logo image

N_S Final

Page: 286 Hiding an object, such as a diary, to prevent others from finding it is an example of
Security through Obscurity
Page: 287 An algorithm is a type of
Page: 288 An encryption algorithm that uses the same key for both encryption and decryption is
Page: 289 The type of cipher that rearranges the text of a message is called
Page: 290 To use symmetric cryptography, the sender and receiver must share
a secret key
Page: 296-297 The Enigma was
a rotor machine
Page: 300 Gilbert Vernam’s bit combination operation for encrypting digital teletype transfer is now referred to as
exclusive or (xor)
Page: 287 The encryption procedure requires two inputs
a key
Page: 288 The decryption procedure requires two inputs
a key
Page: 306-307 A one-time pad
uses a random stream of bits for its key stream
is theoretically impossible to crack
Page: 326 A cryptonet
is two or more people or share an encryption key
Page: 328 The following are common ways to handle new encryption keys except
transfer them via instant messenger
Page: 329 A file encryption program
truncates a passphrase that is too long
Page: 329-330 An Advanced Encryption Standard (AES) key may not be
16 bits in length
Page: 332 When encrypting a file, a fully punctuated passphrase should have a minimum of ____ characters
Page: 338 Encrypting an encryption key using a passphrase is called
key wrapping
Page: 348 Using the Diffie-Hellman algorithm
both participants in the exchange must have a public/private key pair
Page: 351 In a Diffie-Hellman calculation using P=g^s mod N, s is
the private key value
Page: 368 Digital signatures are often used to provide
Page: 370 A public-key certificate generally does not contain
a private key
Page: 327-328 You should rekey an encryption key
when a key is leaked to unauthorized parties
when some major event occurs, such as a major new version of the file that the key protects
more often on larger cryptonets
Page: 335-336 To avoid problems with reused encryption keys, you can
change the internal key
combine the key with a nonce
Page: 361 A successful bit-flipping attack requires
a stream cipher
knowledge of the exact contents of the plaintext
Page: 366-367 When encrypting a one-way hash or a secret encryption key with RSA, you must encrypt a value that contains more bits than the public key’s N value. You can accomplish this by
padding the hash value with additional, randomly generated data
using a sufficiently large hash value
Page: 369-370 Strategies for preventing man-in-the-middle attacks include
restrict distribution of public keys so that only authorized people get them

publish individual keys widely so that people can double check their copies

use public-key certificates

Page: 384 Encryption can help protect volumes in the following situations except
to prevent physical damage to a hard drive
Page: 387 Access control protects data on a computer against
hostile users
Page: 387 File encryption protects data on a computer against the following except
Trojan crypto
Page: 387 Volume encryption protects data on a computer against
Page: 390 When encrypting data with a block cipher, each repetition is called
a round
Page: 399 The following are best practices or proper recommendations for choosing an encryption algorithm except
use DES if at all possible
Page: 400 A shortcoming of block ciphers is
encrypting data that has block-sized patterns
Page: 420 A self-encrypting drive locks data on the hard disk by
erasing the encryption key when the drive is unplugged or reset
Page: 425 The following are properties of persistent key storage except
it uses volatile storage
Page: 383 A volume can be
a single drive partition
a removable USB drive
an entire hard drive
Page: 385-386 You can clean data from a hard drive by
deleting personal files and emptying the trash
reformatting the hard drive
running a disk wipe program
physically damaging the hard drive so it can’t be read
Page: 402-408 Stream cipher modes include
output feedback (OFB)
cipher feedback (CFB)
Page: 387, 418 Volume encryption risks include
untrustworthy encryption
leaking the plaintext
Page: 440 A rootkit is
software that hides on a computer and provides a back door for an attacker
Page: 441 To launch a distributed denial of service (DDOS) attack, an attacker often uses
a botnet
Page: 448-449 An advantage of packet switching is
parallel transmission
Page: 452 Another term for “maximum data rate” is
Page: 463-464 To see a list of MAC addresses on a Windows-based network
issue the ipconfig /all command
Page: 466 In a wireless transmission, a host first sends a
a RTS message
Page: 459 Primary forms of Ethernet media include the following except
Page: 444 Three strategies for sending data across a network are
message switching
circuit switching
packet switching
Page: 454 A basic network packet contains
a header
a checksum
Page: 462 A MAC address
must be unique on a network
is associated with a network interface
Page: 483-484 A disadvantage of a point-to-point network is
no broadcasting
Page: 485-486 A disadvantage of a star network is
Page: 487 An advantage of a bus network is
no routing
Page: 489A disadvantage of a tree network is
address-based size limits
Page: 490-491 A disadvantage of a mesh network is
Page: 492 Modern internet technology evolved from research on
Page: 493 Packet addressing and routing on the Internet rely entirely on
IP addresses
Page: 501 A major obstacle to becoming an ISP today is
the shortage of Internet addresses
Page: 502 The well-known port number 80 is used for
the World Wide Web
Page: 504 is an example of
an IPv4 address
Page: 508 1111 1111 – 1111 1111 – 1111 0000 – 0000 0000 is an example of
a binary network mask
Page: 511 The element that automatically assigns IP addresses to LAN hosts is
Dynamic Host Configuration Protocol (DHCP)
Page: 512-514 A tool that captures packets on a network and helps you analyze the packets is
Page: 533 An attack in which one or more hosts conspire to inundate a victim with ping requests is called a
ping flood
Page: 535 An attack that forges the sender’s IP address is called
an IP spoofing attack
Page: 535 On the Internet, the entity that looks up a domain name and retrieves information about it is the
Domain Name System (DNS)
Page: 537 In the Web site address www.stthomas.edu, the top-level domain is
Page: 540 Issuing the nslookup command along with a domain name displays
the corresponding IP address
Page: 542 To resolve a domain name on the Internet, the DNS resolver first contacts
the root DNS server
Page: 544 The whois database provides the following information except
the annual cost to rent the domain name
Page: 553 Packet filtering looks at any packet header and filters on these values except
number of addresses
Page: 529 The TCP fields that help ensure reliable transmission of data by keeping track of the number of bytes sent and received are
Sequence number
Acknowledgment number
Page: 530 TCP connections go through three stages
Page: 547 DNS security improvements include
randomized requests
distributed DNS servers
limited access to resolvers
Page: 550-551 A network address translation (NAT) gateway rewrites an outbound packet’s header to refer to
the gateway’s global IP address
the gateway’s chosen port number
Page: 569 Confidential company information that would give competitors a commercial advantage if leaked is called
a trade secret
Page: 570 Rules that restrict certain types of information to specific groups within a company are categorized as
need to know
Page: 573 Two-person or multiperson control in important transactions helps to reduce the risk of
insider threats
Page: 580-581 A typical profit center in an enterprise is
a product line
Page: 583-584 A qualified security assessor (QSA) performs audits to check adherence to
PCI-DSS requirements
Page: 593 An uninterruptable power system (UPS)
provides backup power to computing systems during a power outage
Page: 597 The software-based access control that identifies data items that require different types of protection is
internal security labeling
Page: 606 Off-line authentication
relies on public-key certificates
Page: 610 An image backup
is a bit-by-bit copy of one mass storage device to another
Page: 612 The phases of a large-scale attack on an enterprise network or systems include the following except
Page: 568 In an enterprise, successful information security strikes a balance between three separate elements
Objectives of the enterprise
Costs of security measures
Page: 575 Management processes that help build security in an enterprise are
written policies and procedures
delegation through a management hierarchy
auditing and review
Page: 590 Decommissioning an ex-employee’s resources may include
changing passwords
retrieving physical keys
revoking access to computer and network resources
Page: 623, 661 The latest protocol that effectively protects 802.11 wireless traffic across a LAN is
Wireless Protected Access Version 2
Page: 624 Virtual private networking is used primarily for encrypting
connection across the Internet through which they may exchange packets securely
Page: 625 Secure Sockets Layer (SSL) has been replaced by
Transport Layer Security
Page: 642 Encrypting “above the stack”
network transparency
Page: 648-649 In an SSL data packet, the field that indicates whether the packet carries data, an alert message, or is negotiating the encryption key is
content type
Page: 650-651 Secure Sockets Layer (SSL)
Page: 651 The principal application of IPsec is
Virtual Private Network
Page: 656 Encapsulating Security Payload (ESP) does not work with
Page: 657 The protocol that establishes security associations (SAs) between a pair of hosts is
Internet Key Exchange Protocol
Page: 661 To provide both encryption and integrity protection, WPA2 uses AES encryption with
counter and CBC Mac (CCM) mode
Page: 641-642 Benefits of secret-key cryptography are
Computational resources are limited
User community is clearly identified ahead of time
Revocation must be timely and reliable
Small-user community
Page: 652 VPN clients may be
Mobile Client
Page: 653 The two primary components of IPsec are
Authentication using the Authentication Header (AH)
Encapsulation using the Encapsulating Security Payload (ESP)
Page: 680 Another term for an SMTP email server is
Message Transfer Agents (MATs)
Page: 684 DNS provides records to look up email servers. The records are called
mail exchange (MX) records
Page: 684 You can often determine that an email message is a forgery by examining the
Received Header
Page: 687 A email security problem that can be prevented from occurring is
Connection-based Attacks
Page: 694 Chain emails often result in
Page: 698 Firewalls use the following mechanisms to filter traffic except
Packet Filtering
Session Filtering
Application Filtering
Page: 698 Using content control to control Internet traffic, a gateway focuses on a packet’s
Application Data
Page: 706 A point of presence system that analyzes network traffic to detect leaking data is
Page: 679-680 Mailbox protocols include
Page: 700 Session filtering keeps track of session/connection states and filters on a packet’s
Page: 716 The language that’s the foundation of most Web pages is
Page: 717 The HTML tag that’s required to create a hyperlink is
Page: 726 The “trust but verify” maxim applies to the Web site usage management technique of
Page: 730 You are accessing an SSL-protected Web site, such as an online bank, and authentication fails. Your browser displays a message indicating why. The following is always an unsafe situation
Revoked certificate
Invalid digital signature
Page: 736 The Web address http://[email protected]/login.html is an example of
Misleading Syntax
Page: 741 ASPX is
ASP scripting extended to support Microsoft’s “.NET” network programming framework
Page: 746 Managing a website’s subject matter and files and constructing web pages can be accomplished with
Content Management System (CMS)
Page: 753 An attack that tricks a database management system into interpreting part of an entered password as an SQL expression is called
Password-Oriented Injection Attack
Page: 747 The acronym LAMP stands for the following except
Linux for the server’s operation system
Apache fro the web server software
MySQL for the database management system
PHP for the web-scripting language
Page: 741-742 Client-side scripts
appear as short procedures embedded in an HTML page.
Page: 773 In a security classification system, the level at which disclosure of information could cause exceptionally grave damage is
Top Secret
Page: 774 In a security classification system, NOFORN means
no foreign distribution
Page: 774 In a security classification system, a document labeled ORCON is controlled by
Page: 779 A security clearance may be refused if
An applicant may have a history or personal traits that place trustworthiness in doubt.
The applicant lies to investigators or tries to mislead them.
Page: 780 Additional classification controls such as sensitive compartmental information (SCI) are assigned to programs or data classified as
Top Secret
Page: 783-784 A black program
Page: 787 The Federal Information Security Management Act (FISMA) requires U.S. executive branch agencies to
Plan for security
Assign security responsibility to appropriate officials in the agency
Review information system security controls periodically
Explicitly authorize information systems to operate before they go into production and periodically reassess and reauthorize existing systems
Page: 787 The NIST Special Publication (SP) that establishes a six-step risk management framework is
NIST SP 800-37
Page: 796 Red/black separation is a common feature of crypto devices categorized as
Type 1
Page: 803, 805 TEMPEST is a code word assigned by the NSA to
Page: 776-777 In a security classification system, a document labeled FOUO
Indicates information that should not be released to the public or to the press.
Page: 811 The U.S. military policy for controlling nuclear weapons includes
Positive control: the weapons shall always be deployed when a legitimate order is given
Force surety (or “negative control”): The weapons shall never be deployed without a legitimate order.

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register
We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy