Download MIS 4850 Systems Security

MIS 4850 Systems Security
Final Exam Review Questions
Access Control and Site Security
1. Which of the following operating systems does not provide RAM buffer protection?
a) Windows Vista
b) Windows XP Professional
c) Windows NT
d) Windows 2000
e) None of the above
Explanation: Win 95, Win 98, Win Me, Old Win XP Home do not provide RAM buffer protection
2. With which of the following operating systems the login password can be bypassed by hitting the
escape key?
a) Windows Vista
b) Windows XP Professional
c) Windows NT
d) Windows 2000
e) None of the above
Explanation: With Win 95, Win 98, and Win Me, login password can be bypassed
3. Which of the following is true about Access cards that are designed for two-factor authentication?
a) their PINs are usually short like 4 characters for instance
b) a 4-character PIN is too risky for access cards
c) if an access card is lost, the best security measure is to cancel or disable it
d) None of the above
4. You need to implement a wireless network with 3 Access Points and 13 wireless laptops.
How many SSIDs need to be used in order to have all devices be part of the same WLAN?
a. Three different SSIDs
b. One same SSID
c. 16 different SSIDs
d. None of the above.
5.
In a wireless network that uses WEP (Wired Equivalent Privacy) to provide wireless
security, which of the following may authenticate to an access point?
a) Only the administrator.
b) Only users with the correct WEP key.
c) Only users within the company.
d) Anyone can authenticate.
7.
Users must type PINs when they use their access cards. This is an example of …
a.
b.
c.
d.
e.
piggybacking
one-factor authentication
weak authentication
three-factor authentication
None of the above
8.
A user walks up to a door, has his or her face scanned, and is admitted through the door.
Assume nothing else. This is an example of...
a.
verification
b.
certification
c.
None of the above
Explanation: verification or authentication is when a user provides his/her credentials (username,
password) to the system for authentication purpose. The situation described is identification usually
used in biometric-based system where the user doesn’t provide his/her credentials. Instead, the system
identifies the users’ physical features (face shape, etc.), and makes access decisions.
9.
How could we prevent someone from installing a sniffer where wires connect to a switch?
a.
Use newer switches
b.
install sniffer detection systems
c.
use switches with non-standard ports
d.
use optical fiber instead of UTP
e.
lock telecommunications closets
10.
It may be possible to find media containing sensitive corporate data through...
a.
Data digging
b.
two-factor recognition
c.
sensitivity analysis
d.
Shredding
e.
None of the above
Explanation: This is dumpster diving.
11.
The network administrator created a group account. He added all employees with last name
beginning with letter A, B, or C to the group. He then created another group account and added
all the other employees to it. He finally assigned access rights to the groups. What access
control strategy did he use?
a) Mandatory Access Control
b) Role Based Access Control
c) Discretionary Access Control
d) Logic Based Access Control
e) None of the above
Explanation: This is List-Based Access Control.
TCP/IP Internetworking
14.
Which of the following is true in TCP/IP-based encapsulation?
a.
Requests are encapsulated in TCP segments
b.
Frames are encapsulated in packets
c.
Neither a. nor b.
d.
Both a and b.
15.
During de-encapsulation, if Layer N receives a message, which layer de-encapsulates the
message?
a.
N+1
b.
N
c.
N-1
d.
Any of the above
16.
When it receives at its Data Link layer, which of the following does a router do first?
a.
encapsulate
b.
decapsulate (or de-encapsulate)
c.
Neither a. nor b.
d.
Both a. and b.
17.
Which of the following is connectionless?
a.
IP
c.
TCP
d.
None of the above.
18.
With classful IP addresses, the network part of a class B IP address is ___ bits long.
a.
8
b.
24
d.
32
e.
None of the above
19.
How many messages are sent in a TCP opening?
a.
One
b.
Two (the message and its acknowledgement)
c.
Four
d.
None of the above
Explanation: Three messages are sent altogether in an opening
21.
How many messages are sent in an abrupt TCP close, i.e. in a Reset?
a.
Two (the message and its acknowledgement)
b.
Three
c.
Four
d.
None of the above
Explanation: One
24.
What do we call messages at the Transport layer?
a.
Frames
b.
Packets
c.
Both of the above.
d.
Neither a. nor b.
Explanation: They are called segments (i.e. TCP segments) or datagrams (i.e. UDP datagrams)
25.
A host sends a TCP segment with source port number 25. Which of the following is true? The
source host is a client computer
a) The source host is an email server
b) The destination host is a client computer
c) The destination host is a server computer
d) The source host is a web server
Explanation: TCP port 25 is a well-known port number for email server.
26. Use the ADDing technique to determine the logical network that computer A (IP address
192.168.1.5 with subnet mask 255.255.255.128) belongs to.
--------------------------- 32 bit notation ---------------------- Dotted decimal
IP address:
Mask:
Network:
27. Use the ADDing technique to determine the logical network that computer B (IP address
192.168.2.3 with subnet mask 255.255.255.128) belongs to.
--------------------------- 32 bit notation ---------------------- Dotted decimal
IP address:
Mask:
Network:
28. Are both computers on the same logical network? Why?
__________________________________________________________________________________
__________________________________________________________________________________
______________________________________________________________________
Attacks
29. In preparing his attack, the attacker used the ping command to determine whether or not a specific
target computer is connected and responsive. Which of the following did the attacker do?
a) Network scanning
b) Port scanning
c) Fingerprinting
d) Host scanning
e) None of the above
30. In preparing his attack, the attacker used a IP Scanning software called fPing to determine whether
or not computers with IP addresses in the range 220.35.36.1 to 220.35.36.20 are connected and
responsive. Which of the following did the attacker do?
a) Network scanning
b) Port scanning
c) Fingerprinting
d) Host scanning
e) None of the above
Explanation: host scanning could be done for a single host or for multiple hosts using a
range of IP addresses.
31. In preparing his attack, the attacker sent normal HTTP requests to a web server. Then, he spent
some time analyzing the protocol-related information in the response received from the web server in
order to determine the kind of software installed on the web server. Which of the following did the
attacker do?
a)
b)
c)
d)
Active fingerprinting
Protocol fingerprinting
Passive fingerprinting
None of the above
32. An attacker is trying to guess a 4-character long password that is all numbers? What is the total
number of combinations to guess?
a) 4000
b) 10000
c) 8000
d) None of the above
Explanation: 10ˆ4 =10000. The 10 is because there are 10 different numbers (0 to 9).
33. Collecting information using the Government EDGAR system and by visiting a potential target
organization’s web site is considered…
a) Passive fingerprinting
b) Random information gathering
c) Unobtrusive information gathering
d) None of the above
34. An attacker sends an attack message to a target computer using IP fragmentation. The attack
message is about 80000 bytes. What kind of attack did the attacker attempted?
a) Teardrop attacks
b) Ping of Death attack
c) Land attack
d) None of the above
35. Which of the following do Denial of Service attacks primarily attempt to jeopardize?
a) confidentiality
b) integrity
c) availability
36. SYN flooding is effective because…...
a. of an asymmetry in the work that the sender and receiver must do.
b. the basic protocol is flawed
c. SYN messages are encapsulated and so cannot be traced back to the attacker
d. it is based on DDoS
37. Which of the following determines which operating system is installed on a system by analyzing its
response to certain network traffic?
a. OS scanning.
b. Reverse engineering.
c. Fingerprinting
d. Host hijacking.
38. Which of the following is a DoS (Denial of Service) attack that exploits TCP's three-way
handshake for new connections?
a. SYN flooding
b. Ping of death attack.
c. LAND attack.
d. Buffer overflow attack.
Firewalls
40. What does a firewall use to ensure that each packet is part of an established TCP (Transmission
Control Protocol) session?
a) a packet filter.
b) a static filtering.
c) a stateful filtering.
d) a circuit level gateway.
41.
Ingress filtering is used to filter packets...
a. coming into the network from an external network
b. going out of the network to an external network
c. Both a. and b.
42.
Static packet filter firewalls examine...
a. IP headers
b. application messages
c. connections
d. All of the above.
Exhibit 1
Figure 1: Access Control List (ACL) for INGRESS Filtering at a border firewall
Trusted network
60.47.3.1
60.47.3.5
Firewall
60.47.3.2
Untrusted
network
60.47.3.9
1
2
3
4
5
6
7
8
9
10
11
12
If Source IP Address = 10.*.*.*, DENY [Private IP Address Range]
If Source IP Address = 172.16.*.* to 172.31.*.*, DENY [Private IP Address Range]
If Source IP Address = 192.168.*.*, DENY [Private IP Address Range]
If source IP address = 60.47.*.*, DENY [internal address range]
If TCP SYN=1 AND FIN=1, DENY [crafted attack packet]
If Destination IP Address = 60.47.3.9 AND TCP Destination Port = 80 or 443, PASS
If TCP SYN = 1 and ACK = 0, DENY [Attempt to open connection from the outside]
If TCP Destination Port = 20, DENY
If TCP Destination Port = 135 Trough 139, DENY
If TCP destination port = 513, DENY [UNIX rlogin without password]
If UDP Destination Port = 69, DENY [Trivial FTP; no login necessary]
DENY ALL
43. Given the Exhibit shown above, which of the following is true?
a) Rule 1 can be deleted without jeopardizing security because, anyway, the Deny All will
stop any incoming message with a source IP address in the 10.*.*.* range.
b) Deleting Rule 1 would allow a packet with a source IP address in the 10.*.*.* range to
pass in certain cases.
c) None of the above.
44. Given the Exhibit, what specific service could someone using the source IP address 192.168.3.7 get
access to in case Rule 3 is removed from the ACL? (Circle all correct answers).
a) email service
b) HTTP webservice
c) ftp service
d) secure HTTP webservice
e) All of the above
45. What is the purpose of Rule 4 in the ACL shown in the Exhibit?
a) to prevent messages with source IP address in the internal address range from passing
b) to deny access to any incoming packet destined to any internal server computer
c) to prevent outsiders from using internal IP addresses in spoofing attacks
d) None of the above.
46. As the network administrator in charge of configuring the company’s firewall, you have to change
the ACL in the Exhibit to add a rule that allows packet destined to a an internal secured web server
(HTTPS) that has the 60.47.3.7 IP address to pass. (Note: the Appendix list TCP/UDP ports for
common services). Write down the rule:
______________________________________________________________________________
47. Where the rule you wrote down should be inserted in the ACL?
a) Anywhere before Rule 7
b) between Rule 5 and Rule 6
c) between Rule 4 and Rule 5
Host Hardening
48.
To know how to install an operating system with secure configuration options, you would use
a. a security baseline
b. a standard
c. a security template
d. a wizard
49.
In a Windows network, which of the following could be used to implement security measures
on multiple computers through a domain?
a. Policy Maker
b. GPO
c. Domain ACL
Explanation: Group policies are used. Group policies are set in a group policy object or
GPO.
50.
UNIX command-line interfaces are called _____.
a.
versions
b.
shells
c.
GUIs
d.
distributions
e.
windows
51.
Cisco’s operating system for its routers and most of its managed switches is...
a) Mac OS X
b) COS
c) Windows
d) None of the above
Explanation: It’s IOS
52.
Traditionally, default installations of operating systems _____.
a. turn on many infrequently used services to ease management labor
b. turn off most infrequently used services to reduce RAM and processing requirements
c. All of the above
53.
In Windows, when files are encrypted using Encrypted File System, an attacker who breaks in
can still get a copy of the files and easily read the content.
a) True
b) False
Element of Cryptography & Cryptographic systems
54.
Jason sends a message to Kristin using public key encryption for confidentiality. What key will
Jason use to encrypt the message?
a.
b.
c.
d.
55.
Which of the following is needed in order to encrypt the following message that you want to
send to a business partner? “The total amount to be paid for order #C1222 is $23,000.00”
(Circle all that apply)
b.
c.
d.
e.
56.
confidentiality
authentication
Both of the above.
In symmetric encryption in a two-way dialog, how many keys are used in total for
confidentiality?
a.
b.
c.
58.
a ciphertext
a key
an authenticator
an encryption method or algorithm
Encryption is used for _____.
a.
b.
c.
57.
Jason’s private key
Jason’s public key
Kristin’s Public key
None of the above
one
two
four
Which of the following do cryptographic systems protect?
a) Data stored on local storage media (like hard drives) from access by unauthorized users
b) Data being transmitted from point A to point B in a network
c) Both a and b
59.
Based on how encryption systems work, which of the following is the worst thing that
could happen?
a)
An attacker gets a copy of the encryption and decryption algorithms
b)
An attacker gets the decryption key
c)
a and b are equally damaging
60. Which of the following is true about the difference between hashing and encryption?
(Choose all the apply)
a) In encryption, the output is similar in length to the input
b) In hashing, the output is similar in length to the input
c) In encryption, the output is of a fixed short length, regardless of input
d) In hashing, the output is of a fixed short length, regardless of the input
61.
Which of the following could be done to make it harder for attackers to crack encryption keys?
a) Use 8-bits keys
b) Change encryption keys very often
c) Use complex encryption algorithms
d) All of the above
62.
Based on the way DES and 3DES work, which of the following is true?
a) 3DES requires more processing time than DES
b) Compared to 3DES, DES requires more RAM
c) Both a and b
63. Which of the following security issues is NOT addressed by cryptographic systems?
a) Confidentiality; i.e. protection against eavesdropping
b) Authentication; i.e. assurance that sending parties are who they claim to be
c) Message integrity; i.e. assurance that messages are not altered en route
d) Availability; i.e. making sure that communication systems are not shut down by intruders.
e) All of the above
64. Which of the following provides security at the transport layer?
a) IPsec
b) PPTP
c) SSL/TLS
d) Kerberos
65. Which of the following three PPP authentication protocols is the most secure?
a) PAP
b) CHAP
c) MS-CHAP
66. In cryptographic systems using digital signatures, message digests are created by…
a) Symmetric encryption
b) Asymmetric encryption
c) Hashing
d) None of the above
67. In cryptographic systems using digital signatures, the digital signatures are created by…
a) Symmetric encryption
b) Asymmetric encryption
c) Hashing
d) None of the above
68. The result of hashing can be turned back to the original string.
T
F
69. In asymmetric encryption, encryption and authentication can take place
without sharing private keys
T
F
70. Once the partners are engaged in the ongoing communication phase there is, usually,
no need for the partners to do another authentication since the communication is safe. T
F
Applications Security
71. In e-mail operation, what computer transmits messages directly to the receiver’s computer upon
request?
a) Sender’s computer
b) Sender’s mail server
c) Receiver’s mail server
d) None of the above
72. You want to connect to a mail server to download emails that were sent to you by your friends.
Which of the following protocols could be used for communication with the mail server?
a) Simple Mail Transport Protocol
b) Internet Message Access Protocol
c) Extended transfer Protocol
d) None of the above
73. Which of the following protocols is used for communication between the sender’s computer and
the sender’s email server?
a) Simple Mail Transport Protocol
b) Internet Message Access Protocol
c) Extended transfer Protocol
d) None of the above
74. Which of the following protocols is used for communication between the sender’s email server and
the receiver’s email server?
a) Simple Mail Transport Protocol
b) Internet Message Access Protocol
c) Extended transfer Protocol
d) None of the above
75. Which of the following is true about using the PGP cryptographic system for e-mail encryption?
a) It is not widely built into client email programs
b) Even if PGP is not built into their email client programs, users can still use PGP as separate
program to handle secure communication
c) Users can only use it for encryption/decryption if it is built into their email client programs.
d) All of the above
e) Both a and b
76. Suppose that you are using PGP for secure email communication with a couple of your friends. In
the web of trust (also known as circle of trust) you have set on your PGP configuration, there is John,
Paul, and Jessica. In that web trust infrastructure, there is a two-way trust relationship between Jessica
and one of her friend Jacob. Which of the following is true?
a) You can have a secure communication with Jessica but not with Jacob
b) You can have a secure communication with John but not with Jacob
c) You can have a secure communication with both Jessica and Jacob
d) None of the above
77. Your company has decided to use S/MIME to secure email communication. Your advice is needed
to proceed with the implementation of the S/MIME-based secure email communication. Which of the
following will be among your list of advice?
a) S/MIME doesn’t use web trust. It uses another authentication method instead.
b) A good web trust infrastructure (or circles of trust) must be implemented.
c) None of the above
78. Which of the following can be done with email shredding tools?
a) Actually delete email messages that are on the receiver’s computer
b) Make messages unreadable by receivers
c) All of the above
79. You and a couple of friends have decided to use secure email communication. Which of the
following is the most likely option that you could use for your person-to person communication?
a) X.509
b) PGP
c) S/MIME
d) TLS
80. Assume that the home directory for the www.homeschool.com web site is C:\homeschool\web.
Which of the following URL could be typed in the Address text box of a web browser to get the
report.htm file located in the report directory which is a subdirectory under the home directory?
a) www.report.homeschool.com
b) www.report.homeschool.com/report
c) www.report.homeschool.com/report/report.htm
d) www.homeschool/Web/report/report.htm
e) None of the above
81. Write down the URL to retrieve the file experience.htm under the experience directory on the host
www.knowledge.com.
____________________________________________________________________________
82. Write down the URL that would pass the values 55 and $550 for the variables count and price to
the calculation.exe program in the programs directory that is under the scripts directory. The
assumption is that scripts is a directory under the home directory of the www.equations.com web site.
______________________________________________________________________________
83. Assume that Windows is configured as shown in the exhibit below. How would the game.exe.txt
file appear to the user?
a)
b)
c)
d)
game.exe
game.exe.txt
game
None of the above
84. CGI requires the use of specific scripting languages like Javascript and VBscript.
T
F
85. A cookie is a kind of web bug.
T
F
86. A Java Applet is a small Java program that executes when a webpage is
loaded or when the user takes specific actions.
T
F
87. A Java Applet is not a script per se, it is a program called by scripts on web pages.
T
F