Filtering firewall can react to an emergent event and update or create rules to deal with the event.

Cyber Exam 2

The service within Kerberos that generates and issues session keys is known as

__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet.
T or F

A(n) intranet ?is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.

The dominant architecture used to secure network access today is the __________ firewall.

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a _________

Good firewall rules include denying all data that is not verifiably authentic. T or F

Firewalls can be categorized by processing mode, development era, or structure. T or F

The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device

When Web services are offered outside the firewall, SMTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. T or F

In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall. T or F

In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall. T or F

__________ inspection firewalls keep track of each network connection between internal and external systems.

Authentication is the process of validating a supplicant's purported identity.? T or F

Syntax errors in firewall policies are usually difficult to identify. T or F

Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems.T or F

Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall's database or violations of those rules.
T or F

Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels.T or F

A firewall cannot be deployed as a separate network containing a number of supporting devices.

It is important that e-mail traffic reach your e-mail server and only your e-mail server. T or F

Which of the following is not a major processing mode category for firewalls?

A __________ filtering firewall can react to an emergent event and update or create rules to deal with the event.

Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped. T or F

The __________ is an intermediate area between a trusted network and an untrusted network.

_________filtering requires that the firewall's filtering rules for allowing and denying packets are developed and installed with the firewall.

A common DMZ arrangement is a subnet firewall that consists of two or more internal bastion hosts behind a packet-filtering router, with each host protecting the trusted network.

A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations.

An extranet is a segment of the DMZ where no authentication and authorization controls are put into place. T or F

Authentication is a mechanism whereby unverified entities who seek access to a resource provide a label by which they are known to the system. T or F

The restrictions most commonly implemented in packet-filtering firewalls are based on_____

IP source and destination address
Direction (inbound or outbound)
Incorrect Response
TCP or UDP source and destination port requests
Correct Answer:
All of the above

A content filter, also known as a reverse firewall, is a network device that allows administrators to restrict access to external content from within a network. T or F

In order to keep the Web server inside the internal network, direct all HTTP requests to the internal filtering firewall and configure the internal filtering router/firewall to allow only that device to access the internal Web server. T or F

Kerberos uses asymmetric key encryption to validate an individual user to various network resources. T or F

the screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure than the general-public networks but more secure than the internal network.
T or F

The proxy server is often placed in an unsecured area of the network or is placed in the __________ zone.

The static packet filtering firewall can react to an emergent event and update or create rules to deal with that event. T or F

Internet connections via dial-up lines are regaining popularity due to recent technological developments. T or F

The primary disadvantage of stateful packet inspection firewalls is the additional processing required to manage and verify packets against the state table
T or F

The DMZ can be a dedicated port on the firewall device linking a single bastion host.

Access control is achieved by means of a combination of policies, programs, and technologies. T or F

A(n) __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.

In TCP/IP networking, port __________ is not used.

NIDPSs can reliably ascertain if an attack was successful or not.

DPS responses can be classified as active or passive. T or F

Security tools that go beyond routine intrusion detection include honeypots, honeynets, and padded cell systems. T or F

A HIDPS can monitor systems logs for predefined events.

__________ is the action of luring an individual into committing a crime to get a conviction.

The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. T or F

HIDPSs are also known as system integrity verifiers. T or F

______benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.

A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. t or F

the Metasploit Framework is a collection of exploits coupled with an interface that allows the penetration tester to automate the custom exploitation of vulnerable systems.
t or f

The process of entrapment occurs when an attacker changes the format and/or timing of activities to avoid being detected by an IDPS. t or f

A padded cell is a hardened honeynet. t or f

Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment.

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.

Network behavior analysis system __________ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks t

Most network behavior analysis system sensors can be deployed in __________ mode only, using the same connection methods as network-based IDPSs.

Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems.
t or f

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.

Port __________ is commonly used for HTTP protocol.

Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard. t or f

The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.

A(n) monitoring vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software.
T or F

Administrators who are wary of using the same tools that attackers use should remember that a tool that can help close an open or poorly configured firewall will not help the network defender minimize the risk from attack. T or F

__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.

An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDPS. T or F

All IDPS vendors target users with the same levels of technical and security expertise.
t or f

A passive vulnerability scanner is one that initiates traffic on the network in order to determine security holes. t or f

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

A(n) port is the equivalent of a network channel or connection point in a data communications system. _________________________
T or F

A false positive is the failure of an IDPS system to react to an actual attack event.
T or F

Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined. t or f

A(n) __________ IDPS is focused on protecting network information assets.

A(n) event is an indication that a system has just been attacked or is under attack. _________________________
t or f

A(n) server-based IDPS protects the server or host's information assets T or F

a(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.

Enticement is the action of luring an individual into committing a crime to get a conviction. T or F

__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.

A __________ system is designed to work in areas where electrical equipment is used. Instead of containing water, the system contains pressurized air.

Electronic monitoring includes __________ systems.

Locks can be divided into four categories based on the triggering process: manual, programmable, electronic, and biometric. t or f

online UPS can deliver a constant, smooth, conditioned power stream to computing systems. t or f

A gaseous system is designed to apply a liquid, usually water, to all areas in which a fire has been detected. _________________________

Static electricity is not noticeable to humans until levels approach 150 volts.

A badge is an identification card that is typically carried concealed.

In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters.

Water-based systems are low cost, nontoxic, and can often be created by using an existing sprinkler system that may have been present in earlier construction.

The capacity of UPS devices is measured using the volt output rating.

for laptops, there are theft alarms made up of a PC card or other device that contains a motion detector. t or f

Water damage is considered less dangerous to computer systems than hazardous chemicals like Halon. t or f

____ locks can be changed after they are put in service, allowing for combination or key changes without a locksmith and even allowing the owner to change to another access method (key or combination) to upgrade security.

Fire ____ systems are devices installed and maintained to detect and respond to a fire, potential fire, or combustion danger situation.

interior walls reach only part way to the next floor, which leaves a space above the ceiling of the offices but below the top of the storey. This space is called a(n) ____.

____ sensors project and detect an infrared beam across an area.

In a double conversion offline UPS, the primary power source is the inverter, and the power feed from the utility is constantly recharging the battery, which in turn powers the output inverter. t or f

Telecommuters should use a securable operating system that requires password authentication. t or f

One of the leading causes of damage to sensitive circuitry is ____.

Physical security is just as important as logical security to an information security program.

Mechanical locks can accept a variety of inputs as keys, including magnetic strips on ID cards, radio signals from badges, personal identification numbers (PINs) typed into a keypad, or some combination of these to activate an electrically powered locking

vibration detectors measure rates of change in the ambient temperature of a room.

Videoconferencing is off-site computing that uses Internet connections, dial-up connections, connections over leased point-to-point links between offices, and other mechanisms. T or f

Most guards have clear __________ that help them to act decisively in unfamiliar situations.

Computing and other electrical equipment in areas where water can accumulate must be uniquely grounded, using ____ equipment.

There are three methods of data interception: direct observation, interception of data transmission, and mechanical interception. t or f

A device that assures the delivery of electric power without interruption is a(n) ____.

Standby power supply (SPS) UPSs provide power conditioning. t or f

UPS devices typically run up to ____ VA

A wet-pipe system is usually considered appropriate in computer rooms. t or f

A common form of (mechanical) strike locks are electric strike locks, which (usually) require people to announce themselves before being "buzzed" through a locked door. t or f

Guards can evaluate each situation as it arises and make reasoned responses.

When the lock of a door fails and the door becomes unlocked, it is classified as a fail-secure lock. t or f

Fire detection systems fall into two general categories: manual and electrical.

Keycard readers based on smart cards are often used to secure computer rooms, communications closets, and other restricted areas. t or f

A variation of the dry-pipe system is the pre-action system, which has a two-phase response to a fire.

The most sophisticated locks are __________ locks.

Carbon dioxide systems remove a fire's supply of oxygen.
t or f

Class __________ fires are extinguished by agents that remove oxygen from the fire.

Vibration sensors fall into the motion sensor category. t or f

Bluetooth is a de facto industry standard for short-range wireless communications between devices.
t or f

To encipher means to decrypt, decode, or convert, ciphertext into the equivalent plaintext. t or f

The number of horizontal and vertical pixels captured and recorded is known as the image's contrast. t or f

In addition to being credited with inventing a substitution cipher, Julius Caesar was associated with an early version of the transposition cipher. t or f

__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.

Secure Electronic Transactions was developed by MasterCard and Visa in 1997 to protect against electronic payment fraud.
t or f

__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.

S-HTTP is an extended version of Hypertext Transfer Protocol that provides for the encryption of protected e-mail transmitted via the Internet between a client and server. t or f

Sequence encryption is a series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts it using different keys and sends it to the next neighbor, and this process co

A(n) distinguished name uniquely identifies a certificate entity, to a user's public key. ________ t or f

To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted. t or f

Privacy Enhanced Mail was proposed by the Internet Engineering Task Force and is a standard that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures. t or f

A brute force function is a mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity. t or f

More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.

standard-HTTP (S-HTTP) is an extended version of the Hypertext Transfer Protocol that provides for the encryption of individual messages transmitted via the Internet between a client and server.

PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities.

Secure Multipurpose Internet Mail Extensions builds on the encoding format of the MIME protocol and uses digital signatures based on public key cryptosystems to secure e-mail. t or f

A multipart authentication code (MAC) is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. t or f

Hash algorithms are public functions that create a message digest by converting variable-length messages into a single fixed-length value. _

When an asymmetric cryptographic process uses the sender's private key to encrypt a message, the sender's public key must be used to decrypt the message. t or f

The application header (AH) protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. t or f

The most common hybrid system is based on the Diffie-Hellman key exchange, which is a method for exchanging private keys using public-key encryption. t or f

_________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.

Diffie-Hellman key exchange uses asymmetric encryption to exchange session keys. t or f

The permutation cipher simply rearranges the values within a block to create the ciphertext. t or f

In transport mode the entire IP packet is encrypted and is then placed as the content portion of another IP packet. t or f

Common implementations of RA include: systems to issue digital certificates to users and servers; t or f

ultraViolet wireless (UVW) is a de facto industry standard for short-range wireless communications between devices. t or f

___ is the current federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure.

____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.

In 1917, Gilbert S.Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key. t or f

_________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.

Adopted by NIST in 1976 as a federal standard, DES uses a 64-bit block size and key. t or f

The most popular modern version of steganography involves hiding information within files that contain digital pictures or other images. t or f

The S-HTTP security solution provides six services: authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, and key management. t or f

AES implements a block cipher called the Rijndael ?Block Cipher. t or f

The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
Question 37 options:

You cannot combine the XOR operation with a block cipher operation. t or f

Ciphertext or cryptogram is the encoded message, or a message that has been successfully encrypted. t or f

The AES algorithm was the first public key encryption algorithm to use a 256 bit key length. t or f

the ____ commercial site focuses on current security tool resources.

Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites. t or f

An affidavit is used as permission to search for evidentiary material at a specified location and/or to seize items to return to an investigator's lab for examination after being signed by an approving authority. t or f

The internal monitoring domain is the component of the maintenance model that focuses on identifying, assessing, and managing the physical security of assets in an organization.
t or f

A chain of custody is the detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court. t or f

For configuration management (CM) and control, it is important to document the proposed or actual changes in the system security plan. t or f

When setting a policy about whether to pursue attacks against its systems, organizations must choose from three approaches. t or f

The process of identifying and documenting specific and provable flaws in the organization's information asset environment is called vulnerability assessment (VA). t or f

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well. t or f

Specific warning bulletins are issued when developing threats and specific assets pose a measurable risk to the organization. __________ t or f

One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment

Digital forensics involves chemical and microscopic analysis of evidence using computerized laboratory instruments. t or f

A(n) war game puts a subset of plans in place to create a realistic test environment t or f

Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a current foundation for the information security program.
t or f

A user ticket is opened when a user calls about an issue. __________ t or f

An affidavit is sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place. t or f

An effective information security governance program requires constant change. t or f

Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed. t or f

Inventory characteristics for hardware and software assets that record the manufacturer and versions are related to technical functionality, and should be highly accurate and updated each time there is a change. t or f

CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. t or f

US-CERT is generally viewed as the definitive authority for computer emergency response teams. t or f

The CISO uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand. t or f

The systems development life cycle (SDLC) is the overall process of developing, implementing, and retiring information systems through a multistep approach�from initiation to use. t or f

To evaluate the performance of a security system, administrators must establish system performance t or f

In some organizations, asset management is the identification, inventory, and documentation of the current information system's status�hardware, software, and networking configurations. t or f

penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.

A management model such as the ISO 27000 series deals with methods to maintain systems. t or f

The __________ Web site is home to the leading free network exploration tool, Nmap.

allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

An effective information security governance program requires no ongoing review once it is well established.

To be put to the most effective use, the information that comes from the IDPS must be integrated into the inventory process. t or f

A __________ is the recorded condition of a particular revision of a software or hardware configuration item.

Each organization sets policy to choose one of two approaches when employing digital forensics. Select the statement that best identifies the options.

both of these might be chosen
protect and forget
apprehend and prosecute

The optimum approach for escalation is based on a thorough integration of the monitoring process into the _

You can document the results of the verification of a vulnerability by saving the results in what is called a(n) profile. t or f

To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages __________% or more over prolonged periods, you should consider adding more memory. t or f

Documentation procedures are not required for configuration and change management processes. t or f

Digital forensics helps an organization understand what happened, and how, after an incident.
t or f

The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all the organization's networks, information systems, and information security defenses. __________ t or f

An attacker who suspects that an organization has dial-up lines can use a device called a(n) war dialer to locate the connection points. t or f

The popular use for tunnel mode VPNs is the end-to-end transport of encrypted data. t or f

Using an application firewall means the associated Web server must be exposed to a higher level of risk by placing it in the DMZ. t or f

When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture.
t or f

Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of configuration rules.
t or f

A fully distributed IDPS control strategy is an IDPS implementation approach in which all control
functions are applied at the physical location of each IDPS component. t or f

Which filtering firewall can react to an emergent event and update or create rules to deal with the event?

Which firewall can react to an emergent event?

What is filtering in firewall?

What do the rules on a packet filtering firewall include?