SlideShare a Scribd company logo
Name: Class: Date:
Chapter 12: Protection Mechanisms
Copyright Cengage Learning. Powered by Cognero. Page 1
1. Technical controls alone, when properly configured, can secure an IT environment.
a. True
b. False
ANSWER: False
2. The “something a person has” authentication mechanism takes advantage of something inherent in the user that is
evaluated using biometrics.
a. True
b. False
ANSWER: False
3. The ability to restrict specific services is a common practice in most modern routers, and is invisible to the user.
a. True
b. False
ANSWER: True
4. Secure Shell (SSH) provides security for remote access connections over public networks by creating a secure and
persistent connection..
a. True
b. False
ANSWER: True
5. The KDC component of Kerberos knows the secret keys of all clients and servers on the network.
a. True
b. False
ANSWER: True
6. Which of the following access controlprocesses confirms the identity of the entity seeking access to a logical or
physical area?
a. Identification b. Authentication
c. Authorization d. Accountability
ANSWER: b
7. Which of the following is NOT among the three types of authentication mechanisms?
a. Something a person knows b. Something a person has
c. Something a person sees d. Something a person can produce
ANSWER: c
8. Which of the following characteristics currently used today for authentication purposes is the LEAST unique?
a. Fingerprints b. Iris
c. Retina d. Face geometry
ANSWER: d
9. Which of the following is a commonly used criteria used to compare and evaluate biometric technologies?
a. False accept rate b. Crossover error rate
Name: Class: Date:
Chapter 12: Protection Mechanisms
Copyright Cengage Learning. Powered by Cognero. Page 2
c. False reject rate d. Valid accept rate
ANSWER: b
10. Which of the following biometric authentication systems is considered to be the most secure?
a. Fingerprint recognition b. Signature recognition
c. Voice pattern recognition d. Retina pattern recognition
ANSWER: d
11. Which of the following biometric authentication systems is the most accepted by users?
a. Keystroke pattern recognition b. Fingerprint recognition
c. Signature recognition d. Retina pattern recognition
ANSWER: c
12. Which type of firewall keeps track of each network connection established between internal and external systems?
a. Packet filtering b. Stateful packet inspection
c. Application layer d. Cache server
ANSWER: b
13. The intermediate area between trusted and untrusted networks is referred to as which of the following?
a. Unfiltered area b. Semi-trusted area
c. Demilitarized zone d. Proxy zone
ANSWER: c
14. Which type of device allows only specific packets with a particular source, destination, and port address to pass
through it.
a. Dynamic packet filtering firewall b. Proxy server
c. Intrusion detection system d. Application layer firewall
ANSWER: a
15. Which technology employs sockets to map internal private network addresses to a public address using a one-to-many
mapping?
a. Network-address translation b. Screened-subnet firewall
c. Port-address translation d. Private address mapping
ANSWER: c
16. Which of the following is true about firewalls and their ability to adapt in a network?
a. Firewalls can interpret human actions and make decisions outside their programming
b. Because firewalls are not programmed like a computer, they are less error prone
c. Firewalls are flexible and can adapt to new threats
d. Firewalls deal strictly with defined patterns of measured observation
ANSWER: d
17. Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding?
a. Sending DoS packets to the source b. Terminating the network connection
c. Reconfiguring network devices d. Changing the attack’s content
Name: Class: Date:
Chapter 12: Protection Mechanisms
Copyright Cengage Learning. Powered by Cognero. Page 3
ANSWER: a
18. Which type of IDPS is also known as a behavior-based intrusion detection system?
a. Network-based b. Anomaly-based
c. Host-based d. Signature-based
ANSWER: b
19. Which tool can best identify active computers on a network?
a. Packet sniffer
b. Port scanner
c. Trap and trace
d. Honey pot
ANSWER: b
20. What is the next phase of the preattack data gathering process after an attacker has collected all of an organization’s
Internet addresses?
a. Footprinting b. Content filtering
c. Deciphering d. Fingerprinting
ANSWER: d
21. What is the range of the well-known ports used by TCP and UDP?
a. 1024-65,536 b. 0-1023
c. 0-65,536 d. 20, 21, 25, 53, 80
ANSWER: b
22. Which port number is commonly used for the Hypertext Transfer Protocol service.
a. 25 b. 53
c. 80 d. 8080
ANSWER: c
23. Which port number is commonly used for the Simple Mail Transfer Protocol service?
a. 25 b. 53
c. 68 d. 443
ANSWER: a
24. What tool would you use if you want to collect information as it is being transmitted on the network and analyze the
contents for the purpose of solving network problems?
a. Port scanner b. Packet sniffer
c. Vulnerability scanner d. Content filter
ANSWER: b
25. Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except
the intended recipient of the data?
a. Key b. Plaintext
c. Cipher d. Cryptosystem
Name: Class: Date:
Chapter 12: Protection Mechanisms
Copyright Cengage Learning. Powered by Cognero. Page 4
ANSWER: a
26. In which cipher method are values rearranged within a block to create the ciphertext?
a. Permutation b. Vernam
c. Substitution d. Monoalphabetic
ANSWER: a
27. Which of the following is true about symmetric encryption?
a. Uses a secret key to encrypt and decrypt b. Uses a private and public key
c. It is also known as public key encryption d. It requires four keys to hold a conversation
ANSWER: a
28. Which technology has two modes of operation: transport and tunnel?
a. Secure Hypertext Transfer Protocol b. Secure Shell
c. IP Security d. Secure Sockets Layer
ANSWER: c
29. Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?
a. Ticket Granting Service b. Authentication Server
c. Authentication Client d. Key Distribution Center
ANSWER: a
30. Which of the following is a Kerberos service that initially exchanges information with the client and server by using
secret keys?
a. Authentication Server b. Authentication Client
c. Key Distribution Center d. Ticket Granting Service
ANSWER: c
31. What is most commonly used for the goal of nonrepudiation in cryptography?
a. Block cipher b. Secret key
c. PKI d. Digital signature
ANSWER: d
32. ____________________ is the determination of actions that an entity can perform in a physical or logical area.
ANSWER: Authorization
33. A(n) ____________________ is a secret word or combination of characters known only by the user.
ANSWER: password
34. ________ recognition authentication captures the analog waveforms of human speech.
ANSWER: Voice
35. A(n) ____________________ token uses a challenge-response system in which the server challenges the user with a
number, that when entered into the token provides a response that provides access.
ANSWER: asynchronous
Name: Class: Date:
Chapter 12: Protection Mechanisms
Copyright Cengage Learning. Powered by Cognero. Page 5
36. A(n) ____________________ is any device that prevents a specific type of information from moving between an
untrusted network and a trusted network.
ANSWER: firewall
37. You might put a proxy server in the __________________, which is exposed to the outside world, neither in the
trusted nor untrusted network.
ANSWER: demilitarized zone
DMZ
38. ____________ is a technology in which multiple real, routable external IP addresses are converted to special ranges
of internal IP addresses, usually on a one-to-one basis.
ANSWER: Network-address translation
Network address translation
NAT
39. ____________________ presents a threat to wireless communications, a practice that makes it prudent to use a
wireless encryption protocol to prevent unauthorized use of your Wi-Fi network.
ANSWER: War driving
40. The ___________ wireless security protocol was replaced by stronger protocols due to several vulnerabilities found in
the early 2000s.
ANSWER: WEP
wired equivalent privacy
41. The Ticket Granting Service (TGS) is one of three services in the __________ system, and provides tickets to clients
who request services.
ANSWER: Kerberos
42. Describe and provide an example for each of the types of authentication mechanisms.
ANSWER: There are three types of authentication mechanisms:
- Something a person knows (for example, passwords and passphrases)
- Something a person has (such as cryptographic tokens and smart cards)
- Something a person produces (such as voice and signature pattern recognition, fingerprints, palm prints, hand
topography, hand geometry, and retina and iris scans)
43. Briefly describe how biometric technologies are generally evaluated.
ANSWER: Biometric technologies are generally evaluated according to three basic criteria:
- False reject rate: the percentage of authorized users who are denied access
- False accept rate:the percentage of unauthorized users who are allowed access
- Crossover error rate: the point at which the number of false rejections equals the number of
false acceptances
44. What should you look for when selecting a firewall for your network?
ANSWER: 1. What type of firewall technology offers the right balance between protection and cost for the needs of the
organization?
2. What features are included in the base price? What features are available at extra cost? Are all cost factors
known?
3. How easy is it to set up and configure the firewall? How accessible are the staff technicians who can
competently configure the firewall?
Name: Class: Date:
Chapter 12: Protection Mechanisms
Copyright Cengage Learning. Powered by Cognero. Page 6
4. Can the candidate firewall adapt to the growing network in the target organization?
45. List the most common firewall implementation architectures.
ANSWER: Three architectural implementations of firewalls are especially common: single bastion hosts, screened-host
firewalls, and screened-subnet firewalls.
46. What are NAT and PAT? Describe these technologies.
ANSWER: NAT is a method of converting multiple real, routable external IP addresses to special ranges of internal IP
addresses, usually on a one-to-one basis; that is, one external valid address directly maps to one assigned
internal address. A related approach, called port-address translation (PAT), converts a single real, valid,
external IP address to special ranges of internal IP addresses—that is, a one-to-many approach in which one
address is mapped dynamically to a range of internal addresses by adding a unique port number when traffic
leaves the private network and is placed on the public network.
47. There are six recommended best practices for firewall use according to Laura Taylor. List three of them.
ANSWER: All traffic from the trusted network is allowed out.
The firewall device is never accessible directly from the public network.
Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall,
but all of it is routed to a well-configured SMTP gateway to filter and route messaging
traffic securely.
All Internet Control Message Protocol (ICMP) data is denied.
Telnet/terminal emulation access to all internal servers from the public networks is
blocked.
When Web services are offered outside the firewall, HTTP traffic is prevented from
reaching your internal networks via the implementation of some form of proxy access
or DMZ architecture.
48. Describe in basic terms what an IDPS is.
ANSWER: Intrusion detection and prevention systems (IDPSs) work like burglar alarms. When the system detects a
violation—the IT equivalent of an opened or broken window—it activates the alarm. This alarm can be
audible and visible (noise and lights), or it can be a silent alarm that sends a message to a monitoring
company.
49. What is WEP and why is it no longer in favor?
ANSWER: WEP is designed to provide a basic level of security protection to Wi-Fi networks, to prevent unauthorized
access or eavesdropping. However, WEP, like a traditional wired network, does not protect users from each
other; it only protects the network from unauthorized users. In the early 2000s, cryptologists found several
fundamental flaws in WEP, resulting in vulnerabilities that can be exploited to gain access. These
vulnerabilities ultimately led to the replacement of WEP as the industry standard with WPA.
50. What is a packet sniffer and how can it be used for good or nefarious purposes?
ANSWER: A packet sniffer is a network tool that collects and analyzes copies of packets from the network. It can
provide a network administrator with valuable information to help diagnose and resolve networking issues. In
the wrong hands, it can be used to eavesdrop on network traffic.
51. What is asymmetric encryption?
ANSWER: Asymmetric encryption is also known as public key encryption. Whereas symmetric encryption systems use a
single key both to encrypt and decrypt a message, asymmetric encryption uses two different keys. Either key
Name: Class: Date:
Chapter 12: Protection Mechanisms
Copyright Cengage Learning. Powered by Cognero. Page 7
can be used to encrypt or decrypt the message, but not both for the same message.
a. VPN
b. transport mode
c. SSL
d. PKI
e. digital certificate
f. asymmetric encryption
g. Vernam cipher
h. transposition cipher
i. content filter
j. footprinting
52. An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that
enables users to communicate securely through the use of digital certificates.
ANSWER: d
53. A cryptographic method that incorporates mathematical operations involving both a public key and a private key to
encipher or decipher a message.
ANSWER: f
54. The organized research and investigation of Internet addresses owned or controlled by a target organization.
ANSWER: j
55. In IPSec, an encryption method in which only a packet’s IP data is encrypted,
not the IP headers themselves; this method allows intermediate nodes to read the source and
destination addresses.
ANSWER: b
56. A cryptographic technique developed at AT&T and known as the “one-time pad,” this cipher uses a set of characters
for encryption operations only one time and then discards it.
ANSWER: g
57. Was developed by Netscape in 1994 to provide security for online e-commerce transactions.
ANSWER: c
58. A software program or hardware/software appliance that allows administrators to restrict content that comes into or
leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as
pornography or entertainment.
ANSWER: i
59. A private, secure network operated over a public and insecure network.
ANSWER: a
60. A cryptographic operation that involves simply rearranging the values within a block based on an established pattern.
ANSWER: h
Name: Class: Date:
Chapter 12: Protection Mechanisms
Copyright Cengage Learning. Powered by Cognero. Page 8
61. Public key container files that allow PKI system components and end users to validate a public key and identify its
owner.
ANSWER: e

More Related Content

What's hot

Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
husseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
husseinalshomali
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
husseinalshomali
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptx
Siphamandla9
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Cohesive Networks
 
Certified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdfCertified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdf
Tuan Yang
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
Nathan Anderson
 
SOC 2 Type 2 Checklist - Part 1 - V2_final.pdf
SOC 2 Type 2 Checklist - Part 1 - V2_final.pdfSOC 2 Type 2 Checklist - Part 1 - V2_final.pdf
SOC 2 Type 2 Checklist - Part 1 - V2_final.pdf
infosecTrain
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
CHFI v10
CHFI v10CHFI v10
CHFI v10
SagarNegi10
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
Haris Chughtai
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
Bill Ross
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)
Wail Hassan
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Saqib Raza
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Edureka!
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
narenvivek
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
The Open Group SA
 

What's hot (20)

Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptx
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
 
Certified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdfCertified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdf
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
 
SOC 2 Type 2 Checklist - Part 1 - V2_final.pdf
SOC 2 Type 2 Checklist - Part 1 - V2_final.pdfSOC 2 Type 2 Checklist - Part 1 - V2_final.pdf
SOC 2 Type 2 Checklist - Part 1 - V2_final.pdf
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
 
CHFI v10
CHFI v10CHFI v10
CHFI v10
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)
 
Cloud security
Cloud securityCloud security
Cloud security
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
 

Similar to Chapter 12 protection_mechanisms

Unit I Q&A.docx
Unit I Q&A.docxUnit I Q&A.docx
Unit I Q&A.docx
karthikaparthasarath
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx
ambersalomon88660
 
Security (IP)
Security (IP)Security (IP)
Security (IP)
Tanat Tonguthaisri
 
312 50-demo
312 50-demo312 50-demo
312 50-demo
Tomas Vileikis
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magic
jenie Emmons
 
Advanced pc security final exam results
Advanced pc security final exam resultsAdvanced pc security final exam results
Advanced pc security final exam resultsDale Vick
 
CEHv8 practice Exam with key
CEHv8 practice Exam with keyCEHv8 practice Exam with key
CEHv8 practice Exam with key
JahaSoft
 
Security (FE)
Security (FE)Security (FE)
Security (FE)
Tanat Tonguthaisri
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
FumikageTokoyami4
 
4_5769479639445540375.pptx
4_5769479639445540375.pptx4_5769479639445540375.pptx
4_5769479639445540375.pptx
HHoko1
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
madunix
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
Manish Luintel
 
Cissp actual exam
Cissp actual examCissp actual exam
Cissp actual exam
dannykirk1221
 
Network security interview questions & answers
Network security interview questions & answersNetwork security interview questions & answers
Network security interview questions & answers
Simpliv LLC
 
CMIT 321 FINAL EXAM
CMIT 321 FINAL EXAMCMIT 321 FINAL EXAM
CMIT 321 FINAL EXAM
HamesKellor
 
Distributed System by Pratik Tambekar
Distributed System by Pratik TambekarDistributed System by Pratik Tambekar
Distributed System by Pratik Tambekar
Pratik Tambekar
 
Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-test
stacio
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment  it17 final (1)Social Engg. Assignment  it17 final (1)
Social Engg. Assignment it17 final (1)
rosu555
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
cscpconf
 

Similar to Chapter 12 protection_mechanisms (20)

Unit I Q&A.docx
Unit I Q&A.docxUnit I Q&A.docx
Unit I Q&A.docx
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx
 
Security (IP)
Security (IP)Security (IP)
Security (IP)
 
312 50-demo
312 50-demo312 50-demo
312 50-demo
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magic
 
Wa
WaWa
Wa
 
Advanced pc security final exam results
Advanced pc security final exam resultsAdvanced pc security final exam results
Advanced pc security final exam results
 
CEHv8 practice Exam with key
CEHv8 practice Exam with keyCEHv8 practice Exam with key
CEHv8 practice Exam with key
 
Security (FE)
Security (FE)Security (FE)
Security (FE)
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
 
4_5769479639445540375.pptx
4_5769479639445540375.pptx4_5769479639445540375.pptx
4_5769479639445540375.pptx
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
 
Cissp actual exam
Cissp actual examCissp actual exam
Cissp actual exam
 
Network security interview questions & answers
Network security interview questions & answersNetwork security interview questions & answers
Network security interview questions & answers
 
CMIT 321 FINAL EXAM
CMIT 321 FINAL EXAMCMIT 321 FINAL EXAM
CMIT 321 FINAL EXAM
 
Distributed System by Pratik Tambekar
Distributed System by Pratik TambekarDistributed System by Pratik Tambekar
Distributed System by Pratik Tambekar
 
Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-test
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment  it17 final (1)Social Engg. Assignment  it17 final (1)
Social Engg. Assignment it17 final (1)
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 

Chapter 12 protection_mechanisms

  • 1. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 1 1. Technical controls alone, when properly configured, can secure an IT environment. a. True b. False ANSWER: False 2. The “something a person has” authentication mechanism takes advantage of something inherent in the user that is evaluated using biometrics. a. True b. False ANSWER: False 3. The ability to restrict specific services is a common practice in most modern routers, and is invisible to the user. a. True b. False ANSWER: True 4. Secure Shell (SSH) provides security for remote access connections over public networks by creating a secure and persistent connection.. a. True b. False ANSWER: True 5. The KDC component of Kerberos knows the secret keys of all clients and servers on the network. a. True b. False ANSWER: True 6. Which of the following access controlprocesses confirms the identity of the entity seeking access to a logical or physical area? a. Identification b. Authentication c. Authorization d. Accountability ANSWER: b 7. Which of the following is NOT among the three types of authentication mechanisms? a. Something a person knows b. Something a person has c. Something a person sees d. Something a person can produce ANSWER: c 8. Which of the following characteristics currently used today for authentication purposes is the LEAST unique? a. Fingerprints b. Iris c. Retina d. Face geometry ANSWER: d 9. Which of the following is a commonly used criteria used to compare and evaluate biometric technologies? a. False accept rate b. Crossover error rate
  • 2. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 2 c. False reject rate d. Valid accept rate ANSWER: b 10. Which of the following biometric authentication systems is considered to be the most secure? a. Fingerprint recognition b. Signature recognition c. Voice pattern recognition d. Retina pattern recognition ANSWER: d 11. Which of the following biometric authentication systems is the most accepted by users? a. Keystroke pattern recognition b. Fingerprint recognition c. Signature recognition d. Retina pattern recognition ANSWER: c 12. Which type of firewall keeps track of each network connection established between internal and external systems? a. Packet filtering b. Stateful packet inspection c. Application layer d. Cache server ANSWER: b 13. The intermediate area between trusted and untrusted networks is referred to as which of the following? a. Unfiltered area b. Semi-trusted area c. Demilitarized zone d. Proxy zone ANSWER: c 14. Which type of device allows only specific packets with a particular source, destination, and port address to pass through it. a. Dynamic packet filtering firewall b. Proxy server c. Intrusion detection system d. Application layer firewall ANSWER: a 15. Which technology employs sockets to map internal private network addresses to a public address using a one-to-many mapping? a. Network-address translation b. Screened-subnet firewall c. Port-address translation d. Private address mapping ANSWER: c 16. Which of the following is true about firewalls and their ability to adapt in a network? a. Firewalls can interpret human actions and make decisions outside their programming b. Because firewalls are not programmed like a computer, they are less error prone c. Firewalls are flexible and can adapt to new threats d. Firewalls deal strictly with defined patterns of measured observation ANSWER: d 17. Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding? a. Sending DoS packets to the source b. Terminating the network connection c. Reconfiguring network devices d. Changing the attack’s content
  • 3. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 3 ANSWER: a 18. Which type of IDPS is also known as a behavior-based intrusion detection system? a. Network-based b. Anomaly-based c. Host-based d. Signature-based ANSWER: b 19. Which tool can best identify active computers on a network? a. Packet sniffer b. Port scanner c. Trap and trace d. Honey pot ANSWER: b 20. What is the next phase of the preattack data gathering process after an attacker has collected all of an organization’s Internet addresses? a. Footprinting b. Content filtering c. Deciphering d. Fingerprinting ANSWER: d 21. What is the range of the well-known ports used by TCP and UDP? a. 1024-65,536 b. 0-1023 c. 0-65,536 d. 20, 21, 25, 53, 80 ANSWER: b 22. Which port number is commonly used for the Hypertext Transfer Protocol service. a. 25 b. 53 c. 80 d. 8080 ANSWER: c 23. Which port number is commonly used for the Simple Mail Transfer Protocol service? a. 25 b. 53 c. 68 d. 443 ANSWER: a 24. What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems? a. Port scanner b. Packet sniffer c. Vulnerability scanner d. Content filter ANSWER: b 25. Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data? a. Key b. Plaintext c. Cipher d. Cryptosystem
  • 4. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 4 ANSWER: a 26. In which cipher method are values rearranged within a block to create the ciphertext? a. Permutation b. Vernam c. Substitution d. Monoalphabetic ANSWER: a 27. Which of the following is true about symmetric encryption? a. Uses a secret key to encrypt and decrypt b. Uses a private and public key c. It is also known as public key encryption d. It requires four keys to hold a conversation ANSWER: a 28. Which technology has two modes of operation: transport and tunnel? a. Secure Hypertext Transfer Protocol b. Secure Shell c. IP Security d. Secure Sockets Layer ANSWER: c 29. Which of the following provides an identification card of sorts to clients who request services in a Kerberos system? a. Ticket Granting Service b. Authentication Server c. Authentication Client d. Key Distribution Center ANSWER: a 30. Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys? a. Authentication Server b. Authentication Client c. Key Distribution Center d. Ticket Granting Service ANSWER: c 31. What is most commonly used for the goal of nonrepudiation in cryptography? a. Block cipher b. Secret key c. PKI d. Digital signature ANSWER: d 32. ____________________ is the determination of actions that an entity can perform in a physical or logical area. ANSWER: Authorization 33. A(n) ____________________ is a secret word or combination of characters known only by the user. ANSWER: password 34. ________ recognition authentication captures the analog waveforms of human speech. ANSWER: Voice 35. A(n) ____________________ token uses a challenge-response system in which the server challenges the user with a number, that when entered into the token provides a response that provides access. ANSWER: asynchronous
  • 5. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 5 36. A(n) ____________________ is any device that prevents a specific type of information from moving between an untrusted network and a trusted network. ANSWER: firewall 37. You might put a proxy server in the __________________, which is exposed to the outside world, neither in the trusted nor untrusted network. ANSWER: demilitarized zone DMZ 38. ____________ is a technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-one basis. ANSWER: Network-address translation Network address translation NAT 39. ____________________ presents a threat to wireless communications, a practice that makes it prudent to use a wireless encryption protocol to prevent unauthorized use of your Wi-Fi network. ANSWER: War driving 40. The ___________ wireless security protocol was replaced by stronger protocols due to several vulnerabilities found in the early 2000s. ANSWER: WEP wired equivalent privacy 41. The Ticket Granting Service (TGS) is one of three services in the __________ system, and provides tickets to clients who request services. ANSWER: Kerberos 42. Describe and provide an example for each of the types of authentication mechanisms. ANSWER: There are three types of authentication mechanisms: - Something a person knows (for example, passwords and passphrases) - Something a person has (such as cryptographic tokens and smart cards) - Something a person produces (such as voice and signature pattern recognition, fingerprints, palm prints, hand topography, hand geometry, and retina and iris scans) 43. Briefly describe how biometric technologies are generally evaluated. ANSWER: Biometric technologies are generally evaluated according to three basic criteria: - False reject rate: the percentage of authorized users who are denied access - False accept rate:the percentage of unauthorized users who are allowed access - Crossover error rate: the point at which the number of false rejections equals the number of false acceptances 44. What should you look for when selecting a firewall for your network? ANSWER: 1. What type of firewall technology offers the right balance between protection and cost for the needs of the organization? 2. What features are included in the base price? What features are available at extra cost? Are all cost factors known? 3. How easy is it to set up and configure the firewall? How accessible are the staff technicians who can competently configure the firewall?
  • 6. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 6 4. Can the candidate firewall adapt to the growing network in the target organization? 45. List the most common firewall implementation architectures. ANSWER: Three architectural implementations of firewalls are especially common: single bastion hosts, screened-host firewalls, and screened-subnet firewalls. 46. What are NAT and PAT? Describe these technologies. ANSWER: NAT is a method of converting multiple real, routable external IP addresses to special ranges of internal IP addresses, usually on a one-to-one basis; that is, one external valid address directly maps to one assigned internal address. A related approach, called port-address translation (PAT), converts a single real, valid, external IP address to special ranges of internal IP addresses—that is, a one-to-many approach in which one address is mapped dynamically to a range of internal addresses by adding a unique port number when traffic leaves the private network and is placed on the public network. 47. There are six recommended best practices for firewall use according to Laura Taylor. List three of them. ANSWER: All traffic from the trusted network is allowed out. The firewall device is never accessible directly from the public network. Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall, but all of it is routed to a well-configured SMTP gateway to filter and route messaging traffic securely. All Internet Control Message Protocol (ICMP) data is denied. Telnet/terminal emulation access to all internal servers from the public networks is blocked. When Web services are offered outside the firewall, HTTP traffic is prevented from reaching your internal networks via the implementation of some form of proxy access or DMZ architecture. 48. Describe in basic terms what an IDPS is. ANSWER: Intrusion detection and prevention systems (IDPSs) work like burglar alarms. When the system detects a violation—the IT equivalent of an opened or broken window—it activates the alarm. This alarm can be audible and visible (noise and lights), or it can be a silent alarm that sends a message to a monitoring company. 49. What is WEP and why is it no longer in favor? ANSWER: WEP is designed to provide a basic level of security protection to Wi-Fi networks, to prevent unauthorized access or eavesdropping. However, WEP, like a traditional wired network, does not protect users from each other; it only protects the network from unauthorized users. In the early 2000s, cryptologists found several fundamental flaws in WEP, resulting in vulnerabilities that can be exploited to gain access. These vulnerabilities ultimately led to the replacement of WEP as the industry standard with WPA. 50. What is a packet sniffer and how can it be used for good or nefarious purposes? ANSWER: A packet sniffer is a network tool that collects and analyzes copies of packets from the network. It can provide a network administrator with valuable information to help diagnose and resolve networking issues. In the wrong hands, it can be used to eavesdrop on network traffic. 51. What is asymmetric encryption? ANSWER: Asymmetric encryption is also known as public key encryption. Whereas symmetric encryption systems use a single key both to encrypt and decrypt a message, asymmetric encryption uses two different keys. Either key
  • 7. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 7 can be used to encrypt or decrypt the message, but not both for the same message. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting 52. An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates. ANSWER: d 53. A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. ANSWER: f 54. The organized research and investigation of Internet addresses owned or controlled by a target organization. ANSWER: j 55. In IPSec, an encryption method in which only a packet’s IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses. ANSWER: b 56. A cryptographic technique developed at AT&T and known as the “one-time pad,” this cipher uses a set of characters for encryption operations only one time and then discards it. ANSWER: g 57. Was developed by Netscape in 1994 to provide security for online e-commerce transactions. ANSWER: c 58. A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment. ANSWER: i 59. A private, secure network operated over a public and insecure network. ANSWER: a 60. A cryptographic operation that involves simply rearranging the values within a block based on an established pattern. ANSWER: h
  • 8. Name: Class: Date: Chapter 12: Protection Mechanisms Copyright Cengage Learning. Powered by Cognero. Page 8 61. Public key container files that allow PKI system components and end users to validate a public key and identify its owner. ANSWER: e