ait 614 summer 08 final exam - compleated

7/28/2019 AIT 614 Summer 08 Final Exam - Compleated

1/5

AIT-614/ IHSM-623 - Network SecuritySummer 2008

Final Exam

The exam is open book open notes. Read each question carefully provide the correct answer forTrue-False and Multiple Choice questions in the spaces provided. There is only one answer.

For essays answer each question completely. Each true-false or multiple choice is worth a half(1/2) point. Essays are worth three (3) points each. The test is worth 30 points. Cut and Pasteonly your answers in the student assignment area under Final Exam before midnight 18 August.Late submissions or email submissions will not be accepted and graded as zero. Do not postattachments or any part of the test. Good luck!

True/False

Indicate whether the statement is true or false.

1.A ground level attack can be especially crippling to networks and computers because the attack runs rampant

while time is spent trying to identify the vulnerability.

TRUE

2.A layered security approach has the advantage of creating a barrier of multiple defenses that can be coordinated

to thwart a variety of attacks.

TRUE

3.Just as an IP address indicates the address of a host computer on a network, a socket number identifies theprogram or service being accessed on the receiving computer.

TRUE

4. Symmetric encryption algorithms are the most common type of cryptographic algorithms.

TRUE

5. The rules that a network device uses to permit or deny a packet are called an access control list.False

Multiple Choice

Identify the choice that best completes the statement or answers the question.

6. Setting a firewall to filter a specific type of traffic, such as all inbound traffic, while a second firewall on the

same system filters another traffic type, such as outbound traffic is an example of _____.

a. diversity c. limiting

b. layering d. simplifying

7. John Rankin, the network administrator for XYZ Corporation, wants to manually change the registry on his

Windows Server 2003 server, what program will allow him to do this task?a. regutil c. regedt32b. regedit32 d. regeditor

8. _____ packet filtering permits or denies each packet based strictly on the rule base.

a. Rule-based c. Statefulb. Dynamic d. Stateless

9. _____ are often examined by law enforcement personnel when they are attempting to identify the Web sites

that a criminal suspect has been viewing.

1


2/5

a. Scripts c. Cookies

b. Java applets d. Log files

10. In the 802.1x protocol, the authentication server is typically a _____ server.

a. RADIUS 99% c. SSH

b. TACACS d. NAS

11. _____ makes it possible for almost any application running on virtually any computer platform to obtain

directory information, such as e-mail addresses and keys.

a. X.500 99.9% c. DCE

b. DAP d. LDAP

12. A serious vulnerability in WEP is that the _____ is not properly implemented.a. interrupt vector c. encryption

b. CRC d. initialization vector

13. DES encrypts 64-bit plaintext by executing the algorithm _____ times.a. 4 c. 12

b. 8 d. 16

14. A _____ is an encrypted hash of a message that is transmitted along with the message.a. message digest c. cipher

b. digital signature d. hash algorithm15. If Bob is using symmetric key encryption and wants to securely communicate with 20 other users, how many

secret keys must he keep and manage?

a. 1 c. 10

b. 5 d. 20

16. David is notified that one of the senior employees at XYZ Corporation is taking a leave of absence for six

months. What status should he set on this users certificate?

a. revoked c. expired

b. suspended d. destroyed

17. Daniel, the network administrator of Global Corporation, wants to apply access control privileges to all users

on his network. He should use _____ Access Control to do this.

a. Mandatory 99% c. Secure

b. Position Based d. Entry Level

18. Val decides to implement RAID on her database server. She only has two hard disks available and wants to

ensure that she has data redundancy. What level of RAID should she implement?

a. 0 c. 2

b. 1 d. 5

19. XYZ Corp recently released a new version of their Web-based inventory management software.

Unfortunately a bug in their code was discovered that would allow an attacker to take full control of the host

Web server. In information security this is considered to be a(n) _____.

a. flaw c. Vulnerability 99%

b. exploit d. weakness

20. Reg was recently hired as a security consultant for XYZ Corp. He wants to compare the companys assets

against a database of known vulnerabilities and produce a discovery report that exposes a vulnerability andassesses its severity. He needs to use a vulnerability _____ to do this job.

a. monitor c. scanner

b. tracker d. sniffer

21. The _____ Act protects information financial institutions collect about customers.

a. The Health Insurance Portability and Accountability

b. Gramm-Leach-Bliley

c. Sarbanes-Oxley

2


3/5

d. Federal Security

22. David Brown, the network administrator is concerned that several of the user accounts for employees in the

marketing department have been set up incorrectly and have unrestricted access to all employee financial

records on the accounting server. What type of audit should he perform to determine if his suspicions are

correct?

a. user c. escalation

b. privilege d. security

23. Shayla a professional photographer wants to use digital rights management to protect her digital photographs

on her web site. What type of DRM could she use to trace illegal copies of her pictures?

a. Activation codes c. Physical copy protection

b. Software keys d. Digital watermarks

24. After a computer crime has occurred, Jasons forensic team take custody of computers, peripherals, and media

that have been used to commit the crime. Which step has the forensic team executed?

a. Securing the crime scene c. Establishing the chain of custody

b. Preserving the data d. Examining for evidence

ESSAY (Choose and answer only six questions)

25. What are the three goals of cyberattacks as listed in a report distributed by the Institute for Security

Technology Studies at Dartmouth College?

26. Describe the three main categories of authentication?

The three main categories of authentication are authentication by what you know, authentication by what you

have, and authentication by what you are.

Authentication by what you know is based on knowledge that only the approved person would know. For

example, a consumer may want to use a telephone to access the account balance of his mortgage. Because

anyone could make the call, the telephone system asks the user to enter a combination of information that

only the account holder would normally know, such as his mothers date of birth and a unique personalidentification number (PIN) code. This authentication is based on unique knowledge that only the actual user

would know.

Authentication by what you have is similar to authentication by what you know. However, the information is

not held in your brain but instead is a device or similar product that can be held in your hand. Only the real

person would have this device, and it then proves they are who they claim to be. A key to unlock a door or a

drivers license are methods of authentication by what you have.

Authentication by what your are is based on a persons unique characteristics. These can include a fingerprint

or voice sample. Because the unique characteristics cannot be easily duplicated, authentication by what you

are can be an effective means of screening out impostors.

27. What are the six basic guidelines that should be observed when creating filtering rules?

The six basic guidelines that should be observed when creating filtering rules are:

Understand the network filtering device and keep it updated.

Be as specific as possible with rules.

Do not let the log file grow to an unmanageable size; start a new log file once a week

Examine the log file each week to note any trends.

3


4/5

When setting up rules, be as restrictive as possible. Users will contact you when they cannot access

the resources that they need. Restrictive rules help determine what actions are essential and what

actions are simply convenient for users.

Use comments in the rule base to document everything.

28. List five of the defensive controls that can be set for routers and switches.

Five of the defensive controls that can be set for routers and switches are:

Configure the logon prompt so that it does not display any information about the brand or model of

the device.

Disable Hypertext Transfer Protocol (HTTP) and SNMP access if they are not being used.

If SNMP must be used install SNMPv3.

If unencrypted access must be used (for services such as Telnet), limit that access to specific trusted

clients.

Limit physical access to devices to authorized personnel only.

29. What five tasks are recommended when using Microsoft Encrypting File System?

When using Microsoft Encryption File System, the following tasks are recommended:

First encrypt the folder and then move the files you want to protect into that folder.

Do not encrypt the entire drive that contains your system folder (WINNT). This could significantly

decrease performance and cause your machine to become unbootable.

You can either compress or encrypt a folder, but you cannot do both.

If you move an encrypted file to a drives that doesnt use NTFS (including a floppy disk), the file will

not retain its encryption.

Regardless of who encrypted the file, if the computer is not part of a domain, the local Administrator

account can decrypt the file.

30. What five tasks does a PKI for a typical enterprise perform?

A Public Key Infrastructure (PKI) for a typical enterprise does the following:

Issues digital certificates to individual users and servers

Provides end-user enrollment software

Integrates corporate certificate directories

Manages, renews, and revokes certificates

Provides related network services and security

31. List and describe the four basic steps used in creating a business continuity plan?

The four basic steps used in creating a Business Continuity Plan (BCP) are understand the business, formulate

continuity strategies, develop a response, and test the plan.

For and understand the business, the goals of the organization, its mission-critical process, and externalinfluences must be clearly identified.

For formulate continuity strategies, the strategies vary depending on the event. The strategies could be to do

nothing, change or end the process, or adjust the business itself to minimize the impact.

4


5/5

For develop a response, a response addresses what should be done if the risk materializes. For example,

should a new initiative be placed on hold if key workers leave the company?

For test and plan, a realistic test of the components of a BCP should be conducted and analyzed so that

modifications can be made as necessary.

5

ait 614 summer 08 final exam - compleated

Documents