Name:     ID: 
 
Email: 

Test 4 Chap 7 - 8

True/False
Indicate whether the statement is true or false.
 

 1. 

NIDPSs can reliably ascertain if an attack was successful or not.
 

 2. 

Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected.
 

 3. 

Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined.
 

 4. 

A false positive is the failure of an IDPS system to react to an actual attack event.
 

 5. 

To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive.
 

 6. 

A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers.
 

 7. 

Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing.
 

 8. 

IDPS responses can be classified as active or passive.
 

 9. 

An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message.
 

 10. 

The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus.
 

 11. 

. Intrusion detection and prevention systems can deal effectively with switched networks.
 

 12. 

A fully distributed IDPS control strategy is an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component..
 

 13. 

Your organization’s operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems.
 

 14. 

All IDPS vendors target users with the same levels of technical and security expertise.
 

 15. 

To assist in the footprint intelligence collection process, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses.
 

 16. 

Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard.
 

 17. 

HIDPSs are also known as system integrity verifiers.
 

 18. 

A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered.
 

 19. 

An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS.
 

 20. 

A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches.
 

 21. 

Administrators who are wary of using the same tools that attackers use should remember that most organizations prohibit use of open source or freeware software tools.
 

 22. 

Intrusion detection and prevention systems perform monitoring and analysis of system events and user behaviors.
 

 23. 

A HIDPS can monitor systems logs for predefined events.
 

 24. 

The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal.
 

 25. 

Security tools that go beyond routine intrusion detection include honeypots, honeynets and padded cell systems.
 

 26. 

The S-HTTP security solution provides six services: authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, and key management.
 

 27. 

Secure Electronic Transactions was developed by MasterCard and VISA in 1997 to protect against electronic payment fraud.
 

 28. 

A cryptovariable is a value representing the application of a hash algorithm on a message.
 

 29. 

The asymmetric encryption systems use a single key to both encrypt and decrypt a message.
 

 30. 

Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny.
 

 31. 

Bluetooth is a de facto industry standard for short-range wireless communications between devices.
 

 32. 

A brute force function is a mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity.
 

 33. 

The permutation cipher simply rearranges the values within a block to create the ciphertext.
 

 34. 

You cannot combine the XOR operation with a block cipher operation.
 

 35. 

The encapsulating security payload protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.
 

 36. 

In 1917, Gilbert S.Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key.
 

 37. 

PKI systems are based on public key cryptosystems and include digital certificates and certificate authorities.
 

 38. 

In addition to being credited with inventing a substitution cipher, Julius Caesar was associated with an early version of the transposition cipher.
 

 39. 

Sequence encryption is a series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts it using different keys and sends it to the next neighbor, and this process continues until the message reaches the final destination.
 

 40. 

When an asymmetric cryptographic process uses the sender’s private key to encrypt a message, the sender’s public key must be used to decrypt the message.
 

 41. 

3DES was created to offer the same strength as the DES algorithm but ran three times as fast, thus saving time.
 

 42. 

The most common hybrid system is based on the Diffie-Hellman key exchange, which is a method for exchanging private keys using public key encryption.
 

 43. 

The AES algorithm was the first public key encryption algorithm to use a 256 bit key length.
 

 44. 

Steganography is a data hiding method that involves embedding information within other files, such as digital pictures or other images.
 

 45. 

One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message.
 

 46. 

SSL builds on the encoding format of the Multipurpose Internet Mail Extensions protocol and uses digital signatures based on public key cryptosystems to secure e-mail.
 

 47. 

Usually, as the length of a crytpovariable increases, the number of random guesses that have to be made in order to break the code is reduced.
 

 48. 

Common implementations of a Registration Authority (RA) include functions to issue digital certificates to users and servers.
 

 49. 

Hashing functions require the use of keys.
 

 50. 

Internet Protocol Security (IPSec) is an open-source protocol framework for security development within the TCP/IP family of protocol.
 

Multiple Choice
Identify the choice that best completes the statement or answers the question.
 

 51. 

. Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________.
a.
port knocking
c.
footprinting
b.
doorknob rattling
d.
fingerprinting
 

 52. 

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.
a.
LFM
c.
AppIDPS
b.
stat IDPS
d.
HIDPS
 

 53. 

Which of the following is NOT a described IDPS control strategy?
a.
centralized
c.
partially distributed
b.
fully distributed
d.
decentralized
 

 54. 

Which of the following ports is commonly used for the HTTP protocol?
a.
20
c.
53
b.
25
d.
80
 

 55. 

A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.
a.
packet scanner
c.
honey pot
b.
packet sniffer
d.
honey packet
 

 56. 

A(n) __________ is an event that triggers an alarm when no actual attack is in progress.
a.
false neutral
c.
false negative
b.
false attack stimulus
d.
noise
 

 57. 

To use a packet sniffer legally, the administrator must __________.
a.
be on a network that the organization owns
c.
have knowledge and consent of the content’s creators
b.
be under direct authorization of the network’s owners
d.
all of the above
 

 58. 

__________ is the process of classifying IDPS alerts so that they can be more effectively managed.
a.
Alarm filtering
c.
Alarm compaction
b.
Alarm clustering
d.
Alarm attenuation
 

 59. 

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
a.
Honeynet
c.
HIDPS
b.
Trap and trace
d.
Packet Sniffer
 

 60. 

Network Behavior Analysis system __________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
a.
inline
c.
passive
b.
offline
d.
bypass
 

 61. 

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.
a.
vulnerabilities
c.
signatures
b.
fingerprints
d.
footprints
 

 62. 

A(n) __________ IDPS is focused on protecting network information assets.
a.
network-based
c.
application-based
b.
host-based
d.
server-based
 

 63. 

 __________ are decoy systems designed to lure potential attackers away from critical systems.
a.
Honeypots
c.
Wasp Nests
b.
Bastion Hosts
d.
Designated Targets
 

 64. 

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.
a.
prevention
c.
detection
b.
reaction
d.
correction
 

 65. 

Most network behavior analysis system sensors can be deployed in __________ mode only, using the same connection methods as network-based IDPSs.
a.
passive
c.
reactive
b.
active
d.
dynamic
 

 66. 

In TCP/IP networking, port __________ is not used
a.
0
c.
13
b.
1
d.
1023
 

 67. 

__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.
a.
Buzz
c.
Spike
b.
Fuzz
d.
Black
 

 68. 

__________ is the action of luring an individual into committing a crime to get a conviction.
a.
Entrapment
c.
Intrusion
b.
Enticement
d.
Padding
 

 69. 

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.
a.
passive
c.
active
b.
aggressive
d.
secret
 

 70. 

A __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.
a.
NIDPS
c.
DPS
b.
SPAN
d.
IDSE
 

 71. 

__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
a.
NIDPSs
c.
AppIDPSs
b.
HIDPSs
d.
SIDPSs
 

 72. 

The ability to detect a target computer’s __________ is very valuable to an attacker.
a.
manufacturer
c.
peripherals
b.
operating system 
d.
BIOS
 

 73. 

__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
a.
NIDPSs
c.
AppIDPSs
b.
HIDPSs
d.
SIDPSs
 

 74. 

Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment.
a.
aggressive
c.
destructive
b.
divisive
d.
disruptive
 

 75. 

A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.
a.
IDPS
c.
UDP
b.
WiFi
d.
DoS
 

 76. 

 __________ are encrypted messages that can be mathematically proven to be authentic.
a.
Digital signatures
c.
Message certificates
b.
MAC
d.
Message digests
 

 77. 

__________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.
a.
Password
c.
Key
b.
Cipher
d.
Passphrase
 

 78. 

__________ is the entire range of values that can possibly be used to construct an individual key.
a.
Code
c.
Algorithm
b.
Keyspace
d.
Cryptogram
 

 79. 

__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.
a.
MAC
c.
DES
b.
PKI
d.
AES
 

 80. 

More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.
a.
multialphabetic
c.
polyalphabetic
b.
monoalphabetic
d.
polynomic
 

 81. 

__________ is the current federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure.
a.
DES
c.
AES
b.
2DES
d.
3DES
 

 82. 

The __________ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.
a.
ESP
c.
HA
b.
AH
d.
SEP
 

 83. 

The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
a.
Standard HTTP
c.
S-HTTP
b.
SFTP
d.
SSL Record Protocol
 

 84. 

__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet.
a.
PEM
c.
IPSec
b.
SSH
d.
SET
 

 85. 

_________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.
a.
PGP
c.
AH
b.
DES
d.
ESP
 

 86. 

SHA-1 produces a(n) ___________-bit message digest, which can then be used as an input to a digital signature algorithm.
a.
48
c.
160
b.
56
d.
256
 

 87. 

Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version.
a.
timing matrix
c.
rainbow table
b.
agile scrum
d.
smurf list
 

 88. 

Key__________ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
a.
Hash
c.
Key
b.
Map
d.
Encription
 

 89. 

__________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.
a.
Code
c.
Key
b.
Algorithm
d.
Work factor
 

 90. 

Digital signatures should be created using processes and products that are based on the __________.
a.
DSS
c.
SSL
b.
NIST
d.
HTTPS
 

 91. 

At the World Championships in Athletics in Helsinki in August of 2005, a virus called Cabir infected dozens of __________, the first time this occurred in a public setting.
a.
Ipad tablets
c.
WiFi routers
b.
Bluetooth mobile phones
d.
laptop Macintosh computers
 

 92. 

Bit stream methods commonly use algorithm functions like the exclusive OR operation (__________).
a.
XOR
c.
NOR
b.
EOR
d.
OR
 

 93. 

__________ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding.
a.
PEM
c.
S/MIME
b.
PGP
d.
SSL
 

 94. 

An X.509 v3 certificate binds a ___________, which uniquely identifies a certificate entity, to a user’s public key.
a.
message digest
c.
distinguished name
b.
fingerprint
d.
digital signature
 

 95. 

The CA periodically distributes a(n) _________ to all users that identifies all revoked certificates.
a.
CRL
c.
MAC
b.
RA
d.
RDL
 

 96. 

A __________ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
a.
signature
c.
fingerprint
b.
MAC
d.
digest
 

 97. 

__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
a.
Encryption
c.
Cryptology
b.
Decryption
d.
Cryptography
 

 98. 

A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption.
a.
asymmetric
c.
public
b.
symmetric
d.
private
 

 99. 

The __________ algorithm, developed in 1977, was the first public key encryption algorithm published for commercial use.
a.
DES
c.
MAC
b.
RSA
d.
AES
 

 100. 

DES uses a(n) ___________-bit block size.
a.
32
c.
128
b.
64
d.
256
 



 
         Start Over