Which of the following parameters make up a Risk Matrix? (Select all that apply.)

Different motivation levels

Different assets that could be attacked

Different threat agents

Different types of attacks

Different assets that could be attacked

Different types of attacks

A "back door" is an attack vector that lets the attacker take control of a computer through a network connection.

True

Which of the following would describe a Threat Agent?

Someone who has already attacked our assets

Someone who is currently attacking our asset

Someone who is motivated to attack our asset

Someone who has the skills to attack our assets

Someone who is motivated to attack our asset

Which would be the easiest method to restrict access to a system so that a small list of people can log on?

Whitelist the names of the people you want in the system.

Blacklist the names of the people you don't want in the system

Greylist the people who could be a security risk to the system

Any of these will work.

Whitelist the names of the people you want in the system.

An asset is safer if we limit the number of people allowed inside its security boundary. This is called the Basic Principle of Least Privilege.

True

A process is restricted to specific regions of RAM assigned to it.

True

For the following scenario, what type(s) of attacks have occurred? (Select all that apply.)

An IT worker goes to the HR manager's computer to do some routine maintenance and notices that the HR manager is still logged into the employee database. The IT worker browses around in the database and learns how much money other employees are getting paid.

Masquerade

Disclosure

Denial of Service

Subversion

Forgery

Physical Theft

Masquerade

Disclosure

Suppose you want to protect a file on a UNIX/Linux system using the basic file protections. The file is a text file that contains the rules for a new tabletop roleplaying game that will totally be better than Dungeons & Dragons. You and your team are working on the file together, and you would like for the general public to see rules as the team develops them but obviously you don't want them to change up the rules.

What is the string of characters that would provide these protections? Write out the string without any spaces.

rwxrwxr--

For the following scenario, what type(s) of attacks have occurred? (Select all that apply.)

The Stuxnet virus caused the nuclear enrichment machinery to run at full speed for too long as well as modifying the warning system so that it didn't sound any alarms. The result was heavy damage to the machinery.

Masquerade

Disclosure

Denial of Service

Subversion

Forgery

Physical Theft

Denial of Service
Subversion
Forgery

Because of Kerckhoff's Principle, we should design our cybersecurity such that the system is secure even when potential attackers already know how the system works.

True

A heavy steel computer case is an example of what type of security control?
Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Physical

What is an Attack Vector

The trajectory of an ongoing attack

A currently ongoing attack

None of these

A way to exploit a vulnerability

A way to exploit a vulnerability

Writing your diary in a made-up language is an example of what type of security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Cryptographic

Which of the following are program modes in a modern computer? (Select all that apply.)

user mode

print mode

kernel mode

superuser mode

read-only mode

dispatcher mode

user mode

kernel mode

Requiring all employees to change their passwords regularly is an example of what type of security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Procedural

How can criminals hide data using partitions?

If the criminal makes the computer complex enough, a forensic analyst won't understand what the criminal did.

A hacker can inject a partition into a computer, and because partitions are opaque, the operating system does not know what data the hacker added to the computer.

They can configure the partition to leave gaps that the file system can't directly access.

None of these

They can configure the partition to leave gaps that the file system can't directly access.

A program operating in kernel mode can access any part of RAM, even parts of other programs.

True

What is a zero-day exploit?

A system that has not yet been hacked

An attack for which no patch yet exists

An attack that is still being planned

An attack that would not do significant damage

An attack for which no patch yet exists

A "buffer overflow" is any attack vector that lets the attacker take control of a computer through a network connection.

False

The following is an example of how a simple virus might take control of a system:

At the beginning of the program code, the virus writes a jump point to the malicious code. Then, at the end of the virus code, it executes a jump back to the regular program.

True

Making a file read-only is an example of what type of security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Logical

When deleting a file in a FAT directory, which of the following happens? (Select all that apply.)

Checks to make sure that all the clusters are sequential

Deletes the data in the file clusters

"Frees" all clusters in the file's cluster chain by setting them to the "empty" value.

Marks the file's directory entry to "empty"

"Frees" all clusters in the file's cluster chain by setting them to the "empty" value.

Marks the file's directory entry to "empty"

Which of the following parameters make up an Attack Matrix? (Select all that apply.)

Different motivation levels

Different assets that could be attacked

Different types of attacks

Different threat agents

Different types of attacks

Different threat agents

Which of the following best describes the Basic Principle: Continous Improvement?

Regulary reviewing and updating security measures based on new threats

Installing an antivirus program on a computer

Waiting for a breach before making changes

Implementing a strong password policy

Regulary reviewing and updating security measures based on new threats

What is the Window of Vulnerability?

The period of time before a patch is created

The period of time before a vulnerability is detected

The period of time during which a system is unprotected from an exploit

The period of time before a buffer is protected against buffer overflow attacks

The period of time before the user decides to use a better operating system than anything made by Microsoft

The period of time during which a system is unprotected from an exploit

What is an unbound buffer?

An input that is too large to fit into memory

A section of memory that gets overwritten by a hacker

Memory that must be manually tested before data can be stored.

An area of memory that holds data but the program doesn't check the data for length

An area of memory that holds data but the program doesn't check the data for length

Originally, "Random Access" was a negative term that meant that the drive could only provide the data randomly because it often failed. The term later changed as drive technology improved.

False

Which of the following is the best strategy for administrative access control?

Each administrator will have an administrator over them that makes sure that the admin permissions aren't being misused.

Give the administrator full admin access, but properly train them so that they won't misuse the account.

Give the administrator a regular account for their regular duties and an admin account for tasks that require admin permissions.

Set up the computer system/network once and then delete the admin access. Once the system is set up, the administrator only needs regular user access.

Give the administrator a regular account for their regular duties and an admin account for tasks that require admin permissions.

Which of the following problems contributed to the Morris Worm's success? (Select all that apply.)

The Finger program had an unbounded buffer.

The Finger program contained email information of all the users.

The Morris Worm caused the creation of a government agency dedicated to fighting viruses.

The Morris Worm was the first virus, so nobody knew what to expect.

The Finger program was designed to run as root.

The Morris Worm was more than just a virus. It was a worm.

The Finger program had an unbounded buffer.

The Finger program was designed to run as root.

We refer to security breaches as "incidents" because we don't want the public to panic and/or we don't want to be sued for defamation.

False

Which of the following must be true in order for the Chain of Control to be maintained? (Select all that apply.)

Whenever software is started by other software, the user must be able to allow or deny the operation.

Whenever the computer starts, it runs software the enforces our security requirements

Software that is started by other software must either obey our security requirements or must be prevented from violating them.

Only the operating system is allowed to have direct control over the hardware.

Whenever the computer starts, it runs software the enforces our security requirements

Software that is started by other software must either obey our security requirements or must be prevented from violating them.

What is an example of a malware attack vector where the malware exploits a vulnerability that can be reached via the network?

Email infection

Drive-by download

Worm propagation

Trojan infection

Worm propagation

What does it mean when we say that evidence is "admissible"?

It was collected by a designated officer of the law

All of these

It was directly related to a criminal case

It does not violate the 4th Amendment

It meets legal rules and standards for evidence

It meets legal rules and standards for evidence

Which of the following are valid methods for resolving disputes in the United States? (Select all that appy.)

Criminal complaint

Mediation

Private action

Civil complaint

Criminal complaint

Mediation

Private action

Civil complaint

When you are presented with a running computer that needs forensic analysis, what is the first thing you should do?

Turn off the computer

Take pictures of all open programs, windows, and tabs

None of these, something else.

Make a copy of the hard drive

Take pictures of all open programs, windows, and tabs

If we collect data from a hard drive to be used in court, we must first copy the drive and then calculate an integrity check value to guarantee that we didn't modify the drive in any way. Otherwise, the opposing lawyer could claim the data had been tampered with.

True

Which of the following is NOT one of the security categories that we try to ensure?

Availability

Confidentiality

Integrity

All of these are security categories.

All of these are security categories.

In the aftermath of a security incident in which Bob's actions led to a system breach, he would be held responsible if it were determined that he did exercise due diligence.

False

Which of the following threats should we most prepare our defenses against?

A threat with stealth motivation

A threat with high motivation

A threat with low motivation

A threat with moderate motivation

A threat with moderate motivation

Which of the following is NOT a security control category?

Corrective

Preventative

Administrative

Detective

Administrative

The FAT contains an entry for each cluster on the drive. Each entry is a number that points to the next cluster in a program.

True

What are the components of the Basic Principle: Least Privilege when dealing with an asset? (Select all that apply.)

Prevent anyone from deleting the asset

Prevent anyone from modifying the asset

Limit the number of people who has acess to the asset

Restrict what each person may do to the asset

Limit the number of people who has acess to the asset

Restrict what each person may do to the asset

Because of Kerckhoff's Principle, we should design our cybersecurity such that there is not a single point of failure but instead utilizes defense in depth.

False

What is an example of a malware attack vector where the program appears benign and the user is tricked into executing it.

Drive-by download

Trojan infection

Email infection

Worm propagation

Trojan infection

Which of the following is an example of subverting the Chain of Control?

Boot the computer from a USB drive that contains an OS controlled by the attacker.
Trick the IT guy into giving you permissions that you shouldn't have.
All of these
Guess or steal a user's password.

Boot the computer from a USB drive that contains an OS controlled by the attacker.

A padlock is an example of what type of security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Mechanical

An example of Basic Principle: Defense in Depth is having a key that locks the outer door that also locks the office door and the safe.

False

Suppose you want to protect a file on a UNIX/Linux system using the basic file protections. The file is a Word document and contains a list of all your passwords for various websites. As the owner of the file, you obviously want full access to the file. You want people in your group to access the file as well, but you don't want them to change anything. The rest of the world doesn't get any access.

What is the string of characters that would provide these protections? Write out the string without any spaces.

rwxr-x---

Suppose you need to turn off a computer before you bring it to your office to perform forensic analysis. Should you unplug it or perform the proper shutdown routine?

Proper shutdown because otherwise it could corrupt data.

Unplug it because otherwise it could corrupt data.

Unplug it because that will better preserve the current state of the hard drive.

Proper shutdown because that will better preserve the current state of the hard drive.

Unplug it because that will better preserve the current state of the hard drive.

For the following scenario, what type(s) of attacks have occurred? (Select all that apply.)

A hacker modifies the computer so that the browser only plays a certain Rick Astley video over and over and won't do anything else.

Masquerade

Disclosure

Denial of Service

Subversion

Forgery

Physical Theft

Denial of Service

Subversion

Which of the following is an example of retrieving from offline?

Trying different combinations of PIN numbers on a security door

Using a keyboard logger to record password entries

Watching over someone's shoulder as they type in their PIN

Hacking the server and stealing the password file

Putting bad passwords into someone's email login so many times that the account locks up

Hacking the server and stealing the password file

Which of the following encryption building-blocks are used in the AES algorithm? (Select all that apply.)

Shift

Code

Substitution

Transmutation

XOR

Transposition

Shift

Substitution

XOR

Transposition

Suppose we XOR the bits of our message with the bits of our key. Then, we XOR the result with the bits of our original message. What is the result?

Our original message

The key

A garbled mess

The encrypted message

The key

Hash algorithms can be used to generate the key stream when using a stream cipher.

True

Random number generators found in programming languages are not actually random. They are actually pseudorandom.

True

What term describes the process of associating an individual with an identiy inside a computer?

Authentication

Password

Access Control

Credential

Authentication

Which authentication factors are involved in the following example? (Select all that apply.)

To access your phone, you must draw a square on the screen.

Something you see

Something you know

Something you hear

Something you touch

Something you have

Something you are

Something you know

In a man-in-the-middle attack, Oscar gives Alice his secret key S_O but convinces her it is actually Bob's secret key S_B. Then, whenever Alice sends Bob a message, Oscar can decrypt it with S_O.

True

What is an authentication token that transmits the same credential every time?

Passive token

Challenge-response token

One-time password token

Timed-response token

Fixed-response token

Passive token

When several people share the same key, they form a cryptogroup.

False

Which of the following encryption building-blocks are used in the DES algorithm? (Select all that apply.)

Shift

Code

Substitution

Transmutation

XOR

Transposition

Shift

Substitution

XOR

Transposition

Attacking hashed passwords found in a password file is called an offline attack.

True

Which authentication factors are involved in the following example? (Select all that apply.)

To open the vault door, you speak your password into a microphone.

Something you see

Something you know

Something you hear

Something you touch

Something you have

Something you are

Something you know

Something you are

A great way to pick a password is to use the first character of each word in a phrase we will remember because the resulting password will be completely random.

False

What is an authentication token that transits credentials that vary according to an unpredictable message from the computer?

Passive token

Challenge-response token

One-time password token

Timed-response token

Fixed-response token

Challenge-response token

Which of the following are situations that would indicate it was time to rekey? (Select all that apply.)

If two years have passed without rekeying from some other issue

Whenever a file encrypted with the key is modified

When a person who knows the key leaves the group

When a person joins the group

Every six months

Whenever the key is used

When we suspect that the key has been compromised

If two years have passed without rekeying from some other issue

When a person who knows the key leaves the group

Every six months

When we suspect that the key has been compromised

A smart credit card (chip card) is an example of which type of token?

Passive token

Challenge-response token

One-time password token

Timed-response token

Fixed-response token

Passive token

What kind of encryption rearranges the text of the message?

secret key cipher

code

transposition cipher

substitution cipher

transposition cipher

What kind of encryption replaces characters of the message with other characters?

transposition cipher

secret key cipher

code

substitution cipher

substitution cipher

Which authentication factors are involved in the following example? (Select all that apply.)

To access your email, you type in the number sent to your phone.

Something you see

Something you know

Something you hear

Something you touch

Something you have

Something you are

Something you have

AES and DES are examples of what type of cipher?

Block cipher

Code cipher

Stream cipher

One-time pad

Block cipher

Which of the following is an example of cloning or borrowing a credential?

Using a keyboard logger to record password entries

Watching over someone's shoulder as they type in their PIN

Trying different combinations of PIN numbers on a security door

Hacking the server and stealing the password file

Putting bad passwords into someone's email login so many times that the account locks up

atching over someone's shoulder as they type in their PIN

Which of the following are key to a good one-way hash function? (Select all that apply.)

If we change one character in our password, the hash will be unpredictably different.

If one password hashes to a particular value, no other password can hash to that value.

If Oscar wants to attack our system, he can't figure out what hash algorithm we are using.

If we add one or subtract character to our password, the hash will be unpredictably different.

If Oscar finds a password, he can't figure out the hash of that password.

If Oscar finds a hash value, he can't figure out a password that yields the same hash value.

If we change one character in our password, the hash will be unpredictably different.

If we add one or subtract character to our password, the hash will be unpredictably different.

If Oscar finds a hash value, he can't figure out a password that yields the same hash value.

Suppose Alice wants to encrypt a message that only Bob can read. Which of the following scenarios describes this process using RSA?

Alice encrypts the message using Alice's public key. Then, Bob can decrypt it using Bob's secret key.

Alice encrypts the message using Bob's public key. Then, Bob can decrypt it using Alice's public key.

Alice encrypts the message using Bob's public key. Then, Bob can decrypt it using Bob's secret key.

Alice encrypts the message using Alice's secret key. Then, Bob can decrypt it using Bob's secret key.

Alice encrypts the message using Alice's public key. Then, Bob can decrypt it using Bob's public key.

Alice encrypts the message using Bob's public key. Then, Bob can decrypt it using Bob's secret key.

One way to increase the password search space is to require all passwords to contain at least one number and one special character.

False

Which authentication factors are involved in the following example? (Select all that apply.)

To access the computer, you type in a password and then type in a PIN number.

Something you see

Something you know

Something you hear

Something you touch

Something you have

Something you are

Something you know

Which of the following are true statements about nonces? (Select all that apply.)

The value is unlikely to repeat itself.

A nonce is a random value.

A nonce must be kept secret.

An attacker can't choose the nonce's value.

An attacker can't choose the nonce's value.

The value is unlikely to repeat itself.

When properly used, it is mathematically impossible to crack a message encrypted by a one-time pad.

True

Which of the following are key management problems? (Select all that apply.)

Making sure everyone at the organization has the same key

Choosing keys that attackers can't guess

Handling keys so that attackers can't intercept them

Sharing keys with exactly the right people and only the right people

Choosing keys that attackers can't guess

Handling keys so that attackers can't intercept them

Sharing keys with exactly the right people and only the right people

Which of the following options is the best way to avoid reusing a keystream?

Only encrypt things once

These are all bad options. You shouldn't choose any of these.

Generate the keystream using a different key for every encryption

Combine the key with a nonce before generating the keystream

Combine the key with a nonce before generating the keystream

Which of the following is an example of sniffing the credential?

Watching over someone's shoulder as they type in their PIN

Using a keyboard logger to record password entries

Putting bad passwords into someone's email login so many times that the account locks up

Trying different combinations of PIN numbers on a security door

Hacking the server and stealing the password file

Using a keyboard logger to record password entries

Suppose Oscar retrieves the user account file that contains a list of all users and their hashed passwords. How can Oscar gain access to the computer?

Locate the user on the list with the highest clearance. The hash value for that user can be typed into the login screen as the password since the login screen was going to hash the password anyways.

Locate the user on the list with the highest clearance. Guess that user's login credentials. If that user's account becomes locked, find the next highest clearance and proceed to guess that user's credentials.

Run every possible password through the hash algorithm, and see it matches any user's hash on the list. If one is found, log in with that user's name and the generated password.

Oscar cannot gain access to this computer with only this file. Oscar does not know what password rules are in place. The user's may have been instructed to include numbers or special characters in their passwords, and Oscar would not know this information.

Run every possible password through the hash algorithm, and see it matches any user's hash on the list. If one is found, log in with that user's name and the generated password.

Suppose Oscar discovered that 1 in 10 people at a particular company use their favorite Taco Bell menu item as their password. If there are 50 items on the Taco Bell menu, how many password attempts will Oscar expect to try before he is likely to find a match?
250
25
50

Impossible to know
500
5

25

Public key encryption works because of a trapdoor function. What is the trapdoor function in RSA that keeps Oscar from figuring out Alice's secret key?

Oscar knows the value N, but it is almost impossible for him to figure out what two prime numbers created N.

An exponent raised to another exponent is the same as the multiplying the exponents. Thus (X^a)^b = (X^b)^a = X^ab.

Oscar knows Alice's public key P_A but doesn't know what equation was used to calculate the inverse, S_A.

You can easily calculate the hash, but it is almost impossible to figure out what message generated the hash.

Oscar knows the value N, but it is almost impossible for him to figure out what two prime numbers created N.

Which of the following does password hashing protect against? (Select all that apply.)

Tricking a system administrator into looking up and divulging someone's password

Randomly trying passwords until the correct one is found

Stealing the authentication database and looking at everyone's passwords

Corrupting a database so that it becomes unreadable

Tricking a system administrator into looking up and divulging someone's password

Stealing the authentication database and looking at everyone's passwords

Another name for public-key cryptography is Asymmetric Cryptography.

True

Why is it bad to reuse a keystream?

Two files encrypted with the same keystream can be XOR'd together to cancel the encryption.

It isn't bad to reuse a key stream. It is only bad to reuse a key.

It is only a problem with image files where Oscar can see two images overlayed.

Oscar can append the reused keystreams and use that to decrypt files.

Two files encrypted with the same keystream can be XOR'd together to cancel the encryption.

Which authentication factors are involved in the following example? (Select all that apply.)

To draw money from an ATM, you insert your card and type your PIN.

Something you see

Something you know

Something you hear

Something you touch

Something you have

Something you are

Something you know

Something you have

Which of the following is an example of a trial-and-error attack?

Trying different combinations of PIN numbers on a security door

Watching over someone's shoulder as they type in their PIN

Putting bad passwords into someone's email login so many times that the account locks up

Using a keyboard logger to record password entries

Hacking the server and stealing the password file

Trying different combinations of PIN numbers on a security door

Which of the following is an example of denial of service?

Hacking the server and stealing the password file

Putting bad passwords into someone's email login so many times that the account locks up

Trying different combinations of PIN numbers on a security door

Watching over someone's shoulder as they type in their PIN

Using a keyboard logger to record password entries

Putting bad passwords into someone's email login so many times that the account locks up

What term describes checking a user's access rights and granting access to resources?

Password

Authentication

Access Control

Credential

Access Control

What is an authentication token that transits different credentials based on an internal clock or counter?

Passive token

Challenge-response token

One-time password token

Timed-response token

Fixed-response token

One-time password token

Two-factor authentication is effective because an attacker must use two separate attack vectors, one for each factor. This provides Defense in Depth.

True

Which of the following is an example of two-factor authentication?

You swipe your ID card and then unlock a padlock with a key.

You type in a password and then enter the name of your favorite pet.

All of these are two-factor authentication.

You type in a password and then enter the code sent to your phone.

You type in a password and then enter the code sent to your phone.

In biometric credentials, what do we call the fraction of readings that should match an existing credential but do not match it?

True acceptance rate

False acceptance rate

False rejection rate

True rejection rate

False rejection rate

Who can be a Certificate Authority?

Any internationally recognized Internet authority

Literally anyone with a public/private key combo

Anyone who gets the proper CA license

Large organizations

Literally anyone with a public/private key combo

Suppose Alice wants to sign a message so that Bob knows that she sent it. Which of the following scenarios describes this process using RSA?

Alice encrypts the message using Alice's secret key. She then sends the original message along with the encrypted message. Bob can decrypt it using Alice's public key and compare the two messages to see if they match.

Alice encrypts the message using Alice's secret key. She then sends the original message along with the encrypted message. Bob can decrypt it using Bob's secret key and compare the two messages to see if they match.

Alice encrypts the message using Alice's public key. She then sends the original message along with the encrypted message. Bob can decrypt it using Bob's secret key and compare the two messages to see if they match.

Alice encrypts the message using Bob's public key. She then sends the original message along with the encrypted message. Bob can decrypt it using Bob's secret key and compare the two messages to see if they match.

Alice encrypts the message using Alice's secret key. She then sends the original message along with the encrypted message. Bob can decrypt it using Alice's public key and compare the two messages to see if they match.

You should not use SMS to send one-time passwords because the password is sent in plaintext.

True

Suppose there are 200 billion potential password combinations, and we are attempting trial-and-error guessing. How many passwords should we expect to guess before it we likely discover a match?
It only takes one

50 billion

That is impossible to know.

200 billion

190 billion

100 billion

100 billion

Nonces are used in challenge-response authentication to generate the challenge.

True

Key management comes down to two problems:

1. Ensure that the right people have the right crypto keys

2. Prevent the wrong people from uncovering any crypto keys

True

Suppose I have a web server. What is the best defense against a Ping Flood attack?

Block all incoming traffic from addresses you don't recognize.

Spoof the attacker's IP address

Use a firewall to block all incoming Ping messages.

Quickly discard half-open connections.

Use a firewall to block all incoming Ping messages.

Cookies are controversial because they allow an outside computer to place potentially malicious code onto your device.

False

How is "end-to-end" encryption different from other types of network encryption?

The users initiate the encrypting and decrypting themselves.

It is the only type of network transmission where the message stays encrypted from start to finish.

It is the only style of encryption where there is no specified encryption algorithm.

It is the only style of encryption where there are multiple acceptable encryption algorithms.

The users initiate the encrypting and decrypting themselves.

Suppose a scammer creates a fake web store and uses a misleading domain name, like "anazom.com" instead of "amazon.com". Would this trigger any browser warnings when the site is visited? If yes, what warning?

Yes, "Expired certificate" warning

No

Yes, "Domain names don't match" warning

Yes, "Misleading domain name" warning

Yes, "Misleading syntax" warning

Yes, "Tricked CA" warning

Yes, "Bogus Certificate Authority" warning

No

Suppose we go to a website and get the warning message "Revoked certificate." Which of the following would be the most appropriate assumption?

This could be a legitimate website, but it is very difficult to verify.

This is definitely NOT a scam. It is always just a bookkeeping error.

It is possible that this is a scam, but it is probably ok.

This is definitely a scam.

This is definitely a scam.

How do we build a dual firewall topology?

Place the two firewalls side-by-side. Place computers that need to be accessed from outside the network behind one firewall, and place all other computers behind the other firewall.

Place one firewall behind the other. Place computers that need to be accessed from outside the network on the outside of those firewalls, and place all other computers behind the inner firewall.

Place one firewall behind the other. Place computers that need to accessed from outside the network between the two firewalls, and place all other computers behind the inner firewall.

Place one firewall behind the other. Place computers that need to be accessed from outside the network on the outside of those firewalls, and place all other computers between the firewalls.

Place one firewall behind the other. Place computers that need to accessed from outside the network between the two firewalls, and place all other computers behind the inner firewall.

Internet email standards must define two things:

1. Formatting, or the layout of the email message

2. Protocols, or how clients and servers interact to deliver and retrieve mail

True

Suppose we have a server that users outside our network will need to access. We can protect our vulnerable network computers by placing the server outside our outermost router to prevent risky traffic from getting inside our network.

False

Suppose we try to log into a server and no database is ever checked. What type of authentication was performed?

Indirect (service-based)

Indirect (Ticket-based)

Offline

Local

Direct

Indirect (redirected)

Offline

There is one protocol for retrieving mail, but multiple protocols for sending it.

False

An example of a network subversion attack would be rerouting traffic to a compromised network so that it can be more easily intercepted.

True

Suppose an attacker's computer intercepts network data intended for someone else. What type of attack is this?

Masquerade

Disclosure

Denial of Service

Subversion

Forgery

Physical Theft

Disclosure

Configuring a firewall so it blocks World of Warcraft data is an example of what security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Logical

Why is it generally a bad idea to attempt a DOS attack against a DNS root server?

Many DNS requests can be resolved by cached addresses stored at the local DNS server.

DNS root servers have a lot of redundancy, so if one server is taken out, another server can do the job.

DNS root servers are vital to Internet traffic and are well protected against attacks, so it would require an incredibly dedicated attack to take one out.

All of these

All of these

We only need to worry about our POP if we have computers in our network (such as servers) that people outside our network will need to access.

True

Suppose we sit down at a computer and use a program to log into a server across campus. The server looks at its own files to determine if we should have access. What type of authentication was performed?

Indirect (service-based)

Indirect (Ticket-based)

Offline

Local

Direct

Indirect (redirected)

Direct

Unplugging a computer from the network when it isn't in use is an example of which security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Procedural

Which is harder to protect from physical theft: computer hardware or network hardware?

Network hardware because computer hardware is typically harder to acess.

Network hardware because it is typically worth more on the black market.

Computer hardware because it is typically worth more on the black market.

Computer hardware because network hardware is typically harder to access.

Computer hardware because network hardware is typically harder to access.

Suppose we attempt to connect to the wi-fi network at UAFS, and the building's wi-fi antenna contacts a computer in the Gardner building and asks it if you should be given access. What type of authentication was performed?

Indirect (service-based)

Indirect (Ticket-based)

Offline

Local

Direct

Indirect (redirected)

Indirect (service-based)

What does it mean when it is said that an encryption technique is "application transparent"?

The network handles the encryption instead of the application.

The application does not know that the encryption is happening.

The application is able to see all the inner workings of the encryption.

The encryption technique is not tied to one application and can be used with many different applications.

The application does not know that the encryption is happening.

When performing Link Layer encryption, the data must be decrypted before it leaves the local network.

True

Suppose we go to a website and get the warning message "Untrusted certificate authority." Which of the following would be the most appropriate assumption?

It is possible that this is a scam, but it is probably ok.

This could be a legitimate website, but it is very difficult to verify.

This is definitely NOT a scam. It is always just a bookkeeping error.

This is definitely a scam.

This could be a legitimate website, but it is very difficult to verify.

Network cryptography can provide which of the following protections? (Select all that apply.)

Confidentiality

Authenticity

Integrity

Nonrepudiation

Confidentiality

Authenticity

Integrity

Nonrepudiation

Using 192-bit AES is an example of which security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Cryptographic

Which of the following key distribution techniques are never recommended? (Select all that apply.)

Key wrapping

Diffie-Hellman

Key distribution center

Manual keying

New keys encrypted with old

Self-rekeying

New keys encrypted with old

Manual keying

When would Socket Layer encryption be appropriate?

When the user needs to make the decision whether or not to encrypt the data.

When the method of transmitting data within this network is easy to intercept.
When users need secure connections to a website.

When a user wants to obscure the type of data from being detected by a router/firewall.

When users need secure connections to a website.

Which of the following would help protect against a command injection attack?

Use a firewall that filters out command injection packets.

Do not allow any access to the database when users request webpages.

When creating the database, turn off the "Command Injection" option for each table you wish to protect.

Strip out special characters from user input.

Strip out special characters from user input.

If your firewall implements "Deny by Default", then your last two filters should block every incoming and outgoing packet.

False

In the United States, spam email is not illegal, but the activities in the email might be.

True

What is a limitation with session filtering?

Only works with UDP traffic

Only works with TCP traffic

Only works with email traffic

Only works with IP traffic

Only works with TCP traffic

Suppose we go to a website and get the warning message "Invalid digital signature." Which of the following would be the most appropriate assumption?

This is definitely NOT a scam. It is always just a bookkeeping error.

This could be a legitimate website, but it is very difficult to verify.

This is definitely a scam.

It is possible that this is a scam, but it is probably ok.

This is definitely a scam.

Suppose I have the following firewall rules. We block access to doomscroll.com, but the boss demands that he have access to it. Where do we put the rule that allows him access?

Between rules 2 and 3

Between rules 1 and 2

After rule 3

Before rule 1

Before rule 1

Requiring employees to use strong passwords is an example of which security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Procedural

What is the name given to a message that attempts to get a user to divulge sensitive information?

scam

phishing

DOS

spam

phishing

IPSec leaves the link and transport headers in plaintext.

False

When attackers exploit a network protocol, they are generally performing one of three attacks. Which of the following is NOT one of these attacks?

Exploit one host's assets to attack a different victim host.

Use up the victim host's resources directly.

Masquerade as another host or user.

Trick a user into divulging personal information.

Trick a user into divulging personal information.

When would Link Layer encryption be appropriate?

When users need secure connections to a website.

When a user wants to obscure the type of data from being detected by a router/firewall.

When the method of transmitting data within this network is easy to intercept.

When the user needs to make the decision whether or not to encrypt the data.

When the method of transmitting data within this network is easy to intercept.

With a Key Distribution Center, each user must keep a key for each other user, but the KDC handles the distribution of key updates. This makes the keys safe because it prevents users from making mistakes caused by manual re-keying.

False

Which of the following statements are true regarding cache poisoning? (Select all that apply.)

The results of the attack stick around for a couple of days.

It can be part of an attack against DNS.

The attacker pretends to be resolver and gives a false IP address.

The effect lasts as long as the attacker continues to make the attack and ends as soon as the attack ends.

The network packets used in the attack are directed towards the victim web servers.

The results of the attack stick around for a couple of days.

It can be part of an attack against DNS.

The attacker pretends to be resolver and gives a false IP address.

Suppose we sit down at a computer and log directly into the computer in front of us. The computer looks at its own files to determine whether or not to give us access. What type of authentication was performed?

Indirect (service-based)

Indirect (Ticket-based)

Offline

Local

Direct

Indirect (redirected)

Local

Suppose I have a web server. What is the best defense against a SYN Flood attack?

Quickly discard half-open connections.

Spoof the attacker's IP address.

Block all incoming traffic from addresses you don't recognize.

Use a firewall to block all incoming SYN messages.

Quickly discard half-open connections.

Suppose we use a browser to visit a website to purchase a product. When we go to check out, we have to log into Paypal to authorize payment. What type of authentication was performed?

Indirect (service-based)

Indirect (Ticket-based)

Offline

Local

Direct

Indirect (redirected)

Indirect (redirected)

Suppose Oscar eavesdrops on Bob's email and reads private information. This is considered a passive attack because Oscar didn't actually interfere with the communication.

True

What is the most basic definition of Tunneling?

Two endpoints use an existing protocol standard to carry different traffic.

A host uses a VPN service to forward prohibited data to another host.

A host uses a VPN to pretend to be a local host on another network.

A host sends prohibited data to another host.

Two endpoints use an existing protocol standard to carry different traffic.

The Smurf Attack is an example of which protocol attack strategy?

Exploit one host's assets to attack a different victim host.

Masquerade as another host or user.

Use up the victim host's resources directly.

None of these.

Exploit one host's assets to attack a different victim host.

Suppose we go to a website and get the warning message "Expired certificate." Which of the following would be the most appropriate assumption?

It is possible that this is a scam, but it is probably ok.

This is definitely NOT a scam. It is always just a bookkeeping error.

This is definitely a scam.

This could be a legitimate website, but it is very difficult to verify.

It is possible that this is a scam, but it is probably ok.

Essentially, what is a KDC?

Public-key distribution

Ticket-based authentication

Public-key authentication

Redirected authentication

Ticket-based authentication

In a connection-based attack against email, what does the attacker try to accomplish?

Sniff the contents of the account login attempt to learn the email login password

Sniff the routing information to discover the path the email will take so that the email can be intercepted and possibly modified

Perform a DOS attack to prevent the user's connection with the email server

Sniff the contents of the email message to learn any confidential information contained in the email

Perform a DOS attack to prevent the user's connection with the email server

Blocking traffic to and from NSFW websites is an example of which security control?

Logical

Mechanical

Physical

Cryptographic

Functional

Procedural

Logical