Chapter 7 Review Questions Answers

The TCP/IP architecture uses how many layers? Seven Six Five Four Which of the following would not be a valid Internet Control Message Protocol (ICMP) error message? Network Unreachable Host Unreachable Router Delay Destination Network Unknown Each of the following attacks use Internet Control Message Protocol (ICMP) except _______. Smurf DoS attack ICMP Redirect attack Ping of Death ICMP poisoning Which version of Simple Network Management Protocol (SNMP) is considered the most secure? SNMPv2 SNMPv3 SNMPv4 SNMPv5 Which of the following Domain Name System (DNS) attacks replaces a fraudulent IP address for a symbolic name? DNS replay DNS poisoning DNS masking DNS forwarding Which of the following is the most secure protocol for transferring files? SCP FTPS SFTP

FTP The address space in an IPv6 header is _____ bits in length. 32 64 128 256 Each of the following is a technique for securing a router except _______. make all configuration changes remotely secure all ports use a meaningful router name set a strong administrator password Which of the following is true regarding a flood guard? It is a separate hardware appliance that is located inside the DMZ. It can be used on either local host systems or network devices. It protects a router from password intrusions. It prevents DoS or DDoS attacks. Each of the following is a type of a network security hardware log except _______. local host anti-virus log NIDS and NIPS logs proxy server log firewall log Each of the following is an entry in a firewall log that should be investigated except _______. IP addresses that are being rejected and dropped suspicious outbound connections IP addresses that are being rejected and dropped successful logins If a group of users must be separated from other users, which is the most secure network design? Use a VLAN Connect them to different switches and routers Use a subnet mask It is impossible to separate users on a network

Why is loop protection necessary? It denies attackers from launching DDoS attacks It prevents a broadcast storm that can cripple a network It must be installed before IEEE 802.1d can be implemented It makes a DMZ more secure What does MAC limiting and filtering do? It limits devices that can connect to a switch It prevents Address Resolution Protocol spoofing It provides security for a router It allows only approved wireless devices to connect to a network In a network using IEEE 802.1x, a supplicant _______. makes a request to the authenticator contacts the authentication server directly can only be a wireless device must use IEEE 802.11d to connect to the network Which of the following is true regarding security for a computer that boots to Apple Mac OS X and then runs a Windows 7 virtual machine? The security of the Apple Mac OS X completely protects the Windows 7 virtual machine. The security of the Windows 7 virtual machine completely protects the Apple Mac OS X. The Windows 7 virtual machine needs its own security. The hypervisor protects both the Apple Mac OS X and Windows 7 operating systems. Which of the following is not an advantage of host virtualization? Penetration testing can be performed using a simulated network environment on a computer using multiple virtual machines. Only one copy of anti-virus software is needed. Security patches can be tested. Host operating system virtualization can be used for training purposes. Which of the following is not a security concern of virtualized environments? Virtual machines must be protected from both the outside world and also from other virtual machines on the same physical computer. Virtual servers are less expensive than their physical counterparts. Live migration can immediately move one virtualized server to another hypervisor. Physical security appliances are not always designed to protect virtual systems. _____ is adding digital voice clients and new voice applications onto the IP network.

VoIP IP telephony TCP/IP convergence Voice packet consolidation (VPC) Which of the following is not a characteristic of cloud computing? Limited client support On-demand self-service Immediate elasticity Metered services

Chapter 8 Review Question Answers

Bluetooth falls under the category of _______. local area network (LAN) short area network (SAN) paired-device network (PDN) personal area network (PAN) A Bluetooth network that contains one master and at least one slave using the same RF channel forms a _______. cluster grouping scatteringnet piconet _____ is the unauthorized access of information from a wireless device through a Bluetooth connection. Bluejacking Bluetooth snatching Bluetooth spoofing Bluesnarfing The IEEE _____ standard specifies a maximum rated speed of 54 Mbps using the 5 GHz spectrum. 802.11 802.11a 802.11b 802.11g

Each of the following is an advantage of IEEE 802.11n except _______. smaller coverage area faster speed less interference stronger security Which of the following is not found in a residential WLAN gateway? intrusion detection system (IDS) firewall router dynamic host configuration protocol (DHCP) Which of the following is not a requirement for war driving? Wireless NIC adapter antennas GPS receiver mobile computer device The primary design of a(n) _____ is to capture the transmissions from legitimate users. evil twin Bluetooth grabber WEP rogue access point Which is the following is a vulnerability of MAC address filtering? The user must enter the MAC. APs use IP addresses instead of MACs. Not all operating systems support MACs. MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format. Each of the following is a limitation of turning off the SSID broadcast from an AP except _______. the SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another some versions of operating systems favor a network broadcasting an SSID over one that does not users can more easily roam from one WLAN to another

The primary weakness of wired equivalent privacy (WEP) is ________. its usage creates a detectable pattern initialization vectors (IVs) are difficult for users to manage it only functions on specific brands of APs it slows down a WLAN from 104 Mbps to 16 Mbps The two models for personal wireless security developed by the Wi-Fi Alliance are Wi-Fi Protected Access (WPA) and _____. Protected Wireless Security (WPS) IEEE 802.11ai Postshared Key Protection (PKP) Wi-Fi Protected Access 2 (WPA2) WPA replaces WEP with _____. Temporal Key Integrity Protocol (TKIP) Cyclic Redundancy Check (CRC) Message Integrity Check (MIC) WPA2 A preshared key (PSK) of fewer than _____ characters may be subject to an attack if that key is a common dictionary word. 6 12 16 20 A WEP key that is 128 bits in length _____. cannot be used on access points that use passphrases. is less secure than a WEP key of 64 bits because shorter keys are stronger. has an initialization vector (IV) that is the same length as a WEP key of 64 bits. cannot be cracked because it is too long. AES-CCMP is the encryption protocol standard used in ________. WPA2 IEEE 802.11 WPA Bluetooth What is the Extensible Authentication Protocol (EAP)?

A subset of WPA2. EAP is the protocol used in TCP/IP for authentication. EAP is a framework for transporting authentication protocols. A technology used by IEEE 802.11 for encryption. Which technology should be used instead of LEAP? STREAK LEAP-2 REAP PEAP Each of the following is a type of wireless AP probe except ________. wireless device probe dedicated probe AP probe WNIC probe The most flexible approach for a wireless VLAN is to have which device separate the packets? firewall AP NIC router

Chapter 9 Review Question Answers

A RADIUS authentication server requires that the _____ be authenticated first. authentication server supplicant authenticator user Each of the following make up the AAA elements in network security except _______. controlling access to network resources (authentication) enforcing security policies (authorization) determining user need (analyzing) auditing usage (accounting) With the development of IEEE 802.1x port security, the authentication server _____ has seen even greater usage.

RDAP DAP RADIUS AAA _____ is an authentication protocol available as a free download that runs on Microsoft Windows 7/Vista, Windows Server 2008, Apple Mac OS X, and Linux. IEEE 802.1x RADIUS Kerberos LDAP The version of the X.500 standard that runs on a personal computer over TCP/IP is_____. DAP LDAP IEEE X.501 Lite RDAP A user entering her user name would correspond to the _____ action in access control. authentication identification authorization access A process functioning on behalf of the user that attempts to access a file is known as a(n) _______. object subject resource operation check The individual who periodically reviews security settings and maintains records of access by users is called the _____. supervisor owner custodian manager In the _____ model, the end user cannot change any security settings. Discretionary Access Control

Security Access Control Mandatory Access Control Restricted Access Control Rule Based Access Control _____. is considered obsolete today dynamically assigns roles to subjects based on rules is considered a real-world approach by linking a users job function with security requires that a custodian set all rules Separation of duties requires that _____. processes should be divided between two or more individuals end users cannot set security for themselves managers must monitor owners for security purposes jobs be rotated among different individuals _____ in access control means that if a condition is not explicitly met then access is to be rejected. Denial of duties Implicit deny Explicit rejection Prevention control A(n) _____ is a set of permissions that is attached to an object. access control list (ACL) Subject Access Entity (SAE) object modifier security entry designator _____ is a Microsoft Windows feature that provides centralized management and configuration of computers and remote users who are using Active Directory. Windows Register Settings Group Policy Resource Allocation Entities AD Management Services (ADMS) A(n) _____ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents. SQL/LDAP insert attack modified Trojan attack

LDAP injection attack RBASE plug-in attack The least restrictive access control model is _____. Role Based Access Control (RBAC) Mandatory Access Control (MAC) Discretionary Access Control (DAC) Rule Based Access Control (RBAC) The principle known as _____ in access control means that each user should only be given the minimal amount of privileges necessary for that person to perform their job function. Enterprise Security least privilege deny all Mandatory Limitations A(n) _____ is the person responsible for the information and determines the level of security needed for the data and delegates security duties as required. owner custodian end user administrator In the Mandatory Access Control (MAC) model, every subject and object _____. is restricted and cannot be accessed is assigned a label can be changed by the owner must be given a number from 200900 A user account that has not been accessed for a lengthy period of time is called a(n) _____ account. orphaned limbo static dormant

Chap.10 Each of the following is a type of authentication credential except _______. what you discover A token system that requires the user to enter the code along with a PIN is called a _______. multi-factor authentication system Keystroke dynamics is an example of _____ biometrics.

behavioral Each of the following is a step in creating a strong password except _______. use a short password so the computer can process it more quickly A token code is valid _______. for as long as it appears on the device Which single sign-on (SSO) technology depends upon tokens? OAuth A _____ is a U.S. Department of Defense (DoD) smart card that is used for identification for active-duty and reserve military personnel. Common Access Card (CAC) Which of the following human characteristics cannot be used for biometric identification? weight Why should the account lockout threshold not be set too low? It could result in denial of service (DoS) attacks. Creating a pattern of when and from where a user accesses a remote Web account is an example of ________. computer footprinting Which of the following is not a reason why users create weak passwords? Most sites force users to create weak passwords although they do not want to. What is a hybrid attack? An attack that slightly alters dictionary words Which of the following attacks on passwords requires the attacker to have physical access to the computer to insert a USB flash drive? Resetting _____ biometrics is related to the perception, thought processes, and understanding of the user. Cognitive A disadvantage of biometric readers is _______. cost Which of the following is NOT a flaw in standard operating systems? Operating systems by default use the principle of least privilege. Using one authentication credential to access multiple accounts or applications is known as _______. single sign-on Which technique would prevent an attacker from China from logging into a users account at 4:00AM? Computer footprinting An operating system that is designed to be secure by controlling critical parts of it to limit access from attackers and administrators is a _______. trusted OS _____ is a decentralized open source FIM that does not require specific software to be installed on the desktop. OpenID