SlideShare uma empresa Scribd logo

Chapter 12 protection_mechanisms

Transferir como DOCX, PDF
H
husseinalshomali

test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Tecnologia
1 de 8
Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 1 1. Technical controls alone, when properly configured, can secure an IT environment. a. True b. False ANSWER: False 2. The “something a person has” authentication mechanism takes advantage of something inherent in the user that is evaluated using biometrics. a. True b. False ANSWER: False 3. The ability to restrict specific services is a common practice in most modern routers, and is invisible to the user. a. True b. False ANSWER: True 4. Secure Shell (SSH) provides security for remote access connections over public networks by creating a secure and persistent connection.. a. True b. False ANSWER: True 5. The KDC component of Kerberos knows the secret keys of all clients and servers on the network. a. True b. False ANSWER: True 6. Which of the following access controlprocesses confirms the identity of the entity seeking access to a logical or physical area? a. Identification b. Authentication c. Authorization d. Accountability ANSWER: b 7. Which of the following is NOT among the three types of authentication mechanisms? a. Something a person knows b. Something a person has c. Something a person sees d. Something a person can produce ANSWER: c 8. Which of the following characteristics currently used today for authentication purposes is the LEAST unique? a. Fingerprints b. Iris c. Retina d. Face geometry ANSWER: d 9. Which of the following is a commonly used criteria used to compare and evaluate biometric technologies? a. False accept rate b. Crossover error rate
Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 2 c. False reject rate d. Valid accept rate ANSWER: b 10. Which of the following biometric authentication systems is considered to be the most secure? a. Fingerprint recognition b. Signature recognition c. Voice pattern recognition d. Retina pattern recognition ANSWER: d 11. Which of the following biometric authentication systems is the most accepted by users? a. Keystroke pattern recognition b. Fingerprint recognition c. Signature recognition d. Retina pattern recognition ANSWER: c 12. Which type of firewall keeps track of each network connection established between internal and external systems? a. Packet filtering b. Stateful packet inspection c. Application layer d. Cache server ANSWER: b 13. The intermediate area between trusted and untrusted networks is referred to as which of the following? a. Unfiltered area b. Semi-trusted area c. Demilitarized zone d. Proxy zone ANSWER: c 14. Which type of device allows only specific packets with a particular source, destination, and port address to pass through it. a. Dynamic packet filtering firewall b. Proxy server c. Intrusion detection system d. Application layer firewall ANSWER: a 15. Which technology employs sockets to map internal private network addresses to a public address using a one-to-many mapping? a. Network-address translation b. Screened-subnet firewall c. Port-address translation d. Private address mapping ANSWER: c 16. Which of the following is true about firewalls and their ability to adapt in a network? a. Firewalls can interpret human actions and make decisions outside their programming b. Because firewalls are not programmed like a computer, they are less error prone c. Firewalls are flexible and can adapt to new threats d. Firewalls deal strictly with defined patterns of measured observation ANSWER: d 17. Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding? a. Sending DoS packets to the source b. Terminating the network connection c. Reconfiguring network devices d. Changing the attack’s content
Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 3 ANSWER: a 18. Which type of IDPS is also known as a behavior-based intrusion detection system? a. Network-based b. Anomaly-based c. Host-based d. Signature-based ANSWER: b 19. Which tool can best identify active computers on a network? a. Packet sniffer b. Port scanner c. Trap and trace d. Honey pot ANSWER: b 20. What is the next phase of the preattack data gathering process after an attacker has collected all of an organization’s Internet addresses? a. Footprinting b. Content filtering c. Deciphering d. Fingerprinting ANSWER: d 21. What is the range of the well-known ports used by TCP and UDP? a. 1024-65,536 b. 0-1023 c. 0-65,536 d. 20, 21, 25, 53, 80 ANSWER: b 22. Which port number is commonly used for the Hypertext Transfer Protocol service. a. 25 b. 53 c. 80 d. 8080 ANSWER: c 23. Which port number is commonly used for the Simple Mail Transfer Protocol service? a. 25 b. 53 c. 68 d. 443 ANSWER: a 24. What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems? a. Port scanner b. Packet sniffer c. Vulnerability scanner d. Content filter ANSWER: b 25. Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data? a. Key b. Plaintext c. Cipher d. Cryptosystem
Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 4 ANSWER: a 26. In which cipher method are values rearranged within a block to create the ciphertext? a. Permutation b. Vernam c. Substitution d. Monoalphabetic ANSWER: a 27. Which of the following is true about symmetric encryption? a. Uses a secret key to encrypt and decrypt b. Uses a private and public key c. It is also known as public key encryption d. It requires four keys to hold a conversation ANSWER: a 28. Which technology has two modes of operation: transport and tunnel? a. Secure Hypertext Transfer Protocol b. Secure Shell c. IP Security d. Secure Sockets Layer ANSWER: c 29. Which of the following provides an identification card of sorts to clients who request services in a Kerberos system? a. Ticket Granting Service b. Authentication Server c. Authentication Client d. Key Distribution Center ANSWER: a 30. Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys? a. Authentication Server b. Authentication Client c. Key Distribution Center d. Ticket Granting Service ANSWER: c 31. What is most commonly used for the goal of nonrepudiation in cryptography? a. Block cipher b. Secret key c. PKI d. Digital signature ANSWER: d 32. ____________________ is the determination of actions that an entity can perform in a physical or logical area. ANSWER: Authorization 33. A(n) ____________________ is a secret word or combination of characters known only by the user. ANSWER: password 34. ________ recognition authentication captures the analog waveforms of human speech. ANSWER: Voice 35. A(n) ____________________ token uses a challenge-response system in which the server challenges the user with a number, that when entered into the token provides a response that provides access. ANSWER: asynchronous
Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 5 36. A(n) ____________________ is any device that prevents a specific type of information from moving between an untrusted network and a trusted network. ANSWER: firewall 37. You might put a proxy server in the __________________, which is exposed to the outside world, neither in the trusted nor untrusted network. ANSWER: demilitarized zone DMZ 38. ____________ is a technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-one basis. ANSWER: Network-address translation Network address translation NAT 39. ____________________ presents a threat to wireless communications, a practice that makes it prudent to use a wireless encryption protocol to prevent unauthorized use of your Wi-Fi network. ANSWER: War driving 40. The ___________ wireless security protocol was replaced by stronger protocols due to several vulnerabilities found in the early 2000s. ANSWER: WEP wired equivalent privacy 41. The Ticket Granting Service (TGS) is one of three services in the __________ system, and provides tickets to clients who request services. ANSWER: Kerberos 42. Describe and provide an example for each of the types of authentication mechanisms. ANSWER: There are three types of authentication mechanisms: - Something a person knows (for example, passwords and passphrases) - Something a person has (such as cryptographic tokens and smart cards) - Something a person produces (such as voice and signature pattern recognition, fingerprints, palm prints, hand topography, hand geometry, and retina and iris scans) 43. Briefly describe how biometric technologies are generally evaluated. ANSWER: Biometric technologies are generally evaluated according to three basic criteria: - False reject rate: the percentage of authorized users who are denied access - False accept rate:the percentage of unauthorized users who are allowed access - Crossover error rate: the point at which the number of false rejections equals the number of false acceptances 44. What should you look for when selecting a firewall for your network? ANSWER: 1. What type of firewall technology offers the right balance between protection and cost for the needs of the organization? 2. What features are included in the base price? What features are available at extra cost? Are all cost factors known? 3. How easy is it to set up and configure the firewall? How accessible are the staff technicians who can competently configure the firewall?
Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 6 4. Can the candidate firewall adapt to the growing network in the target organization? 45. List the most common firewall implementation architectures. ANSWER: Three architectural implementations of firewalls are especially common: single bastion hosts, screened-host firewalls, and screened-subnet firewalls. 46. What are NAT and PAT? Describe these technologies. ANSWER: NAT is a method of converting multiple real, routable external IP addresses to special ranges of internal IP addresses, usually on a one-to-one basis; that is, one external valid address directly maps to one assigned internal address. A related approach, called port-address translation (PAT), converts a single real, valid, external IP address to special ranges of internal IP addresses—that is, a one-to-many approach in which one address is mapped dynamically to a range of internal addresses by adding a unique port number when traffic leaves the private network and is placed on the public network. 47. There are six recommended best practices for firewall use according to Laura Taylor. List three of them. ANSWER: All traffic from the trusted network is allowed out. The firewall device is never accessible directly from the public network. Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall, but all of it is routed to a well-configured SMTP gateway to filter and route messaging traffic securely. All Internet Control Message Protocol (ICMP) data is denied. Telnet/terminal emulation access to all internal servers from the public networks is blocked. When Web services are offered outside the firewall, HTTP traffic is prevented from reaching your internal networks via the implementation of some form of proxy access or DMZ architecture. 48. Describe in basic terms what an IDPS is. ANSWER: Intrusion detection and prevention systems (IDPSs) work like burglar alarms. When the system detects a violation—the IT equivalent of an opened or broken window—it activates the alarm. This alarm can be audible and visible (noise and lights), or it can be a silent alarm that sends a message to a monitoring company. 49. What is WEP and why is it no longer in favor? ANSWER: WEP is designed to provide a basic level of security protection to Wi-Fi networks, to prevent unauthorized access or eavesdropping. However, WEP, like a traditional wired network, does not protect users from each other; it only protects the network from unauthorized users. In the early 2000s, cryptologists found several fundamental flaws in WEP, resulting in vulnerabilities that can be exploited to gain access. These vulnerabilities ultimately led to the replacement of WEP as the industry standard with WPA. 50. What is a packet sniffer and how can it be used for good or nefarious purposes? ANSWER: A packet sniffer is a network tool that collects and analyzes copies of packets from the network. It can provide a network administrator with valuable information to help diagnose and resolve networking issues. In the wrong hands, it can be used to eavesdrop on network traffic. 51. What is asymmetric encryption? ANSWER: Asymmetric encryption is also known as public key encryption. Whereas symmetric encryption systems use a single key both to encrypt and decrypt a message, asymmetric encryption uses two different keys. Either key
Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 7 can be used to encrypt or decrypt the message, but not both for the same message. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting 52. An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates. ANSWER: d 53. A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. ANSWER: f 54. The organized research and investigation of Internet addresses owned or controlled by a target organization. ANSWER: j 55. In IPSec, an encryption method in which only a packet’s IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses. ANSWER: b 56. A cryptographic technique developed at AT&T and known as the “one-time pad,” this cipher uses a set of characters for encryption operations only one time and then discards it. ANSWER: g 57. Was developed by Netscape in 1994 to provide security for online e-commerce transactions. ANSWER: c 58. A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment. ANSWER: i 59. A private, secure network operated over a public and insecure network. ANSWER: a 60. A cryptographic operation that involves simply rearranging the values within a block based on an established pattern. ANSWER: h
Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 8 61. Public key container files that allow PKI system components and end users to validate a public key and identify its owner. ANSWER: e

Recomendados

Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_programhusseinalshomali
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_securityhusseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskhusseinalshomali
 
Chapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskChapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskhusseinalshomali
 
Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policyhusseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practiceshusseinalshomali
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editionhusseinalshomali
 
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...husseinalshomali
 

Recomendados

Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_programhusseinalshomali
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_securityhusseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskhusseinalshomali
 
Chapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskChapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskhusseinalshomali
 
Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policyhusseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practiceshusseinalshomali
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editionhusseinalshomali
 
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...husseinalshomali
 
Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencieshusseinalshomali
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_modelshusseinalshomali
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityhusseinalshomali
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptxSiphamandla9
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Enterprise Management Associates
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5madunix
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterSylvio Verrecchia - IT Security Engineer
 
Unit I Q&A.docx
Unit I Q&A.docxUnit I Q&A.docx
Unit I Q&A.docxkarthikaparthasarath
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docxambersalomon88660
 

Mais conteúdo relacionado

Mais procurados

Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencieshusseinalshomali
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_modelshusseinalshomali
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityhusseinalshomali
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Enterprise Management Associates
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5madunix
 

Mais procurados (20)

Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencies
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_security
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptx
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)Modern Requirements and Solutions for Privileged Access Management (PAM)
Modern Requirements and Solutions for Privileged Access Management (PAM)
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 

Semelhante a Chapter 12 protection_mechanisms

1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docxambersalomon88660
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicjenie Emmons
 
Advanced pc security final exam results
Advanced pc security final exam resultsAdvanced pc security final exam results
Advanced pc security final exam resultsDale Vick
 
CEHv8 practice Exam with key
CEHv8 practice Exam with keyCEHv8 practice Exam with key
CEHv8 practice Exam with keyJahaSoft
 
4_5769479639445540375.pptx
4_5769479639445540375.pptx4_5769479639445540375.pptx
4_5769479639445540375.pptxHHoko1
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question CollectionManish Luintel
 
Network security interview questions & answers
Network security interview questions & answersNetwork security interview questions & answers
Network security interview questions & answersSimpliv LLC
 
CMIT 321 FINAL EXAM
CMIT 321 FINAL EXAMCMIT 321 FINAL EXAM
CMIT 321 FINAL EXAMHamesKellor
 
Distributed System by Pratik Tambekar
Distributed System by Pratik TambekarDistributed System by Pratik Tambekar
Distributed System by Pratik TambekarPratik Tambekar
 
Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-teststacio
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINcscpconf
 
H12-711_V3.0-ENU HCIA-Security v3.0 Real Questions
H12-711_V3.0-ENU HCIA-Security v3.0 Real QuestionsH12-711_V3.0-ENU HCIA-Security v3.0 Real Questions
H12-711_V3.0-ENU HCIA-Security v3.0 Real QuestionswilliamLeo13
 

Semelhante a Chapter 12 protection_mechanisms (20)

Unit I Q&A.docx
Unit I Q&A.docxUnit I Q&A.docx
Unit I Q&A.docx
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx
 
Security (IP)
Security (IP)Security (IP)
Security (IP)
 
312 50-demo
312 50-demo312 50-demo
312 50-demo
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magic
 
Wa
WaWa
Wa
 
Advanced pc security final exam results
Advanced pc security final exam resultsAdvanced pc security final exam results
Advanced pc security final exam results
 
CEHv8 practice Exam with key
CEHv8 practice Exam with keyCEHv8 practice Exam with key
CEHv8 practice Exam with key
 
Security (FE)
Security (FE)Security (FE)
Security (FE)
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
 
4_5769479639445540375.pptx
4_5769479639445540375.pptx4_5769479639445540375.pptx
4_5769479639445540375.pptx
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
 
Cissp actual exam
Cissp actual examCissp actual exam
Cissp actual exam
 
Network security interview questions & answers
Network security interview questions & answersNetwork security interview questions & answers
Network security interview questions & answers
 
CMIT 321 FINAL EXAM
CMIT 321 FINAL EXAMCMIT 321 FINAL EXAM
CMIT 321 FINAL EXAM
 
Distributed System by Pratik Tambekar
Distributed System by Pratik TambekarDistributed System by Pratik Tambekar
Distributed System by Pratik Tambekar
 
Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-test
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
 
H12-711_V3.0-ENU HCIA-Security v3.0 Real Questions
H12-711_V3.0-ENU HCIA-Security v3.0 Real QuestionsH12-711_V3.0-ENU HCIA-Security v3.0 Real Questions
H12-711_V3.0-ENU HCIA-Security v3.0 Real Questions
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Último (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Chapter 12 protection_mechanisms

  • 1. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 1 1. Technical controls alone, when properly configured, can secure an IT environment. a. True b. False ANSWER: False 2. The “something a person has” authentication mechanism takes advantage of something inherent in the user that is evaluated using biometrics. a. True b. False ANSWER: False 3. The ability to restrict specific services is a common practice in most modern routers, and is invisible to the user. a. True b. False ANSWER: True 4. Secure Shell (SSH) provides security for remote access connections over public networks by creating a secure and persistent connection.. a. True b. False ANSWER: True 5. The KDC component of Kerberos knows the secret keys of all clients and servers on the network. a. True b. False ANSWER: True 6. Which of the following access controlprocesses confirms the identity of the entity seeking access to a logical or physical area? a. Identification b. Authentication c. Authorization d. Accountability ANSWER: b 7. Which of the following is NOT among the three types of authentication mechanisms? a. Something a person knows b. Something a person has c. Something a person sees d. Something a person can produce ANSWER: c 8. Which of the following characteristics currently used today for authentication purposes is the LEAST unique? a. Fingerprints b. Iris c. Retina d. Face geometry ANSWER: d 9. Which of the following is a commonly used criteria used to compare and evaluate biometric technologies? a. False accept rate b. Crossover error rate
  • 2. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 2 c. False reject rate d. Valid accept rate ANSWER: b 10. Which of the following biometric authentication systems is considered to be the most secure? a. Fingerprint recognition b. Signature recognition c. Voice pattern recognition d. Retina pattern recognition ANSWER: d 11. Which of the following biometric authentication systems is the most accepted by users? a. Keystroke pattern recognition b. Fingerprint recognition c. Signature recognition d. Retina pattern recognition ANSWER: c 12. Which type of firewall keeps track of each network connection established between internal and external systems? a. Packet filtering b. Stateful packet inspection c. Application layer d. Cache server ANSWER: b 13. The intermediate area between trusted and untrusted networks is referred to as which of the following? a. Unfiltered area b. Semi-trusted area c. Demilitarized zone d. Proxy zone ANSWER: c 14. Which type of device allows only specific packets with a particular source, destination, and port address to pass through it. a. Dynamic packet filtering firewall b. Proxy server c. Intrusion detection system d. Application layer firewall ANSWER: a 15. Which technology employs sockets to map internal private network addresses to a public address using a one-to-many mapping? a. Network-address translation b. Screened-subnet firewall c. Port-address translation d. Private address mapping ANSWER: c 16. Which of the following is true about firewalls and their ability to adapt in a network? a. Firewalls can interpret human actions and make decisions outside their programming b. Because firewalls are not programmed like a computer, they are less error prone c. Firewalls are flexible and can adapt to new threats d. Firewalls deal strictly with defined patterns of measured observation ANSWER: d 17. Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding? a. Sending DoS packets to the source b. Terminating the network connection c. Reconfiguring network devices d. Changing the attack’s content
  • 3. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 3 ANSWER: a 18. Which type of IDPS is also known as a behavior-based intrusion detection system? a. Network-based b. Anomaly-based c. Host-based d. Signature-based ANSWER: b 19. Which tool can best identify active computers on a network? a. Packet sniffer b. Port scanner c. Trap and trace d. Honey pot ANSWER: b 20. What is the next phase of the preattack data gathering process after an attacker has collected all of an organization’s Internet addresses? a. Footprinting b. Content filtering c. Deciphering d. Fingerprinting ANSWER: d 21. What is the range of the well-known ports used by TCP and UDP? a. 1024-65,536 b. 0-1023 c. 0-65,536 d. 20, 21, 25, 53, 80 ANSWER: b 22. Which port number is commonly used for the Hypertext Transfer Protocol service. a. 25 b. 53 c. 80 d. 8080 ANSWER: c 23. Which port number is commonly used for the Simple Mail Transfer Protocol service? a. 25 b. 53 c. 68 d. 443 ANSWER: a 24. What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems? a. Port scanner b. Packet sniffer c. Vulnerability scanner d. Content filter ANSWER: b 25. Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data? a. Key b. Plaintext c. Cipher d. Cryptosystem
  • 4. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 4 ANSWER: a 26. In which cipher method are values rearranged within a block to create the ciphertext? a. Permutation b. Vernam c. Substitution d. Monoalphabetic ANSWER: a 27. Which of the following is true about symmetric encryption? a. Uses a secret key to encrypt and decrypt b. Uses a private and public key c. It is also known as public key encryption d. It requires four keys to hold a conversation ANSWER: a 28. Which technology has two modes of operation: transport and tunnel? a. Secure Hypertext Transfer Protocol b. Secure Shell c. IP Security d. Secure Sockets Layer ANSWER: c 29. Which of the following provides an identification card of sorts to clients who request services in a Kerberos system? a. Ticket Granting Service b. Authentication Server c. Authentication Client d. Key Distribution Center ANSWER: a 30. Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys? a. Authentication Server b. Authentication Client c. Key Distribution Center d. Ticket Granting Service ANSWER: c 31. What is most commonly used for the goal of nonrepudiation in cryptography? a. Block cipher b. Secret key c. PKI d. Digital signature ANSWER: d 32. ____________________ is the determination of actions that an entity can perform in a physical or logical area. ANSWER: Authorization 33. A(n) ____________________ is a secret word or combination of characters known only by the user. ANSWER: password 34. ________ recognition authentication captures the analog waveforms of human speech. ANSWER: Voice 35. A(n) ____________________ token uses a challenge-response system in which the server challenges the user with a number, that when entered into the token provides a response that provides access. ANSWER: asynchronous
  • 5. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 5 36. A(n) ____________________ is any device that prevents a specific type of information from moving between an untrusted network and a trusted network. ANSWER: firewall 37. You might put a proxy server in the __________________, which is exposed to the outside world, neither in the trusted nor untrusted network. ANSWER: demilitarized zone DMZ 38. ____________ is a technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-one basis. ANSWER: Network-address translation Network address translation NAT 39. ____________________ presents a threat to wireless communications, a practice that makes it prudent to use a wireless encryption protocol to prevent unauthorized use of your Wi-Fi network. ANSWER: War driving 40. The ___________ wireless security protocol was replaced by stronger protocols due to several vulnerabilities found in the early 2000s. ANSWER: WEP wired equivalent privacy 41. The Ticket Granting Service (TGS) is one of three services in the __________ system, and provides tickets to clients who request services. ANSWER: Kerberos 42. Describe and provide an example for each of the types of authentication mechanisms. ANSWER: There are three types of authentication mechanisms: - Something a person knows (for example, passwords and passphrases) - Something a person has (such as cryptographic tokens and smart cards) - Something a person produces (such as voice and signature pattern recognition, fingerprints, palm prints, hand topography, hand geometry, and retina and iris scans) 43. Briefly describe how biometric technologies are generally evaluated. ANSWER: Biometric technologies are generally evaluated according to three basic criteria: - False reject rate: the percentage of authorized users who are denied access - False accept rate:the percentage of unauthorized users who are allowed access - Crossover error rate: the point at which the number of false rejections equals the number of false acceptances 44. What should you look for when selecting a firewall for your network? ANSWER: 1. What type of firewall technology offers the right balance between protection and cost for the needs of the organization? 2. What features are included in the base price? What features are available at extra cost? Are all cost factors known? 3. How easy is it to set up and configure the firewall? How accessible are the staff technicians who can competently configure the firewall?
  • 6. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 6 4. Can the candidate firewall adapt to the growing network in the target organization? 45. List the most common firewall implementation architectures. ANSWER: Three architectural implementations of firewalls are especially common: single bastion hosts, screened-host firewalls, and screened-subnet firewalls. 46. What are NAT and PAT? Describe these technologies. ANSWER: NAT is a method of converting multiple real, routable external IP addresses to special ranges of internal IP addresses, usually on a one-to-one basis; that is, one external valid address directly maps to one assigned internal address. A related approach, called port-address translation (PAT), converts a single real, valid, external IP address to special ranges of internal IP addresses—that is, a one-to-many approach in which one address is mapped dynamically to a range of internal addresses by adding a unique port number when traffic leaves the private network and is placed on the public network. 47. There are six recommended best practices for firewall use according to Laura Taylor. List three of them. ANSWER: All traffic from the trusted network is allowed out. The firewall device is never accessible directly from the public network. Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall, but all of it is routed to a well-configured SMTP gateway to filter and route messaging traffic securely. All Internet Control Message Protocol (ICMP) data is denied. Telnet/terminal emulation access to all internal servers from the public networks is blocked. When Web services are offered outside the firewall, HTTP traffic is prevented from reaching your internal networks via the implementation of some form of proxy access or DMZ architecture. 48. Describe in basic terms what an IDPS is. ANSWER: Intrusion detection and prevention systems (IDPSs) work like burglar alarms. When the system detects a violation—the IT equivalent of an opened or broken window—it activates the alarm. This alarm can be audible and visible (noise and lights), or it can be a silent alarm that sends a message to a monitoring company. 49. What is WEP and why is it no longer in favor? ANSWER: WEP is designed to provide a basic level of security protection to Wi-Fi networks, to prevent unauthorized access or eavesdropping. However, WEP, like a traditional wired network, does not protect users from each other; it only protects the network from unauthorized users. In the early 2000s, cryptologists found several fundamental flaws in WEP, resulting in vulnerabilities that can be exploited to gain access. These vulnerabilities ultimately led to the replacement of WEP as the industry standard with WPA. 50. What is a packet sniffer and how can it be used for good or nefarious purposes? ANSWER: A packet sniffer is a network tool that collects and analyzes copies of packets from the network. It can provide a network administrator with valuable information to help diagnose and resolve networking issues. In the wrong hands, it can be used to eavesdrop on network traffic. 51. What is asymmetric encryption? ANSWER: Asymmetric encryption is also known as public key encryption. Whereas symmetric encryption systems use a single key both to encrypt and decrypt a message, asymmetric encryption uses two different keys. Either key
  • 7. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 7 can be used to encrypt or decrypt the message, but not both for the same message. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting 52. An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates. ANSWER: d 53. A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. ANSWER: f 54. The organized research and investigation of Internet addresses owned or controlled by a target organization. ANSWER: j 55. In IPSec, an encryption method in which only a packet’s IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses. ANSWER: b 56. A cryptographic technique developed at AT&T and known as the “one-time pad,” this cipher uses a set of characters for encryption operations only one time and then discards it. ANSWER: g 57. Was developed by Netscape in 1994 to provide security for online e-commerce transactions. ANSWER: c 58. A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment. ANSWER: i 59. A private, secure network operated over a public and insecure network. ANSWER: a 60. A cryptographic operation that involves simply rearranging the values within a block based on an established pattern. ANSWER: h
  • 8. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 8 61. Public key container files that allow PKI system components and end users to validate a public key and identify its owner. ANSWER: e