Chapter 6

Question 1 Telnet protocol packets usually go to TCP port ____. Answer a. 7 b. 8 c. 14 d. 23 4 points Question 2 Which of the following is a valid version of TACACS? Answer a. TACACS+ b. Extended TACACS c. TACACS d. All of the above 4 points Question 3 The ____ is an intermediate area between a trusted network and an untrusted network. Answer a. domain

b. DMZ c. perimeter d. firewall 4 points Question 4 The dominant architecture used to secure network access today is the ____ firewall. Answer a. bastion b. static c. screened subnet d. unlimited 4 points Question 5 Kerberos ____ provides tickets to clients who request services. Answer a. TGS b. KDS c. VPN d. AS 4 points Question 6 In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____. Answer

a. VPN b. PAC c. ECMA d. ticket 4 points Question 7 ____ inspection firewalls keep track of each network connection between internal and external systems. Answer a. Stateful b. Stateless c. Static d. Dynamic 4 points Question 8 Firewalls fall into ____ major processing-mode categories. Answer a. two b. three c. four d. five 4 points Question 9 In most common implementation models, the content filter has two components: ____.

Answer a. rating and filtering b. encryption and decryption c. rating and decryption d. filtering and encoding 4 points Question 10 Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host. Answer a. sacrificial b. trusted c. single d. domain 4 points Question 11 In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____. Answer a. WANs b. MACs c. WAPs d. UDPs 4 points

Question 12 ____ is the protocol for handling TCP traffic through a proxy server. Answer a. HTTPS b. Telnet c. SOCKS d. FTP 4 points Question 13 ISA Server can use ____ technology. Answer a. RAS b. PNP c. Point to Point Tunneling Protocol d. All of the above 4 points Question 14 The restrictions most commonly implemented in packet-filtering firewalls are based on ____. Answer a. IP source and destination address b. Direction (inbound or outbound) c. TCP or UDP source and destination port requests

d. All of the above 4 points Question 15 ____ and TACACS are systems that authenticate the credentials of users who are trying to access an organizations network via a dial-up connection. Answer a. IPSEC b. TUNMAN c. RADIAL d. RADIUS 4 points Question 16 A(n) ____ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. Answer a. VPN b. KERBES c. SESAME d. SVPN 4 points Question 17 The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone. Answer a. cold

b. hot c. fully trusted d. demilitarized 4 points Question 18 In ____ mode, the data within an IP packet is encrypted, but the header information is not. Answer a. symmetric b. public c. tunnel d. transport 4 points Question 19 The application gateway is also known as a(n) ____. Answer a. application-level firewall b. proxy firewall c. client firewall d. All of the above 4 points Question 20 ____ generates and issues session keys in Kerberos. Answer

a. KDC b. TGS c. VPN d. AS 4 points Question 21 ____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. Answer a. Packet-filtering b. MAC layer firewalls c. Application gateways d. Circuit gateways 4 points Question 22 ICMP uses port ____ to request a response to a query and can be the first indicator of a malicious attack. Answer a. 4 b. 7 c. 8 d. 48 4 points Question 23

____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. Answer a. MAC layer b. Application gateways c. Packet filtering d. Circuit gateway 4 points Question 24 A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event. Answer a. stateless b. stateful c. dynamic d. static 4 points Question 25 ____ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall. Answer a. Stateless b. Stateful c. Dynamic

d. Static 4 points

Chapter 7

Question 1
4 out of 4 points

____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. Answer Selected Answer: c. Biometric access control

Question 2
4 out of 4 points

____ are decoy systems designed to lure potential attackers away from critical systems. Answer Selected Answer: a. Honeypots

Question 3
4 out of 4 points

In TCP/IP networking, port ____ is not used. Answer Selected Answer: a. 0

Question 4
4 out of 4 points

Which of the following ports is commonly used for the HTTP protocol? Answer Selected Answer: d. 80

Question 5
4 out of 4 points

The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. Answer Selected Answer: c. CER

Question 6
4 out of 4 points

____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. Answer Selected Answer: d. SPAN

Question 7
4 out of 4 points

____ is the process of classifying IDPS alerts so that they can be more effectively managed. Answer Selected Answer: b. Alarm filtering

Question 8
4 out of 4 points

____ is an event that triggers an alarm when no actual attack is in progress. Answer Selected Answer: a. False Attack Stimulus

Question 9
4 out of 4 points

A(n) ____ is a network tool that collects copies of packets from the network and analyzes them. Answer Selected Answer: b. packet sniffer

Question 10
4 out of 4 points

A(n) ____ is a proposed systems user. Answer Selected Answer: c. supplicant

Question 11
4 out of 4 points

Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs. Answer Selected Answer: c. passive

Question 12
4 out of 4 points

____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files. Answer Selected Answer: a. HIDPSs

Question 13
4 out of 4 points

A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. Answer Selected Answer: b. IDS

Question 14
4 out of 4 points

____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. Answer Selected Answer: c. Fuzz

Question 15
4 out of 4 points

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. Answer Selected Answer: b. signatures

Question 16
4 out of 4 points

IDPS researchers have used padded cell and honeypot systems since the late ____. Answer Selected Answer: c. 1980s

Question 17
4 out of 4 points

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. Answer Selected Answer: d. fingerprinting

Question 18
4 out of 4 points

Among all possible biometrics, ____ is(are) considered truly unique. Answer Selected Answer: d. All of the above

Question 19
4 out of 4 points

____ is the action of luring an individual into committing a crime to get a conviction. Answer Selected Answer: b. Entrapment

Question 20

4 out of 4 points

____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. Answer Selected Answer: c. Inline

Question 21
4 out of 4 points

Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. Answer Selected Answer: a. correction

Question 22
4 out of 4 points

____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. Answer Selected Answer: a. NIDPSs

Question 23
4 out of 4 points

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. Answer Selected Answer: d. Trap and trace

Question 24
4 out of 4 points

A(n) ____ IDPS is focused on protecting network information assets. Answer Selected Answer: d. network-based

Question 25
4 out of 4 points

Using ____, the system reviews the log files generated by servers, network devices, and even other IDPSs. Answer Selected Answer: d. LFM
Wednesday, March 14, 2012 10:27:14 PM CDT

Chapter 8

Question 1 The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication. Answer a. AH b. SEP c. ESP d. HA 4 points Question 2 A method of encryption that requires the same secret key to encipher and decipher the message is known as ____ encryption. Answer

a. public b. asymmetric c. private d. symmetric 4 points Question 3 ____ is a federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure. Answer a. 3DES b. 2DES c. AES d. DES 4 points Question 4 ____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. Answer a. Hash b. Encryption c. Key d. Map 4 points

Question 5 An X.509 v3 certificate binds a _____, which uniquely identifies a certificate entity, to a users public key. Answer a. fingerprint b. distinguished name c. digital signature d. message digest 4 points Question 6 ____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem. Answer a. Dictionary b. Man-in-the-middle c. Correlation d. Timing 4 points Question 7 A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. Answer a. digest b. signature

c. fingerprint d. MAC 4 points Question 8 The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. Answer a. SFTP b. Standard HTTP c. S-HTTP d. SSL Record Protocol 4 points Question 9 More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions. Answer a. monoalphabetic b. polyalphabetic c. multialphabetic d. polynomic 4 points Question 10 In a ____ attack, the attacker eavesdrops during the victims session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information.

Answer a. timing b. correlation c. replay d. dictionary 4 points Question 11 ____ is the process of converting an original message into a form that is unreadable to unauthorized individuals. Answer a. Decryption b. Encryption c. Cryptography d. Cryptology 4 points Question 12 Bit stream methods commonly use algorithm functions like the exclusive OR operation (_____). Answer a. EOR b. NOR c. XOR d. OR 4 points

Question 13 ____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. Answer a. AH b. PGP c. DES d. ESP 4 points Question 14 Digital signatures should be created using processes and products that are based on the ____. Answer a. NIST b. HTTPS c. SSL d. DSS 4 points Question 15 ____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown. Answer a. Work factor b. Code

c. Key d. Algorithm 4 points Question 16 ____ are encrypted messages that can be mathematically proven to be authentic. Answer a. Message digests b. Digital signatures c. Message certificates d. MAC 4 points Question 17 The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use. Answer a. MAC b. RSA c. DES d. AES 4 points Question 18 The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates. Answer

a. MAC b. RA c. AES d. CRL 4 points Question 19 ____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. Answer a. DES b. MAC c. PKI d. AES 4 points Question 20 SHA-1 produces a(n) _____-bit message digest, which can then be used as an input to a digital signature algorithm. Answer a. 48 b. 56 c. 160 d. 256 4 points

Question 21 ____ is the entire range of values that can possibly be used to construct an individual key. Answer a. Keyspace b. Algorithm c. Code d. Cryptogram 4 points Question 22 ____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding. Answer a. S/MIME b. PEM c. SSL d. PGP 4 points Question 23 ____ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. Answer a. Password b. Cipher c. Passphrase

d. Key 4 points Question 24 ____ is the protocol used to secure communications across any IP-based network such as LANs, WANs, and the Internet. Answer a. PEM b. SET c. SSH d. IPSec 4 points Question 25 DES uses a(n) _____-bit block size. Answer a. 32 b. 64 c. 128 d. 256

Chapter 9

Question 1 Computing and other electrical equipment in areas where water can accumulate must be uniquely grounded, using ____ equipment. Answer a. HVAC b. UPS c. ESD d. GFCI 4 points Question 2 Locks can be divided into four categories based on the triggering process: manual, programmable, electronic, and biometric. True False 4 points Question 3 Interior walls reach only part way to the next floor, which leaves a space above the ceiling of the offices but below the top of the storey. This space is called a(n) ____. Answer a. padding b. kneespace c. plenum

d. attic 4 points Question 4 ____ sensors work when two contacts are connected as, for example, when a foot steps on a pressuresensitive pad under a rug, or a window being opened triggers a pin-and-spring sensor. Answer a. Pressure b. Movement c. Motion d. Contact and weight 4 points Question 5 UPS devices typically run up to ____ VA. Answer a. 100 b. 250 c. 500 d. 1,000 4 points Question 6 One of the leading causes of damage to sensitive circuitry is ____. Answer a. ESD

b. CPU c. HVAC d. EPA 4 points Question 7 Class ____ fires are extinguished with non-conducting agents only. Answer a. A b. B c. C d. D 4 points Question 8 Electronic monitoring includes ____ systems. Answer a. blocked video b. local video c. closed-circuit television d. open-circuit television 4 points Question 9 A device that assures the delivery of electric power without interruption is a(n) ____. Answer

a. HVAC b. UPS c. GPS d. GFCI 4 points Question 10 Fire ____ systems are devices installed and maintained to detect and respond to a fire, potential fire, or combustion danger situation. Answer a. prevention b. detection c. protection d. suppression 4 points Question 11 The most sophisticated locks are ____ locks. Answer a. manual b. programmable c. biometric d. electronic 4 points Question 12

A ____ system is designed to work in areas where electrical equipment is used. Instead of containing water, the system contains pressurized air. Answer a. sprinkler b. dry-pipe c. wet-pipe d. deluge 4 points Question 13 Most guards have clear ____ that help them to act decisively in unfamiliar situations. Answer a. SOPs b. POSs c. OPSs d. MACs 4 points Question 14 When the lock of a door fails and the door becomes unlocked, it is classified as a fail-secure lock. True False 4 points Question 15 In general, ESD damage to chips produces two types of failures: immediate and latent.

True False 4 points Question 16 In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time. Answer a. rate-of-rise b. fixed rate c. permanent temperature d. fixed temperature 4 points Question 17 ____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter. Answer a. Crowdsurfing b. Tailgating c. Hitchhiking d. Freeloading 4 points Question 18 ____ sensors project and detect an infrared beam across an area. Answer

a. Smoke b. Thermal c. Photoelectric d. Air-aspirating 4 points Question 19 Keycard readers based on smart cards are often used to secure computer rooms, communications closets, and other restricted areas. True False 4 points Question 20 ____ involves a wide variety of computing sites that are distant from the base organizational facility and includes all forms of telecommuting. Answer a. Remote site computing b. Hot site computing c. Telecommuting d. Remote working 4 points Question 21 In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters. Answer

a. offline b. true online c. ferroresonant d. line-interactive 4 points Question 22 Class ____ fires are extinguished by agents that remove oxygen from the fire. Answer a. A b. B c. C d. D 4 points Question 23 ____ locks can be changed after they are put in service, allowing for combination or key changes without a locksmith and even allowing the owner to change to another access method (key or combination) to upgrade security. Answer a. Manual b. Programmable c. Biometric d. Electronic 4 points Question 24

Fire detection systems fall into two general categories: manual and electrical. True False 4 points Question 25 ____ sprinklers are the newest form of sprinkler systems and rely on ultra-fine mists instead of traditional shower-type systems. Answer a. Water mist b. Pre-action c. Air-dry d. Water-free 4 points

Chapter 10

Question 1
4 out of 4 points

The parallel implementation works well when an isolated group can serve as the guinea pig, which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole. Answer Selected Answer: False

Question 2
4 out of 4 points

By managing the ____, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.

Answer Selected Answer: c. process of change

Question 3
4 out of 4 points

The ____ layer of the bull's-eye model receives attention last. Answer Selected Answer: c. Applications

Question 4
4 out of 4 points

A ____ is usually the best approach to security project implementation. Answer Selected Answer: c. phased implementation

Question 5
4 out of 4 points

The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future. Answer Selected Answer: b. wrap-up

Question 6
4 out of 4 points

Some cases of ____ are simple, such as requiring employees to use a new password beginning on an announced date. Answer Selected Answer: c. direct changeover

Question 7
4 out of 4 points

The Lewin change model consists of ____.

Answer Selected Answer: d. All of the above

Question 8
4 out of 4 points

The ____ methodology has been used by many organizations, requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. Answer Selected Answer: b. bulls-eye

Question 9
4 out of 4 points

The task of creating a project plan is often assigned to either a project manager or the project leader. Answer Selected Answer: False

Question 10
4 out of 4 points

A task or subtask becomes an action step when it can be completed by one individual or skill set and when it includes a single deliverable. Answer Selected Answer: True

Question 11
4 out of 4 points

The ____ involves collecting information about an organizations objectives, its technical architecture, and its information security environment. Answer Selected Answer: a. SecSDLC

Question 12
4 out of 4 points

A(n) ____, typically prepared in the analysis phase of the SecSDLC, must be reviewed and

verified prior to the development of the project plan. Answer Selected Answer: d. CBA

Question 13
4 out of 4 points

Project managers can reduce resistance to change by involving employees in the project plan. In systems development, this is referred to as ____. Answer Selected Answer: b. JAD

Question 14
4 out of 4 points

The security systems implementation life cycle is a process for collecting information about an organizations objectives, its technical architecture, and its information security environment. Answer Selected Answer: True

Question 15
4 out of 4 points

The ____ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems. Answer Selected Answer: c. Systems

Question 16
4 out of 4 points

In the ____ process, measured results are compared to expected results. Answer Selected Answer: d. negative feedback loop

Question 17
4 out of 4 points

____ is a simple planning tool. Answer Selected Answer: b. WBS

Question 18
4 out of 4 points

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the systems bugs are worked out. Answer Selected Answer: True

Question 19
4 out of 4 points

The ____ level of the bulls-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate, it enables all other information security components to function correctly. Answer Selected Answer: d.

Policies

Question 20
4 out of 4 points

If the task is to write firewall specifications for the preparation of a(n) ____, the planner would note that the deliverable is a specification document suitable for distribution to vendors. Answer Selected Answer: c.

RFP

Question 21
4 out of 4 points

Public organizations often have ____ to spend all their remaining funds before the end of the fiscal year. Answer Selected Answer: d.

end-of-fiscal-year spend-a-thons

Question 22
4 out of 4 points

In a ____ implementation, the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization. Answer Selected Answer: a. pilot

Question 23
4 out of 4 points

Technology ____ guides how frequently technical systems are updated, and how technical updates are approved and funded. Answer Selected Answer: b. governance

Question 24
4 out of 4 points

The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete. Answer Selected Answer: a. milestone

Question 25
4 out of 4 points

Tasks or action steps that come after the task at hand are called ____. Answer Selected Answer: c. successors
Friday, March 16, 2012 11:08:44 AM CDT
OK