ET0522 NETWORK SECURITY SYSTEMS

Security Guide Network Security Fumdamentals

Chapter 1


(Note: there are total 400 question for the final exam which there are 200 provided over here as i do not have the enough time to upload all of them.) <50% of the question will come out during exam>
Additional 200 question i will send to your email account< another 50% will come out over here, total make up 100%>. sorry for any inconvenience cause.

1. Each of the following is a reason why it is difficult to defend against today’s attackers except _____________ .

A. speed of attacks
B. greater sophistication of attacks
C. complexity of attack tools
D. delays in patching hardware and work software products

2. A(n) _____ attack takes advantage of vulnerabilities that have not been previously revealed.

A. zero day
B. quick vulnerability assessment (QVA)
C. glamour
D. signature-based attack

3. _____ ensures that only authorized parties can view the information.

A. Availability
B. Integrity
C. Confidentiality
D. ICA

4. Each of the following is a successive layer in which information security is achieved except _________________.

A. products
B. people
C. procedures
D. Intrusion Wormhole Defense (IWD)

5. A(n) _____ is a person or thing that has the power to carry out a threat.

A. vulnerability
B. threat agent
C. exploit
D. risk factor

6. Each of the following is a goal of information security except __________.

A. Prevent data theft
B. Decrease user productivity
C. Avoid legal consequences
D. Foil cyberterrorism

7. The _____ requires that enterprises must guard protected health information and implement policies and procedures to safeguard it.

A. Health Insurance Portability and Accountability Act (HIPAA)
B. Sarbanes-Oxley Act (Sarbox)
C. Gramm-Leach-Bliley Act (GLBA)
D. Hospital Protection and Insurance Association Agreement (HPIAA)

8. Utility companies, telecommunications, and financial services are considered prime targets of _____ because attackers can significantly disrupt business and personal activities by destroying a few targets.

A. cyberterrorists
B. kiddie scripters
C. computer spies
D. blue hat hackers (BHH)

9. After an attacker probed a computer or network for information she would next ________.

A. modify security settings
B. penetrate any defenses
C. paralyze networks and devices
D. circulate to other systems

10. An organization that purchased security products from different vendors in case an attacker circumvented the Brand A device, yet would have more difficulty trying to break through a Brand B device because they are different, is an example of ________.

A. obscurity
B. layering
C. limiting
D. diversity

11. _____ is a superset of information security and includes security issues that do not involve computers.

A. Google reconnaissance
B. Risk security (RS)
C. Information assurance (IA)
D. Asset restriction (AR)

12. _____ attacks come from multiple sources instead of a single source.

A. Distributed
B. Isolated
C. Script resource malware (SRM)
D. Form resource

13. _____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.

A. Cybercriminals
B. Hackers
C. Spies
D. Script kiddies

14. Each of the following is a characteristic of cybercriminals except ________.

A. low motivation
B. less risk-averse
C. better funded
D. more tenacious

15. Each of the following is a characteristic of cybercrime except ________.

A. targeted attacks against financial networks
B. unauthorized access to information
C. theft of personal information
D. exclusive use of worms and viruses

16. An example of a(n) _____ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password

A. vulnerability
B. threat
C. threat agent
D. asset exploit (AE)

17. _____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper containing personally identifiable financial information.

A. California Savings and Loan Security Act (CS&LSA)
B. USA Patriot Act
C. Sarbanes-Oxley Act (Sarbox)
D. Gramm-Leach-Bliley Act (GLBA)

18. The term _____ is commonly used in a generic sense to identify anyone who illegally breaks into a computer system.

A. hacker
B. cyberterrorist
C. Internet Exploiter
D. cyberrogue

19. An example of _____would be not revealing the type of computer, operating system, software, and network connection a computer uses.

A. diversity
B. limiting
C. obscurity
D. layering

20. The _____ is primarily responsible for assessment, management, and implementation of security.

A. Chief Information Security Officer (CISO)
B. security manager
C. security administrator
D. security technician


Chapter 2

1. A(n) _____ is a program that secretly attaches itself to a carrier such as a document or program and then executes when that document is opened or program is launched.

A. virus
B. worm
C. rootkit
D. Trojan

2. The first action that a virus takes once it infects a computer is to

A. close all ports
B. erase the payload
C. authenticate
D. replicate

3. Each of the following is a different type of computer virus except

A. file infector virus
B. remote virus
C. resident virus
D. boot virus

4. A computer program that pretends to clean up a hard drive but actually performs a malicious activity is known as a(n)

A. Trojan
B. rootkit
C. worm
D. logic bomb

5. To remove a rootkit from a computer you should

A. erase all files in the WINNT folder
B. expand the Master Boot Record
C. reformat the hard drive and reinstall the operating system
D. flash the ROM BIOS

6. Each of the following could be a logic bomb except

A. Erase all data if John Smith’s name is removed from the list of employees
B. Reformat the hard drive three months after Susan Jones left the company
C. Send spam to all employees
D. If the company’s stock price drops below $10 then credit Jeff Brown with ten additional years of retirement credit

7. _____ is a technique used by spammers to horizontally separate words so they are not trapped by a filter yet can still be read by the human eye.

A. Word splitting
B. Word layering
C. Parsing
D. Speckling

8. _____ is an image spam that is divided into multiple images and each piece of the message is divided and then layered to create a complete and legible message.

A. GIF layering
B. word splitting
C. geometric variance
D. split painting

9. _____ is a general term used for describing software that violates a user’s personal security.

A. Spamware
B. Warezware
C. Adaware
D. Spyware

10. A(n) _____ is either a small hardware device or a program that monitors each keystroke a user types on the computer's keyboard.

A. keylogger
B. macro
C. script kiddie
D. port replicator

11. Attackers use _____ to remotely control zombies.

A. Google
B. e-mail
C. spam
D. Internet Relay Chat (IRC)

12. On modern computer systems the BIOS is stored on a _____ chip

A. Silver flash
B. Basic Output/Input
C. Programmable Read Only Memory (PROM)
D. Read Only Memory (ROM)

13. Each of the following is an advantage of a USB device except

A. slower speed
B. nonvolatile
C. better shock resistance
D. tolerates temperature extremes

14. _____ is a single, dedicated hard disk-based file storage device that provides centralized and consolidated disk storage that is available to users through a standard network connection.

A. Storage Area Network (SAN)
B. Network Attached Storage (NAS)
C. Attached Device Repository (ADR)
D. Network Data Pool (NDP)

15. Each of the following is an attack that can be used against cell phones except

A. Lure users to malicious websites
B. Infect the cell phone with malware
C. Attack other cell phone users
D. Turn off the cell phone

16. The ability to move a virtual machine from one physical computer to another with no impact on users is called ____.

A. server balancing
B. VLAN segmentation
C. hypervisor storage
D. live migration

17. The _____ is the software that runs on a physical computer and manages multiple virtual machine operating systems.

A. virtual resource allocator (VRA)
B. hypervisor
C. Microsoft Control Plug-in
D. hardware allocator

18. _____ is exploiting a vulnerability in the software to gain access to resources that the user would normally be restricted from obtaining.

A. Vulnerability assessment
B. Software threat release (STR)
C. Hardware virus
D. Privilege escalation

19. Each of the following is the reason why adware is scorned except

A. It displays objectionable content
B. It can cause a computer to crash or slowdown
C. It can interfere with a user’s productivity
D. It displays the attackers programming skills

20. An attacker who controls multiple zombies in a botnet is known as a(n)

A. Bot herder
B. Zombie shepherd
C. Rogue IRC
D. Cyber-Robot

Chapter 3

1. A(n) _____ is a general software security update intended to cover vulnerabilities that have been discovered.

A. service pack
B. hotfix
C. patch
D. critical update

2. Each of the following is an advantage of an automated patch update service except

A. Users can download the patch immediately when it is released
B. Bandwidth can be saved because each computer does not have to connect to an external server
C. Reports can be obtained regarding what updates each system needs
D. Users cannot circumvent updates

3. Attackers use buffer overflows to

A. point to another area in data memory that contains the attacker’s malware code
B. corrupt the kernel so the computer cannot reboot
C. place a virus into the kernel
D. erase buffer overflow signature files

4. The Windows application _____ will not allow code in the memory area to be executed.

A. Dynamic Memory Expansion Restriction (DMER)
B. Buffer Overflow Prevention (BOP)
C. Execute Bit (EXB)
D. Data Execution Prevention (DEP)

5. Each of the following is a step that most security organizations take to configure operating system protection except

A. Develop a security policy
B. Create configuration baselines
C. Create security templates
D. Deploy nX randomization

6. A cookie that was not created by the Web site that attempts to access it is called a(n)

A. first-party cookie
B. second-party cookie
C. third-party cookie
D. fourth-party cookie

7. _____ resides inside an HTML document

A. ActiveX
B. JavaScript
C. Java
D. Virtual Machine (VM)

8. A Java applet _____ is a barrier that surrounds the applet to keep it away from resources on the local computer.

A. fence
B. sandbox
C. playpen
D. Java Container Closed Object (JCCO)

9. Address Space Layout Randomization (ASLR) randomly assigns _____ to one of several possible locations in memory.

A. executable operating system code
B. xN bits
C. DEP
D. sockets

10. The TCP/IP protocol _____ handles outgoing mail.

A. Post Office Protocol (POP)
B. Simple Mail Transfer Protocol (SMTP)
C. IMAP4
D. Microsoft Mail Transport (MMT)

11. Instant Messaging (IM) connects two systems

A. through the IM server
B. directly without using a server
C. only in a remote chat session
D. using Internet Relay Chat (IRC)

12. With a(n) _____ network users do not search for a file but download advertised files.

A. BitTorrent
B. P2P
C. swarm
D. RCIP

13. Another name for antivirus definition files is

A. signature files
B. virus resource entities (VRE)
C. AV patches
D. SigDef

14. The preferred location for an spam filter is

A. on the SMTP server
B. on the POP3 server
C. integrated into the network firewall
D. on the DHCP client

15. A(n) _____ is a list of pre-approved e-mail addresses that the user will accept mail from.

A. blacklist
B. client access account (CAA)
C. whitelist
D. POP3 transfer list

16. Another name for a packet filter is a(n)

A. firewall
B. HIDS
C. SQL eliminator
D. SIDS

17. A(n) _____ works on the principle of comparing new behavior against normal behavior.

A. Host Intrusion Detection System (HIDS)
B. packet filter
C. Internet Resource Chat (IRC)
D. personal software firewall

18. A(n) _____ is a cumulative package of all security updates plus additional features.

A. service pack
B. update
C. update rollup
D. hotfix patch

19. A(n) _____ is a method to configure a suite of configuration baseline security settings.

A. security template
B. group policy
C. snap-out
D. Active Directory Planner

20. A(n) _____ is a program that does not come from a trusted source.

A. ActiveX Controller Entity
B. signed JavaScript application
C. JavaScript applet
D. unsigned Java applet

Chapter 4

1. A network tap____________________.

A. has been made obsolete by software protocol analyzers
B. is a separate device that can be installed between other network devices to monitor traffic
C. stands for “Technology Account Protocol” (TAP)
D. is the same as a wireless access point

2. Each of the following is a characteristic of a weak password except_________.

A. Using a common dictionary word
B. Using personally identifiable information
C. A password that is long
D. Recording the password on paper

3. A(n) _____ is an account on a device that is created automatically to aid in installation and should be deleted once that is completed.

A. default account
B. back door
C. User Installation Account (UIA)
D. privilege account

4. A(n) _____ attack attempts to consume network resources so that the devices cannot respond to legitimate requests.

A. system overflow
B. Denial of service
C. reverse ping
D. ARP spoofing

5. Wireless denial of service attacks are successful because wireless LANs use the protocol____________.

A. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
B. Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
C. time slot allocation (TSA)
D. implicit ACK frame acknowledgment protocol (IAFAP)

6. A man-in-the-middle attack_________________.

A. can be defeated by using the TCP/IP protocol
B. intercepts legitimate communication and forges a fictitious response
C. is only found on a wireless network
D. are always passive

7. The difference between a replay attack and a man-in-the-middle attack is________.

A. Replay attacks are always faster
B. A replay attack makes a copy of the transmission before sending it to the recipient
C. A man-in-the-middle attack can be prevented yet a replay attack cannot
D. Replay attacks are no longer used today

8. An example of an antiquated protocol that has been replaced by a more secure version is______________.

A. Simple Network Management Protocol (SNMP) Version 2
B. Address Resolution Protocol
C. Internet Protocol
D. ARPA

9. Where does the TCP/IP host table name system for a local device store a symbolic name to Internet Protocol address mappings?

A. On the Domain Name System (DNS) server
B. In a local hosts file
C. In the ARP cache
D. On a network file server

10. Attackers take advantage of Domain Name System _____ to send fraudulent DNS entries.

A. area requests
B. domain resource sharing (DRS)
C. Internet name system transfer protocol
D. zone transfers

11. A more secure version of the Berkeley Internet Name Domain software is______.

A. Total Secure Domain Name System Zone (TSDNSZ)
B. Secure BIND
C. MX Secure (MXS)
D. DNSSEC

12. _____ is used for Ethernet local area networks to resolve Internet Protocol addresses.

A. ARP
B. P2P
C. CCSIP
D. I4PR

13. An attack that takes advantage of the order of arrival of TCP packets is_______.

A. IP forwarding
B. FTP spoofing
C. IP resolution
D. TCP/IP hijacking

14. War driving exploits _____, which is the wireless access point sending out information about its presence and configuration settings.

A. scanning
B. beaconing
C. location frame stamping
D. SGP mapping

15. A group of Bluetooth piconets in which connections exist between different piconets is called a(n)__________.

A. scatternet
B. OPNET
C. double piconet (DP)
D. slavenet

16. _____ is the unauthorized access of information from a wireless device through a Bluetooth connection.

A. Blue jacking
B. Bluetooth snatching
C. Bluetooth spoofing
D. Blue snarfing

17. In a(n) _____ attack the attacker overflows a switch’s address table with fake media access control (MAC) addresses and makes the switch act like a hub, sending packets to all devices.

A. switch flooding
B. MAC ARP impersonation
C. Address Domain Resolution (ADR)
D. switch advertisement

18. A back door can be created by each of the following except______________.

A. a programmer of the software on the device
B. a virus
C. spam
D. a Trojan horse

19. Using _____, an attacker attempts to gather information to map the entire internal network of the organization supporting the DNS server.

A. DNS transfer
B. DNS spoofing
C. Zone transfer imaging (ZTI)
D. Name resolution spoofing

20. Each of the following could be the result of an ARP poisoning attack except________.

A. Change entries in a DNS zone transfer table
B. Steal data intended for another device
C. Force a switch to revert to a hub
D. Prevent Internet access to users on a network

Chapter 5

1. Subnetting ____________________.

A. splits the network IP address on the boundaries between bytes
B. is also called subnet addressing
C. provides very limited security protection
D. requires the use of a Class C network

2. A virtual LAN (VLAN) allows devices to be grouped _____________.

A. logically
B. based on subnets
C. only around core switches
D. directly to routers

3. Convergence combines voice, data, and video traffic ____________.

A. over a single IP network
B. through hubs
C. one stream at a time
D. only on wireless networks

4. Each of the following is a convergence security vulnerability except __________.

A. convergence resource attacks (CRA)
B. VoIP protocols
C. spam
D. lack of encryption

5. Which of the following is not true regarding a demilitarized zone (DMZ)?

A. It contains servers that are only used by internal network users
B. It typically has an e-mail or Web server
C. It can be configured to have one or two firewalls
D. provides an extra degree of security

6. Network address translation (NAT) _________________.

A. substitutes MAC addresses for IP addresses
B. can only be found on core routers
C. removes private addresses when the packet leaves the network
D. can be stateful or stateless

7. Each of the following is a variation available in network access control (NAC) implementations except ____________.

A. Client or clientless
B. Switch, inline, or out-of-band
C. Network or local
D. Pre-connect or post-connect

8. Another name for a packet filter is a(n) __________________.

A. DMZ
B. firewall
C. proxy server
D. honeypot

9. The _____ establishes the action that a firewall takes on a packet.

A. host cache
B. rule base
C. syntax table
D. packet outline

10. A(n) _____ intercepts internal user requests and then processes that request on behalf of the user.

A. proxy server
B. content filter
C. intrusion prevention device
D. host detection server

11. A reverse proxy _________________.

A. is the same as a proxy server
B. routes incoming requests to the correct server
C. must be used together with a firewall
D. only handles outgoing requests

12. A honeypot is used for each of the following except ____________.

A. Deflect attention away from real servers
B. Filter packets before they reach the network
C. Provide early warning of new attacks
D. Examine attacker techniques

13. A(n) _____ watches for attacks but only takes limited action when one occurs.

A. network intrusion detection system (NIDS)
B. network intrusion prevention system (NIPS)
C. proxy intrusion device
D. firewall

14. A multipurpose security appliance integrated into a router is known as a(n) _______.

A. unified attack management system (UAMS)
B. integrated network security hardware device
C. intrusion detection/prevention device
D. proxy security system (PSS)

15. Each of the following can be used to hide information about the internal network except ___________.

A. Network address translation (NAT)
B. Proxy server
C. subnetting
D. protocol analyzer

16. The difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS) is ___________.

A. A NIDS provides more valuable information about attacks
B. A NIPS is much slower because it uses protocol analysis
C. A NIPS can take extended actions to combat the attack
D. There is no difference because a NIDS and a NIPS are equal

17. A variation of NAT that is commonly found on home routers is _______.

A. Network address IP transformation (NAIPT)
B. Port address translation (PAT)
C. Network proxy translation (NPT)
D. Subnet transformation (ST)

18. If a device is determined to have an out-of-date virus signature file then Network Access Control (NAC) can redirect that device to a network by _______.

A. Address Resolution Protocol (ARP) poisoning
B. TCP/IP hijacking
C. DHCP man-in-the-middle
D. a Trojan horse

19. Each of the following is an option in a firewall rule base except _______.

A. delay
B. prompt
C. block
D. allow

20. A firewall using _____ is the most secure type of firewall.

A. stateful packet filtering
B. network intrusion detection system replay
C. reverse proxy analysis
D. stateless packet filtering

Chapter 6

1. The amendment to add 5.5 Mbps and 11 Mbps to the IEEE 802.11 standard is ______.

A. IEEE 802.11a
B. IEEE 802.11b
C. IEEE 802.11g
D. IEEE 802.11n

2. Access to the wireless network can be restricted by _______.

A. MAC address filtering
B. ARP resolution
C. TKIP encryption
D. WEP authentication

3. The cyclic redundancy check (CRC) is also called the _______.

A. integrity check value (ICV)
B. initialized vector resource (IVR)
C. check parity bit (CPB)
D. R5C check

4. A wireless network requires that the _____ be authenticated first.

A. user
B. thick wireless device
C. wireless device
D. authentication probe

5. The Service Set Identifier (SSID) _____.

A. serves as the network name for a WLAN
B. is only used on IEEE 802.11g networks
C. is optional on all networks
D. is used only with closed system authentication

6. The optional authentication method that forces the wireless device to encrypt challenge text using its WEP encryption key is known as _____ .

A. WEP encryption
B. shared key authentication
C. challenge text verification (CTV)
D. AP authentication (APA)

7. Each of the following is a weakness of open system authentication except _______.

A. SSIDs are by default contained in beacon frames to all wireless devices
B. turning off SSIDs can hinder roaming
C. SSIDs are transmitted in other management frames sent by the access point
D. open system authentication requires an authentication server

8. The weakness of WEP is that _____.

A. it requires the use of an enhanced access point (EAP) for it to function properly
B. it is costly to implement
C. the encryption algorithm has been broken by attackers
D. the initialization vectors (IVs) are repeated

9. The two models for personal wireless security developed by the Wi-Fi Alliance are Wi-Fi Protected Access (WPA) and _____ .

A. Protected Wireless Security (WPS)
B. IEEE 802.11x
C. Postshared Key Protection (PKP)
D. Wi-Fi Protected Access 2 (WPA2)

10. The _____ replaces the cyclic redundancy check (CRC) and is designed to prevent an attacker from capturing, altering, and resending a data packet.

A. Message Integrity Check (MIC)
B. Cyclic Redundancy Check 2 (CRC2)
C. Wi-Fi CRC
D. Wireless Parity Check (WPC)

11. The IEEE standard for wireless security is known as _____ .

A. IEEE 803.x
B. IEEE Wi-Fi Protected Access
C. IEEE 802.11i
D. IEEE PSK

12. A(n) _____ is designed to verify the authentication of wireless devices using IEEE 802.1x.

A. proxy ID server
B. access point server
C. check point server
D. authentication server

13. Wireless switches are used in conjunction with _____ for increased security by moving security features to the switch.

A. authentication access points (AAPs)
B. network intrusion prevention system (NIPS)
C. access control appliances (ACA)
D. thin access points

14. Separate _____ can be used to support low-security guest Internet access and high-security administrators on the same access point.

A. wireless virtual local area networks (VLANs)
B. segmented access points
C. separated wireless streams (SWS)
D. proxy security servers

15. Each of the following can be used to monitor airwaves for traffic except a(n) _____.

A. dedicated probe
B. access point probe
C. resource monitor probe
D. wireless device probe

16. A WEP key that is 128 bits in length _____ .

A. has an initialization vector (IV) that is the same length as a WEP key of 64 bits
B. is less secure than a WEP key of 64 bits because shorter keys are better
C. cannot be cracked because it is too long
D. cannot be used on access points that use passphrases

17. For a SOHO the best security model would be the _____

A. Wi-Fi Protected Access Personal Security model
B. Enterprise Protection Personal Security model
C. IEEE Wi-Fi Personal Protection model
D. Wi-Fi Protected Access 2 Personal Security model

18. Preshared key (PSK) authentication requires that the encryption key _____.

A. must be entered on all devices prior to wireless communication occurring
B. be the same length as the Initialization Vector (IV)
C. be entered in hexadecimal notation on the access point
D. be encrypted before it can be entered by a user on a wireless device

19. _____ stores information from a device on the network so if a user roams away from a wireless access point and later returns, he does not need to re-enter all of the credentials.

A. Key-caching
B. Pre-key authentication
C. Key roaming
D. Security key resolution

20. The _____ model is designed for medium to large-size organizations in which an authentication server is available.

A. IEEE 802.11d
B. Wi-Fi Academic
C. WPA 2 Enterprise Security
D. Wi-Fi 802.x

Chapter 7

1. A user entering her username would correspond to the _____ action in access control.

A. identification
B. authentication
C. authorization
D. access

2. Access control can be accomplished by each of the following except ______.

A. resource management
B. hardware
C. software
D. policy

3. A process functioning on behalf of the user that attempts to access a file is known as a(n) _______.

A. object
B. subject
C. resource
D. operation check

4. The individual who periodically reviews security settings and maintains records of access by users is called the _____.

A. owner
B. custodian
C. manager
D. supervisor

5. In the _____ model, the end user cannot change any security settings.

A. Discretionary Access Control
B. Mandatory Access Control
C. Security Access Control
D. Restricted Access Control

6. Rule Based Access Control _____.

A. dynamically assigns roles to subjects based on rules
B. is considered a real-world approach by linking a user’s job function with security
C. requires that a custodian set all rules
D. is considered obsolete today

7. Separation of duties requires that _____.

A. end users cannot set security for themselves
B. managers must monitor owners for security purposes
C. processes should be divided between two or more individuals
D. jobs be rotated among different individuals

8. _____ in access control means that if a condition is not explicitly met then it is to be rejected.

A. Implicit deny
B. Explicit rejection
C. Denial of duties
D. Prevention control

9. A(n) _____ is a set of permissions that is attached to an object.

A. Subject Access Entity (SAE)
B. object modifier
C. access control list (ACL)
D. security entry designator

10. _____ is a Microsoft Windows feature that provides centralized management and configuration of computers and remote users who are using Active Directory.

A. Windows Register Settings
B. Resource Allocation Entities
C. AD Management Services (ADMS)
D. Group Policy

11. Which of the following is NOT a characteristic of a brute force attack?

A. They are faster than dictionary attacks.
B. They are generally not feasible.
C. They can take a long time to be successful.
D. Each attempt must be entered into the login program to determine if it is correct.

12. _____ create a large pre-generated data set of hashes from nearly every possible password combination.

A. LM hashes
B. NTLM databases
C. Dictionary tables
D. Rainbow tables

13. Which of the following is NOT a password policy defense against an attacker stealing a Windows password file?

A. Password-protect the ROM BIOS.
B. Physically lock the computer case so that it cannot be opened.
C. Disable all necessary accounts.
D. Ensure that all servers and computers are regularly patched.

14. The Domain password policy _____ determines the number of unique new passwords a user must use before an old password can be reused.

A. Maximum password time
B. Minimum password expiration
C. Set password reuse
D. Enforce password history

15. A(n) _____ extends a solid metal bar into the door frame for extra security.

A. preset lock
B. key-in-knob lock
C. tab lock
D. deadbolt lock

16. A(n) _____ uses buttons that must be pushed in the proper sequence to open the door.

A. keyboard lock
B. user bolt lock (UBL)
C. pad lock
D. cipher lock

17. An ID badge fitted with _____ makes it unnecessary to swipe or scan the badge for entry.

A. radio frequency (RFID) tags
B. electromagnetic sentry buttons
C. cipher scans
D. passive cores

18. Using video cameras to transmit a signal to a specific and limited set of receivers is called _____.

A. security monitoring transmission (SMT)
B. vector security (VS)
C. closed circuit television (CCTV)
D. restricted access television

19. The least restrictive access control model is _____.

A. Mandatory Access Control (MAC)
B. Discretionary Access Control (DAC)
C. Role Based Access Control (RBAC)
D. Rule Based Access Control (RBAC)

20. The principle known as _____ in access control means that each user should only be given the minimal amount of privileges necessary for that person to perform their job function.

A. least privilege
B. deny all
C. Enterprise Security
D. Mandatory Limitations

Chapter 8

1. Determining what a user did on a system is called _____.

A. identification
B. authentication
C. authorization
D. accounting

2. Which of the following is NOT an authentication method?

A. what a user knows
B. what a user has
C. what a user discovers
D. what a user is

3. One-time passwords that utilize a token with an algorithm and synchronized time setting is known as a(n) __________.

A. time-signature OTP
B. challenge-based OTP
C. time-synchronized OTP
D. token OTP

4. Which of the following is a difference between a time-synchronized OTP and a challenge-based OTP?

A. Only time-synchronized OTPs use tokens.
B. The user must enter the challenge into the token with a challenge-based OTP.
C. Challenge-based OTPs use authentication servers while time-synchronized OTPs do not.
D. Time-synchronized OTPs cannot be used with Web accounts while challenge-based OTPs can.

5. Keystroke dynamics is an example of what type of biometrics?

A. behavioral biometrics
B. cognitive biometrics
C. adaptive biometrics
D. resource biometrics

6. Creating a pattern of when and from where a user accesses a remote Web account is an example of ________.

A. computer footprinting
B. Time-Location Resource Monitoring (TLRM)
C. cognitive biometrics
D. keystroke dynamics

7. _____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.

A. Windows CardSpace
B. OpenID
C. Windows Live ID
D. .NET Login

8. A RADIUS authentication server requires that the _____ must be authenticated first.

A. supplicant
B. authenticator
C. authentication server
D. user

9. Each of the following make up the AAA elements in network security except _______.

A. determining user need (analyzing)
B. controlling access to network resources (authentication)
C. enforcing security policies (authorization)
D. auditing usage (accounting)

10. Each of the following human characteristics can be used for biometric identification except _______.

A. weight
B. fingerprint
C. retina
D. face

11. _____ biometrics is related to the perception, thought processes, and understanding of the user.

A. Behavioral
B. Standard
C. Cognitive
D. Intelligence

12. Using one authentication to access multiple accounts or applications is known as _______.

A. credentialization
B. identification authentication
C. federal login
D. single sign-on

13. With the development of IEEE 802.1x port security, the authentication server _____ has seen even greater usage.

A. DAP
B. RADIUS
C. AAA
D. RDAP

14. A(n) _____ makes a request to join the network.

A. authenticator
B. Resource Allocation Entity (RAE)
C. applicant
D. supplicant

15. _____ is an authentication protocol available as a free download and runs on Microsoft Windows Vista, Windows Server 2008, Apple Mac OS X, and Linux.

A. IEEE 802.1x
B. RADIUS
C. Kerberos
D. LDAP

16. The version of the X.500 standard that runs on a personal computer over TCP/IP is_____.

A. DAP
B. LDAP
C. IEEE X.501
D. Lite RDAP

17. The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as _____.

A. RADIUS Server Protocol
B. Authentication Protocol
C. Transmission Control Protocol (TCP)
D. Extensible Authentication Protocol (EAP)

18. Which of the following protocols is the strongest?

A. EAP with Transport Layer Security (EAP-TLS)
B. Password Authentication Protocol (PAP)
C. Challenge-Handshake Authentication Protocol (CHAP)
D. Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)

19. A user-to-LAN virtual private network connection used by remote users is called a(n) _____.

A. site-to-site VPN
B. remote –access VPN
C. endpoint VPN
D. concentration VPN

20. Endpoints that provide _____ capability require that a separate VPN client application be installed on each device that connects to a VPN server.

A. built-in VPN
B. transparent endpoint VPN
C. pass-through VPN
D. concentration VPN

Chapter 11



1. The areas of a file in which steganography can hide data including all of the following
except __________.


A. in data that is used to describe the content or structure of the actual data
B. in the file header fields that describe the file
C. in areas that contain the content data itself
D. in the directory structure of the file system

2. Data that is to be encrypted by inputting into an algorithm is called __________.

A. clear text
B. open text
C. ciphertext
D. plaintext


3. Each of the following is a basic security protection over information that cryptography
can provide except __________.

A. confidentiality
B. stop loss
C. integrity
D. authenticity


4. Proving that a user sent an e-mail message is known as __________.

A. non-repudiation
B. reverse confidentiality
C. integrity
D. availability

5. A(n) __________ is never intended to be decrypted but is only used for comparison purposes.

a. plaintext
b. algorithm
c. key
d. digest

6. Each of the following is an example of how hashing is used except __________.

a. bank automatic teller machine (ATM)
b. verifying a user password entered on a Linux system
c. determining the integrity of a message
d. encrypting and decrypting e-mail attachments

7. Which of the following is NOT a characteristic of a secure hash algorithm?
a. The results of a hash function should not be reversed.
b. The hash should always be the same fixed size.
c. A message cannot be produced from a predefined hash.
d. Collisions should be rare.

8. The data added to a section of text when using the Message Digest (MD) algorithm is
called __________.
a. filler
b. extender
c. padding
d. byte extensions

9. Which of the following is a protection provided by hashing?
a. confidentiality
b. integrity
c. availability
d. authenticity

10. Symmetric cryptographic algorithms are also called __________.
a. cipherkey cryptography
b. public/private key cryptography
c. public key cryptography
d. private key cryptography

11. Monoalphabetic substitution ciphers and homoalphabetic substitution ciphers are examples
of __________.
a. symmetric stream ciphers
b. generic block ciphers
c. asymmetric block ciphers
d. hash ciphers

12. Which of the following is the strongest symmetric cryptographic algorithm?
a. Data Encryption Standard
b. Triple Data Encryption Standard
c. Advanced Encryption Standard
d. Rivest Cipher (RC) 1

13. When Bob wants to send a secure message to Alice using an asymmetric cryptographic
algorithm, which key does he use to encrypt the message?
a. Bob’s public key
b. Alice’s public key
c. Bob’s private key
d. Alice’s private key

14. A digital signature can provide each of the following benefits except __________.
a. verify the receiver
b. verify the sender
c. enforce non-repudiation
d. prove the integrity of the message

15. Which of the following asymmetric cryptographic algorithms is the most secure?
a. RSA
b. MD-17
c. SHA-2
d. ERFGA

16. __________ uses the Windows NTFS file system to automatically encrypt all files.
a. Encrypting File System (EFS)
b. GNU PGP
c. IDEA
d. MD-1

17. The Microsoft Windows BitLocker whole disk encryption cryptography technology can
protect each of the following except __________.
a. Windows system files
b. user files
c. temporary files
d. domain name system files

18. The Trusted Platform Module (TPM) __________.
a. is only available on Windows computers running BitLocker
b. includes a pseudorandom number generator (PRNG)
c. provides cryptographic services in hardware instead of software
d. allows the user to boot a corrupted disk and repair it

19. Most security experts recommend that __________ be replaced with a more secure algorithm.
a. DES
b. RSA
c. AES-256
d. MD-17

20. The Microsoft Windows LAN Manager hash __________.
a. is part of BitLocker
b. is required to be present when using TPM
c. is weaker than NTLMv2
d. is the same as MD-5
e. behavior-based monitoring

Chapter 12

1. The strongest technology that would assure Alice that Bob is the sender of a message is
a(n) __________.
a. digital signature
b. digital certificate
c. hash
d. encrypted signature

2. A digital certificate associates __________.
a. the user’s identity with their public key
b. a user’s private key with the public key
c. a digital signature with a user
d. a private key with a digital signature

3. An entity that issues digital certificates for others is a __________.
a. Certificate Authority (CA)
b. Signature Authority (SA)
c. Digital Signer (DS)
d. Certificate Signatory (CS)

4. A list of approved digital certificates is called a(n) __________.
a. Digital Certificate Authorization Form (DCAF)
b. Certificate Repository (CR)
c. Authorized Digital Signature
d. Digital Signature Permitted Authorization (DSPA)

5. Digital certificates can be used for each of the following except __________.
a. Verify the identity of clients and servers on the Web
b. Encrypt messages for secure e-mail communications
c. Verify the authenticity of the Registration Authorizer
d. Encrypt channels to provide secure communication between clients and servers

6. In order to ensure a secure cryptographic connection between a Web browser and a Web
server a __________ digital certificate would be used.
a. personal digital certificate
b. Web digital certificate
c. personal Web certificate determining the integrity of a message
d. server digital certificate

7. A digital certificate that turns the address bar green is a(n) __________.
a. Extended Validation SSL Certificate
b. Web Server Advanced Certificate
c. Personal Web-Client Certificate
d. Internet Standard Certificate

8. Digital certificates that are split into two parts are known as __________ certificates.
a. binary
b. extended
c. dual-sided
d. split

9. Which of the following is NOT a field of an X.509 certificate?
a. validity period
b. serial number
c. signature
d. CA expiration code

10. Public key infrastructure (PKI) __________.
a. protects cipherkey cryptography
b. generates public/private keys automatically
c. is the management of digital certificates
d. creates private key cryptography

11. Public-Key Cryptography Standards (PKCS) __________.
a. have been replaced by PKI
b. are widely accepted in the industry
c. define how hashing algorithms are created
d. are used to create public keys only

12. The __________ trust model supports CA.
a. direct
b. indirect
c. third party
d. remote

13. Hierarchical trust models are best suited for __________.
a. Internet usage
b. single organizations
c. settings with multiple CAs and RAs
d. organizations with fewer than 10 users

14. A(n) __________ is a published set of rules that govern the operation of a PKI.
a. Certificate Practice Statement (CPS)
b. Signature Resource Guide (SRG)
c. Enforcement Certificate
d. certificate policy (CP)

15. Each of the following is a part of the certificate life cycle except __________.
a. Creation
b. Revocation
c. Authorization
d. Expiration

16. Keys can be stored in each of the following except __________.
a. embedded in digital certificates
b. stored on the user’s local system
c. in tokens
d. in hashes

17. __________ refers to a situation in which keys are managed by a third-party, such as a
trusted CA.
a. Key escrow
b. Trusted key authority
c. Key authorization
d. Remote key administration

18. A cryptographic transport protocol for FTP is __________.
a. RAS-256
b. MIME
c. UNIX Remote Shell Encryption (UNIX-RSE)
d. Secure Sockets Layer (SSL)

19. What is the cryptographic transport protocol that is used most often to secure Web
transactions?
a. HTTPS
b. SHTTP
c. PPPTPoE
d. MD-17

20. Which is the most secure VPN cryptographic transport protocol?
a. LPTP2
b. PTP
c. IPsec
d. Hash-32


Security Guide Network Security Fumdamentals

Chapter 1 Additional 20 questions


1. Which most attacks take advantage of vulnerabilities that someone has already uncovered, a(n)
____ occurs when an attacker discovers and exploits a previously unknown flaw.
a. a zero day
b. identity theft
c. phishing
d. scam

2. In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network.

a. centered
b. local
c. remote
d. distributed

3. _____ ensures that only authorized parties can view information.

a. Security
b. Availability
c. Integrity
d. Confidentiality

4. _____ ensures that information is correct and that no unauthorized person or malicious software has altered that data.

a. Availability
b. Confidentiality
c. Integrity
d. Identity

5. In information security, a loss can be _____.

a. theft of information
b. a delay in transmitting information the results in a financial penalty
c. the loss of good will or a reputation
d. all of the above

6. In information security, a threat agent can be defined as _____.


a. a force of nature such as a tornado that could destory comuputer equipment
b. a virus that attacks a computer network
c. an unsecured computer network
d. both a and b

7. Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire.


a. identity
b. data
c. plan
d. record

8. According to the 2007 FBI Computer Crime and Security Survey, the loss due to the theft of confidential data for 494 respondents was approximately ____.


a. $1 million
b. $10 million
c. $50 million
d. $100 million

9. ____ involves using someone’s personal information, such as social security numbers, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.


a. Cyber terrorism
b. Identity theft
c. Phishing
d. Scam

10. Under the _____ , healthcare enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.


a. HIPAA
b. HLPDA
c. HCPA
d. USHIPA

11. What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?


a. $100,000
b. $250,000
c. $500,000
d. $1,000,000


12. The _____ act is designed to broaden the surveillance of law enforcement agencies so they can detect and suppress terrorism.


a. Gramm-Leach-Bliley
b. Sarbanes-Oxley
c. California Database Security Breach
d. USA Patriot



13. COPPA requires operators of online services or Web sites designed for children under the age of _____ to obtain parental consent prior to the collection, use, disclosure, or display of a child’s personal information.

a. 8
b. 10
c. 13
d. 16

14. In a company of 500 employees, it is estimated that _____ employees would be required to combat a virus attack.

a. two
b. five
c. seven
d. ten

15. The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.


a. Nimda
b. Slammer
c. Love Bug
d. Code Red

16. What is another name for unsolicited e-mail messages?

a. spam
b. spawn
c. trash
d. scam

17. According to the research group Postini, over ____ of daily e-mail messages are unsolicited and could be carrying a malicious payload.

a. one-third
b. two-thirds
c. three-fourths
d. four-fifths

18. ____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.

a. Cyber criminals
b. Cyber terrorists
c. Computer spies
d. Hackers

19. Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.

a. spam
b. phishing
c. cyber crime
d. cyber terrorism

20. A security ____ focuses on the administration and management of plans, policies, and people.


a. manager
b. engineer
c. auditor
d. inspector

Chapter 2 Additional 20 questions

1. Flash memory is a type of ____, nonvolatile computer memory that can be electrically erased and rewritten repeatedly.

a. EROM
b. ROM
c. EEPROM
d. RAM

2. ____ involves horizontally separating words, although it is still readable by the human eye.


a. Word splitting
b. GIF layering
c. Geometric variance
d. Layer variance

3. ____ is an image spam that is divided into multiple images.


a. Word splitting
b. Geometric variance
c. Layer variance
d. GIF layering

4. A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.

a. Trojan
b. logic bomb
c. macro virus
d. metamorphic virus

5. ____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

a. Adware
b. Keylogger
c. Spam
d. Trojan

6. One type of virtualization in which an entire operating system environment is simulated is known as ____ virtualization.

a. NOS

b. guest

c. operating system

d. host

7. A ____ virus can interrupt almost any function executed by the computer operating system and alter it for its own malicious purposes.

a. companion

b. file infected

c. resident

d. boot

8. With operating system virtualization, a virtual machine is simulated as a self-contained software environment by the ____ system (the native operating system to the hardware).

a. guest 

b. host

c. root

d. server

9. ____ are portable communication devices that function in a manner that is unlike wired telephones.

a. A USB devices

b. NAS devices

c. Cell phones

d. SAN

10. Today’s computer systems have a(n) ____ chip in which the contents can be rewritten to provide new functionality.

a. ROM

b. RAM

c. EROM

d. PROM

11. A ____ virus infects the Master Boot Record of a hard disk drive.

a. file infector

b. companion

c. resident

d. boot

12.____ is a means of managing and presenting computer resources by function without regard to their physical layout or location.

a. Expansion

b. Virtualization

c. Load balancing

d. Distribution

13. ____ technology enables a virtual machine to be moved to a different physical computer with no impact to the users.

a. Live migration

b. Load balancing

c. Operating system virtualization

d. Server virtualization

14. A ____ is a single, dedicated hard disk-based file storage device that provides centralized and consolidated disk storage available to LAN users through a standard network connection.

a.  NAS

b. NSA

c. NSF

d. NFS

15. A computer ____ is a program that secretly attaches itself to a legitimate “carrier,” such as a document or program, and then executes when that document is opened or program is launched.

a. virus

b. worm

c. adware

d. spyware

16. In order to avoid detection some viruses can alter how they appear. These are known as ____ viruses.

a. macro

b. metamorphic

c. boot

d. companion

17.A ____ is a program advertised as performing one activity but actually does something else.

a. script

b. virus

c. Trojan

d. worm

18. The ____ is the link between the cellular network and the wired telephone world and controls all transmitters and base stations in the cellular network.

a. SAN

b. NAS

c. RF cell

d. MTSO

19. ____ uses “speckling” and different colors so that no two spam e-mails appear to be the same.

a. GIF layering

b. Geometric variance

c. Word splitting

d. Layer variance

20.Creating and managing multiple server operating systems is known as ____ virtualization.

a. operating system

b. host

c. guest

d. server

Chapter 3 Additional 20 questions

1.A(n) ____ is a small Web browser window that appears over the Web site that is being viewed.

a. swarm

b. torrent

c. popup

d. applet

2. ____, also called add-ons, represent a specific way of implementing ActiveX and are sometimes called ActiveX applications.

a. Applets

b. ActiveX controls

c. Scripts

d. Beans

3.____ hinges on an attacker being able to enter an SQL database query into a dynamic Web page.

a. XSS

b. SQL injection

c. Script injection

d. Sandboxing

4. BitTorrent maximizes the transfer speed by gathering pieces of the file and downloading these pieces simultaneously from users who already have them (the collective pieces are called a ____).

a. leech

b. swarm

c. seed

d. track

5.____ is a Windows Vista and Windows XP Service Pack 2 (SP2) feature that prevents attackers from using buffer overflow to execute malware.

a. DEP

b. NX

c. ASLR

d. ASDEP

6. ____ is a process of ensuring that any inputs are “clean” and will not corrupt the system.

a. Cross-site scripting

b. SQL injection

c. Script injection

d. Input validation

7.____ is real-time communication between two or more users.

a. SMTP

b. SMTP open relay

c. ActiveX

d. Instant messaging (IM)

8. SMTP servers can forward e-mail sent from an e-mail client to a remote domain. This is known as ____.

a. SMTP relay

b. IMAP

c. Spam

d. Spam relay

9. Instead of the Web server asking the user for the same information each time she visits that site, the server can store that user-specific information in a file on the user’s local computer and then retrieve it later. This file is called a(n) ____.

a. cookie

b. bug

c. ActiveX control

d. script

10.In a P2P network, a ____ is a server program operated by the person or organization that wants to share the file.

a. torrent

b. seed

c. leecher

d. tracker

11.The goal of ____ is to make it harder to predict where the operating system functionality resides in memory.

a. DEP

b. ASLR

c. NX

d. ASNX

12. A(n) ____ is a computer programming language that is typically interpreted into a language the computer can understand.

a. ActiveX control

b. cookie

c. shell

d. scripting language

13.Regarding e-mail, ____ handles outgoing mail.

a. SMTP

b. POP3

c. IMAP

d. SNMP

14.A ____ is a cumulative package of all security updates plus additional features.

a. service patch

b. hotfix

c. service pack

d. security patch

15. Regarding e-mail, ____ is responsible for incoming mail.

a. SMTP

b. IMAP

c. POP3

d. SNMP

16.If SMTP relay is not controlled, an attacker can use it to forward thousands of spam e-mail messages. An uncontrolled SMTP relay is known as a(n)

a. IMAP open relay

b. SMTP open relay

c. open POP

d. open IMAP

17.The ____ are the operating system settings that impose how the policy will be enforced.

a. security policies

b. group policies

c. security templates

d. configuration baselines

18.____ typically involves using client-side scripts written in JavaScript that are designed to extract information from the victim and then pass the information to the attacker.

a. Spam

b. SQL injection

c. Cross site scripting (XSS)

d. SQL scripting

19. ____ are active Internet connections that download a specific file that is available through a tracker.

a. Torrents

b. Applets

c. ActiveX controls

d. Scripts

20.____ is a language used to view and manipulate data that is stored in a relational database.

a. CSS

b. XSS

c. SQL

d. DEP

Chapter 4 Additional 20 questions

1. Wireless location mapping is the formal expression for ____.

a. wireless scanning

b.wireless caching

c. war driving

d. wireless beaconing

2.The most common type of antenna for war driving is an omnidirectional antenna, also known as a ____ antenna.

a. bipole
b.dipole
c. GPS
d. tagging

3. Each wireless device looks for beacon frames in a process known as ____.

a. mapping
b. scanning
c. caching
d. beaconing

4. One approach to substituting a fraudulent IP address is to target the external DNS server and is called ____.

a. DNS spoofing
b. DNS transfer
c. zone transfer
d. DNS poisoning

5.In order for a host using TCP/IP on an Ethernet network to find the MAC address of another device, it uses ____.
a. BIND
b. MAC-DNS
c. ARP
d. DNS

6.____ enables the attacker’s computer to forward any network traffic it receives from Computer A to the actual router.
a. IP mirroring
b. Port mirroring
c. IP forwarding
d. Port forwarding

7.When TCP/IP was developed, the host table concept was expanded to a hierarchical name system known as the ____.
a. ARPAnet
b. DNS
c. SNMP
d. SMTP

8. A group of piconets in which connections exist between different piconets is called a ____.
a. shortnet
b. meshnet
c. multinet
d. scatternet

9. With wireless CSMA/CA, the amount of time that a device must wait after the medium is clear is called the ____.
a. collision time
b. slot time
c. clear time
d. tx time

10. ____ is the name given to a wireless technology that uses short-range RF transmissions.
a. Bluetooth
b. Piconet
c. Scatternet
d. Wi-fi

11.A(n) ____ is an account that is secretly set up without the administrator’s knowledge or permission, that cannot be easily detected, and that allows for remote access to the device.
a. escalation account
b.weak password
c. back door
d. default account

12.____ allows the administrator to configure a switch to redirect traffic that occurs on some or all ports to a designated monitoring port on the switch.

a. Sniffering
b. Protocol analyzer
c. NIC mirroring
d. Port mirroring

13. DNS poisoning can be prevented by using the latest editions of the DNS software, ____.
a. BIND
b. DNSS
c. IPsec
d. BINDSEC

14.The most common protocol suite used today for networks as well as the Internet is ____.
a. TCP/IP
b. SMTP
c. SNMP
d. DNS

15.____ specifies that before a networked device starts to send, it should first listen (called carrier sensing) to see if any other device is transmitting.
a. CSMA/ACK
b. CSMA/CA
c. CSMA/CD
d. CSCD/MA

16.____ is a popular protocol used to manage network equipment.
a. SMTP
b. IMAP
c. TCP/IP
d. SNMP

17. A(n) ____ attack makes a copy of the transmission before sending it to the recipient.
a. man-in-the-middle
b. replay
c. DNS spoofing
d. ARP posioning

18.In a “____ attack,” a TCP/IP ping request is sent to all computers on the network, which makes it appear that a server is asking for a response.
a. smurf
b. ping of death
c. frame
d. DNS poisoning

19.An attacker could alter the MAC address in the ARP cache so that the corresponding IP address would point to a different computer, which is known as ____.
a. DNS spoofing
b. DNS posioning
c. ARP transfer
d. ARP posioning

20. At regular intervals a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network. This process is known as ____.
a. beaconing
b. scanning
c. mapping
d. caching

Chapter 5 Additional 20 questions

1. The goal of ____ is to prevent computers with sub-optimal security from potentially infecting other computers through the network.

a. subnetting

b. NAT

c. NAC

d. PAT

2.____ honeypots are used mainly by organizations to capture limited information regarding attacks on that organization’s honeypot.

a. Research
b. Production
c. Clustered
d. Virtual

3. ____ are designed to inspect traffic, and based on their configuration or security policy, they can drop malicious traffic.

a. NIDS

b. HIPS

c. NIPS

d. HIDS

4. ____ switches are connected directly to the devices on the network.

a. Workgroup

b. Core

c. Stateless

d. Stateful

5.____ packet filtering keeps a record of the state of a connection between an internal computer and an external server and then makes decisions based on the connection as well as the rule base.

a. Stateless

b. Stateful

c. Classful

d. Classless

6. A ____ watches for attempts to penetrate a network.

a. SIDS

b. HIDS

c. NIDS

d. PIDS

7.A ____ is an instruction that interrupts the program being executed and requests a service from the operating system.

a. system call

b. system command

c. kernel call

d. system module

8. ____ can fully decode application-layer network protocols. Once these protocols are decoded, the different parts of the protocol can be analyzed for any suspicious behavior.

a. Proxy servers

b. Protocol analyzers

c. Firewalls

d. HIDS

9. ____ work to protect the entire network and all devices that are connected to it.

a. HIPS

b. HIDS

c. Revers proxy

d. NIPS

10. A software-based ____ attempt to monitor and possibly prevent attempts to attack a local system.

a. HIDS

b. NIDS

c. SIDS

d. PIDS

11. ____ examines the current state of a system or network device before it is allowed to connect to the network.

a. NAT

b. PAT

c. VAC

d. NAC

12. The goal of a ____ is to hide the IP address of client systems inside the secure network.

a. VLAN

b. switch

c. router

d. proxy server

13. ____ honeypots are used mainly by organizations to capture limited information regarding attacks on that organization’s honeypot.

a. Virtual

b. Research

c. Production

d. Clustered

14. A(n) ____ attempts to identify inappropriate activity.

a. reverse proxy

b. IDS

c. firewall

d. proxy server

15. ____ IP addresses are not assigned to any specific user or organization; instead, they can be used by any user on the private internal network.

a. Public

b. Virtual

c. DMZ

d. Private

16. A variation of NAT is ____. Instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different TCP port number.

a. PAT

b. CAT

c. DAT

d. TAT

17. A(n) ____ finds malicious traffic and deals with it immediately.

a. IDS

b. HIDS

c. NIDS

d. IPS

18. Using ____, networks can essentially be divided into three parts: network, subnet, and host.

a. classful addressing

b. subnetting

c. stateful addressing

d. stateless addressing

19. A ____ is a computer typically located in a DMZ that is loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

a. proxy server

b. honeypot

c. reverse proxy

d. HIDS

20. ____ are subdivisions of IP address class (Class A, B, or C) networks and allow a single Class A, B, or C network to be used instead of multiple networks.

a. Workgroup

b. VLANs

c. Subnets

d. Domains

Chapter 6 Additional 20 questions

1. IEEE 802.11i authentication and key management is accomplished by the IEEE ____ standard.
a. 802.11a
b. 802.11n
c. 802.1x
d. 802.3i

2. This IEEE ____ standard specifies a maximum rated speed of 54 Mbps using the 5 GHz spectrum.

a. 802.11a

b. 802.11b

c. 802.11c

d. 802.11d

3. At regular intervals a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network. This process is known as ____.

a. broadcasting

b. beaconing

c. roaming

d. association
  

4. In 2002, the WECA organization changed its name to ____.

a. Wi-Fi Alliance

b. WECA Alliance

c. WTiG

d. iWITG

5. With ____ scanning, a wireless device simply listens for a beacon frame for a set period of time.

a. active

b. broadcast

c. reactive

d. passive

6. Access points have a setting called “____,” which is what the PSK uses as a seed value to generate new keys.

a. Group Key Renewal

b. Interseed

c. PSK-seed

d. PSK-IV

7. WPA also replaces the cyclic redundancy check (CRC) function in WEP with the ____.

a. TKIP

b. MIC

c. PSK

d. MD5

8. Encryption under the WPA2 personal security model is accomplished by ____.

a. DES-CCMP

b. AES-CCMP

c. 3DES

d. RC5

9. ____ was designed to ensure that only authorized parties can view transmitted wireless information.

a. WECA

b. MAC

c. WEP

d. 802.11g

10. ____ authentication is based upon the fact that only pre-approved wireless devices are given the shared key.

a. Open key

b. Open system

c. Shared system

d. Shared key

11. WPA replaces WEP with an encryption technology called ____.

a. GKR

b, PSK

c. TKIP

d. RC5

12. A(n) ____ frame carries information about the data rates that the device can support along with the Service Set Identifier (SSID) of the network it wants to join.

a. open authentication

b. device request

c. association request

d. roaming

13. The plaintext to be transmitted has a cyclic redundancy check (CRC) value calculated, which is a checksum based on the contents of the text. WEP calls this the ____ and appends it to the end of the text.

a. integrity check value (ICV)

b. keystream

c. initialization vector (IV)

d. pre-pened IV

14. In the early 1980s, the IEEE began work on developing computer network architecture standards. This work was called ____, and it quickly expanded into several different categories of network technology.

a. Project 100

b. Project 302

c. Project 513

d. Project 802

15. In order to address growing wireless security concerns, in October 2003 the Wi-Fi Alliance introduced ____.

a. RC5

b. WEP2

c. AES

d. WPA

16. ____ is intended for personal and small office home office users who do not have advanced server capabilities.

a. PSK

b. AES

c. CCMP

d. CBC-MAC

17. The PRNG in WEP is based on the ____ cipher algorithm.

a. RC2

b. RC4

c. DES

d. AES

18. IEEE 802.11i includes ____, which stores information from a device on the network so if a user roams away from a wireless access point and later returns, he does not need to re-enter all of the credentials.

a. pre-authentication

b. AES-CCMP

c. PSK

d. key-caching

19. WEP accomplishes confidentiality by taking unencrypted text and then encrypting or “scrambling” it into ____ so that it cannot be viewed by unauthorized parties while being transmitted.

a. plaintext

b. ciphertext

c. simpletext

d. shuffletext

20. Mobile devices constantly survey the radio frequencies at regular intervals to determine if a different AP can provide better service. If it finds one, then the device automatically attempts to associate with the new AP (this process is called ____).

a. beaconing

b. a turnoff

c. a handoff

d. scanning

Chapter 7 Additional 20 questions

To be continues..... (i m busy recently.. is all in hard copy while i need time to key in)