exam 2 chapters 5-8

Question 1

1 out of 1 points

In ____ mode, the data within an IP packet is encrypted, but the header information is not.Answer

Selected Answer: 1. transport

Question 2

1 out of 1 points

The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.Answer

Selected Answer: 4. SSL Record Protocol

Question 3

1 out of 1 points

The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates.Answer

Selected Answer: 3. CRL

Question 4

1 out of 1 points

____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.Answer

Selected Answer: 2. Work factor

Question 5

1 out of 1 points

A(n) ____ plan deals with the identification, classification, response, and recovery from an incident.Answer

Selected Answer: 4. IR

Question 6

1 out of 1 points

____ is the action of luring an individual into committing a crime to get a conviction.Answer

Selected Answer: 1. Entrapment

Question 7

1 out of 1 points

____ is the entire range of values that can possibly be used to construct an individual key.Answer

Selected Answer: 3. Keyspace

Question 8

1 out of 1 points

The restrictions most commonly implemented in packet-filtering firewalls are based on ____.Answer

Selected Answer: 3. All of the above

Question 9

1 out of 1 points

Bit stream methods commonly use algorithm functions like the exclusive OR operation (____).Answer

Selected Answer: 2. XOR

Bit stream methods commonly use algorithm functions like the exclusive OR operation (____).Answer

Selected Answer: 2. XOR

Question 10

1 out of 1 points

An X.509 v3 certificate binds a ____, which uniquely identifies a certificate entity, to a user’s public key.Answer

Selected Answer: 3. distinguished name

Question 11

1 out of 1 points

The first phase in the development of the contingency planning process is the ____.Answer

Selected Answer: 4. BIA

Question 12

1 out of 1 points

____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.Answer

Selected Answer: 3. Hash

Question 13

1 out of 1 points

The ____ is an intermediate area between a trusted network and an untrusted network.Answer

Selected Answer: 3. DMZ

The ____ is an intermediate area between a trusted network and an untrusted network.Answer


Question 14

1 out of 1 points

____ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.Answer

Selected Answer: 4. Key

Question 15

1 out of 1 points

____ inspection firewalls keep track of each network connection between internal and external systems.Answer

Selected Answer: 3. Stateful

Question 16

1 out of 1 points

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____.Answer

Selected Answer: 3. blueprint

Question 17

1 out of 1 points

RAID ____ drives can be hot swapped.Answer

Selected Answer: 3. 5

RAID ____ drives can be hot swapped.Answer


Question 18

1 out of 1 points

____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.Answer

Selected Answer: 3. Inline

Question 19

0 out of 1 points

The stated purpose of ____ is to “give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization.”Answer

Selected Answer: 1. BS7799 (Part 2)

Question 20

1 out of 1 points

____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding.Answer

Selected Answer: 3. PGP

Question 21

1 out of 1 points

____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.Answer

Selected Answer: 1. Managerial

____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.Answer

Selected Answer: 1. Managerial

Question 22

1 out of 1 points

ICMP uses port ____ to request a response to a query and can be the first indicator of a malicious attack.Answer


Question 23

1 out of 1 points

A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event.Answer

Selected Answer: 3. dynamic

Question 24

1 out of 1 points

The dominant architecture used to secure network access today is the ____ firewall.Answer

Selected Answer: 3. screened subnet

Question 25

1 out of 1 points

An alert ____ is a document containing contact information for the people to be notified in the event of an incident.Answer

Selected Answer: 4. roster

An alert ____ is a document containing contact information for the people to be notified in the event of an incident.Answer

Selected Answer: 4. roster

Question 26

1 out of 1 points

Firewalls fall into ____ major processing-mode categories.Answer

Selected Answer: 4. five

Question 27

1 out of 1 points

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base.Answer

Selected Answer: 1. signatures

Question 28

1 out of 1 points

Kerberos ____ provides tickets to clients who request services.Answer

Selected Answer: 3. TGS

Question 29

1 out of 1 points

In a ____ attack, the attacker eavesdrops during the victim’s session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information.Answer

Selected Answer: 3. timing

In a ____ attack, the attacker eavesdrops during the victim’s session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information.Answer

Selected Answer: 3. timing

Question 30

1 out of 1 points

IDPS researchers have used padded cell and honeypot systems since the late ____.Answer

Selected Answer: 1. 1980s

Question 31

1 out of 1 points

In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____.Answer

Selected Answer: 4. WAPs

Question 32

1 out of 1 points

Which of the following is a valid version of TACACS?Answer


Question 33

1 out of 1 points

A(n) ____ is a network tool that collects copies of packets from the network and analyzes them.Answer

Selected Answer: 1. packet sniffer

A(n) ____ is a network tool that collects copies of packets from the network and analyzes them.Answer

Selected Answer: 1. packet sniffer

Question 34

1 out of 1 points

Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.Answer

Selected Answer: 4. correction

Question 35

1 out of 1 points

____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem.Answer

Selected Answer: 4. Correlation

Question 36

1 out of 1 points

A(n) ____ IDPS is focused on protecting network information assets.Answer

Selected Answer: 4. network-based

Question 37

1 out of 1 points

A(n) ____ is a proposed systems user.Answer

Selected Answer: 1. supplicant

A(n) ____ is a proposed systems user.Answer

Selected Answer: 1. supplicant

Question 38

1 out of 1 points

A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.Answer

Selected Answer: 4. MAC

Question 39

1 out of 1 points

____ is the process of classifying IDPS alerts so that they can be more effectively managed.Answer

Selected Answer: 1. Alarm filtering

Question 40

1 out of 1 points

In most common implementation models, the content filter has two components: ____.Answer

Selected Answer: 2. rating and filtering

Question 41

1 out of 1 points

Telnet protocol packets usually go to TCP port ____.Answer


Question 42

1 out of 1 points

The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees.Answer

Selected Answer: 4. CISO

Question 43

1 out of 1 points

ISA Server can use ____ technology.Answer

Selected Answer: 4. Point to Point Tunneling Protocol

Question 44

1 out of 1 points

A buffer against outside attacks is frequently referred to as a(n) ____.Answer


Question 45

1 out of 1 points

Using ____, the system reviews the log files generated by servers, network devices, and even other IDPSs.Answer

Selected Answer: 2. LFM

Question 46

1 out of 1 points

____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.Answer

Selected Answer: 2. Network

Question 47

1 out of 1 points

SHA-1 produces a(n) ____-bit message digest, which can then be used as an input to a digital signature algorithm.Answer


Question 48

1 out of 1 points

The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.Answer

Selected Answer: 4. EISP

Question 49

1 out of 1 points

____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.Answer

Selected Answer: 4. Fuzz

Question 50

1 out of 1 points

____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection.Answer

Selected Answer: 1. RADIUS

Question 51

1 out of 1 points

A(n) ____ is “a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.”Answer

Selected Answer: 3. VPN

Question 52

1 out of 1 points

____ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.Answer

Selected Answer: 3. Static

Question 53

1 out of 1 points

Which of the following ports is commonly used for the HTTP protocol?Answer


Question 54

1 out of 1 points

The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____.Answer

Selected Answer: 3. IETF

Question 55

1 out of 1 points

____ controls address personnel security, physical security, and the protection of production inputs and outputs.Answer

Selected Answer: 1. Operational

Question 56

1 out of 1 points

The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate.Answer

Selected Answer: 4. CER

Question 57

1 out of 1 points

Effective management includes planning and ____.Answer


Question 58

1 out of 1 points

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host.Answer

Selected Answer: 3. sacrificial

Question 59

1 out of 1 points

The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone.Answer

Selected Answer: 3. demilitarized

Question 60

1 out of 1 points

Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.Answer

Selected Answer: 1. assessment

Question 61

1 out of 1 points

The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.Answer

Selected Answer: 4. AH

Question 62

1 out of 1 points

____ is the protocol used to secure communications across any IP-based network such as LANs, WANs, and the Internet.Answer

Selected Answer: 2. IPSec

Question 63

1 out of 1 points

____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.Answer

Selected Answer: 3. Biometric access control

Question 64

1 out of 1 points

Security ____ are the areas of trust within which users can freely communicate.Answer

Selected Answer: 1. domains

Question 65

1 out of 1 points

More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions.Answer

Selected Answer: 1. polyalphabetic

Question 66

1 out of 1 points

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source.Answer

Selected Answer: 1. Trap and trace

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source.Answer

Selected Answer: 1. Trap and trace

Question 67

1 out of 1 points

A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.Answer

Selected Answer: 2. IDS

Question 68

1 out of 1 points

Strategic planning is the process of moving the organization towards its ____.Answer

Selected Answer: 2. vision

Question 69

1 out of 1 points

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____.Answer

Selected Answer: 1. PAC

Question 70

1 out of 1 points

The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use.Answer

Selected Answer: 2. RSA

The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use.Answer

Selected Answer: 2. RSA

Question 71

1 out of 1 points

____ generates and issues session keys in Kerberos.Answer

Selected Answer: 2. KDC

Question 72

1 out of 1 points

____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.Answer

Selected Answer: 2. HIDPSs

Question 73

1 out of 1 points

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____.Answer

Selected Answer: 1. fingerprinting

Question 74

1 out of 1 points

In TCP/IP networking, port ____ is not used.Answer


In TCP/IP networking, port ____ is not used.Answer


Question 75

1 out of 1 points

____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.Answer

Selected Answer: 3. PGP

Question 76

1 out of 1 points

____ are decoy systems designed to lure potential attackers away from critical systems.Answer

Selected Answer: 4. Honeypots

Question 77

1 out of 1 points

A ____ site provides only rudimentary services and facilities.Answer

Selected Answer: 1. cold

Question 78

1 out of 1 points

Among all possible biometrics, ____ is(are) considered truly unique.Answer


Among all possible biometrics, ____ is(are) considered truly unique.Answer


Question 79

1 out of 1 points

Digital signatures should be created using processes and products that are based on the ____.Answer

Selected Answer: 2. DSS

Question 80

1 out of 1 points

The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.Answer

Selected Answer: 4. security

Question 81

1 out of 1 points

A method of encryption that requires the same secret key to encipher and decipher the message is known as ____ encryption.Answer

Selected Answer: 3. symmetric

Question 82

1 out of 1 points

Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs.Answer

Selected Answer: 1. passive

Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs.Answer

Selected Answer: 1. passive

Question 83

1 out of 1 points

____ is a federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure.Answer

Selected Answer: 3. AES

Question 84

1 out of 1 points

____ often function as standards or procedures to be used when configuring or maintaining systems.Answer

Selected Answer: 4. SysSPs

Question 85

1 out of 1 points

____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.Answer

Selected Answer: 3. Packet-filtering

Question 86

1 out of 1 points

Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.Answer

Selected Answer: 1. de jure

Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.Answer

Selected Answer: 1. de jure

Question 87

1 out of 1 points

____ is an event that triggers an alarm when no actual attack is in progress.Answer

Selected Answer: 1. False Attack Stimulus

Question 88

1 out of 1 points

____ are encrypted messages that can be mathematically proven to be authentic.Answer

Selected Answer: 3. Digital signatures

Question 89

1 out of 1 points

____ is the protocol for handling TCP traffic through a proxy server.Answer

Selected Answer: 3. SOCKS

Question 90

1 out of 1 points

What country adopted ISO/IEC 17799?Answer

Selected Answer: 4. None of the above

Question 91

1 out of 1 points

____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.Answer

Selected Answer: 1. MAC layer

Question 92

1 out of 1 points

____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.Answer

Selected Answer: 1. NIDPSs

Question 93

1 out of 1 points

A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.Answer

Selected Answer: 4. framework

Question 94

1 out of 1 points

____ is the process of converting an original message into a form that is unreadable to unauthorized individuals.Answer

Selected Answer: 4. Encryption

Question 95

1 out of 1 points

The application gateway is also known as a(n) ____.Answer

Selected Answer: 2. application-level firewall

Question 96

0 out of 1 points

____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.Answer

Selected Answer: 1. NIDPS

Question 97

1 out of 1 points

Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.Answer


Question 98

1 out of 1 points

DES uses a(n) ____-bit block size.Answer


Question 99

1 out of 1 points

The transfer of large batches of data to an off-site facility is called ____.Answer

Selected Answer: 1. electronic vaulting

Question 100

1 out of 1 points

____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.Answer

Selected Answer: 4. PKI

Question 101

1 out of 1 points

To assist in the footprint intelligence collection process, you can use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses.Answer

Selected Answer: 1. True

Question 102

1 out of 1 points

A HIDPS can monitor systems logs for predefined events.Answer


Question 103

0 out of 1 points

The asymmetric encryption systems use a single key to both encrypt and decrypt a message.Answer


Question 104

1 out of 1 points

The encapsulating security payload protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.Answer


Question 105

1 out of 1 points

Failure to develop an information security system based on the organization’s mission, vision, and culture guarantees the failure of the information security program.Answer


Question 106

1 out of 1 points

The application firewall runs special software that acts as a proxy for a service request.Answer


Question 107

1 out of 1 points

There are limits to the level of configurability and protection that software firewalls can provide.Answer


There are limits to the level of configurability and protection that software firewalls can provide.Answer


Question 108

0 out of 1 points

To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted.Answer


Question 109

1 out of 1 points

A VPN allows a user to turn the Internet into a private network.Answer


Question 110

0 out of 1 points

Intrusion detection and prevention systems can deal effectively with switched networks.Answer


Question 111

1 out of 1 points

The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies.Answer


The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies.Answer


Question 112

1 out of 1 points

Dictionary attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext generated by the cryptosystem.Answer

Selected Answer: 2. False

Question 113

1 out of 1 points

A starting scanner is one that initiates traffic on the network in order to determine security holes.Answer


Question 114

1 out of 1 points

You can create a single comprehensive ISSP document covering all information security issues.Answer


Question 115

1 out of 1 points

A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network.Answer


A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network.Answer


Question 116

1 out of 1 points

The ability to restrict a specific service is now considered standard in most routers and is invisible to the user.Answer


Question 117

1 out of 1 points

Database shadowing only processes a duplicate in real-time data storage but does not duplicate the databases at the remote site.Answer


Question 118

1 out of 1 points

A false positive is the failure of an IDPS system to react to an actual attack event.Answer


Question 119

1 out of 1 points

In order to determine which IDPS best meets an organization’s needs, first consider the organizational environment in technical, physical, and political terms.Answer


In order to determine which IDPS best meets an organization’s needs, first consider the organizational environment in technical, physical, and political terms.Answer


Question 120

0 out of 1 points

Your organization’s operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems.Answer


Question 121

1 out of 1 points

A content filter is technically a firewall.Answer


Question 122

1 out of 1 points

A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers.Answer


Question 123

1 out of 1 points

All IDPS vendors target users with the same levels of technical and security expertise.Answer


All IDPS vendors target users with the same levels of technical and security expertise.Answer


Question 124

1 out of 1 points

Nmap uses incrementing Time-To-Live packets to determine the path into a network as well as the default firewall policy.Answer


Question 125

1 out of 1 points

Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing.Answer


Question 126

1 out of 1 points

Firewall Rule Set 1 states that responses to internal requests are not allowed.Answer


Question 127

0 out of 1 points

It is important that e-mail traffic reach your e-mail server and only your e-mail server.Answer


Question 128

1 out of 1 points

The Extended TACACS version uses dynamic passwords and incorporates two-factor authentication.Answer


Question 129

1 out of 1 points

One method of protecting the residential user is to install a software firewall directly on the user’s system.Answer


Question 130

1 out of 1 points

To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date.Answer


Question 131

1 out of 1 points

Internet connections via dial-up and leased lines are becoming more popular.Answer


Question 132

1 out of 1 points

HIDPSs are also known as system integrity verifiers.Answer


Question 133

1 out of 1 points

One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message.Answer


Question 134

1 out of 1 points

NIDPSs can reliably ascertain if an attack was successful or not.Answer


Question 135

1 out of 1 points

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on the network.Answer


Question 136

1 out of 1 points

Secure Electronic Transactions was developed by MasterCard and VISA in 1997 to protect against electronic payment fraud.Answer


Question 137

1 out of 1 points

Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall’s database.Answer


Question 138

1 out of 1 points

In 1917, Gilbert S.Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key.Answer


Question 139

0 out of 1 points

The ISSP sets out the requirements that must be met by the information security blueprint or framework.Answer


Question 140

0 out of 1 points

The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus.Answer


Question 141

1 out of 1 points

Many industry observers claim that ISO/IEC 17799 is not as complete as other frameworks.Answer


Question 142

1 out of 1 points

Information security safeguards provide two levels of control: managerial and remedial.Answer


Question 143

1 out of 1 points

A sniffer cannot be used to eavesdrop on network traffic.Answer


Question 144

1 out of 1 points

Circuit gateway firewalls usually look at data traffic flowing between one network and another.Answer


Question 145

1 out of 1 points

NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans.Answer


Question 146

1 out of 1 points

The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.Answer


Question 147

1 out of 1 points

IDPS responses can be classified as active or passive.Answer


Question 148

1 out of 1 points

An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS.Answer


Question 149

0 out of 1 points

Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny.Answer


Question 150

1 out of 1 points

Each policy should contain procedures and a timetable for periodic review.Answer


exam 2 chapters 5-8

Documents