ait 614 summer 08 final exam - compleated
TRANSCRIPT
-
7/28/2019 AIT 614 Summer 08 Final Exam - Compleated
1/5
AIT-614/ IHSM-623 - Network SecuritySummer 2008
Final Exam
The exam is open book open notes. Read each question carefully provide the correct answer forTrue-False and Multiple Choice questions in the spaces provided. There is only one answer.
For essays answer each question completely. Each true-false or multiple choice is worth a half(1/2) point. Essays are worth three (3) points each. The test is worth 30 points. Cut and Pasteonly your answers in the student assignment area under Final Exam before midnight 18 August.Late submissions or email submissions will not be accepted and graded as zero. Do not postattachments or any part of the test. Good luck!
True/False
Indicate whether the statement is true or false.
1.A ground level attack can be especially crippling to networks and computers because the attack runs rampant
while time is spent trying to identify the vulnerability.
TRUE
2.A layered security approach has the advantage of creating a barrier of multiple defenses that can be coordinated
to thwart a variety of attacks.
TRUE
3.Just as an IP address indicates the address of a host computer on a network, a socket number identifies theprogram or service being accessed on the receiving computer.
TRUE
4. Symmetric encryption algorithms are the most common type of cryptographic algorithms.
TRUE
5. The rules that a network device uses to permit or deny a packet are called an access control list.False
Multiple Choice
Identify the choice that best completes the statement or answers the question.
6. Setting a firewall to filter a specific type of traffic, such as all inbound traffic, while a second firewall on the
same system filters another traffic type, such as outbound traffic is an example of _____.
a. diversity c. limiting
b. layering d. simplifying
7. John Rankin, the network administrator for XYZ Corporation, wants to manually change the registry on his
Windows Server 2003 server, what program will allow him to do this task?a. regutil c. regedt32b. regedit32 d. regeditor
8. _____ packet filtering permits or denies each packet based strictly on the rule base.
a. Rule-based c. Statefulb. Dynamic d. Stateless
9. _____ are often examined by law enforcement personnel when they are attempting to identify the Web sites
that a criminal suspect has been viewing.
1
-
7/28/2019 AIT 614 Summer 08 Final Exam - Compleated
2/5
a. Scripts c. Cookies
b. Java applets d. Log files
10. In the 802.1x protocol, the authentication server is typically a _____ server.
a. RADIUS 99% c. SSH
b. TACACS d. NAS
11. _____ makes it possible for almost any application running on virtually any computer platform to obtain
directory information, such as e-mail addresses and keys.
a. X.500 99.9% c. DCE
b. DAP d. LDAP
12. A serious vulnerability in WEP is that the _____ is not properly implemented.a. interrupt vector c. encryption
b. CRC d. initialization vector
13. DES encrypts 64-bit plaintext by executing the algorithm _____ times.a. 4 c. 12
b. 8 d. 16
14. A _____ is an encrypted hash of a message that is transmitted along with the message.a. message digest c. cipher
b. digital signature d. hash algorithm15. If Bob is using symmetric key encryption and wants to securely communicate with 20 other users, how many
secret keys must he keep and manage?
a. 1 c. 10
b. 5 d. 20
16. David is notified that one of the senior employees at XYZ Corporation is taking a leave of absence for six
months. What status should he set on this users certificate?
a. revoked c. expired
b. suspended d. destroyed
17. Daniel, the network administrator of Global Corporation, wants to apply access control privileges to all users
on his network. He should use _____ Access Control to do this.
a. Mandatory 99% c. Secure
b. Position Based d. Entry Level
18. Val decides to implement RAID on her database server. She only has two hard disks available and wants to
ensure that she has data redundancy. What level of RAID should she implement?
a. 0 c. 2
b. 1 d. 5
19. XYZ Corp recently released a new version of their Web-based inventory management software.
Unfortunately a bug in their code was discovered that would allow an attacker to take full control of the host
Web server. In information security this is considered to be a(n) _____.
a. flaw c. Vulnerability 99%
b. exploit d. weakness
20. Reg was recently hired as a security consultant for XYZ Corp. He wants to compare the companys assets
against a database of known vulnerabilities and produce a discovery report that exposes a vulnerability andassesses its severity. He needs to use a vulnerability _____ to do this job.
a. monitor c. scanner
b. tracker d. sniffer
21. The _____ Act protects information financial institutions collect about customers.
a. The Health Insurance Portability and Accountability
b. Gramm-Leach-Bliley
c. Sarbanes-Oxley
2
-
7/28/2019 AIT 614 Summer 08 Final Exam - Compleated
3/5
d. Federal Security
22. David Brown, the network administrator is concerned that several of the user accounts for employees in the
marketing department have been set up incorrectly and have unrestricted access to all employee financial
records on the accounting server. What type of audit should he perform to determine if his suspicions are
correct?
a. user c. escalation
b. privilege d. security
23. Shayla a professional photographer wants to use digital rights management to protect her digital photographs
on her web site. What type of DRM could she use to trace illegal copies of her pictures?
a. Activation codes c. Physical copy protection
b. Software keys d. Digital watermarks
24. After a computer crime has occurred, Jasons forensic team take custody of computers, peripherals, and media
that have been used to commit the crime. Which step has the forensic team executed?
a. Securing the crime scene c. Establishing the chain of custody
b. Preserving the data d. Examining for evidence
ESSAY (Choose and answer only six questions)
25. What are the three goals of cyberattacks as listed in a report distributed by the Institute for Security
Technology Studies at Dartmouth College?
26. Describe the three main categories of authentication?
The three main categories of authentication are authentication by what you know, authentication by what you
have, and authentication by what you are.
Authentication by what you know is based on knowledge that only the approved person would know. For
example, a consumer may want to use a telephone to access the account balance of his mortgage. Because
anyone could make the call, the telephone system asks the user to enter a combination of information that
only the account holder would normally know, such as his mothers date of birth and a unique personalidentification number (PIN) code. This authentication is based on unique knowledge that only the actual user
would know.
Authentication by what you have is similar to authentication by what you know. However, the information is
not held in your brain but instead is a device or similar product that can be held in your hand. Only the real
person would have this device, and it then proves they are who they claim to be. A key to unlock a door or a
drivers license are methods of authentication by what you have.
Authentication by what your are is based on a persons unique characteristics. These can include a fingerprint
or voice sample. Because the unique characteristics cannot be easily duplicated, authentication by what you
are can be an effective means of screening out impostors.
27. What are the six basic guidelines that should be observed when creating filtering rules?
The six basic guidelines that should be observed when creating filtering rules are:
Understand the network filtering device and keep it updated.
Be as specific as possible with rules.
Do not let the log file grow to an unmanageable size; start a new log file once a week
Examine the log file each week to note any trends.
3
-
7/28/2019 AIT 614 Summer 08 Final Exam - Compleated
4/5
When setting up rules, be as restrictive as possible. Users will contact you when they cannot access
the resources that they need. Restrictive rules help determine what actions are essential and what
actions are simply convenient for users.
Use comments in the rule base to document everything.
28. List five of the defensive controls that can be set for routers and switches.
Five of the defensive controls that can be set for routers and switches are:
Configure the logon prompt so that it does not display any information about the brand or model of
the device.
Disable Hypertext Transfer Protocol (HTTP) and SNMP access if they are not being used.
If SNMP must be used install SNMPv3.
If unencrypted access must be used (for services such as Telnet), limit that access to specific trusted
clients.
Limit physical access to devices to authorized personnel only.
29. What five tasks are recommended when using Microsoft Encrypting File System?
When using Microsoft Encryption File System, the following tasks are recommended:
First encrypt the folder and then move the files you want to protect into that folder.
Do not encrypt the entire drive that contains your system folder (WINNT). This could significantly
decrease performance and cause your machine to become unbootable.
You can either compress or encrypt a folder, but you cannot do both.
If you move an encrypted file to a drives that doesnt use NTFS (including a floppy disk), the file will
not retain its encryption.
Regardless of who encrypted the file, if the computer is not part of a domain, the local Administrator
account can decrypt the file.
30. What five tasks does a PKI for a typical enterprise perform?
A Public Key Infrastructure (PKI) for a typical enterprise does the following:
Issues digital certificates to individual users and servers
Provides end-user enrollment software
Integrates corporate certificate directories
Manages, renews, and revokes certificates
Provides related network services and security
31. List and describe the four basic steps used in creating a business continuity plan?
The four basic steps used in creating a Business Continuity Plan (BCP) are understand the business, formulate
continuity strategies, develop a response, and test the plan.
For and understand the business, the goals of the organization, its mission-critical process, and externalinfluences must be clearly identified.
For formulate continuity strategies, the strategies vary depending on the event. The strategies could be to do
nothing, change or end the process, or adjust the business itself to minimize the impact.
4
-
7/28/2019 AIT 614 Summer 08 Final Exam - Compleated
5/5
For develop a response, a response addresses what should be done if the risk materializes. For example,
should a new initiative be placed on hold if key workers leave the company?
For test and plan, a realistic test of the components of a BCP should be conducted and analyzed so that
modifications can be made as necessary.
5