to secure FTP or TFTP?
Employ encryption and authentication
What is the best way to direct visitors to a new location or page?
Create a .htaccess file with the following entry: Redirect 301/old/old.html /new/new.html.
____ was originally developed as a client-side language, which means the code is interpreted on the client side instead of on the Web server.
An SMTP ____ is a simple message providing status information about the monitored device.
____ is a key component of the Web, working in conjunction with HTTP to move content from servers to clients.
Most of the weaknesses with SNMP occur with Version 1 of SNMP. T/F
To provide monitoring, an SNMP ____ must be installed on a desired host or network device.
A sender with a valid internal IP address should be allowed to send e-mail to external e-mail addresses. T/F
A major problem with FTP is that data is transferred in ____.
____ is a simple method of transferring files between computer systems.
One of the biggest strengths of Perl is its ____-manipulation abilities.
Which HTTP response code indicates that an error has occurred on the client side?
A(n) ____ is designed to translate information sent from a particular agent or class of agents.
What is the best way to restrict URL access?
Make sure sensitive pages require authentication
____ is the basis for Web communication.
The Common Gateway Interface (CGI) is a programming language in and of itself. T/F
An unlocked door is an example of a ________.
The Security blueprint is a detailed version of the security framework. T/F
The CIA triad is based on three characteristics of information that form the foundation for many security programs: _______.
Confidentiality, integrity, and availability
Which security project team role is filled by individuals who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies?
Security policy developers
The McCumber Cube provides a _______ description of the architectural approach widely used in computer and information security.
Which security project team role is filled by a senior executive who promotes the project and ensures that it is supported, both financially and administratively, at the highest levels of the organization?
Which term describes a subject or objects ability to use, manipulate, modify, or affect another subject or object?
Which individual is considered to be a script kiddie who uses automated tools to inundate a Web site with a barrage of network traffic, usually resulting in a denial of service?
Which threat is the most common intellectual property (IP) breach?
In information security, _____ exists when a vulnerability known to an attacker is present.
The Value of information comes from the characteristics it posses. T/F
When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable.
Which e-mail attack occurs when an attacker routes large quantities of e-mail to the target system?
The _____ are the foundation of a security framework.
Spheres of security
Which term identifies a single instance of an information asset suffering damage, unintended or unauthorized modification, or disclosure?
There are two general methods for implementing technical controls within a specific application to enforce policy: _______ and configuration rules.
Access control lists
Organizations must minimize _____ to match their risk appetite.
An Indirect attack involves a hacker using a personal computer to break into a system. T/F
One of the basic tenets of security architectures is the spheres of security. T/F
An Enterprise information security policy (EISP) is also known as a _____.
General security policy.
A _____ is a written statement of the organization's purpose.
Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency?
A _____ is an application error that occurs when more data is sent to a buffer than it can handle.
By balancing information security and access, a completely secure information system can be created. T/F
Which resource is a physical asset?
Which attack is used when a copy of the has of the user's password has been obtained?
The ____ are the foundation of a security framework.
Spheres of security
Logical topologies indicate how networks function. T/F
In _____ networks, the individual users or clients directly interact with one another, sharing resources without the benefit of a central repository or server.
Which term refers to the loss of signal strength as the signal moves across the media?
Which network typically covers a region the size of a municipality, county, or district?
Metropolitan area network
Which protocol is typically used for applications such as streaming media?
The TCP/IP network model Transport layer connects applications through the use of ____?
Which port number is used by the Telnet protocol?
_____ is now the de facto industry standard for short range wireless communications between devices.
In the TCP/IP network model, data from the end user's utilities (the message) is passed down to the _____ layer for processing.
The WWW is a physical set of networks. T/F
What is the primary reason we create networks?
To exchange information
Which type of multiplexing is found exclusively in fiber-optic communications?
Wave division multiplexing
On the server site, what is the de facto standard for transferring e-mail between post office servers across the internet?
UDP is a connection-oriented datagram protocol. T/F
______ uses analog frequencies to encode one or more bits, by measuring the height of the signal.
Pulse amplitude modulation (PAM)
Protocols that are widely accepted become standards. T/F
Which protocol is considered to be a dominant protocol for local area networking?
Which term refers to unwanted noise from a signal coming across the media at multiple frequencies?
Which protocol is used for modifying and querying directory services?
Which cable is all but obsolete in data communications with the exception of its use in the cable television infrastructure to support cable modem-based high-speed internet access for residences?
In _____ polling, the central control unit, usually a server, polls each client to determine if it has traffic to transmit.
The standard for wireless networks falls under IEEE ____.
Which standards organization is the global leader in developing and publishing international standards?
International Organization for Standardization (ISO)
______ is the interconnection of groups or systems with the purpose of exchanging information.
Which OSI model layer has the largest number of risks and attacks?
The TCP/IP network model was developed after the OSI Reference Model. T/F
Which cipher uses a stencil or template with holes cut out?
Where is information most vulnerable?
When it is outside the organization's systems
Encryption methodologies that require the same secret key to encipher and decipher the messages are using _____ encryption or symmetric encryption.
An X.509 v3 certification binds a _____, which uniquely identifies a certificate entity, to a user's public key.
Distinguished name (DN)
_____ is an open-sourced protocol framework for security development within the TCP/IP family of protocol standards.
What protocol is planned as a replacement for TKIP in WPA?
Bit stream methods commonly use algorithm functions line _____.
The XOR operation
Hash functions confirm message identity and integrity. T/F
One of the most widely known symmetric encryption cryptosystems is _____.
When deploying ciphers, users have to decide on the _____ of the cryptovariable or key.
Digital _____ authenticate the cryptographic key that is embedded in the certificate.
Steganography is technically a form of cryptography. T/F
Which cipher simply rearranges the values within a block to create the ciphertext?
Digital signatures are encrypted messages that can be mathematically proven authentic. T/F
Which cipher is made from a table of 26 distinct cipher alphabets?
When it comes to cryptosystems, the security of encrypted data is dependent on keeping the encrypting algorithm secret. T/F
Hash _____ are mathematical functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value.
The XOR encryption method should be used by itself when an organization is transmitting or storing sensitive data. T/F
_____ provides verification that a message was sent by a particular sender and cannot be refuted.
The most common hybrid cryptography system is based on the _____ key exchange, which is a method for exchanging private keys using public-key encryption.
In modulo 26, what happens if a number is larger than 26?
Twenty-six is sequentially subtracted from it until the number is in the proper range.
The _____ protocol is used for public-key encryption to secure a channel over the internet.
Public-key encryption is based on a _____.
Which symmetric encryption cryptosystems was developed to replace both DES and 3DES?
Which algorithm was the first asymmetric, or public-key, encryption algorithm developed (in 1977) and published for commercial use?
_____ builds on the encoding format of the MIME protocol and uses digital signatures based on public-key cryptosystems to secure e-mail.
What protocol breaks a message into numbered segments so that it can be transmitted?
Which firewall architecture combines the packet-filtering router with a separate, dedicated firewall, such as an application proxy server?
Screen host firewall
Deep packet inspection is implemented through the use of ____ rules.
The ____ process can be performed at the firewall and make use of encryption to protect credentials transmitted from client to server (or client to firewall).
Application ____ are control devices that can restrict internal users from unlimited access to the Internet.
A computer firewall is designed to prevent all attackers, viruses, and would-be intruders from entering a computer or computer network. T/F
The architecture of a screened subnet firewall provides a ____.
Known as the ping service, use of ____ traffic is a common method for hacker reconnaissance and should be turned off to prevent snooping.
Which statement represents a packet-filtering best practice?
If you Web server is located behind the firewall, you need to allow HTTP or HTTPS (S-HTTP) data through for the internet at large to view it.
At the Network layer, ____ are used to encapsulate packets (or datagrams).
You should block packets that use ports below 20. T/F
At the Physical layer, data is referred to as a ____.
Firewalls can speed up network traffic. T/F
A(n) ____ is an ideal endpoint for VPN, which connects two companies' networks over the Internet.
Technologically, firewalls are categorized into ____.
What is one of the most effective methods for improving computing security in the SOHO setting?
Use a SOHO or residential-grade firewall.
Which application-level gateway task provides the benefit to an internal network of shielding actual internal IP addresses from the prying eyes of unauthorized external clients?
IP address mapping
Which function is considered to be an advanced firewall feature?
Providing a VPN link to another network
It is sometimes easier to protect a network from the Internet than from an inside attack. T/F
A(n) ____ tracks the state and context of each packet in the conversation by recording which station sent what packet and when.
Even simple residential firewalls can be used to create a logical screened subnetwork (often called a ____) that can provide Web services.
IP ____ is the falsification of the source IP address in a packet's header so that it appears to have come from a trusted or legitimate sender.
The dominant firewall architecture used today is the screened subnet firewall. T/F
Which company offers a free firewall that provides basic ingress and egress filtering?
Network firewall entry and exit points are called ____.
A ____ is a network subaddress (assigned a number between 0 and 65,535) through which a particular type of data is allowed to pass.
Other sets by this creator
Ch04, Ch05, Ch06, Ch07
Ch05, Ch06, Ch07
Other Quizlet sets
Interview study set
Ps3 Unit Test
AP Biology Unit 8
Survivors of Abuse & Neglect