MIST_356_FinalExam

When encrypting data with a block cipher, each repetition is called:

a key schedule

A rootkit is:

software that hides on a computer and provides a back door for an attacker

To launch a distributed denial of service (DDOS) attack, an attacker often uses:

a botnet

The well-known port number 80 is used for:

the World Wide Web (WWW)

192.168.1.1 is an example of:

an IPv4 address

The element that automatically assigns IP addresses to LAN hosts is:

Dynamic Host Configuration Protocol (DHCP)

A tool that captures packets on a network and helps you analyze that packets is:

DHCP

An attack in which one or more hosts conspire to inundate a victim with ping requests is called a:

ping flood

An attack that forges the sender’s IP address is called:

an IP spoofing attack

On the Internet, the entity that looks up a domain name and retrieves information about it is the:

Domain Name System (DNS)

In the Website address www.stthomas.edu, the top-level domain is:

.edu

Issuing the nslookup command along with a domain name displays:

the corresponding IP address

Confidential company information that would give competitors a commercial advantage if leaked is called:

a trade secret

Rules that restrict certain types of information to specific groups within a company are categorized as:

need to know

Two-person or multiperson control in important transactions helps to reduce the risk of:

insider threats

__________ switching provides resource efficiency and flexible routing, and permits parallel transmission.

packet

When using private addresses, there must be a gateway between the private network and the rest of the internet which performs __________.

NAT

The __________ encryption algorithm invented by Ron Rivest is a stream cipher, but it has weaknesses when compared to other algorithms that were created with a more open design such as AES.

RC4

DES and AES are both known as __________ ciphers in terms of the way the process of encryption is applied with these approaches.

block

__________ is a type of botnet attack that transmits a modest amount of data from each of the numerous distributed bots to the target, overwhelming the target.

DDOS

Like viruses, __________ copy themselves to other places and spread from there to infect host computers. Often these serve no particular purpose.

botnets

BCP, otherwise known as __________ __________ __________ is an important aspect of managerial planning for information security in enterprises.

Business Continuity Plan

A BIA, or __________ __________ __________ is a report that assesses the enterprise’s ability to recover from a major disaster.

Business Impact Analysis

A __________ standby is a computing environment that we leave idle until it might be needed in case of a disaster, and then the enterprise will install backups and populate the site.

cold

A __________ standby is used in an enterprise needs to keep operations going at all times, and it is able to take over the work in case of disaster without any delay in operation.

hot

__________ is a Windows based command used in the command shell to give information about host addresses IP and MAC addresses.

nslookup

Hiding an object, such as a diary, to prevent others from finding it is an example of:

Security through Obscurity

An algorithm is a type of:

procedure

An encryption algorithm that uses the same key for both encryption and decryption is:

symmetric

The type of cipher that rearranges the text of a message is called:

transposition

To use symmetric cryptography, the sender and receiver must share:

a secret key

The Enigma was:

a rotor machine

Gilbert Vernam’s bit combination operation for encrypting digital teletype transfer is now referred to as:

exclusive or (xor)

Decryption is the process of reversing encryption.

True

The two primary types of symmetric algorithms are public and cipher.

False

The Vigenère cipher uses a series of shifts to encrypt every letter in a message.

True

The Advanced Encryption Standard (AES) is stronger than the Data Encryption Standard (DES).

True

A cryptonet is:

two or more people or share an encryption key

The following are common ways to handle new encryption keys except:

transfer them via instant messenger

A file encryption program:

truncates a passphrase that is too long

An Advanced Encryption Standard (AES) key may not be:

16 bits in length

When encrypting a file, a fully punctuated passphrase should have a minimum of __________ characters.

20

Encrypting an encryption key using a passphrase is called:

key wrapping

Using the Diffie-Hellman algorithm:

both participants in the exchange must have a public/private key pair

In a Diffie-Hellman calculation using P = g^s mod N, (s) is:

the private key value

Digital signatures are often used to provide:

nonrepudiation

A public-key certificate generally does NOT contain:

a private key

After changing an encryption key, all backup copies of the protected file are also protected by the new key.

False

The shorter the encryption key, the more difficult it is to crack.

False

In cryptography, an internal key exists inside the encryption process and disappears when the process is not running.

True

Elliptic curve cryptography uses the equation C = M^e mod N for encryption.

False

When you visit a website with an "https" prefix in the address, the site is secure.

True

An attacker can modify a file without changing the file’s hash value.

False

A digital signature uses symmetric keys to sign or verify digital data.

False

A certificate authority is a trusted third party that issues certificates on behalf of some organization.

True

There is a single, global public-key infrastructure (PKI).

False

CIA properties do NOT include:

authority

CIA properties include:

1. Confidentiality 2. Integrity 3. Availability

An attempt by a threat agent to exploit assets without permission is referred to as:

an attack

A person skilled in attacking computer systems, who uses those skills as a security expert to help protect systems, is a:

white-hat hacker

A security analyst is performing a security assessment. The analyst should NOT:

take actions to mitigate a serious risk

When disclosing a security vulnerability in a system or software, the manufacturer should avoid:

including enough detail to allow an attacker to exploit the vulnerability

The term "security theater" refers to security measures intended to make potential victims feel safe and secure without regard to their effectiveness.

True

Authentication is a security service that ensures information is reliably available.

False

For data to be cryptographically random, it:

cannot be produced by a procedure

A vulnerability is a security measure intended to protect an asset.

False

The primary element on a computer motherboard that runs programs and makes the computer work is:

the central processing unit (CPU)

In a password system, the total number of possible passwords is called the:

search space

The fundamental job of every operating system is to run programs, and this relies on:

1. process management 2. random access memory (RAM) management 3. input / output (I/O) management

One of the vulnerabilities the Morris worm used was a networking service called finger. The purpose of the finger service is to:

report the status of individual computer users

An attack in which someone tries to trick a system administrator into divulging a password is called:

social engineering

The process of loading and running a program from a mass storage device like a hard drive or CD-ROM is called:

bootstrapping

A type of security control that takes measures to help restore a system is referred to as:

corrective

A type of security control in which you unplug a computer from the Internet to protect it from malware is:

mechanical

An attack that blocks access to a system by other users is called:

denial of service

A computer’s Basic Input / Output (BIOS) is a computer program stored in read-only memory (ROM).

True

A stack provides a simple, structured way to give temporary storage to a procedure, including a place to save the return address.

True

Part of the reason why the Morris worm was successful was that the finger process had Least Privilege instead of Most Privilege.

False

In a hierarchical file system directory, the topmost directory is called the:

root

The character that separates directories in a Windows directory path is:

the back slash (\)

The directory access right that allows a user to search for a name in a file’s path but not examine the directory as a whole is called:

seek

The product that creates financial-fraud botnets using Zbot malware and is offered for sale on the black market is:

ZeuS

General security access controls refer to objects, rights, and:

subjects

The information state associated with data in motion is:

transmission

The main purpose of a software patch is to:

fix a bug in a program

A zero-day exploit:

has no software patch

An example of a capability-based system is:

1. Kerberos 2. public-key certificates 3. a process page table that provides capabilities to use specific areas of RAM

An interpreter is a program that interprets the text of a program one word at a time, and performs the actions specified in the text. The following are examples of interpreters EXCEPT:

Java

A security database that contains entries for users and their access rights for files and folders is:

an access control list (ACL)

In Windows Vista, the file-sharing permission level that grants users the right to read, modify, or delete a file they don’t own is:

Co-owner

The law that establishes security measures that must be taken on health-related information is:

HIPAA

The term for recovering from computer-related attacks, incidents, and compromises is:

remediation

The Fourth Amendment prevents arbitrary searches of areas where users expect their privacy to be protected. This is referred to as:

reasonable expectation of privacy

The major file system used with Windows today is:

NTFS

The following are fundamental strategies for authenticating people on computer system EXCEPT:

something you make

An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of:

two-factor authentication

Hashing:

transforms readable text into gibberish

Each __________ __________ provides a set of algorithms, protocols, and modes that together implement a set of security services.

cipher suite

AH means:

Authentication Header

KDC means:

Key distribution center

PPP means:

Point-to-Point Protocol

S/MIME means:

Secure Multipart Internet Message Extension

IPsec means:

IP Security Protocol

Describe IPsec. What is it used for?

IPsec allows two sites to establish an encrypted connection across the Internet through which they may exchange packets securely (called a VPN). Simply put, IPsec cryptography is applied to a packet, which leaves the link and IP headers in plaintext, but encrypts everything following, including the TCP/UDP header and the application data.

Draw a diagram of how SSL (now called TLS) works.

Why do we need KDC’s?

Every endpoint gets a single secret key, and they use it to talk to a key distribution center (KDC). When Bob wants to talk to Alice, his computer contacts the KDC, which creates a unique key to use in his conversation with Alice. The KDC uses Alice’s own key to ensure that she can retrieve a readable copy of the key it sent to Bob.

Why was WEP replaced?

WEP encrypts your data – which is good – but doesn’t do so well enough to stop people from eavesdropping – which is bad. The main problem with WEP is that it’s been solved, meaning anyone can break into a WEP network using freely available tools. Anyone who knows about this weakness could infiltrate the network easily. WEP is a little better than not securing your wireless network at all, but not much.

Draw a diagram and explain the steps involved with a WPA2 association with an Access Point?