Test Bank For Corporate Computer Security 3rd Edition, Randall by QuentinAxel

Corporate Computer Security, 5e (Boyle/Panko) Chapter 1 The Threat Environment 1) The three common core goals of security are ________. A) confidentiality, information, and authorization B) confidentiality, integrity, and authentication C) confidentiality, information, and availability D) confidentiality, integrity, and availability Answer: D Page Ref: 3 Learning Objective: 1.1 Define the term threat environment Difficulty: Moderate 2) If an attacker breaks into a corporate database and deletes critical files, this is an attack against the ________ security goal. A) confidentiality B) integrity C) availability D) CIA Answer: B Page Ref: 3 Learning Objective: 1.1 Define the term threat environment Difficulty: Moderate 3) Which of the following is NOT a type of countermeasure? A) Corrective B) Preventative C) Detective D) Sustainable Answer: D Page Ref: 4 Learning Objective: 1.1 Define the term threat environment Difficulty: Moderate 4) When a threat succeeds in causing harm to a business, this is known as a(n) ________. A) breach B) PII C) CIA D) unintended access Answer: A Page Ref: 4 Learning Objective: 1.1 Define the term threat environment Difficulty: Easy

5) Methods that security professionals use to try to stop threats include all of the following EXCEPT ________. A) safeguards B) countermeasure C) protections D) breaches Answer: D Page Ref: 3 Learning Objective: 1.1 Define the term threat environment Difficulty: Moderate 6) Which of the following is NOT a type of countermeasure? A) Detective B) Corrective C) Cyberwar D) Preventative Answer: C Page Ref: 4 Learning Objective: 1.1 Define the term threat environment Difficulty: Easy 7) The cost of computer crime is well known. Answer: FALSE Page Ref: 2 Learning Objective: 1.1 Define the term threat environment Difficulty: Moderate 8) Availability means that attackers cannot change or destroy information. Answer: FALSE Page Ref: 3 Learning Objective: 1.1 Define the term threat environment Difficulty: Easy 9) Costs for all threats is increasing annually. Answer: TRUE Page Ref: 3 Learning Objective: 1.1 Define the term threat environment Difficulty: Easy 10) Corrective countermeasures identify when a threat is attacking. Answer: FALSE Page Ref: 4 Learning Objective: 1.1 Define the term threat environment Difficulty: Easy

11) Preventative countermeasures keep attacks from succeeding. Answer: TRUE Page Ref: 4 Learning Objective: 1.1 Define the term threat environment Difficulty: Easy 12) Detective countermeasures is considered one of the security goals of computer staff. Answer: FALSE Page Ref: 4 Learning Objective: 1.1 Define the term threat environment Difficulty: Easy 13) Most countermeasure controls are preventative controls. Answer: TRUE Page Ref: 4 Learning Objective: 1.1 Define the term threat environment Difficulty: Easy 14) A ________ happens when an unauthorized person is able to view, alter, or steal secured data. A) countermeasure B) data breach C) safeguard D) compromise Answer: B Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 15) More than ________ records were stolen in 2018. A) 2.2 billion B) 1 million C) 5 billion D) 100,000 Answer: C Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy

16) Which of the following is true about data breaches in 2018? A) It's likely that half of all Americans lost their records at least one time in 2018. B) It's likely that nearly everyone lost their records at least one time in 2018. C) More than 12 billion people lost their records in 2018. D) Slightly less than half of the world's population lost their records at least once in 2018. Answer: B Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Moderate 17) Indirect costs due to data breaches are estimated to be: A) $3.9 million per incident B) $150 million per year C) $10,000 per incident D) $190,000 per year Answer: A Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 18) The chances of an organization having a data breach over the next two years is approximately ________. A) 10 percent B) 20 percent C) 42 percent D) 28 percent Answer: D Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 19) Which of the following is NOT an indirect cost of a major data breach? A) Loss of reputation B) Notification costs C) Abnormal customer turnover D) Increased customer acquisition activities Answer: B Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Moderate

20) Which of the following is NOT a direct cost of a major data breach? A) Loss of reputation B) Notification costs C) Legal fees D) Detection Answer: A Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Moderate 21) Which of the following companies experienced the largest data breach in history in 2016? A) Amazon B) Yahoo! Inc. C) First American Corp. D) Facebook Answer: B Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 22) When a data breach occurs, hackers are primarily looking for ________. A) personal and business addresses B) access to systems C) personally identifiable information D) cash and credit card numbers Answer: C Page Ref: 6 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 23) Stolen information is commonly used for ________. A) credit card fraud B) identity theft C) false claims D) data mismanagement Answer: A Page Ref: 6 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy

24) Which of the following is typically considered the first step in protecting your company from data breaches? A) Locking up your data to prevent data breaches B) Understanding how data breaches happen C) Purchasing software to prevent data breaches D) Hiring a qualified data security team Answer: B Page Ref: 7 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 25) Data from Target customers was stolen ________. A) online B) from point-of-sale (POS) systems C) primary by internal hackers, mostly employees D) through employee extortion Answer: B Page Ref: 7 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 26) Attackers in the Target data breach used malware and then used ______ or ______ to infect a Target third party vendor. A) spear phishing; sabotage B) hacking; sabotage C) spear phishing; a targeted phishing attack D) viruses; worms Answer: C Page Ref: 7 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Moderate 27) What is Trojan.POSRAM in regard to Target's data breach? A) Employee sabotage B) Malware C) A virus D) A worm Answer: B Page Ref: 8 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy

28) The Target data breach helped impact a shift from swipe cards to ________. A) EMV-compliant smart cards B) POS systems C) keystroke logger D) rootkits Answer: A Page Ref: 8 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 29) One of the long-lasting effects of the data breach to Target was ________. A) loss of money B) loss of customer confidence C) loss of merchandise D) employee dissatisfaction Answer: B Page Ref: 8 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Moderate 30) Data breaches are rarely costly to a company. Answer: FALSE Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Moderate 31) Data breaches are always the result of hackers in distant locations. Answer: FALSE Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 32) Direct costs of handling a data breach include paying for notification and detection. Answer: TRUE Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 33) Indirect cost related to data breaches average an addition $10 million per incident in the U.S. Answer: FALSE Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy

34) There is about a one in four chance that your organization will experience a data breach. Answer: TRUE Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 35) More than 67 percent of data breaches come from hackers trying to make money. Answer: TRUE Page Ref: 5 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 36) Rogue internal employees typically have a more difficult time stealing data than do external hackers. Answer: FALSE Page Ref: 6 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 37) The Target data breach affected 30 percent of the population of the U.S. Answer: TRUE Page Ref: 7 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 38) Trojan.POSRAM is a variant of the ILOVEYOU virus. Answer: FALSE Page Ref: 8 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 39) Hackers sold stolen credit card information gained from the Target breach. Answer: TRUE Page Ref: 9 Learning Objective: 1.2 Describe the impact of data breaches Difficulty: Easy 40) Which of the following is FALSE about employees being considered dangerous in regard to security? A) Employees usually have extensive knowledge of systems. B) Employees often have the credentials needed to access sensitive parts of systems. C) Companies generally have little trust in their employees. D) Employees know corporate control mechanisms and so often know how to avoid detection. Answer: C Page Ref: 11 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Moderate 8 Copyright © 2021 Pearson Education, Inc.

41) ________ are considered the most dangerous of all employees. A) Financial professionals B) IT security employees C) CEOs D) Data entry clerks Answer: B Page Ref: 11 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Moderate 42) ________ is the destruction of hardware, software, or data. A) Extortion B) Denial of service C) Hacking D) Sabotage Answer: D Page Ref: 13 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 43) In ________, a perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest. A) fraud B) hacking C) abuse D) extortion Answer: D Page Ref: 14 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 44) ________ consists of activities that violate a company's IT use and/or ethics policies. A) Abuse B) Fraud C) Extortion D) Hacking Answer: A Page Ref: 14 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy

45) Which of the following is considered a trade secret? A) Product formulations B) Patents C) Trade names D) Trademarks Answer: A Page Ref: 14 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 46) Employees often have extensive knowledge of systems and can pose a greater risk than external attackers. Answer: TRUE Page Ref: 11 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 47) Penalties for hacking are significantly different if you are attempting to steal a million dollars or attempting to steal nothing of value. Answer: FALSE Page Ref: 11 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 48) Misappropriation of assets is an example of employee financial theft. Answer: TRUE Page Ref: 13 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 49) Downloading pornography can invoke a sexual harassment lawsuit. Answer: TRUE Page Ref: 13 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 50) If you are explicitly or implicitly allowed to use the resources that you're accessing on a company computer, you have authorization to do so. Answer: TRUE Page Ref: 13 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy

51) Copyrights and patents are known as trade secrets. Answer: FALSE Page Ref: 13 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Moderate 52) You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else's files. You spend just a few minutes looking around. This is hacking. Answer: TRUE Page Ref: 13 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Moderate 53) The terms "intellectual property" and "trade secret" are synonymous. Answer: FALSE Page Ref: 13 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 54) Contract workers can also be considered a threat to a business. Answer: TRUE Page Ref: 15 Learning Objective: 1.3 Describe threats from employees and ex-employees Difficulty: Easy 55) ________ is a generic term for "evil software." A) Spyware B) Payloads C) Malware D) Ransomware Answer: C Page Ref: 16 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Easy 56) ________ are programs that attach themselves to legitimate programs. A) Viruses B) Worms C) Payloads D) Direct-propagation worms Answer: A Page Ref: 16 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Easy

57) ________ are spread through e-mail with infected attachments. A) Viruses B) Worms C) Direct-propagation worms D) Distributed denial-of-service (DDoS) attacks Answer: C Page Ref: 16 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 58) Some ________ can jump directly between computers without human intervention. A) DDoS attacks B) viruses C) worms D) direct-propagation worms Answer: B Page Ref: 16 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Easy 59) ________ take advantage of vulnerabilities in software. A) Direct-propagation worms B) Trojan horses C) Blended threats D) Bots Answer: D Page Ref: 16 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 60) What is a payload? A) Malicious software that blocks access to a system or data until money is paid to the attacker B) A generic name for any "evil software" C) A piece of code executed by a virus or a worm D) A program that gives an attacker remote control of your computer Answer: C Page Ref: 18 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Difficult

61) A program that gives an attacker remote access control of your computer is known as ________. A) a RAT B) a Trojan horse C) spyware D) a cookie Answer: A Page Ref: 19 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 62) A ________ is a small program that, after installed, downloads a larger attack program. A) rootkit B) keystroke logger C) downloader D) Trojan horse Answer: C Page Ref: 19 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 63) Which of the following is a type of spyware? A) Keystroke loggers B) Rootkits C) Spam D) Downloaders Answer: A Page Ref: 20 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 64) Which of the following is FALSE about rootkits? A) Rootkits are seldom caught by ordinary antivirus programs. B) Rootkits take over the root account of a computer. C) Rootkits use a root account's privileges to hide themselves. D) Rootkits are typically less of a threat than are Trojan horses. Answer: D Page Ref: 20 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Difficult

65) Mobile code usually is delivered through ________. A) e-mail B) direct-propagation worms C) webpages D) spam Answer: C Page Ref: 20 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 66) ________ take advantage of flawed human judgment by convincing a victim to take actions that are counter to security policies. A) Phishing attacks B) Hoaxes C) Social engineering attacks D) Spear phishing attacks Answer: C Page Ref: 21 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 67) You receive an e-mail that seems to come from your bank. Clicking on a link in the message takes you to a website that seems to be your bank's website. However, the website is fake. This is called ________. A) a hoax B) social engineering C) spear fishing D) phishing Answer: D Page Ref: 21 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 68) You receive an e-mail that appears to come from a frequent customer. It contains specific information about your relationship with the customer. Clicking on a link in the message takes you to a website that seems to be your customer's website. However, the website is fake. This is an example of ________. A) social engineering B) spear fishing C) phishing D) a hoax Answer: B Page Ref: 21 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate

69) Worms and viruses act much in the same way in how they propagate. Answer: TRUE Page Ref: 16 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Easy 70) Nonmobile malware can be carried to a system as part of a payload. Answer: TRUE Page Ref: 18 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Easy 71) A malicious payload is a program that hides itself by deleting a system file and taking on the system file's name. Answer: FALSE Page Ref: 19 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Moderate 72) Cookies are small text strings stored on your own personal computer. Answer: TRUE Page Ref: 20 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Easy 73) Mobile code usually is contained in webpages. Answer: TRUE Page Ref: 20 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Easy 74) The definition of spam is "unsolicited commercial e-mail." Answer: TRUE Page Ref: 21 Learning Objective: 1.4 Describe threats from malware writers Difficulty: Easy 75) Most traditional external attackers were primarily motivated by ________. A) the thrill of breaking in B) making money through crime C) stealing personal identity data D) capturing thousands and thousands of credit card numbers Answer: A Page Ref: 22 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 15 Copyright © 2021 Pearson Education, Inc.

76) ICMP Echo messages are often used in ________. A) port scanning B) IP address scanning C) spoofing D) DDoS attacks Answer: B Page Ref: 24 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Moderate 77) Sending packets with false IP source addresses is known as ________. A) spear phishing B) sabotage C) IP address spoofing D) hacking Answer: C Page Ref: 24 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Moderate 78) When a hacker sends a first round of probe packets to find hosts that are active, the attacker is sending ________ probes. A) IP address scanning B) a chain of attack C) piggybacking D) IP address spoofing Answer: A Page Ref: 24 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Moderate 79) Following someone through a secure door for access without using an authorized ID card or pass code is called ________. A) piggybacking B) a chain of attack C) social engineering D) shoulder surfing Answer: A Page Ref: 26 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 16 Copyright © 2021 Pearson Education, Inc.

80) Watching someone type their password in order to learn the password is called ________. A) piggybacking B) a chain of attack C) social engineering D) shoulder surfing Answer: D Page Ref: 26 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 81) A(n) ________ attack attempts to make a server or network unavailable to serve legitimate users by flooding it with attack packets. A) directly-propagating worm B) virus C) bot D) DoS Answer: D Page Ref: 27 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 82) In a DoS attack, the botmaster is also known as a ________. A) handler B) hacker C) hoax D) rootkit Answer: A Page Ref: 28 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 83) Skilled hackers have dubbed a new type of hacker that is less sophisticated as ________. A) Bug bounties B) DoS attackers C) script kiddies D) black marketers Answer: C Page Ref: 29 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Moderate

84) Traditional hackers often focused on embarrassing a victim. Answer: TRUE Page Ref: 23 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 85) The act of implementing an attacker's exploit is called "spoofing the host." Answer: FALSE Page Ref: 25 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 86) In response to a chain of attack, victims can often trace the attack back to the final attack computer. Answer: TRUE Page Ref: 26 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 87) In pretexting, an attacker sends an email claiming to be an employee for a certain company in order to ask for private information about that person. Answer: FALSE Page Ref: 26 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 88) A distributed denial-of-service attach is the most common type of DoS attack. Answer: TRUE Page Ref: 26 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Moderate 89) Social engineering is rarely used in hacking. Answer: FALSE Page Ref: 26 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy

90) Script kiddies are typically hacker experts. Answer: FALSE Page Ref: 28 Learning Objective: 1.5 Describe traditional external hackers and their attacks, including breakin processes, social engineering, and denial-of-service attacks Difficulty: Easy 91) ________ are the most common external attacker who attack to make money illegally. A) Hackers B) Career criminal C) Script kiddies D) IT or security employer Answer: B Page Ref: 29 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Easy 92) Many e-commerce companies will not ship to certain countries because of a high rate of consumer fraud. To get around this, criminal gangs engage ________ in the United States. A) transshippers B) APTs C) black-market websites D) IP address spoofing Answer: A Page Ref: 31 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Easy 93) ________ programs reward researchers for finding vulnerabilities. A) Transshipper B) APT C) Black-market website D) Bug bounty Answer: D Page Ref: 31 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Moderate

94) ________ is a sophisticated computer hack usually perpetrated by a large, well-funded organization. A) An APT B) A black-market websites C) A bug bounty D) Carding Answer: A Page Ref: 31 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Moderate 95) Credit card theft is also known as ________. A) extortion B) click fraud C) bug bounty D) carding Answer: D Page Ref: 33 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Moderate 96) Which of the following is considered more serious than credit card number theft? A) Bank account theft B) Carding C) Spoofing D) Click fraud Answer: A Page Ref: 33 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Easy 97) Which of the following is likely the most common criminal attack on individuals? A) Bank account theft B) Credit card number theft C) Spoofing D) Spam Answer: B Page Ref: 33 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Moderate

98) Most black markets deal in credit card and identity information. Answer: TRUE Page Ref: 31 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Easy 99) Black-market websites are websites that offer stolen consumer information. Answer: TRUE Page Ref: 31 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Easy 100) In click fraud, a criminal website owner creates a program so cookies are automatically downloaded to the computer's hard drive. Answer: FALSE Page Ref: 32 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Easy 101) Black-market website programs reward researchers for finding vulnerabilities within their computer systems. Answer: FALSE Page Ref: 32 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Easy 102) Identify theft can (and does) happen to individuals, but it is not a worry or risk that corporations have. Answer: FALSE Page Ref: 33 Learning Objective: 1.6 Know that criminals have become the dominant attackers today, describe the types of attacks they make, and discuss their methods of cooperation Difficulty: Easy

103) A company's website and Facebook pages may divulge information that competitors may seek out. This is known as ________. A) public intelligence gathering B) spoofing C) bug bounty D) carding Answer: A Page Ref: 35 Learning Objective: 1.7 Describe the types of attacks that could come from corporate competitors Difficulty: Easy 104) Which of the following countries was NOT cited by the Foreign Economic Espionage in Cyberspace as being the most capable cyber actors actively engaged in economic espionage? A) China B) Russia C) Iran D) United States Answer: D Page Ref: 36 Learning Objective: 1.7 Describe the types of attacks that could come from corporate competitors Difficulty: Easy 105) Illegally stealing a company's trade secrets is known as trade secret espionage. Answer: TRUE Page Ref: 35 Learning Objective: 1.7 Describe the types of attacks that could come from corporate competitors Difficulty: Easy 106) Commercial espionage is limited to corporate competitors. Answer: FALSE Page Ref: 35 Learning Objective: 1.7 Describe the types of attacks that could come from corporate competitors Difficulty: Easy 107) Cyberwar consists of computer-based attacks made by ________. A) multinational corporations B) state, regional, and local governments C) national governments D) private citizens Answer: C Page Ref: 36 Learning Objective: 1.8 Distinguish between cyberware and cyberterror Difficulty: Moderate 22 Copyright © 2021 Pearson Education, Inc.

108) In cyberterror, attackers are typically ________. A) terrorists or groups of terrorists B) national governments C) large multinational corporations D) Russian and/or Chinese citizens Answer: D Page Ref: 37 Learning Objective: 1.8 Distinguish between cyberware and cyberterror Difficulty: Moderate 109) Russia, China, and Iran are quite active in cyberwar espionage. Answer: TRUE Page Ref: 36 Learning Objective: 1.8 Distinguish between cyberware and cyberterror Difficulty: Easy 110) It is most common for cyberterrorists to recruit through face-to-face means. Answer: FALSE Page Ref: 37 Learning Objective: 1.8 Distinguish between cyberware and cyberterror Difficulty: Easy

Corporate Computer Security, 5e (Boyle/Panko) Chapter 2 Planning and Policy 1) Which of the following is FALSE about security management? A) Management is abstract; technology is visible. B) Security technology is far more important than security management. C) There are fewer general principles in security management than technology. D) It is generally a mistake to focus too heavily on security technology compared to security management. Answer: B Page Ref: 49 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Difficult 2) Comprehensive security pertains to ________. A) closing all routes of attack to their systems to attackers B) closing all Internet-linked servers to attackers C) lessening security issues in an entire company D) decreasing the risk of all computer systems in a company Answer: A Page Ref: 49 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Moderate 3) If a failure of a single element of a system will ruin security, this is called a(n) ________. A) weakest-link failure B) hybrid solution C) internal audit D) risk analysis Answer: A Page Ref: 49 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Easy 4) Process pertains to ________. A) the plan-protect-respond cycle B) the systems life cycle C) a planned series of actions D) recovery according to plan Answer: C Page Ref: 50 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Moderate

5) Which of the following is NOT part of the highest-level security management process that most firms use today to protect against threats? A) Plan B) Process C) Protect D) Respond Answer: B Page Ref: 51 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Moderate 6) The systems development life cycle is most connected to the ________ of the plan-protectrespond cycle of security management. A) plan B) process C) protect D) respond Answer: C Page Ref: 52 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Moderate 7) Response is ________. A) the second phase of the systems life cycle B) the plan-based creation and operation of countermeasures C) a planned series of actions D) recovery according to plan Answer: D Page Ref: 53 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Moderate 8) A firm's primary objective is to make a profit. Answer: TRUE Page Ref: 48 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Easy 9) A firewall administrator should check the log file in a company each week. Answer: FALSE Page Ref: 49 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Moderate

10) One reason why security management is difficult is that companies need to protect a large number of resources. Answer: TRUE Page Ref: 50 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Easy 11) Security is too complicated to be managed informally. Answer: TRUE Page Ref: 50 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Easy 12) In the plan-protect-respond cycle, the three activities always take place in sequential order. Answer: FALSE Page Ref: 50 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Easy 13) One key to making security an enabler is to get security involved near the end of most projects. Answer: FALSE Page Ref: 54 Learning Objective: 2.1 Justify the need for formal management processes Difficulty: Easy 14) ________ are things that require a firm to change its security planning, protections, and response. A) Responses B) Protections C) MSSPs D) Driving forces Answer: D Page Ref: 58 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 15) Which of the following produced the greatest change in financial reporting requirement since the Great Depression? A) The Sarbanes-Oxley Act B) The General Data Protection Regulation C) The Gramm-Leach-Bliley Act D) The Health Insurance Portability and Accountability Act Answer: A Page Ref: 58 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 3 Copyright © 2021 Pearson Education, Inc.

16) The Sarbanes-Oxley Act was passed in ________. A) 2000 B) 2002 C) 2010 D) 2012 Answer: B Page Ref: 58 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 17) Which of the following is an EU privacy law? A) The Sarbanes-Oxley Act B) The General Data Protection Regulation C) The Gramm-Leach-Bliley Act D) The Health Insurance Portability and Accountability Act Answer: B Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 18) Which of the following is also known as the Financial Services Modernization Act? A) GDPR B) GLBA C) HIPAA D) SB 1386 Answer: B Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 19) Which of the following was the first data breach notification law in the U.S.? A) GDPR B) GLBA C) HIPAA D) SB 1386 Answer: D Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate

20) ________ was the last state to implement a data breach notification law in ________. A) Georgia; 2000 B) Alabama; 2018 C) North Dakota; 2016 D) California; 2018 Answer: B Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 21) One of the first data breach notification laws in the U.S. was created in ________. A) California B) New York C) Illinois D) Texas Answer: A Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 22) Who has the power to prosecute companies that fail to take reasonable precautions to protect private information? A) HIPAA B) FTC C) GDPR D) GLBA Answer: B Page Ref: 61 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 23) ________ has set the standards for companies that accept credit cards as a form of payment. A) FISMA B) FTC C) PCI-DSS D) HIPAA Answer: C Page Ref: 61 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate

24) Why was FISMA enacted? A) To set standards for companies that accept credit card payments B) To set accreditation standards for members of a particular industry C) To prosecute firms that fail to take reasonable precautions to protect customers' private information D) To bolster computer and network security within the federal government Answer: D Page Ref: 61 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Difficult 25) Compliance laws create requirements to which corporate security must respond. Answer: TRUE Page Ref: 58 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Easy 26) The Sarbanes-Oxley Act was passed in 2012. Answer: FALSE Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Easy 27) Given the importance of Sarbanes-Oxley compliance for companies, most firms were forced to increase their security efforts. Answer: TRUE Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Easy 28) The GLBA is considered the most important EU privacy rule ever created. Answer: FALSE Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Easy 29) There are strong federal laws requiring companies to provide notice of a data breach. Answer: FALSE Page Ref: 60 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Moderate 30) HIPAA has the power to require firms to pay to be audited annually by an external firm. Answer: FALSE Page Ref: 61 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Easy 6 Copyright © 2021 Pearson Education, Inc.

31) The first stage of FISMA is a certification of a system by an organization. Answer: TRUE Page Ref: 62 Learning Objective: 2.2 Describe compliance laws and regulations Difficulty: Easy 32) Which of the following is considered the first step for a corporation in managing security? A) To decide where the security function will sit on a firm's organization chart B) To determine what devices need secured and which software to use to do that C) To determine the size of the security staff and the budget that will support that staff D) To decide the objectives of the security function Answer: A Page Ref: 62 Learning Objective: 2.3 Describe organizational security issues Difficulty: Moderate 33) Which of the following is considered a fundamental problem with making IT security a staff department outside IT? A) Separation reduces accountability. B) IT security would report to a firm's CIO. C) Security changes that would need to be made would be easier. D) Security and IT could share many of the same technological skill set. Answer: A Page Ref: 64 Learning Objective: 2.3 Describe organizational security issues Difficulty: Moderate 34) Which of the following is NOT one of the three auditing departments that are part of most corporations? A) Financial auditing B) Internal auditing C) Outside auditing D) IT auditing Answer: C Page Ref: 65 Learning Objective: 2.3 Describe organizational security issues Difficulty: Easy

35) ________ in regard to outside IT security means checking out closely the IT security implications of a potential partnership before beginning the relationship. A) A hybrid solution B) Internal auditing C) Risk analysis D) Due diligence Answer: D Page Ref: 66 Learning Objective: 2.3 Describe organizational security issues Difficulty: Moderate 36) The most common type of IT security outsourcing is done for ________. A) laptops B) e-mail C) all hardware D) all software Answer: B Page Ref: 66 Learning Objective: 2.3 Describe organizational security issues Difficulty: Easy 37) An advantage to using an MSSP is ________. A) cost B) control of employees C) constant internal control D) independence Answer: D Page Ref: 66 Learning Objective: 2.3 Describe organizational security issues Difficulty: Moderate 38) The usual title for a company's security department head is chief security officer. Answer: TRUE Page Ref: 62 Learning Objective: 2.3 Describe organizational security issues Difficulty: Easy 39) Most analysts recommend placing security outside IT. Answer: TRUE Page Ref: 64 Learning Objective: 2.3 Describe organizational security issues Difficulty: Moderate

40) Most firms have a CSO report direct to the company's CEO. Answer: FALSE Page Ref: 64 Learning Objective: 2.3 Describe organizational security issues Difficulty: Easy 41) The financial auditing department examines organizational units for efficiency, effectiveness, and adequate controls. Answer: FALSE Page Ref: 64 Learning Objective: 2.3 Describe organizational security issues Difficulty: Moderate 42) IT security is almost always mistrusted by other departments because of security's potential to make life harder. Answer: TRUE Page Ref: 64 Learning Objective: 2.3 Describe organizational security issues Difficulty: Easy 43) Which of the following compares probable losses with the costs of security protections? A) Weakest-link failure B) Reasonable risk C) Internal audits D) Risk analysis Answer: D Page Ref: 68 Learning Objective: 2.4 Describe risk analysis Difficulty: Easy 44) The ________ of the classic risk analysis calculation is the percentage of an asset's value that would be lost in a breach. A) single loss expectancy B) annualized loss expectancy C) exposure factor D) countermeasure impact Answer: C Page Ref: 69 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate

45) What does a central logging server of an MSSP on a network do? A) It calculates the amount of processing ability needed for a system. B) It uploads a firm's event log data. C) It uploads the number of times that employees have logged into—or attempted to log into— questionable sites. D) It automatically creates a firewall when questionable activity is detected. Answer: B Page Ref: 67 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 46) Which of the following is an outsourcing alternative? A) PCI-DSS B) FISMA C) MSSP D) ISO 27000 Answer: B Page Ref: 67 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 47) In the classic risk analysis calculation, once you know how much damage an incident may cause from a single breach, the next issue is how frequently breaches will occur. This is normally done on a(n) ________ basis. A) annualized B) weekly C) daily D) bi-annual Answer: A Page Ref: 69 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 48) In the classic risk analysis calculation, the countermeasure impact assesses the ________. A) drawbacks of a countermeasure B) benefits of a countermeasure C) costs of a countermeasure D) number of incidents of all possible countermeasures Answer: B Page Ref: 70 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate

49) The ________ of the classic risk analysis calculation is the value of the thing to be protected. A) asset value B) annualized loss expectancy C) exposure factor D) countermeasure impact Answer: A Page Ref: 69 Learning Objective: 2.4 Describe risk analysis Difficulty: Easy 50) Discounted cash flow analysis is also called ________. A) IRR B) TCI C) NPV D) ROI Answer: D Page Ref: 70 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 51) Which of the following is NOT a logical possible response to risk by a company? A) Risk reduction B) Risk acceptance C) Risk transference D) Risk analysis Answer: D Page Ref: 73 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 52) Installing firewalls in a company is an example of ________. A) risk reduction B) risk acceptance C) risk transference D) risk avoidance Answer: A Page Ref: 73 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate

53) The most common example of risk transference is ________. A) insurance B) no countermeasures C) installing firewalls D) IT security measures Answer: A Page Ref: 73 Learning Objective: 2.4 Describe risk analysis Difficulty: Easy 54) Implementing no countermeasures to security challenges and absorbing any damages that may occur is known as ________. A) risk reduction B) risk acceptance C) risk transference D) risk avoidance Answer: B Page Ref: 73 Learning Objective: 2.4 Describe risk analysis Difficulty: Easy 55) Return on investment analysis requires the computation of either the net present value or the ________. A) risk transference B) risk avoidance C) internal rate of return D) total cost of incident Answer: C Page Ref: 70 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 56) IT security planning always focuses on risk. Answer: TRUE Page Ref: 68 Learning Objective: 2.4 Describe risk analysis Difficulty: Easy 57) The annualized loss expectancy of the classic risk analysis calculation is the yearly average loss expected from a compromise for the asset. Answer: TRUE Page Ref: 69 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate

58) Although IT security can reduce the risk of attacks for companies, security also has some negative side effects. Answer: TRUE Page Ref: 69 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 59) The classic risk analysis calculation is difficult or impossible to use in actual practice. Answer: TRUE Page Ref: 70 Learning Objective: 2.4 Describe risk analysis Difficulty: Easy 60) The worst problem with classic risk analysis is that it is rarely possible to estimate the annualized rate of occurrence for threats. Answer: TRUE Page Ref: 71 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 61) ROI is typically quite easy to measure for security investments. Answer: FALSE Page Ref: 72 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 62) A positive of classic risk analysis is that it imposes general discipline for thinking about risks and countermeasures. Answer: TRUE Page Ref: 73 Learning Objective: 2.4 Describe risk analysis Difficulty: Moderate 63) ________ includes all of a firm's technical countermeasures and how they are organized into a complete system of protection. A) Technical security architecture B) Risk avoidance C) Corporate security policy D) Implementation guidance Answer: A Page Ref: 74 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate

64) Technologies that a company has implemented in the past but that now are somewhat ineffective are known as ________. A) central security management consoles B) legacy security technologies C) technical security architecture D) defense in depth Answer: B Page Ref: 75 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate 65) When an attacker has to break through multiple countermeasures to succeed, it's known as ________. A) defense in depth B) single point of vulnerability C) weakest link D) technical security architecture Answer: A Page Ref: 75 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate 66) Which of the following defines the opposite of defense in depth? A) Weakest link B) Defense in depth C) Single point of vulnerability D) Technical security architecture Answer: C Page Ref: 75 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate 67) ________ refers to the intention to minimize lost productivity and attempt to not slow innovation. A) Minimizing security burdens B) Defining the weakest link C) A single point of vulnerability D) Technical security architecture Answer: A Page Ref: 76 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate

68) ________ is being able to manage security technologies from a single security management console or at least from a relatively few consoles. A) Technical security architecture B) A single point of vulnerability C) Centralized security management D) Defense in depth Answer: C Page Ref: 78 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate 69) It is preferable if a firm's security systems evolve naturally and organically without major coordination. Answer: FALSE Page Ref: 75 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Easy 70) If a legacy technology is a serious threat to security, it must be replaced. Answer: TRUE Page Ref: 75 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Easy 71) In defense in depth, there are multiple independent countermeasures placed in a series. Answer: TRUE Page Ref: 75 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate 72) All single points of failure can be eliminated. Answer: FALSE Page Ref: 76 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate 73) Firewalls are only for borders between external networks and internal networks and do not exist for solely an internal purpose. Answer: FALSE Page Ref: 76 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Moderate

74) In interorganizational systems, two companies link some of their IT assets. Answer: TRUE Page Ref: 78 Learning Objective: 2.5 Describe technical security infrastructure Difficulty: Easy 75) The goal of ________ is to emphasize a firm's commitment to strong security. A) corporate security policies B) centralized security management C) technical security architecture D) acceptable use policies Answer: A Page Ref: 80 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 76) It is common for companies to require users to read and sign a(n) ________. A) corporate security policy B) personally identifiable information policy C) e-mail policy D) acceptable use policy Answer: D Page Ref: 80 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 77) ________ are mandatory implementation guidance, meaning that employees are not free to opt out of them. A) Standards B) Policies C) Guidelines D) Procedures Answer: A Page Ref: 82 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 78) ________ are mandatory implementation guidance, meaning that employees are not free to opt out of them. A) Standards B) Policies C) Guidelines D) Procedures Answer: A Page Ref: 82 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 16 Copyright © 2021 Pearson Education, Inc.

79) Of the following, ________ are the most detailed. A) policies B) standards C) guidelines D) procedures Answer: D Page Ref: 82 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 80) In the ________, a specific, full act should require two or more people to complete. A) implementation guidance B) weakest link C) segregation of duties D) request/authorization control Answer: C Page Ref: 83 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 81) ________ describe the details of what is to be done but without specifically describing how to do something. A) Baselines B) Standards C) Best practices D) Procedures Answer: A Page Ref: 84 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 82) ________ are descriptions of what the best firms in the industry are doing about security. A) Baselines B) Standards C) Procedures D) Best practices Answer: D Page Ref: 84 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate

83) ________ can simply be described as a person's system of values. A) Baselines B) Ethics C) Procedures D) Best practices Answer: B Page Ref: 85 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Easy 84) Which of the following is NOT a general guideline to handling exceptions? A) Only some people should be allowed to request exceptions. B) The person who requests an exception must never be the same person who authorizes the exception. C) More people should be allowed to authorize exceptions than can request exceptions. D) Each exception must be carefully documented in terms of specifically what was done and who did each action. Answer: C Page Ref: 87 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Difficult 85) ________ is a process, function, or group of tools that are used to improve policy implementation and enforcement. A) Promulgation B) Oversight C) Monitoring D) Auditing Answer: B Page Ref: 88 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Easy 86) In a 2018 report, it was reported that ________ of fraud is detected through anonymous tips. A) approximately 25 percent B) more than 40 percent C) approximately 48 percent D) more than 65 percent Answer: B Page Ref: 89 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Easy

87) The ________ was a replacement for the controversial Protect America Act of 2007. A) USA Freedom Act B) Communications Assistance for Law Enforcement Act C) Foreign Intelligence Surveillance Act D) General Data Protection Regulation Answer: A Page Ref: 94 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Easy 88) A policy is a statement of what should be done under specific circumstances. Answer: TRUE Page Ref: 79 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Easy 89) E-mail policies exist in almost all firms. Answer: TRUE Page Ref: 80 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Easy 90) Team-written policies are usually less respected by employees than policies written exclusively by IT security. Answer: FALSE Page Ref: 80 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 91) Implementation guidance limits the discretion of implementers. Answer: TRUE Page Ref: 81 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 92) Accountability refers to the liability for sanctions if implementation is not done properly. Answer: TRUE Page Ref: 84 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 93) Formally announcing, publishing, or making users aware of new policies of the company is called oversight. Answer: FALSE Page Ref: 88 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Easy 19 Copyright © 2021 Pearson Education, Inc.

94) All publicly traded companies must have their financial statements audited. Answer: TRUE Page Ref: 89 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 95) The Communications Assistance for Law Enforcement Act was passed in the late 1960s. Answer: FALSE Page Ref: 94 Learning Objective: 2.6 Explain policy-driven implementation Difficulty: Moderate 96) Which of the following focuses broadly on corporate internal and financial controls? A) COBIT B) ISO/IEC 27000 C) COSO D) ISO/IEC 27002 Answer: C Page Ref: 95 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 97) Which of the following is a series of standards specifically addressing IT security? A) COBIT B) ISO/IEC 27000 C) COSO D) ISO/IEC 27002 Answer: A Page Ref: 95 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 98) Which of the following is NOT an objective in the COSO framework? A) Strategic B) Reporting C) Compliance D) Implementation Answer: D Page Ref: 96 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate

99) Which of the following is NOT a COSO framework component? A) Internal environment B) Event identification C) Training practices D) Risk assessment Answer: C Page Ref: 96 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 100) Which of the following COSO framework components encompasses the tone of the organization? A) Internal environment B) Event identification C) Objective setting D) Control activities Answer: A Page Ref: 96 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 101) In which of the following COSO framework components are policies and procedures established? A) Internal environment B) Control activities C) Information and communication D) Objective setting Answer: B Page Ref: 96 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 102) Which of the following is NOT one of the major domains of the COBIT framework? A) Evaluate, direct, and monitor B) Build, acquire, and implement C) Deliver, service, and support D) Promote, hire, and train Answer: D Page Ref: 99 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate

103) The ISO/IEC 27001 standard specifies how to certify organizations as being compliant with ________. A) ISO/IEC 27000 B) ISO/IEC 27043 C) COSO D) COBIT Answer: A Page Ref: 100 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 104) Objective setting and risk assessment are both COSO framework components. Answer: TRUE Page Ref: 96 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 105) The IT Governance Institute was created by the Association of Certified Fraud Examiners. Answer: FALSE Page Ref: 96 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 106) The ISO/IEC 27002 standard divides security into 14 broad areas. Answer: TRUE Page Ref: 96 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 107) The EDM domain of the COBIT framework evaluates strategic alternatives. Answer: TRUE Page Ref: 96 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 108) COBIT is a general control planning and assessment tool for corporations. Answer: FALSE Page Ref: 98 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 109) There is no time ordering for the five components of the COSO framework. Answer: TRUE Page Ref: 98 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate 22 Copyright © 2021 Pearson Education, Inc.

110) The first standard in the series was originally called ISO/IEC 17799. Answer: TRUE Page Ref: 99 Learning Objective: 2.7 Know governance frameworks Difficulty: Moderate

Corporate Computer Security, 5e (Boyle/Panko) Chapter 3 Cryptography 1) ________ is the use of mathematical operations to protect messages traveling between parties or stored on a computer. A) Encryption B) Kerckhoffs' Law C) Brute-force key cracking D) Cryptography Answer: D Page Ref: 109 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 2) Any original message is called ________. A) plaintext B) ciphertext C) message digest D) the hash Answer: A Page Ref: 109 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 3) ________ is a cryptographic process that changes plaintext into a seemingly random stream of bits. A) Encryption B) Brute-force key cracking C) Cryptography D) Ciphertext Answer: A Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 4) What does encryption and decryption require? A) Plaintext and ciphertext B) A cipher and a key C) A message and a key D) DES and 3DES Answer: B Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate

5) Auguste Kerckhoffs proved that as long as the ________, the two parties will still have confidentiality. A) both the key and the cipher code are kept secret B) the key is made available and the cipher is kept secret C) the key is kept secret D) the cipher is kept secret Answer: C Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Difficult 6) ________ ciphertext is to turn it back into its original plaintext. A) Decrypting B) Coding C) Encrypting D) Keying Answer: A Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 7) What does Kerckhoffs' Law say is the recipe for secure encryption? A) Keeping keys secret B) Keeping ciphers secret C) Keeping keys available to only two users D) Keeping ciphers available to only two users Answer: A Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 8) Which of the following is simply the act of trying all possible keys until the right key is discovered? A) Encryption B) Brute-force key cracking C) Mutual authentication D) Keying Answer: B Page Ref: 111 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate

9) What happens in substitution ciphers? A) The order of the two characters is reversed. B) One character is substituted for the other, and then the order of the two is switched. C) One character is substituted for another, but the order of characters is not changed. D) Both characters are kept secret, but the key is revealed. Answer: C Page Ref: 112 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Difficult 10) In ________, the letters are moved around within a message, based on their initial positions in the message. A) brute-force key cracking B) mutual authentication C) substitution ciphers D) transposition ciphers Answer: D Page Ref: 112 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 11) Which of the following is FALSE in regard to symmetric key encryption? A) Symmetric key encryption is very fast. B) All but a tiny fraction of encryptions for confidentiality uses symmetric key encryption. C) Very few personal computers or handheld devices have sufficient processing power to encrypt with symmetric key encryption. D) Symmetric key encryption places only a small processing burden on computers. Answer: C Page Ref: 114 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 12) Which of the following is describes keys that are prohibitively time-consuming to crack? A) Strong symmetric keys B) 40-bit keys C) 56-bit keys D) 112-bit 3DESs Answer: A Page Ref: 114 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 13) Information security is a fairly recent issue—primarily in just the last 80-100 years. Answer: FALSE Page Ref: 108 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 3 Copyright © 2021 Pearson Education, Inc.

14) Encryption for confidentiality was the original purpose of cryptography. Answer: TRUE Page Ref: 109 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 15) All ciphers operate the same. Answer: FALSE Page Ref: 109 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Easy 16) A key is a random strong of 40 to 4,000 bits. Answer: TRUE Page Ref: 109 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 17) Almost all computer information is encoded as a set of bytes and characters. Answer: FALSE Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 18) A cryptanalyst is someone who cracks encryption. Answer: TRUE Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Easy 19) In transposition ciphers, letters are changed but their position is not. Answer: FALSE Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 20) A cipher is a general way to encrypt information, while codes are limited. Answer: TRUE Page Ref: 110 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate

21) Doubling the key length increases the number of possible keys by approximately double. Answer: FALSE Page Ref: 114 Learning Objective: 3.1 Explain the concept of cryptography Difficulty: Moderate 22) The weakest cipher in common use today is ________. A) DES B) RC4 C) 3DES D) AES Answer: B Page Ref: 118 Learning Objective: 3.2 Describe symmetric key encryption and the importance of key length Difficulty: Moderate 23) ________ is 56 bits long. A) The DES key B) An RSA key C) A symmetric key D) A hash Answer: A Page Ref: 119 Learning Objective: 3.2 Describe symmetric key encryption and the importance of key length Difficulty: Moderate 24) Which of the following is FALSE about 3DES? A) It is very slow. B) It is expensive in regard to processing cost. C) 3DES gives strong symmetric key encryption. D) 3DES has a key length of 56. Answer: D Page Ref: 120 Learning Objective: 3.2 Describe symmetric key encryption and the importance of key length Difficulty: Difficult 25) Which of the following is efficient in regard to processing power and RAM requirements to be used on many different types of devices? A) 3DES B) DES C) Triple DES D) AES Answer: D Page Ref: 120 Learning Objective: 3.2 Describe symmetric key encryption and the importance of key length Difficulty: Moderate 5 Copyright © 2021 Pearson Education, Inc.

26) DES is a block encryption standard. Answer: TRUE Page Ref: 119 Learning Objective: 3.2 Describe symmetric key encryption and the importance of key length Difficulty: Moderate 27) AES offers four different alternative key lengths. Answer: FALSE Page Ref: 120 Learning Objective: 3.2 Describe symmetric key encryption and the importance of key length Difficulty: Moderate 28) Creating a vulnerability-free encryption cipher is extremely difficult. Answer: TRUE Page Ref: 120 Learning Objective: 3.2 Describe symmetric key encryption and the importance of key length Difficulty: Easy 29) A cryptographic system is ________. A) a system where letters are moved around within a message, based on their initial positions in the message B) a packaged set of cryptographic countermeasures for protecting dialogues C) a specific set of options in SSL/TLS D) when both parties authenticate themselves Answer: B Page Ref: 122 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Difficult 30) Which of the following is NOT one of the three handshaking stages of a cryptographic system standard? A) Negotiation B) Authentication C) Communicating D) Keying Answer: C Page Ref: 122 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Moderate

31) A specific set of options in SSL/TLS is called a(n) ________. A) DES key B) cipher suite C) RSA key D) symmetric key Answer: B Page Ref: 122 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Moderate 32) When are the handshaking stages over in a cryptographic system standard? A) After the two sides have authenticated each other and keys have been exchanged B) After an electronic signature is sent and received by each party C) After the sender encrypts the combined message and electronic signature for confidentiality D) After the two sides have authenticated each other and messages have been exchanged Answer: A Page Ref: 123 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Difficult 33) The third stage of handshaking of a cryptographic system standard is ________. A) negotiation B) authentication C) communicating D) keying Answer: D Page Ref: 123 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Moderate 34) There are three handshaking stages when two parties communicate through a cryptographic system standard. Answer: TRUE Page Ref: 122 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Moderate 35) The second stage of a cryptographic system standard is keying. Answer: FALSE Page Ref: 122 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Easy

36) The second stage of a cryptographic system standard is initial authentication. Answer: FALSE Page Ref: 122 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Easy 37) Message-by-message authentication thwarts efforts by impostors to insert messages into a dialogue stream. Answer: TRUE Page Ref: 123 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Moderate 38) Message integrity refers to the idea that if an attacker captures and alters a message, the authentication process will reject the message. Answer: TRUE Page Ref: 123 Learning Objective: 3.3 Describe the initial handshaking stages used in cryptographic systems Difficulty: Easy 39) A cipher suite includes all of the following EXCEPT ________. A) a specific set of methods and options for initial authentication B) a key exchange C) ongoing message confidentiality, authentication, and integrity D) an encrypted message and an electronic signature Answer: D Page Ref: 124 Learning Objective: 3.4 Explain the negotiation stage Difficulty: Difficult 40) The weakest cipher suites in a cryptographic system standard may provide no protection at all. Answer: TRUE Page Ref: 124 Learning Objective: 3.4 Explain the negotiation stage Difficulty: Moderate 41) There is wide variation in the strengths of SSL/TLS cipher suites. Answer: TRUE Page Ref: 124 Learning Objective: 3.4 Explain the negotiation stage Difficulty: Easy

42) Once security negotiation is finished, the next handshaking stage in establishing a cryptographic system dialog is ________. A) communication B) authentication C) confidentiality D) encryption Answer: B Page Ref: 125 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Moderate 43) In authentication in a cryptographic system, the party trying to prove its identity is called the ________. A) key B) verifier C) supplicant D) hash Answer: B Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Moderate 44) In authentication in a cryptographic system, the supplicant sends ________ to the verifier. A) a key B) a response message C) credentials D) a challenge message Answer: C Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Moderate 45) When ________ is applied to a binary message, the results is far shorter than the original message. A) hashing B) credentialing C) verifying D) keying Answer: A Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Moderate

46) Which of the following is FALSE about hashing? A) It is irreversible. B) It is repeatable. C) It is an important part of how cryptographic systems function. D) It produces ciphertext that is about as long as the plaintext that was sent. Answer: D Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Difficult 47) MS-CHAP is part of the ________. A) Microsoft Windows Server operating system B) Microsoft Windows PC operating system C) Microsoft Office suite D) Microsoft and Apple operating systems Answer: D Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Easy 48) MS-CHAP is an encryption method. Answer: FALSE Page Ref: 125 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Easy 49) Unlike encryption, hashing is irreversible. Answer: TRUE Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Easy 50) One hashing method that is archaic and was primarily used in the past is MD5. Answer: FALSE Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Easy 51) SHA-2 is the hashing method that is recommended by NIST. Answer: TRUE Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Moderate

52) MS-CHAP is an initial authentication method. Answer: TRUE Page Ref: 126 Learning Objective: 3.5 Explain initial authentication, including MS-CHAP Difficulty: Easy 53) When Joshua sends a message to Larry, Joshua will use ________ to encrypt the message. A) Joshua's public key B) both public keys C) Larry's public key D) Larry's private key Answer: C Page Ref: 129 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 54) When Marita sends a message to Bob, Bob will use ________ to decrypt the message. A) the private key B) Marita's public key C) Bob's private key D) Marita's private key Answer: C Page Ref: 129 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 55) Which are the two widely used public key encryption ciphers? A) RSA and ECC B) ECC and DES C) RSA and AES D) DES and 3DES Answer: A Page Ref: 129 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Difficult 56) Which of the following is FALSE about public key encryption ciphers? A) They are extremely complex. B) They are slow. C) They are expensive to use. D) They are often used to encrypt very long messages for confidentiality. Answer: D Page Ref: 130 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate

57) For RSA public key encryption, a recommended minimum key length for a strong key is ________. A) 1,024 bits B) 256 bits C) 1,024 bytes D) 256 bytes Answer: A Page Ref: 131 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 58) Diffie-Hellman is a(n) ________. A) authentication method B) hashing method C) popular keying method D) communication method Answer: C Page Ref: 131 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 59) Symmetric key encryption is somewhat slow yet fairly expensive. Answer: FALSE Page Ref: 130 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 60) Public key encryption and symmetric key encryption are complementary. Answer: TRUE Page Ref: 131 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 61) Public key encryption takes 100 to 1,000 times longer than symmetric key encryption to encrypt a message of a given length. Answer: TRUE Page Ref: 131 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 62) The use of public key encryption to do keying is widespread. Answer: TRUE Page Ref: 131 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate

63) Public key encryption to do keying is extremely vast. Answer: FALSE Page Ref: 131 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 64) Diffie-Hellman key exchange is much faster than public key encryption. Answer: TRUE Page Ref: 131 Learning Objective: 3.6 Describe keying, including public key encryption Difficulty: Moderate 65) After two parties exchange session keys, what happens? A) The two sides begin sending messages back and forth. B) Encryption and decryption occurs. C) The two sides begin the authentication phase. D) Keying starts. Answer: A Page Ref: 133 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 66) A(n) ________ is when an attacker intercepts messages being sent between two parties and forwards them on. A) replay attack B) security through obscurity attack C) evil twin attack D) man-in-the-middle attack Answer: D Page Ref: 133 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 67) A(n) ________ occurs when an attacker intercepts an encrypted message and transmits it again later. A) replay attack B) security through obscurity attack C) evil twin attack D) man-in-the-middle attack Answer: A Page Ref: 133 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 13 Copyright © 2021 Pearson Education, Inc.

68) An electronic signature provides ________ and ________. A) authentication; handshaking B) authentication; message integrity C) handshaking; message integrity D) keying; encryption Answer: B Page Ref: 133 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 69) A ________ is the person a supplicant claims to be. A) verifier B) public key C) true party D) digital signature Answer: C Page Ref: 134 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Easy 70) A ________ authenticates a single message with public key encryption. A) public key B) verification C) digital signature D) message digest Answer: C Page Ref: 134 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 71) ________ is an independent and trusted source of information about public keys of true parties. A) A message digest B) Verification C) A digital signature D) A certificate authority Answer: D Page Ref: 138 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate

72) What are IdenTrust, Sectifo, and GoDaddy? A) Certificate authorities B) Verification authorities C) Digital signature authorities D) Message digest software suppliers Answer: A Page Ref: 138 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 73) ________ uses a key exchanged during the initial negotiation phase. A) A DES B) The HMAC C) A hash D) A message digest Answer: B Page Ref: 142 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 74) For message-by-message authentication, each message must contain an electronic signature. Answer: TRUE Page Ref: 133 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 75) Digital signatures are used much more often than are HMACs. Answer: FALSE Page Ref: 133 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 76) The first step in creating a digital signature for authentication is to hash the plaintext message. Answer: TRUE Page Ref: 134 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Easy

77) If a send is the true party, the sender will be authenticated. Answer: TRUE Page Ref: 136 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Easy 78) If a message has changed while in transit, the message digests will match but will show a separate log of the changes. Answer: FALSE Page Ref: 136 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 79) Digital certificates and digital signatures must be used together in public key authentication. Answer: TRUE Page Ref: 141 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 80) Nonrepudiation means that a sender cannot deny that he or she sent an important message. Answer: TRUE Page Ref: 142 Learning Objective: 3.7 Explain how electronic signatures, including digital signatures, digital certificates, and key-hashed message authentication codes (HMACs), work Difficulty: Moderate 81) Quantum mechanics governs ________. A) national security B) large-scale interactions C) small-scale interactions D) global security issues Answer: C Page Ref: 143 Learning Objective: 3.8 Describe quantum security Difficulty: Moderate

82) ________ can deliver very long keys to communication partners. A) Diffie-Hellman key exchange B) Public key encryption C) One-time key exchange D) Quantum key distribution Answer: D Page Ref: 143 Learning Objective: 3.8 Describe quantum security Difficulty: Moderate 83) ________ can be used to crack keys quickly by trying dozens or even thousands of keys at once. A) Diffie-Hellman key exchange B) Quantum key cracking C) Public key encryption D) One-time key exchange Answer: B Page Ref: 144 Learning Objective: 3.8 Describe quantum security Difficulty: Moderate 84) Quantum key distribution creates a one-time key. Answer: TRUE Page Ref: 143 Learning Objective: 3.8 Describe quantum security Difficulty: Moderate 85) Currently, quantum computer can crack keys that are thousands of bits long. Answer: FALSE Page Ref: 144 Learning Objective: 3.8 Describe quantum security Difficulty: Moderate 86) What is the first task in establishing a cryptographic system? A) For a company to invent their own custom cryptographic protections B) Selecting a cryptographic system standard for the dialogue C) Handshaking tasks are performed D) Verification takes place Answer: B Page Ref: 145 Learning Objective: 3.9 Describe public key encryption for authentication Difficulty: Moderate

87) Which of the following is NOT a type of VPN? A) Host-to-host B) Remote access C) One-time D) Site-to-site Answer: C Page Ref: 146 Learning Objective: 3.9 Describe public key encryption for authentication Difficulty: Moderate 88) A ________connects a single client over an untrusted network to a single server. A) host-to-host VPN B) remote access VPN C) one-time key D) site-to-site VPN Answer: A Page Ref: 145 Learning Objective: 3.9 Describe public key encryption for authentication Difficulty: Moderate 89) Cryptographic systems are nearly always used over trusted networks. Answer: FALSE Page Ref: 145 Learning Objective: 3.9 Describe public key encryption for authentication Difficulty: Moderate 90) A remote access VPN connect a single remote PC over an untrusted network to a site network. Answer: TRUE Page Ref: 146 Learning Objective: 3.9 Describe public key encryption for authentication Difficulty: Moderate 91) A site-to-site VPN connects a single client over an untrusted network to a single server. Answer: FALSE Page Ref: 146 Learning Objective: 3.9 Describe public key encryption for authentication Difficulty: Moderate

92) The Netscape Corporation created ________. A) SSL B) DES C) 3DES D) TLS Answer: A Page Ref: 147 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Moderate 93) The Internet Engineering Task Force renamed ________ to the standard ________. A) SSL; DES B) DES; 3DES C) TLS; SSL D) SSL; TLS Answer: D Page Ref: 147 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Moderate 94) A(n) ________ is simply a webserver as far as SSL/TLS is concerned. A) SSL/TLS key B) SSL/TLS gateway C) DES/3DES D) encryption Answer: B Page Ref: 149 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Moderate 95) What does a client need to have to use SSL/TLS? A) For basic operation, it needs additional software. B) For all operations, it needs additional software. C) For basic operation, it needs encryption software. D) For all activities and all messages, it must have sophisticated software. Answer: A Page Ref: 150 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Moderate 96) SSL/TLS works at the transport layer. Answer: TRUE Page Ref: 147 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Easy

97) SSL/TLS protection of application layer messages is transparent. Answer: FALSE Page Ref: 148 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Moderate 98) All browsers are SSL/TLS-aware. Answer: TRUE Page Ref: 148 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Moderate 99) There are no SSL/TLS gateway standards. Answer: TRUE Page Ref: 147 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Moderate 100) SSL/TLS is able to create site-to-site VPNs. Answer: FALSE Page Ref: 150 Learning Objective: 3.10 Explain cryptographic systems including VPNs and SSL Difficulty: Moderate 101) In IPsec, the IP refers to ________, and "sec" refers to ________. A) Internet Protocol; security B) Internet Practice; symmetric C) Internet Protocol; symmetric D) intranet protocol; security Answer: A Page Ref: 152 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Moderate 102) IPsec operates at the ________ layer. A) application B) transport C) internet D) secure sockets Answer: C Page Ref: 152 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Easy

103) Who designed IPsec? A) Netscape B) Microsoft C) IETF D) GoDaddy Answer: C Page Ref: 152 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Easy 104) Transport mode and tunnel mode are the two modes of ________. A) IPsec B) SSL/TLS C) SA D) VPN Answer: A Page Ref: 152 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Moderate 105) A(n) ________ is an agreement about what IPsec security methods and options the two hosts or two IPsec gateways will use. A) IPsec B) SSL/TLS C) SA D) VPN Answer: C Page Ref: 154 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Moderate 106) IPsec is considered the gold standard in VPN security. Answer: TRUE Page Ref: 152 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Easy 107) IPsec gives transparent protection to transport layer and application layer messages. Answer: TRUE Page Ref: 152 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Moderate

108) IPsec transport mode gives host-to-host security. Answer: TRUE Page Ref: 153 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Moderate 109) IPsec tunnel mode only protects traffic between two IPsec gateways at the same site. Answer: FALSE Page Ref: 154 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Moderate 110) IPsec policy servers push a list of suitable policies to individual IPsec gateway servers or hosts. Answer: TRUE Page Ref: 156 Learning Objective: 3.11 Describe the tradeoffs between IPsec tunnel mode and transport mode Difficulty: Moderate

Corporate Computer Security, 5e (Boyle/Panko) Chapter 4 Secure Networks 1) Ensuring network ________ means that authorized users have access to information, services, and network resources. A) authentication B) availability C) integrity D) confidentiality Answer: B Page Ref: 168 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate 2) Ensuring appropriate network ________ means preventing attackers from altering the capabilities or operation of the network. A) authentication B) functionality C) integrity D) confidentiality Answer: B Page Ref: 168 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate 3) In regards to network security, ________ is the policy-driven control of access to systems, data, and dialogues. A) integrity B) authentication C) access control D) confidentiality Answer: C Page Ref: 168 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate 4) Which of the following is NOT one of the four goals to consider when creating a secure networking environment? A) Confidentiality B) Integrity C) Functionality D) Cost Answer: D Page Ref: 168 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate 1 Copyright © 2021 Pearson Education, Inc.

5) ________ means preventing unauthorized users from accessing a network's structure, data flowing across the network, network protocols used, or packet header values. A) Integrity B) Authentication C) Access control D) Confidentiality Answer: D Page Ref: 168 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Easy 6) ________ refer to ways of attacking networks. A) Attack vectors B) Tethering C) DoS attacks D) Indirect attacks Answer: A Page Ref: 169 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate 7) The castle model describes when ________. A) network administrators restrict access to those on the outside of the business and limit access on the inside B) the good guys are on the inside and the attackers are on the outside C) network administrators restrict access to only those that should have access within the company D) computer software restricts access on the inside to the top management and limits access to lower levels in the company Answer: B Page Ref: 169 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate 8) ________ describes the idea that creating a 100 percent secure network is not possible. A) The castle model B) The death of the perimeter C) The city model D) Attack vectors Answer: B Page Ref: 169 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate

9) IDS refers to ________. A) internal intrusion detection B) internal interruption detection C) instantaneous intrusion determination D) industry intrusion detection Answer: A Page Ref: 170 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Easy 10) Functionality and access control are two of the four goals to consider when securing networks. Answer: TRUE Page Ref: 168 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Easy 11) DoS attacks are one of the least common types of network attacks against corporations. Answer: FALSE Page Ref: 168 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate 12) "Death of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is impossible. Answer: TRUE Page Ref: 168 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Easy 13) In the castle model of network defense, there was a well-guarded single point of entry. Answer: TRUE Page Ref: 1689 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Easy 14) The "death of the perimeter" model has no distinct perimeter and there are multiple ways of entering the network. Answer: FALSE Page Ref: 170 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate

15) When a "bad guy" ends up being an employee, "death of the perimeter" is confirmed. Answer: FALSE Page Ref: 170 Learning Objective: 4.1 Describe the goals of creating secure networks Difficulty: Moderate 16) ________ attempts to make a server or network unavailable to legitimate users. A) DoS attack B) The castle model C) The death of the perimeter D) The city model Answer: A Page Ref: 171 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 17) The ultimate goal of a DoS attack is ________. A) to cause harm B) financial gain C) to disrupt business activities D) to access a business' inventory Answer: A Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 18) A common occurrence with news aggregators like Slashdot or The Huffington Post is ________. A) referrals from large sites B) degrading services C) stopping critical services D) faulty coding Answer: A Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 19) Which of the following is NOT one of the main DoS attack methods? A) Direct/indirect B) Intermediary C) Reflected D) Degrade services Answer: D Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 4 Copyright © 2021 Pearson Education, Inc.

20) Which of the following is the simplest form of a DoS attack? A) Direct/indirect B) Intermediary C) Reflected D) Sending malformed packets Answer: A Page Ref: 174 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 21) A DoS attack begins when a ________ sends a signal for the bots to attack a victim. A) botmaster B) bot C) DDoS D) DoS Answer: A Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Easy 22) Which of the following is the second primary DoS method used by attackers? A) Direct/indirect B) Intermediary C) Reflected D) Sending malformed packets Answer: B Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 23) ________ is the process of hiding an attacker's source IP address. A) IP flooding B) Backscattering C) DDoSs D) Spoofing Answer: D Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate

24) Which of the following occurs when an attacker sends numerous TCP SYN segments to a victim server? A) SYN flood B) Ping flood C) Backscatter D) HTTP flood Answer: A Page Ref: 174 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 25) A side effect of an attacker spoofing an IP address is ________. A) SYN flood B) ping flood C) backscatter D) spoofing Answer: C Page Ref: 174 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 26) ________ are an additional layer of compromised hosts that are used to manage large groups of bots. A) A Smurf flood B) Handlers C) Backscatters D) False opens Answer: B Page Ref: 176 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 27) A ________ is similar to a P2P redirect. A) SYN flood B) reflected attack C) Smurf flood D) DDoS Answer: B Page Ref: 177 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 28) DoS attacks occur on a weekly basis, not usually daily. Answer: FALSE Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Easy 6 Copyright © 2021 Pearson Education, Inc.

29) The most common service targeted by attackers is HTTP. Answer: TRUE Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Easy 30) DoS attacks can cause harm by stopping a critical service. Answer: TRUE Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Easy 31) DoS attacks can cause harm by slowly degrading services over time. Answer: TRUE Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Easy 32) Typically DoS attacks against critical services are difficult to identify and last for a long time. Answer: FALSE Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 33) An indirect attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer. Answer: FALSE Page Ref: 174 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate 34) Intermediaries are typically referred to as bots. Answer: TRUE Page Ref: 172 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Easy 35) ICMP can be best described as the second part of a three-way TCP handshake sent in response to a SYN. Answer: FALSE Page Ref: 177 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Moderate

36) Rate limiting can be used to reduce a certain type of traffic to a reasonable amount. Answer: TRUE Page Ref: 175 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Easy 37) Black-holing an attacker is a poor long-term strategy because attackers can quickly change source IP addresses. Answer: TRUE Page Ref: 175 Learning Objective: 4.2 Explain how denial-of-service (DoS) attacks work Difficulty: Easy 38) Which of the following is a network attack that manipulates host ARP tables to reroute LAN traffic? A) SYN flood B) Ping flood C) ARP poisoning D) HTTP flood Answer: C Page Ref: 182 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Moderate 39) Rerouting traffic using ARP poisoning is an attack on ________ of a network. A) confidentiality and functionality B) integrity C) confidentiality and date privacy D) access control and functionality Answer: A Page Ref: 182 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Moderate 40) ________ uses false ARP replies to map any IP address to any MAC address. A) An ARP reply B) An ARP request C) ARP poisoning D) ARP spoofing Answer: D Page Ref: 182 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Moderate

41) A gateway records all internal IP addresses in its ________. A) ARP table B) ARP reply C) ARP request D) static table Answer: A Page Ref: 185 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Moderate 42) ARP poisoning can be prevented by using ________. A) static IP and ARP tables B) ARP requests and ARP replies C) dynamic IP and ARP tables D) ARP spoofing Answer: A Page Ref: 186 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Moderate 43) ARP is used to resolve 48-bit IP addresses into 32-bit local MAC addresses. Answer: FALSE Page Ref: 182 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Moderate 44) One problem with ARP requests and replies is that they do not require authentication of verification. Answer: TRUE Page Ref: 182 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Moderate 45) In normal ARP traffic, every host can make ARP requests. Answer: TRUE Page Ref: 182 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Easy 46) A difficulty in using static IP and ARP tables is that organizations change. Answer: TRUE Page Ref: 186 Learning Objective: 4.3 Explain how ARP poisoning works Difficulty: Moderate

47) A(n) ________ sits in his or her car outside of the walls of a company in order to access a system. A) EAP B) packet sniffer C) drive-by hacker D) botmaster Answer: C Page Ref: 187 Learning Objective: 4.4 Know why access controls are important for networks Difficulty: Moderate 48) A(n) ________ can be used to gather network information or user data. A) RFMON B) Botmaster C) AP D) packet sniffer Answer: D Page Ref: 187 Learning Objective: 4.4 Know why access controls are important for networks Difficulty: Moderate 49) Most wireless communication in LANs is used to link wireless clients to a firm's wired Ethernet network. Answer: TRUE Page Ref: 187 Learning Objective: 4.4 Know why access controls are important for networks Difficulty: Easy 50) Wireless LANs are not possible. Answer: FALSE Page Ref: 187 Learning Objective: 4.4 Know why access controls are important for networks Difficulty: Easy 51) Wireless traffic often is encrypted in ways that are quite difficult to crack. Answer: FALSE Page Ref: 187 Learning Objective: 4.4 Know why access controls are important for networks Difficulty: Easy

52) The ________ standard provides access control to prevent illegitimate clients from associating with a network. A) 802.1X B) RADIUS C) 802.11 D) IEEE 802.11 Answer: A Page Ref: 188 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate 53) The name of the 802.1X standard is ________. A) IEEE 802.11 B) Port-based Access Control C) Extensible Authentication Protocol D) RADIUS Answer: B Page Ref: 188 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate 54) In an 802.1X standard, when a computer first connects, the port is in a(n) ________ state. A) authorized B) unauthorized C) static D) confidential Answer: B Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Easy 55) In an 802.1X standard, a ________is the primary point of control. A) switch port B) wireless connection C) static table D) PEAP Answer: A Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Easy

56) Which of the following is NOT an advantage in using a central authentication server instead of each workgroup switch to do all the work? A) Cost savings B) Immediate changes C) Integrity D) Consistency Answer: C Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate 57) In 802.1X, a computer seeking access is the ________. A) supplicant B) intermediary C) botmaster D) authenticator Answer: A Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Easy 58) 802.1X calls the workgroup switch the ________. A) pass-through operation B) RADIUS server C) EAP D) authenticator Answer: C Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate 59) ________ governs the specifics of authentication interactions. A) The central authentication server B) EAP C) Pass-through operations D) A RADIUS server Answer: B Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate

60) An ________ passes a message through. A) authentication switch B) Ethernet switch C) EAP D) authenticator Answer: A Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Easy 61) RADIUS is a(n) ________ protocol. A) Extensible Authentication B) client/server C) VPN D) Address Resolution Answer: B Page Ref: 191 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate 62) The RADIUS protocol provides ________. A) authentication and integrity B) authentication and authorization C) authenticity and functionality D) confidentiality and access control Answer: B Page Ref: 192 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Difficult 63) 802.1X is quite challenging to implement in wired LANs. Answer: FALSE Page Ref: 188 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Easy 64) Using a central authentication server brings consistency in authentication. Answer: TRUE Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Easy 65) Ethernet switches can sense when a host connects to one of its ports. Answer: TRUE Page Ref: 189 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate 13 Copyright © 2021 Pearson Education, Inc.

66) Most central authentication servers are governed by the RADIUS standard. Answer: TRUE Page Ref: 190 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate 67) RADIUS provides auditing of connections. Answer: TRUE Page Ref: 192 Learning Objective: 4.5 Explain how to secure Ethernet networks Difficulty: Moderate 68) Which of the following is NOT accurate about wireless networks over wired networks? A) Wireless are quicker. B) Wireless are easier. C) Wireless are less expensive. D) Wireless are rare to find. Answer: D Page Ref: 192 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 69) Wireless attacks focus on the ________. A) evil twin access point B) switch port C) access point D) MAC access control point Answer: C Page Ref: 192 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 70) Which of the following is NOT a type of wireless network attack? A) Unauthorized network access B) A man-in-the-middle attack using an evil twin C) Wireless denial-of-service attacks D) A death-of-the-perimeter attack Answer: D Page Ref: 192 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate

71) Connecting to a network without permission is known as ________. A) secure access B) unauthorized access C) a client/server attack D) rogue access Answer: B Page Ref: 193 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 72) Which of the following is FALSE about open wireless networks? A) They are often posted for the public to know about. B) They can be legally accessed by anyone. C) They are typically found in public places like coffee shops. D) They are legally accessed only by staff of the company or owned network. Answer: D Page Ref: 193 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 73) ________ are unauthorized access points set up by individuals or departments with little or no security. A) Rogue access points B) Evil twin access points C) WEP D) WPA2 Answer: A Page Ref: 193 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 74) A(n) ________ can be used to gather user data. A) static IP table B) ARP tables C) RTS frame D) packet sniffer Answer: D Page Ref: 194 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate

75) What is RFMON? A) Radio frequency monitoring B) Radio frequency mode C) Request frequency monitoring D) Radio frame monitoring Answer: A Page Ref: 194 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 76) ________ is when attackers focus electronic attacks on specific high-value targets. A) ARP poisoning B) Whaling C) Radio frequency monitoring D) Rate limiting Answer: B Page Ref: 194 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 77) A(n) ________ is a personal computer that has software to allow the computer to masquerade as an access point. A) switch port B) access point C) MAC access control point D) evil twin access point Answer: D Page Ref: 196 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 78) ________ transmit on 2.4-GHz and/or 5-GHz frequency bands. A) Ethernet networks B) ARP requests and ARP replies C) Wireless 802.11 networks D) Wired 802.11 networks Answer: C Page Ref: 197 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate

79) ________ is also known as radio frequency interference. A) Electromagnetic interference B) Noise C) Whaling D) An evil twin access point Answer: A Page Ref: 197 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 80) Which of the following record all signals, including packet transmissions, within a radio frequency band? A) Ethernet networks B) ARP requests and ARP replies C) Spectrum analyzers D) EMIs Answer: C Page Ref: 197 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 81) ________ tell wireless clients that you want to transmit for a given amount of time. A) CTS frames B) RTS frames C) Packet injections D) Deauthenticate messages Answer: B Page Ref: 197 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 82) ________ tell wireless clients that you have received an RTS frame and that they should not transmit until the designated time expires. A) CTS frames B) ARP replies C) Packet injections D) Deauthenticate messages Answer: A Page Ref: 197 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate

83) ________ assumes that the connection between supplicant and authenticator is secure. Additional security is needed between the supplicant and the access point in 802.11 WLANs. A) EAP B) PEAP C) WEP D) WPA Answer: A Page Ref: 199 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 84) What does the first "P" in PEAP stand for? A) Priority B) Protected C) Packet D) Prioritized Answer: B Page Ref: 200 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 85) WEP stands for ________. A) wireless equivalent policy B) wireless equivalent privacy C) wired equivalent privacy D) wired equivalent policy Answer: C Page Ref: 200 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 86) ________ is a standard created by the Wi-Fi Alliance by taking an early draft of the 802.11i standard. A) WEP B) WPA C) WLAN D) WPA2 Answer: B Page Ref: 200 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate

87) Which of the following was released in 2018? A) WPA3 B) WPA C) WEP D) WPA2 Answer: A Page Ref: 200 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 88) Which of the following was released in 2018? A) WPA3 B) WPA C) WEP D) WPA2 Answer: A Page Ref: 200 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 89) In 802.11i or WPA in PSK/personal mode, passphrases must be at least ________. A) 20 characters long B) 56 characters long C) 256 characters long D) 512 characters long Answer: A Page Ref: 206 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 90) To work with an access point, a station must know the access point's ________. A) MAC address B) SSID C) WPA D) WEP Answer: B Page Ref: 206 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 91) Ethernet LANs are the only type of networks that require security. Answer: FALSE Page Ref: 192 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy

92) Wireless LANs have fewer security issues to consider than do wired LANs. Answer: FALSE Page Ref: 192 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 93) The most common attack against wireless networks is unauthorized access. Answer: TRUE Page Ref: 193 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 94) An open network can be legally accessed by anyone. Answer: TRUE Page Ref: 193 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 95) Promiscuous mode allows an attacker to receive messages addressed to other users. Answer: TRUE Page Ref: 192 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 96) Focusing electronic attacks on specific high-value targets is known as IV. Answer: FALSE Page Ref: 196 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 97) Evil twin access point attacks are less commonly found in public hot spots. Answer: FALSE Page Ref: 196 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 98) Interference damages an 802.11 signal and makes packets unreadable. Answer: TRUE Page Ref: 197 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 99) PEAP is a popular extended EAP protocol. Answer: TRUE Page Ref: 200 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Easy 20 Copyright © 2021 Pearson Education, Inc.

100) PSK/personal mode was created for individual users in a larger corporation. Answer: FALSE Page Ref: 204 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate 101) All 802.11 wireless LAN standards use spread spectrum transmission. Answer: TRUE Page Ref: 206 Learning Objective: 4.6 Describe wireless (WLAN) security standards and potential attacks Difficulty: Moderate

Corporate Computer Security, 5e (Boyle/Panko) Chapter 5 Access Control 1) Which of the following is NOT one of the AAA controls? A) Accuracy B) Auditing C) Authentication D) Authorizations Answer: A Page Ref: 217 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate 2) ________ is the process of assessing the identity of each individual claiming to have permission to use a resource. A) Accuracy B) Auditing C) Authentication D) Authorizations Answer: C Page Ref: 217 Learning Objective: 5.1 Define basic access control terminology Difficulty: Easy 3) ________ is the process of collecting information about the activities of each individual in log files for immediate and later analysis. A) Authorizations B) Accuracy C) Auditing D) Authentication Answer: C Page Ref: 217 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate 4) Which of the following can negate the strength of two-factor authentication? A) Trojan horses and man-in-the-middle attacks B) Trojan horses and single point of entry attacks C) Terrorist attacks and man-in-the-middle attacks D) Terrorist attacks and dumpster diving Answer: A Page Ref: 217 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate

5) Which of the following is FALSE in regard to the comparison of access control to RBAC and individual accounts? A) RBAC is less prone to error B) RBAC is more expensive C) RBAC has fewer assignments to make D) RBAC is cheaper Answer: B Page Ref: 218 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate 6) In the military, departments do not have the ability to alter access control rules set by higher authorities in ________. A) mandatory access control B) discretionary access control C) multilevel access control D) policy-based access control Answer: A Page Ref: 219 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate 7) In ________ the department has discretion over giving access to individuals, within policy standards set by higher authorities. A) mandatory access control B) delegated access control C) policy-based access control D) discretionary access control Answer: D Page Ref: 219 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate 8) Authentication is the process of collecting information about the activities of each individual in log files for immediate and later analysis. Answer: FALSE Page Ref: 217 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate 9) A person or process that requests access is known as the supplicant. Answer: TRUE Page Ref: 217 Learning Objective: 5.1 Define basic access control terminology Difficulty: Easy

10) RBAC stands for role-based access control. Answer: TRUE Page Ref: 218 Learning Objective: 5.1 Define basic access control terminology Difficulty: Easy 11) Typically, military and national security organizations have a multilevel security system. Answer: TRUE Page Ref: 220 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate 12) In military security, the term multilevel security is synonymous with multifactor security. Answer: FALSE Page Ref: 220 Learning Objective: 5.1 Define basic access control terminology Difficulty: Moderate 13) On loading docks, outgoing shipments should be separated from incoming shipments in order to ________. A) reduce the risk of theft B) ensure the segregation of duties C) avoid shipping and processing confusion D) process data in the system accurately Answer: A Page Ref: 224 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Easy 14) Which of the following is NOT one of the rules for working in secure areas? A) Electronic devices that can record or copy mass amounts of information should be forbidden in secure areas. B) When no one is in a secure area, it should be locked and verified periodically. C) Unsupervised work in secure areas should be avoided. D) No one should be allowed to work in secure areas for more than seven hours to align with security rules. Answer: D Page Ref: 224 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Moderate

15) In regard to COBIT, entry must be all of the following EXCEPT ________. A) authorized B) logged C) monitored D) visually recorded Answer: D Page Ref: 223 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Moderate 16) Buildings should be set back from streets and protected with rolling hill landscaping, if possible, to reduce threats from ________. A) terrorism B) dumpster diving C) wireless eavesdropping D) piggybacking Answer: A Page Ref: 226 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Moderate 17) ________ is a social engineering trick where an intruder may follow an authorized user through a door that the authorized user opens with an access device. A) CCTV B) Piggybacking C) Tailgating D) Shoulder surfing Answer: B Page Ref: 226 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Moderate 18) Computer attacks rarely take place remotely over networks. Answer: FALSE Page Ref: 222 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Easy 19) Media such as cameras and mobile phones with cameras in secured areas may allow a physical penetration attacker to steal information. Answer: TRUE Page Ref: 224 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Easy

20) Placing sensitive equipment in secure areas to minimize potential threats and damage is called siting. Answer: TRUE Page Ref: 225 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Moderate 21) It is illegal to go through a company's trash bins when they are outside the corporation's physical premises. Answer: FALSE Page Ref: 227 Learning Objective: 5.2 Describe physical building and computer security Difficulty: Moderate 22) Passwords that you use for weeks or months are known as ________ passwords. A) reusable B) one-time C) complex D) strong Answer: A Page Ref: 228 Learning Objective: 5.3 Explain reusable passwords Difficulty: Easy 23) The International Data Corporation estimates that ________ percent of all accounts in larger corporations are inappropriate. A) 20 to 40 B) approximately 25 C) approximately 35 D) 30 to 60 Answer: D Page Ref: 230 Learning Objective: 5.3 Explain reusable passwords Difficulty: Moderate 24) ________ is having the ability to create a new password for an account. A) A password reset B) A password management program C) A system reset D) An assertion Answer: A Page Ref: 230 Learning Objective: 5.3 Explain reusable passwords Difficulty: Easy

25) What approximate percentage of calls to help desks involve lost passwords? A) More than half B) Approximately a quarter to a third C) Approximately half D) 30 to 60 Answer: B Page Ref: 230 Learning Objective: 5.3 Explain reusable passwords Difficulty: Moderate 26) Which of the following passwords is NOT in the top five most common for two real-world data breaches mentioned in the text? A) 111111 B) 123456 C) qwerty D) iloveyou Answer: D Page Ref: 233 Learning Objective: 5.3 Explain reusable passwords Difficulty: Moderate 27) Which of the following passwords is considered the MOST common for two real-world data breaches mentioned in the text? A) 111111 B) 123456 C) qwerty D) iloveyou Answer: B Page Ref: 233 Learning Objective: 5.3 Explain reusable passwords Difficulty: Moderate 28) Most users who have access to servers use reusable passwords for authentication. Answer: TRUE Page Ref: 228 Learning Objective: 5.3 Explain reusable passwords Difficulty: Moderate 29) PCs should require login screens with complex passwords. Answer: TRUE Page Ref: 228 Learning Objective: 5.3 Explain reusable passwords Difficulty: Moderate

30) For group or team work in a company, it is often recommended that all group members share a single account and, therefore, a single password. Answer: FALSE Page Ref: 229 Learning Objective: 5.3 Explain reusable passwords Difficulty: Easy 31) If a systems administrator assigns access permissions to a group, the accounts of the individual members of that group automatically inherit those permissions. Answer: TRUE Page Ref: 230 Learning Objective: 5.3 Explain reusable passwords Difficulty: Moderate 32) Usernames and passwords are rarely a target for hackers due to the difficulty in cracking them. Answer: FALSE Page Ref: 232 Learning Objective: 5.3 Explain reusable passwords Difficulty: Moderate 33) A(n) ________ is made of plastic and is approximately the size of a credit or debit card. A) access card B) biometric card C) token D) RFID Answer: A Page Ref: 235 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Moderate 34) The simplest access card use a ________. A) chip B) token C) PIN D) magnetic strip Answer: D Page Ref: 235 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Easy

35) Magnetic stripe cards are________, only containing data; smart cards are ________. A) passive; active B) physical; virtual C) not secure; secure D) new technology; old technology Answer: A Page Ref: 236 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Easy 36) A(n) ________ is something that represents something else. A) access card B) RFID C) token D) template Answer: C Page Ref: 236 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Moderate 37) A ________ is a small device with a display that has a number that changes frequently. A) magnetic stripe card B) USB token C) one-time-password token D) smart card Answer: C Page Ref: 236 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Moderate 38) A PIN is typically ________. A) four to six digits B) four to six characters C) at least six digits D) at least 10 digits Answer: A Page Ref: 237 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Moderate

39) A physical access card and a PIN are an example of ________. A) biometric authentication B) public key infrastructure C) public key-private key pairs D) two-factor authentication Answer: D Page Ref: 237 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Moderate 40) A proximity access token contains a small ________ as a new alternative to physical security. A) USB token B) RFID C) one-time password token D) public key-private key Answer: B Page Ref: 237 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Moderate 41) A USB token is a small device that plugs into a computer's USB port to identify the owner. Answer: TRUE Page Ref: 236 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Moderate 42) For easy remembering, many companies suggest that you record a PIN that you've selected on the physical access card you've been given. Answer: FALSE Page Ref: 237 Learning Objective: 5.4 Explain how access cards and tokens work Difficulty: Moderate 43) During enrollment in a biometric authentication system, step 1 is that the ________. A) reader scans each person's biometric data B) reader processes the enrollment scan data C) reader sends key feature data to the database D) key feature data is used as a template Answer: A Page Ref: 238 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate

44) When a reader in a biometric authentication system scans a person's biometric data, what is used? A) The entire data set that is processed B) The first 1056 bytes of data C) The first 256 characters of data D) A few key features Answer: D Page Ref: 238 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 45) When a user is scanned a second time, the reader in a biometric authentication system processes the ________ information to create key features. A) user access data B) supplicant scanning C) acceptance D) match index Answer: B Page Ref: 238 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 46) ________ refers to accuracy when a supplicant is not trying to deceive the system. A) Error rate B) Supplicant scanning C) Acceptance D) Match index Answer: A Page Ref: 241 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 47) ________ occurs if a system will not enroll a user. A) TGT B) FTE C) RFID D) PKI Answer: B Page Ref: 242 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate

48) In, ________ the verifier determines whether the supplicant is a particular person. A) verification B) acceptance C) supplicant scanning D) match index Answer: A Page Ref: 242 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 49) In, ________ the verifier determines whether the supplicant is a particular person. A) verification B) acceptance C) supplicant scanning D) match index Answer: A Page Ref: 242 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Easy 50) ________ is a form of identification that identifies a person as being a member of a group. A) Group acceptance B) RBAC C) Watch list matching D) Group ID matching Answer: C Page Ref: 244 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 51) Which of the following statements accurately describes fingerprint recognition? A) Fingerprint recognition is fairly unknown to the general population. B) Fingerprint scanners account for just a small fraction of the total biometrics market. C) Fingerprint recognition scanners are very expensive. D) Fingerprint recognition technology is well developed. Answer: D Page Ref: 245 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Difficult

52) Iris recognition technology is ________ and ________. A) inexpensive; has high FARs B) expensive; has low FARs C) inexpensive; has low FARs D) expensive; has high FARs Answer: B Page Ref: 245 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 53) Hand geometry recognition is used heavily for ________. A) watch list access B) door access C) PC access D) server access Answer: B Page Ref: 245 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 54) A false rejection occurs when a person is improperly matched to a template. Answer: FALSE Page Ref: 241 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Easy 55) From a security viewpoint, a false acceptance is always worse than a false rejection. Answer: FALSE Page Ref: 241 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 56) The false acceptance rate increases as the number of templates increases. Answer: TRUE Page Ref: 241 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate

57) For watch lists of criminals, a false acceptance is worse than a false rejection from a security viewpoint. Answer: FALSE Page Ref: 241 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 58) Identification is the process where the verifier determines whether the supplicant is a particular person that the supplicant claims who he or she is. Answer: FALSE Page Ref: 241 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 59) Verification requires more matches against templates than does identification. Answer: FALSE Page Ref: 241 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 60) Fingerprint scanning, which is often deceived, may be acceptable for entry into a nonsensitive supplies cabinet. Answer: TRUE Page Ref: 245 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 61) Fingerprint recognition is easily deceived. Answer: TRUE Page Ref: 245 Learning Objective: 5.5 Describe biometric authentication, including verification and identification Difficulty: Moderate 62) A private key/public key pair is usually created by the ________. A) client or non-PKI servers B) PKI server C) certificate revocation list D) permissions Answer: A Page Ref: 249 Learning Objective: 5.6 Explain how PKI provides cryptographic authentication Difficulty: Moderate 13 Copyright © 2021 Pearson Education, Inc.

63) In the context of PKI, ________ is the process of accepting public keys and providing new digital certificates to the users. A) coordination B) provisioning C) reflection D) certification Answer: B Page Ref: 250 Learning Objective: 5.6 Explain how PKI provides cryptographic authentication Difficulty: Moderate 64) The ________ authentication problem is that unless individuals are carefully vetted before being allowed in a system, imposters can simply enroll through social engineering. A) core B) human C) prime D) final Answer: C Page Ref: 250 Learning Objective: 5.6 Explain how PKI provides cryptographic authentication Difficulty: Moderate 65) PKI servers must support the downloading of ________ and must respond to ________ queries. A) CRLs; OCSP B) PKIs; CA C) CRLs; CA D) HMACs; CA Answer: A Page Ref: 250 Learning Objective: 5.6 Explain how PKI provides cryptographic authentication Difficulty: Moderate 66) Biometric authentication is the strongest form of authentication. Answer: TRUE Page Ref: 248 Learning Objective: 5.6 Explain how PKI provides cryptographic authentication Difficulty: Moderate 67) A firm can be its own certificate authority for internal users. Answer: TRUE Page Ref: 248 Learning Objective: 5.6 Explain how PKI provides cryptographic authentication Difficulty: Moderate

68) The labor costs of provisioning are very expensive. Answer: TRUE Page Ref: 250 Learning Objective: 5.6 Explain how PKI provides cryptographic authentication Difficulty: Moderate 69) It is rarely safe to accept a digital certificate from a supplicant. Answer: FALSE Page Ref: 250 Learning Objective: 5.6 Explain how PKI provides cryptographic authentication Difficulty: Moderate 70) Authorizations for individuals can also be referred to as ________. A) user access data B) permissions C) supplicant scanning D) acceptance Answer: B Page Ref: 251 Learning Objective: 5.7 Explain authorizations Difficulty: Easy 71) In planning authorizations, it is important to follow ________. A) the principle of minimum identity data B) two-factor authentication C) multifactor authentication D) the principle of least permissions Answer: D Page Ref: 251 Learning Objective: 5.7 Explain authorizations Difficulty: Moderate 72) When assigning initial permissions, it is good to add more permissions than strictly necessary and then remove permissions if appropriate. Answer: FALSE Page Ref: 251 Learning Objective: 5.7 Explain authorizations Difficulty: Moderate 73) In following the principle of least permissions, each person should only get the permissions that he or she absolutely needs to do his or her job. Answer: TRUE Page Ref: 251 Learning Objective: 5.7 Explain authorizations Difficulty: Easy

74) Assigning least permissions means that the system tends to fail safely. Answer: TRUE Page Ref: 251 Learning Objective: 5.7 Explain authorizations Difficulty: Moderate 75) ________ records and analyzes what a person or program actually did. A) Authorization B) Auditing C) Authentication D) Analyzing Answer: B Page Ref: 253 Learning Objective: 5.8 Explain auditing Difficulty: Moderate 76) Which of the following is FALSE about log files? A) Automatic alerts should be established. B) Log files should be read regularly. C) External auditing should be conducted periodically. D) Reading log files is an easy and minimally time-consuming process. Answer: D Page Ref: 253 Learning Objective: 5.8 Explain auditing Difficulty: Moderate 77) ________ records the actions that an account owner takes on a resource. A) Logging B) Authenticating C) Verifying D) Authorizing Answer: A Page Ref: 253 Learning Objective: 5.8 Explain auditing Difficulty: Easy 78) Unless logs are studied, they are useless. Answer: TRUE Page Ref: 253 Learning Objective: 5.8 Explain auditing Difficulty: Easy 79) Auditing predicts what a person or program is likely to do in the future. Answer: FALSE Page Ref: 253 Learning Objective: 5.8 Explain auditing Difficulty: Moderate 16 Copyright © 2021 Pearson Education, Inc.

80) Which of the following is NOT one of the devices in RADIUS central authentication? A) The RADIUS central authentication server B) Authenticator C) Supplicant D) Verifier Answer: D Page Ref: 255 Learning Objective: 5.9 Describe how central authentication servers work Difficulty: Moderate 81) Which of the following is NOT a part of central authentication servers? A) They reduce costs. B) They give consistency in authentication no matter where a user or attacker comes into the network. C) They only allow authentication to networks when employees are at the same physical locations as the servers. D) They allow company-wide changes to be made instantly. Answer: C Page Ref: 254 Learning Objective: 5.9 Describe how central authentication servers work Difficulty: Moderate 82) In Kerberos, the ________ is the supplicant's proof that it has already authenticated itself with the Kerberos Server. A) digital signature B) ticket granting ticket C) log file D) service ticket Answer: B Page Ref: 255 Learning Objective: 5.9 Describe how central authentication servers work Difficulty: Moderate 83) In Kerberos, the ________ is an encrypted session key that only the verifier can decrypt. A) digital signature B) ticket granting ticket C) log file D) service ticket Answer: D Page Ref: 255 Learning Objective: 5.9 Describe how central authentication servers work Difficulty: Moderate

84) Which of the following is arguably the most popular central authentication server standard? A) Kerberos B) RADIUS C) LDAP D) MS-CHAP Answer: B Page Ref: 255 Learning Objective: 5.9 Describe how central authentication servers work Difficulty: Moderate 85) Central authentication servers are quite expensive and tend to not reduce costs for a company. Answer: FALSE Page Ref: 254 Learning Objective: 5.9 Describe how central authentication servers work Difficulty: Moderate 86) The most widely used standard for central authentication servers is RADIUS. Answer: TRUE Page Ref: 254 Learning Objective: 5.9 Describe how central authentication servers work Difficulty: Moderate 87) In directory servers, information is organized ________. A) relationally B) hierarchically C) horizontally D) vertically Answer: B Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Easy 88) Most companies use ________ to store data centrally in their firms. A) Domain controller servers B) directory servers C) authentication servers D) RADIUS servers Answer: B Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate

89) A directory server database schema is a hierarchical collection of ________. A) objects B) USB tokens C) one-time password token D) public keys Answer: A Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Easy 90) In a hierarchical database system, O represents ________ and OU represents ________. A) organization; organizational unit B) organization; organized understanding C) one-time; one-time user D) organized; organized user Answer: A Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate 91) Authentication servers communicate with directory servers using ________. A) MS-Chap B) LDAP C) RADIUS D) Kerberos Answer: B Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate 92) Microsoft's directory server product is called ________. A) MS-Chap B) AD C) RADIUS D) Kerberos Answer: B Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate

93) Replication between a domain controller in a child domain and a domain controller in its parent domain is ________. A) nonexistent B) intransitive C) partial D) total Answer: C Page Ref: 260 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate 94) If Directory Server A trusts Directory Server B, Directory Server B trusts Directory Server C, and Directory Server A trusts Directory Server C, this is ________ trust. A) mutual B) transitive C) intransitive D) one-way Answer: B Page Ref: 260 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate 95) If Directory Server A trusts Directory Server B, and Directory Server B trusts Directory Server C, this is ________ trust. A) mutual B) transitive C) intransitive D) one-way Answer: C Page Ref: 260 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate 96) If Directory Server A trusts Directory Server B, Directory Server B trusts Directory Server A, this is ________ trust. A) mutual B) transitive C) intransitive D) one-way Answer: A Page Ref: 260 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate

97) Directory servers are central repositories for information about people, equipment, software, and databases. Answer: TRUE Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Easy 98) The OU is a shortcut way of referring to a node. Answer: FALSE Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Easy 99) Nearly all directory servers support LDAP. Answer: TRUE Page Ref: 257 Learning Objective: 5.10 Describe how directory servers work Difficulty: Easy 100) If Directory Server A trusts Directory Server B and Directory Server B trusts Directory Server C, then Directory Server A MUST trust Directory Server C. Answer: FALSE Page Ref: 260 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate 101) Trust means that one directory server will accept information from another. Answer: TRUE Page Ref: 260 Learning Objective: 5.10 Describe how directory servers work Difficulty: Moderate 102) ________ servers synchronize directory servers from different vendors. A) Directory B) Central authentication C) Synchronization D) Metadirectory Answer: D Page Ref: 262 Learning Objective: 5.11 Define full identity management Difficulty: Moderate

103) In federated identity management, firms ________. A) send assertions to one another B) query one another's identity management databases C) authenticate users D) provide verification Answer: A Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Moderate 104) A(n) ________ is a statement from Firm A that Firm B should accept as true if Firm B trusts Firm A. A) certificate B) certification C) assertion D) attribute Answer: C Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Moderate 105) Which of the following is NOT one of the three major elements of an assertion? A) Authenticity B) Authorization C) Attributes D) Nodes Answer: D Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Moderate 106) The dominant standard for sending security assertions today is ________. A) XML B) SAML C) MS-Chap D) AD Answer: B Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Moderate

107) ________ is the centralized policy-based management of all information required for access to corporate systems by people, machines, programs, or other resources. A) Meta-identity management B) Meta-directory service C) Identity management D) Directory service Answer: C Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Moderate 108) A potential benefit of identity management is ________. A) SAML B) MS-Chap C) SSO D) XML Answer: C Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Moderate 109) In federated identity management, firms do not query one another's identity management databases. Answer: TRUE Page Ref: 261 Learning Objective: 5.11 Define full identity management Difficulty: Moderate 110) The main standards used by firms to send security assertions to one another is LDAP. Answer: FALSE Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Moderate 111) XML makes SAML platform-dependent. Answer: FALSE Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Moderate 112) As much as possible, identities should be managed by people closest to the situation. Answer: TRUE Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Easy

113) The amount of money companies should spend on identity management can be measured through risk analysis. Answer: TRUE Page Ref: 263 Learning Objective: 5.11 Define full identity management Difficulty: Easy

Corporate Computer Security, 5e (Boyle/Panko) Chapter 6 Firewalls 1) When a firewall examines a packet passing through it, it will drop the packet if it is ________. A) a provable attack packet B) a suspicious packet C) not a provable attack packet D) a stateful packet Answer: A Page Ref: 277 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 2) If a packet received by the firewall is not a provable attack packet, what happens? A) Day and time are logged in a log file. B) It is noted as a suspicious packet in the log file. C) It passes it on to its destination. D) It remains stored in an authentication server. Answer: C Page Ref: 277 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 3) A ________ is made by a firewall. A) NAT/PAT B) unified threat C) pass/deny decision D) log file Answer: C Page Ref: 277 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 4) ________ firewalls filter traffic passing between different parts of a site's network. A) Internal B) Egress C) Border D) Ingress Answer: A Page Ref: 278 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 1 Copyright © 2021 Pearson Education, Inc.

5) ________ firewalls examine traffic entering the network from outside. A) Internal B) Egress C) Border D) Ingress Answer: D Page Ref: 278 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 6) In ________ filtering, the firewall filters packets when they are leaving the network. A) internal B) egress C) border D) ingress Answer: B Page Ref: 278 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 7) If a firewall cannot keep up with traffic volume, it will ________. A) shut down immediately B) continue passing all packets but slow operation C) drop packets it cannot process D) pass any packets it cannot filter Answer: C Page Ref: 279 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 8) ________ firewalls handle traditional firewall processing, antivirus filtering, and spam filtering. A) Unified threat management B) Ingress C) Egress D) Static packet filter Answer: A Page Ref: 279 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate

9) Which of the following is NOT a type of filtering? A) Stateful packet inspection B) Static packet C) Antivirus D) Authentication Answer: D Page Ref: 280 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 10) ________ firewalls handle traditional firewall processing, antivirus filtering, and spam filtering. A) Unified threat management B) Ingress C) Egress D) Static packet filter Answer: A Page Ref: 279 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 11) If a firewall receives a packet that is suspicious, it will drop and log the packet. Answer: FALSE Page Ref: 277 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 12) An internal firewall sits at the boundary between the corporate site and the Internet. Answer: TRUE Page Ref: 278 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 13) The purpose of egress firewall filtering is to stop attack packets from entering the firm's internal network. Answer: FALSE Page Ref: 278 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate

14) A border firewall sits at the boundary between the corporate site and the external Internet. Answer: TRUE Page Ref: 278 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Moderate 15) Wire speed is the maximum speed at which a firewall can filter packets. Answer: FALSE Page Ref: 279 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Easy 16) Almost all main border firewalls use static packet filtering as their primary inspection mechanism. Answer: FALSE Page Ref: 280 Learning Objective: 6.1 Define firewalls in general (basic operation, architecture, and the problem of overload) Difficulty: Easy 17) Static packet filtering firewalls are limited to ________. A) inspecting packets for which there are good application proxy filtering rules B) inspecting packets in isolation from their context C) only inspecting internal transmissions D) only inspecting external transmissions Answer: B Page Ref: 282 Learning Objective: 6.2 Describe how static packet filtering works Difficulty: Moderate 18) Static packet filtering is sometimes used ________. A) on all internal transmission in a company B) as a secondary filtering mechanism C) on all Internet-related communication D) as the primary border firewall filtering technique Answer: B Page Ref: 282 Learning Objective: 6.2 Describe how static packet filtering works Difficulty: Moderate 19) The earliest type of border firewalls used static packet filtering. Answer: TRUE Page Ref: 282 Learning Objective: 6.2 Describe how static packet filtering works Difficulty: Moderate 4 Copyright © 2021 Pearson Education, Inc.

20) A static packet filtering firewall can stop incoming packets with spoofed source IP addresses. Answer: TRUE Page Ref: 283 Learning Objective: 6.2 Describe how static packet filtering works Difficulty: Moderate 21) Static packet filtering has many limitations and is no longer typically used as a primary filtering mechanism. Answer: TRUE Page Ref: 282 Learning Objective: 6.2 Describe how static packet filtering works Difficulty: Moderate 22) Nearly all corporate border firewalls use the ________ filtering method. A) static packet B) stateful packet C) ingress D) egress Answer: B Page Ref: 284 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 23) Which of the following can be described as analogous to a telephone call between two individuals? A) A connection B) Filtering C) A state D) A socket Answer: A Page Ref: 284 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Easy 24) Which of the following can be described as a particular temporal period during a connection? A) A connection B) A default C) A state D) A socket Answer: C Page Ref: 285 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Easy

25) ________ focuses on connections between programs on different hosts. A) SPI B) IPS C) IDS D) ASIC Answer: A Page Ref: 285 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 26) A ________ designates a specific program designated by a port number on a specific computer's IP address. A) socket B) connection C) state D) default Answer: A Page Ref: 286 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 27) ________ uses specific examination methods depending on the state of the connection. A) IPS B) SPI C) IDS D) ASIC Answer: B Page Ref: 285 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 28) What is the SPI firewall rule for packets that do not attempt to open connections? A) Drop the packet unless it is permitted by an ACL. B) Pass the packet unless it is forbidden by an ACL. C) Pass the packet if it is part of a previously approved connection. D) Pass the packet only at the request of the authentication server. Answer: C Page Ref: 288 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate

29) Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt to open connections? A) Permit all attempts from external hosts to open a connection with an internal host. B) Permit all attempts to open a connection from an internal host to an external host. C) Permit all attempts to open a connection from an external host to an internal host. D) Permit all attempts to open a connection among internal servers. Answer: B Page Ref: 288 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 30) Well-known port numbers range from ________. A) 0 to 256 B) 1 to 516 C) 1 to 50 D) 1 to 1023 Answer: D Page Ref: 289 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 31) ________ consist of a series of rules that are exceptions to the default behavior. A) IPS B) SPI C) IDS D) ACLs Answer: D Page Ref: 287 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 32) Which of the following is FALSE about stateful packet inspection firewalls? A) They are relatively fast. B) They are relatively inexpensive. C) They are typically safe. D) They are fairly rare. Answer: D Page Ref: 292 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 33) A connection is a persistent conversation between different programs on different computers. Answer: TRUE Page Ref: 284 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Easy 7 Copyright © 2021 Pearson Education, Inc.

34) Instead of talking about periods or phases, computer scientists use the term "state." Answer: TRUE Page Ref: 285 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 35) A connection designates a specific program designated by a port number on a specific computer's IP address. Answer: FALSE Page Ref: 286 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 36) SPI filtering for packets that are part of ongoing communications is usually simple. Answer: TRUE Page Ref: 285 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 37) SPI firewalls can handle both ICMP and UDP. Answer: TRUE Page Ref: 287 Learning Objective: 6.3 Explain stateful packet inspection (SPI) for main border firewalls Difficulty: Moderate 38) ________ is used in firewalls that use various types of examination methods as a second type of protection. A) NAT B) IPS C) SPI D) IDS Answer: A Page Ref: 292 Learning Objective: 6.4 Describe how network address translation (NAT) works Difficulty: Moderate 39) ________ are able to send attack packets to IP addresses and port numbers. A) Sockets B) Connections C) IDSSs D) Sniffers Answer: D Page Ref: 292 Learning Objective: 6.4 Describe how network address translation (NAT) works Difficulty: Moderate

40) Port numbers ranging from 1024 to 49151 are ________. A) source ports B) registered ports C) ephemeral ports D) TCP ports Answer: B Page Ref: 293 Learning Objective: 6.4 Describe how network address translation (NAT) works Difficulty: Moderate 41) Port numbers ranging from 49151 to 65535 are ________. A) source ports B) registered ports C) ephemeral ports D) TCP ports Answer: C Page Ref: 293 Learning Objective: 6.4 Describe how network address translation (NAT) works Difficulty: Moderate 42) The NAT firewall places only the internal socket in the translation table. Answer: FALSE Page Ref: 293 Learning Objective: 6.4 Describe how network address translation (NAT) works Difficulty: Moderate 43) NAT firewalls translate both network addresses (IP addresses) and port addresses. Answer: TRUE Page Ref: 293 Learning Objective: 6.4 Describe how network address translation (NAT) works Difficulty: Moderate 44) ________ firewalls examine application messages in depth. A) Application proxy B) Unified threat management C) Egress D) Static packet filter Answer: A Page Ref: 294 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Easy

45) If you will proxy four different applications, how many proxy programs will you need? A) 1 B) 2 C) 4 D) 8 Answer: C Page Ref: 294 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Moderate 46) Today, application proxy firewalls are commonly used ________. A) to protect internal clients from malicious external servers B) as main border firewalls C) to protect internal clients from internal servers D) to protect external customers from potentially malicious internal content Answer: A Page Ref: 294 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Moderate 47) Stateful packet inspection firewalls ________. A) always do application content filtering B) have the slow speed of relay operation C) do not have to implement relay operation as application firewalls do D) cannot examine application layer content Answer: C Page Ref: 296 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Moderate 48) ________ can examine outgoing packets from an internal client to the external webserver to detect client misbehavior. A) Protocol fidelity B) The HTTP proxy C) Internal IP address hiding D) Packet streams Answer: B Page Ref: 298 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Moderate

49) Inspection of a URL, scripts, and MIME type are part of ________. A) protocol fidelity B) an HTTP proxy C) internal IP address hiding D) deep packet inspection Answer: B Page Ref: 298 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Moderate 50) Which of the following offer internal IP address hiding and header destruction? A) Application proxy firewalls B) Unified threat management firewalls C) Egress firewalls D) Static packet filter firewalls Answer: A Page Ref: 298 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Moderate 51) Neither static packet filter firewalls nor application proxy firewalls examine application messages. Answer: FALSE Page Ref: 294 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Moderate 52) An application proxy firewall needs a separate application proxy program for each application protocol. Answer: TRUE Page Ref: 294 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Easy 53) SPI application inspection provides the same automatic protections offered by application proxy firewalls. Answer: FALSE Page Ref: 297 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Moderate

54) Protocol fidelity is part of an ingress firewall. Answer: FALSE Page Ref: 298 Learning Objective: 6.5 Explain application proxy firewalls and content filtering in SPI firewalls Difficulty: Easy 55) Intrusion prevention system filtering is considered ________. A) a new type of filtering B) old technology C) one of the most effective and long-used type of filtering D) too expensive and too time-consuming for most businesses Answer: A Page Ref: 299 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate 56) ________ identify suspicious packets that may or may not be parts of attacks. A) IDSs B) Firewalls C) Static packet inspection D) Deep packet inspection Answer: A Page Ref: 299 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate 57) What type of filtering do IDSs do? A) Deep packet inspection B) Application inspection C) SPI filtering D) Static packet inspection Answer: A Page Ref: 301 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate

58) Which of the following is FALSE about IDSs? A) IDSs log all suspicious activity but only create alarms for some suspicious activities. B) IDSs tend to generate far too many false alarms. C) IDSs are highly processing-intensive. D) IDSs use stateful packet inspection. Answer: D Page Ref: 301 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Difficult 59) IPSs use ________. A) SPI filtering B) ingress filtering C) IDS filtering methods D) egress filtering Answer: C Page Ref: 301 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate 60) IDSs tend to issue many false negatives. Answer: FALSE Page Ref: 300 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate 61) IDSs drop packets that are merely suspicious. Answer: TRUE Page Ref: 300 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate 62) IDSs need to filter individual packets rather than packet streams. Answer: FALSE Page Ref: 300 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate

63) Hardware filtering is much faster than software filtering, Answer: TRUE Page Ref: 302 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate 64) Bandwidth limitation for certain types of traffic is less risky than dropping packets. Answer: TRUE Page Ref: 302 Learning Objective: 6.6 Distinguish between intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) Difficulty: Moderate 65) Which of the following is FALSE about antivirus servers? A) They search for worms. B) The only search for viruses. C) They search for Trojan horses. D) They search for spam. Answer: B Page Ref: 303 Learning Objective: 6.7 Describe antivirus filtering Difficulty: Easy 66) What type of filtering do UTM firewalls provide? A) SPI filtering B) Ingress filtering C) Antivirus filtering D) IDS filtering Answer: C Page Ref: 303 Learning Objective: 6.7 Describe antivirus filtering Difficulty: Moderate 67) Firewalls typically have antivirus filtering. Answer: FALSE Page Ref: 302 Learning Objective: 6.7 Describe antivirus filtering Difficulty: Easy 68) Antivirus servers can only find viruses, not other types of malware. Answer: FALSE Page Ref: 303 Learning Objective: 6.7 Describe antivirus filtering Difficulty: Moderate

69) Between a border firewall and the Internet is typically a site's ________. A) border router B) internal firewall C) host firewall D) main border firewall Answer: A Page Ref: 304 Learning Objective: 6.8 Define firewall architectures Difficulty: Moderate 70) A(n) ________ stops simple high volume attacks and ensures that responses to external scanning probes cannot reach an external attacker. A) internal firewall B) screening border router C) host firewall D) main border firewall Answer: B Page Ref: 304 Learning Objective: 6.8 Define firewall architectures Difficulty: Moderate 71) ________ means that a border firewall is connected to multiple subnets. A) DMZ B) Multihomed C) Logging D) Ingress filtering Answer: B Page Ref: 304 Learning Objective: 6.8 Define firewall architectures Difficulty: Easy 72) A(n) ________ is a subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world. A) DMZ B) log C) SPI D) filter Answer: A Page Ref: 304 Learning Objective: 6.8 Define firewall architectures Difficulty: Moderate 73) Both border firewalls and internal firewalls are complex to set up. Answer: TRUE Page Ref: 304 Learning Objective: 6.8 Define firewall architectures Difficulty: Easy 15 Copyright © 2021 Pearson Education, Inc.

74) A DMZ is a subnet. Answer: TRUE Page Ref: 305 Learning Objective: 6.8 Define firewall architectures Difficulty: Easy 75) Multihoming tends to make it easier to develop rules to control access to public-facing hosts and internal hosts. Answer: TRUE Page Ref: 306 Learning Objective: 6.8 Define firewall architectures Difficulty: Moderate 76) DMZs never have more than two kinds of hosts. Answer: FALSE Page Ref: 306 Learning Objective: 6.8 Define firewall architectures Difficulty: Easy 77) ________ are high-level statements to guide firewall implementation. A) Firewall policies B) Connections C) Sockets D) Firewall policy management servers Answer: A Page Ref: 307 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Moderate 78) The ________ field in a firewall policy database describes what firewalls should do with a service. A) action B) track C) firewalls D) service Answer: A Page Ref: 309 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Easy

79) The ________ field in a firewall policy database describes what the firewall should do after taking an action. A) action B) track C) firewalls D) service Answer: B Page Ref: 309 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Easy 80) The ________ field in a firewall policy database can include host names or even groups of IP addresses. A) action B) track C) source D) service Answer: C Page Ref: 309 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Easy 81) ________ is typically considered the most time-consuming part of firewall administration. A) Installing software B) Configuring hardware C) Reading firewall logs D) Creating policies Answer: C Page Ref: 311 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Moderate 82) ICMP echo probes are used in ________. A) IP address scanning B) ingress filtering C) egress filtering D) antivirus filtering Answer: A Page Ref: 313 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Moderate

83) Firewall appliances need little or no hardening before they are installed. Answer: TRUE Page Ref: 307 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Moderate 84) Each firewall policy must be translated into an ACL rule. Answer: TRUE Page Ref: 307 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Moderate 85) Firewall appliances are pre-packaged firewalls. Answer: TRUE Page Ref: 307 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Easy 86) A firewall policy database rarely includes more than six rules. Answer: FALSE Page Ref: 310 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Moderate 87) The best basic strategy of log file reading is to determine what traffic is usual and typical. Answer: FALSE Page Ref: 312 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Moderate 88) Normally, firewalls are configured to only log packets that they drop. Answer: TRUE Page Ref: 314 Learning Objective: 6.9 Describe firewall management (defining policies, implementing policies, reading log files) Difficulty: Moderate

89) Which of the following is NOT a typical way that attackers may avoid firewall filtering? A) Internal attackers B) Compromised internal hosts C) Wireless LAN hackers D) Border firewalls Answer: A Page Ref: 315 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Easy 90) By various accounts, it is estimated that ________ percent of all misbehavior is done by employees working within a site. A) 20 to 35 B) 30 to 50 C) 30 to 70 D) 50 to 90 Answer: C Page Ref: 315 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate 91) ________ is a pattern in the traffic data within an access control list. A) A NAT/PAT B) A UTM C) Anomy detection D) An attack signature Answer: D Page Ref: 316 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate 92) ________ look(s) for specific patterns in the network traffic to identify a threat. A) Attack signatures B) Anomaly detection C) Intrusion detection systems D) UTMs Answer: A Page Ref: 316 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate

93) ________ look(s) for patterns that indicate that some kind of attack is underway. A) Attack signatures B) Anomaly detection C) Intrusion detection systems D) UTMs Answer: B Page Ref: 317 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate 94) A(n) ________ attack is an attack that is made before attack signatures for the threat are defined. A) stealth B) zero-day C) anomaly-based D) vulnerability-based Answer: B Page Ref: 317 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate 95) For firewalls to be effective, there should be several points of connection between a site network and the external environment. Answer: FALSE Page Ref: 315 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate 96) Companies should assume that an increasing number of attacks will reach their internal clients and servers. Answer: TRUE Page Ref: 316 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Easy 97) Antivirus filtering uses signatures to detect viruses, worms, and Trojan horses. Answer: TRUE Page Ref: 316 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Easy 98) One way to address threats for which no signature exists is to use anomaly detection. Answer: TRUE Page Ref: 317 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate 20 Copyright © 2021 Pearson Education, Inc.

99) Signature-based detection is less accurate than anomaly detection. Answer: FALSE Page Ref: 317 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate 100) Anomaly detection tends to generate so many false positives that many firms will not use it. Answer: TRUE Page Ref: 317 Learning Objective: 6.10 Describe some difficult problems associated with firewalls Difficulty: Moderate

Corporate Computer Security, 5e (Boyle/Panko) Chapter 7 Host Hardening 1) Any device with an IP address is a(n) ________. A) client B) host C) server D) MMC Answer: B Page Ref: 327 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Moderate 2) ________ is necessary to protect the host against attacks. A) Vulnerability testing B) Keylogging C) Host hardening D) Auditing Answer: C Page Ref: 327 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Easy 3) Which of the following is NOT an element of host hardening? A) Reading operating system log files B) Encrypting data on the host C) Restricting physical access to the host D) Allowing an unlimited amount of applications on the host Answer: D Page Ref: 328 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Moderate 4) ________ are sets of specific actions to be taken to harden all hosts of a particular type and of particular versions within each type. A) Security baselines B) Processes C) Procedures D) Tree panes Answer: B Page Ref: 328 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Moderate 1 Copyright © 2021 Pearson Education, Inc.

5) ________ allows multiple operating systems to run independently on a single physical machine. A) Keylogging B) Host hardening C) Auditing D) Virtualization Answer: D Page Ref: 330 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Moderate 6) Which of the following is FALSE about virtualization? A) Virtualization provides multiple benefits in host hardening. B) Virtualization increases fault tolerance. C) Virtualization provides for a more secure environment. D) Virtualization typically increases labor costs. Answer: D Page Ref: 331 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Difficult 7) The term host includes servers, clients, as routers. Answer: TRUE Page Ref: 327 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Moderate 8) Restricting physical access to a host and encrypting data, if appropriate, are two protections for hardening a host computer. Answer: TRUE Page Ref: 328 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Moderate 9) A company should not replace default passwords during configuration. Answer: FALSE Page Ref: 328 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Easy

10) A disk image is a full copy of an installation. Answer: TRUE Page Ref: 328 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Easy 11) When you have two operating systems, they each have their own areas of RAM, CPU processing, and hard disk space. Answer: FALSE Page Ref: 330 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Moderate 12) It is often the job of the systems administrator to conduct the hardening effort of the servers in a company. Answer: TRUE Page Ref: 328 Learning Objective: 7.1 Define the elements of host hardening, security baselines and images, and systems administration Difficulty: Moderate 13) Microsoft's most recent server operating system is called ________. A) Windows Server B) Windows Server NT C) MMC D) UNIX Answer: A Page Ref: 333 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 14) Which of the following is FALSE about the Windows Server client version interface? A) It comes with Internet Explorer. B) It comes with File Explorer. C) It has a command-line interface. D) It has a Start menu. Answer: C Page Ref: 334 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate

15) Most administrative tools in Windows Server come in the same general format, known as ________. A) Windows Server NT B) the Microsoft Management Console C) Microsoft Exchange D) Microsoft Windows 10 Answer: B Page Ref: 334 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 16) In MMCs, the tree pane lists ________. A) administrative applications B) actions that can be taken on selected objects C) all applications on the server D) the directory of all users on the server Answer: A Page Ref: 334 Learning Objective: 7.2 Know important server operating systems Difficulty: Difficult 17) ________ can be added or dropped from a tree list. A) Snap-ins B) Administrative tools C) Distributions D) Shells Answer: A Page Ref: 334 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 18) Which of the following is NOT part of the MMC organization? A) An icon bar B) A tree pane C) The sub-objects pane D) A command line Answer: D Page Ref: 334 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate

19) UNIX tends to be interoperable ________. A) through a GUI interface B) at the kernel level C) through an icon bar D) tree level Answer: B Page Ref: 336 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 20) The most popular version of UNIX for PCs is ________. A) Linux B) Windows 10 C) CLI D) GNU Answer: A Page Ref: 333 Learning Objective: 7.2 Know important server operating systems Difficulty: Easy 21) What are KDE, MATE, and GNOME? A) UNIX desktop environments B) Windows 10 desktops C) Linux desktop environments D) UNIX applications Answer: C Page Ref: 337 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 22) UNIX calls command-line interfaces as ________. A) snap-ins B) shells C) distributions D) trees Answer: B Page Ref: 338 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate

23) ________ was one of the first original popular UNIX shells. A) GNOME B) The Bourne Again shell C) The Bourne shell D) Cinnamon Answer: C Page Ref: 338 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 24) In the Windows Server operating system, most management tools are on the Administrative Tools choice on the Start menu. Answer: TRUE Page Ref: 334 Learning Objective: 7.2 Know important server operating systems Difficulty: Easy 25) The MMC is the place for administrative tools in a UNIX system. Answer: FALSE Page Ref: 334 Learning Objective: 7.2 Know important server operating systems Difficulty: Easy 26) UNIX is for large servers and is not available for individual PCs. Answer: FALSE Page Ref: 335 Learning Objective: 7.2 Know important server operating systems Difficulty: Easy 27) Different versions of UNIX have different security management tools. Answer: TRUE Page Ref: 336 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 28) Linux is popular because it is free. Answer: TRUE Page Ref: 337 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 29) Since there are many different distributions of Linux, hardening a Linux system is difficult. Answer: TRUE Page Ref: 337 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 6 Copyright © 2021 Pearson Education, Inc.

30) Since there are many different distributions of Linux, hardening a Linux system is difficult. Answer: TRUE Page Ref: 337 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 31) In a GUI desktop environment, the user types a command and hits Enter. Answer: FALSE Page Ref: 338 Learning Objective: 7.2 Know important server operating systems Difficulty: Moderate 32) A(n) ________ is a security weakness that makes a program vulnerable to attack. A) exploit B) attack vector C) vulnerability D) patch Answer: C Page Ref: 339 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Easy 33) A(n) ________ is a program that takes advantage of a(n) ________. A) vulnerability; exploit B) exploit; vulnerability C) patch; vulnerability D) attack; vulnerability Answer: A Page Ref: 339 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 34) A ________ is defined as an attack that comes before fixes are released. A) brute-force attack B) zero-day attack C) dictionary attack D) rainbow table Answer: B Page Ref: 339 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate

35) Which of the following is NOT a type of fix to a vulnerability in a system? A) A work-around B) A patch C) A service pack D) A snap-in Answer: D Page Ref: 339 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 36) Which of the following is a small program that fixes a particular vulnerability? A) A work-around B) A service pack C) A patch D) A version upgrade Answer: C Page Ref: 339 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 37) Which of the following is considered the least satisfactory as a fix to a vulnerability? A) A work-around B) A service pack C) A patch D) A version upgrade Answer: A Page Ref: 339 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 38) Often the best fix for a vulnerability is considered to be a ________. A) work-around B) patch C) service pack D) version upgrade Answer: D Page Ref: 340 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate

39) ________ can greatly reduce patching costs. A) Manual downloads B) A vulnerability management server C) A patch management server D) A border server Answer: C Page Ref: 343 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Easy 40) WSUS refers to ________. A) Windows Server Update Services B) Windows Security Update Services C) Windows Server Upgrade for Security D) Windows Server Upgrade Services Answer: A Page Ref: 343 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 41) An attack that comes before fixes are released is called a vulnerability attack. Answer: FALSE Page Ref: 339 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 42) A patch is a labor-intensive process of manual steps that a firm must do to address a vulnerability. Answer: FALSE Page Ref: 340 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Easy 43) It generally is a good idea from a security point of view to upgrade to a new version of an operating system. Answer: TRUE Page Ref: 340 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 44) Since Windows Server 2003, servers can be programmed to check for updates automatically. Answer: TRUE Page Ref: 341 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate

45) LINUX commonly uses the RPM method to download patches. Answer: TRUE Page Ref: 341 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 46) Most firms do not bother to prioritize patches because the cost of installing all patches is quite low. Answer: FALSE Page Ref: 341 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 47) WSUS is a Windows server that manages patches. Answer: TRUE Page Ref: 343 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Moderate 48) Installing patches does not carry any risk in terms of computer security. Answer: FALSE Page Ref: 343 Learning Objective: 7.3 Describe vulnerabilities and patches Difficulty: Easy 49) Assigning security measures to a group is better than assigning security measures to individuals within a group because applying security measures to a group ________. A) tends to reduce errors B) eliminates the security risk C) sets the same permissions for all groups D) tends to be more expensive but more efficient Answer: A Page Ref: 343 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Moderate 50) Assigning security measures to a group tends to ________ than assigning security measures to individuals. A) require more labor B) create more confusion among members C) create additional risk D) require less labor time Answer: D Page Ref: 343 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Moderate 10 Copyright © 2021 Pearson Education, Inc.

51) The Local Users and Groups snap-in is available on the ________ MMC. A) Local Permissions B) Computer Management C) Permissions D) Security Answer: B Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Moderate 52) The super user account in Windows is called ________. A) administrator B) the root account C) the hacking root account D) manager Answer: A Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Easy 53) The super user account in UNIX is called ________. A) administrator B) the root account C) the hacking root account D) manager Answer: B Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Easy 54) In Windows Server, the ________ command allows you to switch between administrator and a normal account. A) su B) RunAs C) rpm D) Action Answer: B Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Moderate

55) In UNIX, the ________ command allows you to switch between administrator and a normal account. A) su B) RunAs C) rpm D) Action Answer: A Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Moderate 56) Which of the following commands in Windows Server allows new user accounts to be created? A) Properties B) RunAs C) rpm D) Action Answer: D Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Easy 57) The act of taking over a super user account on any computer is called hacking root. Answer: TRUE Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Moderate 58) Each operating system has a super user account that has total control. Answer: TRUE Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Moderate 59) To minimize dangers, systems administrators should use the super user account as much as possible. Answer: FALSE Page Ref: 344 Learning Objective: 7.4 Explain how to manage users and groups Difficulty: Moderate

60) ________ specify what a user or group can do and not do to files, directories, and subdirectories. A) Assignments B) Patches C) Permissions D) Actions Answer: C Page Ref: 346 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Easy 61) Which of the following is FALSE about inheritance in Windows? A) It is done by default. B) It cannot be disabled. C) A child directory has the exact same permissions as the parent directory. D) An individual's effective permissions are the permissions that are inherited from the parent. Answer: B Page Ref: 347 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Moderate 62) In Windows, ________ means that a directory receives permissions from the parent directory. A) inheritance B) assignments C) assigning D) standard permissions Answer: A Page Ref: 347 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Easy 63) Windows has ________ different permissions that can be assigned to users and groups. A) two B) three C) six D) nine Answer: C Page Ref: 349 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Moderate

64) UNIX has ________ different permissions that can be assigned to users and groups. A) two B) three C) six D) nine Answer: B Page Ref: 349 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Moderate 65) Windows has ________ different specialized permissions to assign. A) 10 B) 12 C) 13 D) 21 Answer: C Page Ref: 349 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Moderate 66) Which of the following is NOT a UNIX permission? A) Read B) Execute C) Write D) Run Answer: D Page Ref: 349 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Moderate 67) Compared with access permissions in UNIX, permissions in Windows are limited. Answer: FALSE Page Ref: 347 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Easy 68) Permissions rwx indicate that a user has read, write, and execute permissions. Answer: TRUE Page Ref: 349 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Moderate 69) The Execute permission allows an account or group to read and write to files. Answer: FALSE Page Ref: 349 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Easy 14 Copyright © 2021 Pearson Education, Inc.

70) The Write permission allows an account or group to make changes. Answer: TRUE Page Ref: 349 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Easy 71) UNIX is generally known to have good security but is inflexible in handling permissions. Answer: TRUE Page Ref: 349 Learning Objective: 7.5 Explain how to manage permissions Difficulty: Moderate 72) Which of the following is NOT one of the basic guidelines to govern password creation? A) Be at least 18 characters long B) Have at least one change of case C) Have at least one digit D) Have at least one non-alphanumeric character Answer: A Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 73) ________ are created when a password is passed from a user to a hashing function. A) Plaintext characters B) Dictionary attacks C) Password hashes D) Hybrid dictionary attacks Answer: C Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 74) ________ is a password-cracking method wherein the attacker compares passwords to lists of common words. A) Brute-force guessing B) A hybrid dictionary attack C) A dictionary attack D) A combinatorial attack Answer: C Page Ref: 351 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate

75) Microsoft Windows 10 uses ________ to create its password hashes. A) DES B) NTLM C) Blowfish D) SHA Answer: B Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 76) Linux system uses all EXCEPT ________ to create its password hashes. A) DES B) NTLM C) Blowfish D) SHA Answer: B Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 77) The ________ registry of Windows stores passwords. A) SAM B) NTLM C) SHA D) DES Answer: A Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 78) ________ is a password-cracking method wherein the attacker tries all possible passwords, starting with single-character passwords. A) Brute-force guessing B) A hybrid dictionary attack C) A dictionary attack D) A combinatorial attack Answer: A Page Ref: 351 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate

79) Which of the following is NOT a cracking method? A) Rainbow tables B) A hybrid dictionary attack C) A dictionary attack D) WSUS Answer: D Page Ref: 351 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Easy 80) A ________ approach to password cracking is to try all possible passwords on all accounts. A) brute-force B) rainbow table C) hybrid dictionary attack D) dictionary attack Answer: A Page Ref: 351 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 81) Complex passwords use ________. A) several types of keyboard characters B) a long combination of numbers C) alternating upper- and lower-case letters D) all letters but in a random combination Answer: D Page Ref: 351 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Easy 82) A keystroke capture program ________. A) steals passwords as a user types them B) steals passwords from a database C) stores all hacked passwords in a plaintext file D) steals passwords from a super user account Answer: A Page Ref: 351 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate

83) A ________ is a list of pre-computed password hashes that are indexed. A) password database B) rainbow table C) hybrid dictionary D) computer dictionary Answer: B Page Ref: 354 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 84) A basic guideline for creating passwords is to be at least 12 characters long. Answer: TRUE Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 85) The password-cracking process is highly manual and time consuming. Answer: FALSE Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Easy 86) Passwords are typically stored as plaintext. Answer: FALSE Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 87) Operating systems have used progressively fewer and fewer secure hash functions. Answer: FALSE Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Easy 88) An attacker has to have root permissions to access a shadow file. Answer: TRUE Page Ref: 350 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 89) The password SeAtTle can be broken by a dictionary attack. Answer: FALSE Page Ref: 351 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate

90) Rainbow tables contain lists of pre-computed password hashes that are indexed to expedite the password cracking process. Answer: TRUE Page Ref: 354 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 91) Physical keyloggers record keystrokes. Answer: TRUE Page Ref: 355 Learning Objective: 7.6 Explain how to create strong passwords Difficulty: Moderate 92) In Windows 10, the ________ category in the Control Panel allows you to set individual security components. A) Users B) System and Security C) Windows Defender D) Windows Firewall Answer: B Page Ref: 357 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 93) Which of the following is NOT a common problem with antivirus protections? A) A virus program contract may expire. B) A user may turn off the antivirus program. C) A user may turn off automatic downloads. D) A user may not be able to access the Windows Security Center. Answer: D Page Ref: 360 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 94) Antivirus protection is considered ________. A) unimportant these days B) less important than in the past C) critical D) too expensive for most individual users Answer: C Page Ref: 357 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Easy

95) ________ is what makes the most sense for security for PCs in corporations. A) Completely automatic operation B) Manual operation C) Primarily manual operation with some automated operations D) Automatic operations except for settings that individuals want to change Answer: A Page Ref: 359 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Easy 96) Audit policies would provide a(n) ________ for system events. A) rainbow table B) log C) audit trail D) audit database Answer: C Page Ref: 361 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 97) Microsoft Windows domain controllers can transmit sets of policies, called ________. A) SAMs B) GPOs C) NTLMs D) SHAs Answer: B Page Ref: 364 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 98) Which of the following is NOT necessarily an advantage provided by GPOs? A) Consistency B) Reduced administrative costs C) Compliance D) Individuality Answer: D Page Ref: 364 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 99) Windows 10 includes a built-in firewall named Windows Defender Firewall. Answer: TRUE Page Ref: 358 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate

100) Antivirus protections may be intentionally turned off a user. Answer: TRUE Page Ref: 360 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 101) It is often considered that the value of data of a lost or stolen notebook is often greater than the hardware. Answer: TRUE Page Ref: 362 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 102) A GPO can lock down a client's desktop so that it cannot be changed. Answer: TRUE Page Ref: 364 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 103) After access is granted to a network, many NACs continue to monitor network PCs. Answer: TRUE Page Ref: 364 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate 104) GPOs are considered somewhat weak and fairly archaic. Answer: FALSE Page Ref: 364 Learning Objective: 7.7 Describe how to test for vulnerabilities Difficulty: Moderate

Corporate Computer Security, 5e (Boyle/Panko) Chapter 8 Application Security 1) When a hacker is able to take over control of a host, nearly or completely, this indicates the hacker has ________. A) super user privileges B) system privileges C) Session Initiation Protocol D) Simple Network Management Protocol Answer: A Page Ref: 375 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 2) Among the most widespread vulnerabilities in application programs are ________ vulnerabilities. A) operating system B) buffer overflow C) root D) PHP Answer: B Page Ref: 376 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 3) Temporary areas in RAM are known as ________. A) stacks B) stack entries C) returns D) buffers Answer: D Page Ref: 376 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 4) If an attacker enters more bytes into an area than it can accommodate, the extra is known as ________. A) stack overflow B) buffer overflow C) overfiltering D) a data buffer Answer: B Page Ref: 376 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate

5) In a stack overflow attack, where does the return address point? A) To the next command in the program being hacked B) To the end of the stack entry's data area C) To the return address entry in the stack entry D) To the beginning of the stack entry's data area Answer: D Page Ref: 376 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 6) Microsoft's web-server software is the ________. A) XSS B) IIS C) IPP D) SQL Answer: B Page Ref: 377 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 7) What is BugTraq? A) A vulnerability tracking service B) A virus C) An application that runs on Windows D) An antivirus program Answer: A Page Ref: 378 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 8) In Microsoft Internet Explorer, the ________ allows users to begin to change their settings. A) Tools menu B) Action menu C) Security tab of the Internet Options dialog box D) Privacy tab of the Internet Options dialog box Answer: A Page Ref: 376 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate

9) For all applications, a basic rule is ________. A) sometimes trust user input B) always trust user input C) never trust user input D) trust user input at all management levels of the organization Answer: C Page Ref: 381 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 10) A danger of website programming is accidentally allowing ________. A) IIS B) IPP C) XSS D) SQL Answer: C Page Ref: 383 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 11) ________ is when one user's input can appear on the page of another user. A) Login screen bypass B) Cross-site scripting C) An SQL query D) SQL injection Answer: B Page Ref: 383 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 12) ________ is an attack that involves sending modified SQL statements to a web application that will, in turn, modify a database. A) Login screen bypass B) Cross-site scripting C) An SQL query D) SQL injection Answer: D Page Ref: 383 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate

13) ________ is a computer language used to access and manage databases. A) C B) IIS C) Ajax D) SQL Answer: D Page Ref: 383 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 14) ________ uses multiple technologies to create dynamic client-side applications. A) Ajax B) C C) IPP D) SQL Answer: A Page Ref: 386 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 15) If a hacker takes over an application program, he or she receives the permissions with which the program runs. Answer: TRUE Page Ref: 376 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Easy 16) Operating system hardening is typically more work than is application hardening. Answer: FALSE Page Ref: 376 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Easy 17) A common type of buffer overflow is the stack overflow. Answer: TRUE Page Ref: 376 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Easy 18) The mechanics of vulnerabilities, exploits, and patches are substantially different for operating systems and applications. Answer: FALSE Page Ref: 377 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate

19) There are some programs that must run with root privileges. Answer: TRUE Page Ref: 380 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 20) It is recommended that cryptographic system protections should not be used between the user and the application. Answer: FALSE Page Ref: 381 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Easy 21) An SQL statement uses the SELECT clause. Answer: TRUE Page Ref: 384 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 22) The dynamic nature of Ajax makes it susceptible to malicious code injection. Answer: TRUE Page Ref: 386 Learning Objective: 8.1 List the main steps in securing applications Difficulty: Moderate 23) In Microsoft Windows, the native webserver program is ________. A) Ajax B) ISS C) C D) IPP Answer: B Page Ref: 388 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 24) In Microsoft Windows, the native webserver program is ________. A) Ajax B) ISS C) C D) IPP Answer: B Page Ref: 388 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate

25) Apache and nginx are the two most widely used webserver programs on ________. A) Windows 10 B) Unix C) Linux D) Linux and Unix Answer: D Page Ref: 388 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 26) An attack in which a user reaches a directory outside of the WWW root directory and its subdirectories is called ________. A) a directory traversal attack B) mobile code C) an SQL injection attack D) cross-site scripting Answer: A Page Ref: 390 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 27) ________ occurs when attackers take over a computer and produce false web pages. A) Directory traversal attack B) Mobile code C) Cross-site scripting D) Website defacement Answer: D Page Ref: 390 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 28) Typing URLs with ________ in them can give access to sensitive directories. A) .. B) \ C) :\\ D) :: Answer: A Page Ref: 391 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate

29) With directory traversal, the path ________ would allow an attacker to download the passwd file in the etc directory (on a Unix computer). A) /passwd B) ../passwd C) ../etc/passwd D) ../root/passwd Answer: C Page Ref: 391 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Difficult 30) What are Nikto, Paros Proxy, and Acunetix? A) Webserver-specific vulnerability assessment tools B) Directory traversal attackers C) Mobile code tools D) Website defacement tools Answer: A Page Ref: 392 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 31) An excessive number of ________ errors may indicate that an attacker is trying to send invalid data to the server. A) 512 B) 500 C) 303 D) 404 Answer: B Page Ref: 393 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 32) Numerous ________ errors indicate that a directory or file was not found. A) 512 B) 500 C) 303 D) 404 Answer: D Page Ref: 393 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate

33) Server-side programs should be created on ________. A) development servers B) testing servers C) production servers D) authentication servers Answer: A Page Ref: 394 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 34) Firms with rigorous deployment policies use all of the following EXCEPT ________ for that purpose. A) development servers B) testing servers C) production servers D) authentication servers Answer: D Page Ref: 394 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 35) After program or application creation, a program is moved to a(n) ________. A) development server B) testing server C) production server D) authentication server Answer: B Page Ref: 394 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 36) Webserver programs often have components that come from different companies. Answer: TRUE Page Ref: 389 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 37) Attackers are rarely able to exploit vulnerabilities in custom programs. Answer: FALSE Page Ref: 390 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate

38) The UNICODE coding system can represent non-English languages. Answer: TRUE Page Ref: 391 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Easy 39) Websites do not typically have the ability to log responses of various error messages. Answer: FALSE Page Ref: 393 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 40) After a program has been fully tested, it should be moved to a production server. Answer: TRUE Page Ref: 394 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 41) An application proxy firewall sits between a webserver and the rest of a network. Answer: TRUE Page Ref: 394 Learning Objective: 8.2 Know how to secure WWW services and e-commerce services Difficulty: Moderate 42) ________ are small programs and are probably the safest because many attack-related actions are disabled. A) Ajaxes B) Java applets C) Cookies D) Stack entries Answer: B Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Easy 43) ________ can be used to track users at a website. A) Stacks B) Stack entries C) Buffers D) Cookies Answer: D Page Ref: 397 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate

44) Which of the following is considered quite powerful and can do almost anything on the client machine? A) JavaScript B) Java C) Active-X D) VBScript Answer: C Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate 45) Compared to full programming languages, scripts ________. A) are more difficult to use than programming languages like Active-X B) are easier to use than full programming languages C) have similar protections to Java D) are more difficult to use than programming languages like Java Answer: B Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate 46) Which of the following was developed by Microsoft and was said to be safe due to cryptographically signed by the developer? A) JavaScript B) Active-X C) Java D) VBScript Answer: B Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate 47) Which of the following is FALSE about cookies? A) Some websites use cookies. B) Antispyware programs cannot identify dangerous cookies. C) They allow a website to track what pages you have visited. D) Cookies can remember your login name and password to websites. Answer: B Page Ref: 397 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Difficult

48) In the Internet Options dialog box, the ________ tab lets you select security settings for general Internet websites. A) Privacy B) Advanced C) Content D) Security Answer: D Page Ref: 399 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Easy 49) In the Internet Options dialog box, the ________ tab lets you control what information is released to websites. A) Privacy B) Advanced C) Content D) Security Answer: A Page Ref: 399 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Easy 50) Under which of the following tabs in the Internet Options dialog box are cookies controlled? A) Privacy B) Advanced C) Content D) Security Answer: A Page Ref: 399 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Easy 51) Java applets are large Java programs. Answer: FALSE Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Easy 52) Users usually must click on malicious links in order to execute them. Answer: TRUE Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate

53) The more popular scripting languages for mobile code are VBScript and JavaScript. Answer: TRUE Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate 54) JavaScript is a scripted form of Java. Answer: FALSE Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate 55) To take advantage of user typing errors, attackers register site names that are similar to those of legitimate domain names. Answer: TRUE Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate 56) Many websites require users to have Active-X turned on. Answer: TRUE Page Ref: 395 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate 57) In Internet Explorer, the Security tab controls the website's pop-up blocker. Answer: FALSE Page Ref: 399 Learning Objective: 8.3 Describe vulnerabilities in web browsers Difficulty: Moderate 58) E-mail filtering can be done at all of the following EXCEPT ________. A) corporate e-mail servers B) e-mail managed service providers C) the user's PC D) an authentication server Answer: D Page Ref: 400 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate

59) What is the problem with image spam? A) It takes up more bandwidth than traditional text spam. B) It isn't detectible. C) It is smaller and less detectible than traditional text spam. D) It consumes less bandwidth and often can get past traditional spam detectors. Answer: A Page Ref: 400 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 60) The prevention of sensitive information from being sent out of a company is called ________. A) extrusion prevention B) unified threat management C) spam filtering D) antivirus filtering Answer: A Page Ref: 401 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 61) ________ is considered unsolicited commercial e-mail. A) A cookie B) A virus C) Spam D) A buffer Answer: C Page Ref: 400 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 62) SSL/TLS provides security ________. A) between an e-mail client and its mail server B) between an authentication email and an e-mail client C) only with suspicious e-mail D) at the level of the PC Answer: A Page Ref: 402 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate

63) Which of the following provides end-to-end e-mail security? A) PKI B) PGP C) ISS D) S/MIME Answer: D Page Ref: 402 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 64) Which of the following uses a PKI? A) PII B) S/MIME C) PGP D) ISS Answer: B Page Ref: 402 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 65) Which of the following uses a circles of trust? A) PKI B) S/MIME C) PGP D) ISS Answer: C Page Ref: 402 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 66) Many firms filter incoming e-mail messages and some filter outgoing messages as well. Answer: TRUE Page Ref: 399 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 67) Companies are responsible for filtering sexually or racially harassing messages and can be sued for not doing so. Answer: TRUE Page Ref: 400 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate

68) Encryption is heavily used in commercial e-mail. Answer: FALSE Page Ref: 400 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 69) PKI uses circles of trust. Answer: FALSE Page Ref: 402 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 70) PGP has had most success in person-to-person communication without corporate control. Answer: TRUE Page Ref: 402 Learning Objective: 8.4 Explain the process of securing e-mail Difficulty: Moderate 71) Which of the following make up for two of UDP's biggest weaknesses? A) IP headers B) UDP headers C) RTP headers D) Circles of trust Answer: C Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 72) VoIP is ________. A) calling someone over a PSTN line B) sending e-mail through the Internet C) calling someone over the Internet D) sending video over the Internet Answer: C Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate

73) When someone speaks, a(n) ________ in the VoIP phone converts the voice into a stream of digital bytes. A) codec B) RTP header C) buffer D) TCP Answer: A Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 74) VoIP voice transmission uses ________ to carry the digital voice data. A) UDP B) codecs C) buffers D) TCP Answer: A Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 75) RTP stands for ________. A) Root Transfer Protocol B) Real Time Protocol C) Real Transfer Protocol D) Real Transport Protocol Answer: B Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 76) Which of the following is a signaling protocol? A) VoIP B) SIP C) UDP D) RTP Answer: B Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate

77) A VoIP caller wishing to contact another sends a SIP INVITE message to ________. A) the receiver's H.323 proxy server B) the caller's H.323 proxy server C) the receiver directly D) the PC soft phone to request a connection Answer: D Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 78) SIP proxy servers are used primarily in ________. A) RTP packets B) signaling transmissions C) transport transmissions D) PSTN Answer: B Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 79) Someone breaks into a corporate VoIP system to place free long-distance and international toll calls. This is referred to by security professionals as ________. A) caller impersonation B) eavesdropping C) toll fraud D) VoIP hacking Answer: C Page Ref: 407 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 80) In VoIP, encryption may ________. A) increase jitter B) reduce throughput C) make traffic unreadable D) increase latency Answer: B Page Ref: 407 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate

81) Spam over IP telephony is called ________. A) RFC B) SPIT C) INVITE D) VPN Answer: B Page Ref: 408 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 82) In VoIP, firewalls are a problem because they tend to ________. A) reduce throughput B) increase jitter C) make traffic unreadable D) increase latency Answer: D Page Ref: 409 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 83) SIP requires port ________ to be open. A) 1719 B) 1720 C) 5060 D) 1112 Answer: C Page Ref: 409 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 84) Signaling is the carriage of voice between two parties. Answer: FALSE Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 85) Transport is the carriage of voice between two parties. Answer: FALSE Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 86) Signaling consists of communication to manage the network. Answer: TRUE Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 18 Copyright © 2021 Pearson Education, Inc.

87) Like the public switched telephone network, VoIP technology is a closed system. Answer: FALSE Page Ref: 405 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 88) VoIP and the PSTN use different codecs. Answer: TRUE Page Ref: 406 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 89) VoIP and the PSTN use different transport technology. Answer: TRUE Page Ref: 406 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 90) DoS attacks against VoIP can be successful even if they increase latency only slightly. Answer: TRUE Page Ref: 406 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 91) SPIT is where the attacker uses the corporate VoIP network to place free calls. Answer: FALSE Page Ref: 408 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 92) SIP identity protocols are common on IP telephones. Answer: TRUE Page Ref: 406 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 93) A goal of VoIP is to provide convergence. Answer: TRUE Page Ref: 410 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate

94) Skype can decrypt and read user traffic. Answer: TRUE Page Ref: 410 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 95) The Skype protocol is relatively easy for corporate firewalls to filter. Answer: FALSE Page Ref: 410 Learning Objective: 8.5 Explain how to secure voice over IP (VoIP) Difficulty: Moderate 96) In IM, ________ servers allow two users to locate each other. A) relay B) presence C) index D) Web Answer: B Page Ref: 411 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate 97) In IM, all messages pass through a(n) ________ server. A) relay B) presence C) index D) Web Answer: A Page Ref: 411 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate 98) To satisfy legal retention and other compliance regulations, companies should use a(n) ________ server in IM. A) relay B) presence C) index D) authentication Answer: A Page Ref: 411 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate

99) Which of the following is NOT a supervisory protocol? A) SNMP B) ARP C) OSPF D) RTP Answer: D Page Ref: 411 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate 100) ________ offers no security at all. A) SNMP V3 B) SNMP V1 C) SNMP V2 D) SNMP V4 Answer: B Page Ref: 412 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate 101) ________ introduced community strings for security, in which a shared secret was used to authenticate messages. A) SNMP V3 B) SNMP V1 C) SNMP V2 D) SNMP V4 Answer: C Page Ref: 412 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate 102) Which version of SNMP allows the manager to have a different shared secret with each agent? A) SNMP V3 B) SNMP V1 C) SNMP V2 D) SNMP V4 Answer: A Page Ref: 412 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate 103) Presence servers allow three or more parties to locate each other. Answer: FALSE Page Ref: 411 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Easy 21 Copyright © 2021 Pearson Education, Inc.

104) Corporate IM systems should use a presence server rather than a relay server. Answer: FALSE Page Ref: 411 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate 105) DNS, DHCP, and LDAP are examples of supervisory protocols in TCP/IP. Answer: TRUE Page Ref: 412 Learning Objective: 8.6 Describe how to secure other user applications Difficulty: Moderate

Corporate Computer Security, 5e (Boyle/Panko) Chapter 9 Data Protection 1) ________ is raw facts; ________ is meaning extracted from the ________. A) Data; information; data B) Information; information; data C) Information; data; information D) Data; information; information Answer: A Page Ref: 422 Learning Objective: 9.1 Explain why it's important to secure data Difficulty: Moderate 2) The full cost of the Target data breach is estimated at ________. A) $560 million B) $890 million C) $2 billion D) $7 billion Answer: D Page Ref: 423 Learning Objective: 9.1 Explain why it's important to secure data Difficulty: Moderate 3) Data is the principal element of any information system. Answer: TRUE Page Ref: 422 Learning Objective: 9.1 Explain why it's important to secure data Difficulty: Easy 4) Another name for information is raw facts. Answer: FALSE Page Ref: 422 Learning Objective: 9.1 Explain why it's important to secure data Difficulty: Easy 5) Using a secure cryptographic system can prevent attacks while data is being transmitted. Answer: TRUE Page Ref: 423 Learning Objective: 9.1 Explain why it's important to secure data Difficulty: Moderate 6) Properly hardened hosts and securely coded applications can help protect data while it is processed. Answer: TRUE Page Ref: 423 Learning Objective: 9.1 Explain why it's important to secure data Difficulty: Moderate 1 Copyright © 2021 Pearson Education, Inc.

7) Attacks on data can happen when it's being stored but not when it's being processed. Answer: FALSE Page Ref: 423 Learning Objective: 9.1 Explain why it's important to secure data Difficulty: Easy 8) ________ refers to ensuring that copies of data files are stored safely and securely and will survive even if data is lost or damaged. A) Information B) Data C) Restoration D) Storage Answer: B Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Easy 9) File/directory data backup copies ________. A) programs B) registry settings C) data D) information Answer: C Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 10) The amount of information on a hard drive that is backed up is referred to as ________. A) image backup B) backup C) backup scope D) file/directory backup Answer: C Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 11) Which of the following is the most common type of backup? A) A file/directory data backup B) An image backup C) Shadowing D) An incremental backup Answer: A Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 2 Copyright © 2021 Pearson Education, Inc.

12) Which of the following is the most common type of backup? A) A file/directory data backup B) An image backup C) Shadowing D) An incremental backup Answer: A Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 13) Which of the following is often known as being completed just one time per week? A) A file/directory data backup B) An image backup C) A full backup D) An incremental backup Answer: C Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 14) Which of the following is known to be backing up when a file is being worked on? A) An incremental backup B) An image backup C) Shadowing D) A file/directory data backup Answer: C Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 15) ______ backups only back up data that has changed since the most recent full backup. A) Incremental B) Delta C) Differential D) File/directory backups Answer: A Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate

16) Which of the following is FALSE about periodic full backups and more frequent incremental backups? A) Incremental backups take less time. B) Restoration is easy for incremental backups. C) Most companies mix full and incremental backups. D) Incremental backups must be careful when restoring. Answer: B Page Ref: 427 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 17) Compared to local backup, centralized backup ________. A) makes it easier to know if backup policies are being followed B) allows for a wide distributed system of backup within a company C) requires that every hard drive have backup capabilities D) requires that all PCs have backup hardware Answer: A Page Ref: 430 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 18) Two computer systems each back up the other in real time in ________. A) mesh backup B) centralized backup C) continuous data protection D) local backup Answer: C Page Ref: 430 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 19) If a company has two servers, ________ is an option for backup in which each site backs up the other site. A) mesh backup B) centralized backup C) continuous data protection D) local backup Answer: C Page Ref: 430 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 20) File/directory backup is slower and takes up more storage space than image backup. Answer: FALSE Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 4 Copyright © 2021 Pearson Education, Inc.

21) File/directory data backup copies data, programs, configurations, and registry settings. Answer: FALSE Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 22) An image backup is one of the fastest methods of backing a hard drive. Answer: FALSE Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Easy 23) With an image backup, even if the entire hard drive is lost, its content can be restored onto the same machine or a different machine. Answer: TRUE Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 24) Most companies conduct full backups on a daily basis. Answer: FALSE Page Ref: 425 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 25) Typically, the shadow storage space is very limited. Answer: TRUE Page Ref: 426 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 26) Several weeks of backups are typically kept of incremental backups. Answer: FALSE Page Ref: 427 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 27) Incremental backups are usually discarded after the next full backup. Answer: TRUE Page Ref: 427 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate

28) With local backup processes, backup policies are easily enforced. Answer: FALSE Page Ref: 430 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 29) CDP is inexpensive to use. Answer: FALSE Page Ref: 430 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 30) Mesh backup is where client PCs in an organization back up each other. Answer: TRUE Page Ref: 430 Learning Objective: 9.2 Describe backup scope and methods Difficulty: Moderate 31) Magnetic tape is ________. A) very fast B) very expensive to use C) able to store vast amounts of data at the lowest cost per bit D) is still very popular due to its speed Answer: C Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 32) ________ refers to storing backed-up data for extended periods of time. A) Archiving B) Disk arraying C) RAID D) CDP Answer: A Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate

33) There is some research that suggests that DVD or Blu-ray storage of longer than ________ may be problematic. A) three months B) one year C) 15 months D) two years Answer: D Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 34) If you have a store media that can hold vast amounts of data, is very slow, and has a low cost, you likely have ________. A) Blu-ray B) DVDs C) magnetic tape D) RAID Answer: C Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 35) Blu-ray disks can hold ________ GB of data. A) 8 B) 12 to 56 C) 50 to 128 D) 85 to 120 Answer: C Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 36) A dual-layer DVD can hold up to about ________ GB of data. A) 4 B) 8 C) 12 D) 64 Answer: B Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate

37) Which of the following is FALSE about configuring multiple hard drives as an array within a single system? A) It is a common method of increasing speed. B) It is a common method of increasing reliability. C) Is can help avoid catastrophic data loss. D) It is a relatively slow backup method. Answer: D Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 38) RAID 0, writing data across multiple disks, is known as ________. A) mirroring B) striping C) CDP D) mesh backup Answer: B Page Ref: 433 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 39) With RAID 1, ________ is achieved. A) mirroring B) striping C) CDP D) redundancy Answer: D Page Ref: 433 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 40) No striping is used in ________. A) RAID 1 B) RAID 0 C) CDP D) RPO Answer: A Page Ref: 433 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate

41) With RAID 5, reliability is provided by ________ A) parity bits B) RPO C) CDP D) redundancy Answer: A Page Ref: 434 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 42) ________ is the time required to recover from a disaster and restore normal operations. A) CDP B) RPO C) RAID 1 D) RAID 0 Answer: B Page Ref: 435 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 43) A ________ configuration shortens a firm's recovery time objective. A) RAID 5 B) RPO C) RAID 1 D) RAID 0 Answer: C Page Ref: 435 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 44) A good way to get both reliability and fast data transfer speeds it to use a(n) ________ configuration. A) RAID 5 B) RPO C) RAID 1 D) RAID 0 Answer: A Page Ref: 435 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate

45) Backup onto another hard drive is a very slow method of backup. Answer: FALSE Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Easy 46) Backing up data to a second hard drive on a computer is more expensive than backup onto to magnetic tape. Answer: TRUE Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 47) Writing data to an array of hard drives has several advantages over writing to a single drive. Answer: TRUE Page Ref: 432 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 48) A RAID 5 configuration can recover from a single-drive failure, but not a multidrive failure. Answer: TRUE Page Ref: 435 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 49) High reliability and fast data transfer rates are easily achieved with RAID 1. Answer: FALSE Page Ref: 434 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Easy 50) A RAID 5 configuration can recover from a single-drive failure, but not a multidrive failure. Answer: TRUE Page Ref: 435 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate

51) Corporations require short RPO. Answer: TRUE Page Ref: 435 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 52) Corporations require short RTOs. Answer: TRUE Page Ref: 435 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 53) Parity bits can be stored on the same disk with their corresponding parts. Answer: FALSE Page Ref: 438 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 54) Parity bits are analogous to the parts used to reconstruct the inventory in a destroyed warehouse. Answer: TRUE Page Ref: 438 Learning Objective: 9.3 Describe the different RAID (redundant array of independent disks) levels Difficulty: Moderate 55) An essential part of backup media policies is to ensure that backup media ________. A) is moved offsite B) stays onsite C) stays on the same local hard drive of which it backed up D) is stored onsite in a safe Answer: A Page Ref: 439 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate

56) Company policies should mandate that all backup media should ________. A) always be stored onside B) be encrypted C) be backed up two additional times D) be backed up one additional time Answer: B Page Ref: 439 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate 57) Checkouts of backup media for restoration ________. A) should not require a written permission so employees can easily have access to the data B) should require written permission of the CEO of the company C) should require written permission of the IT manager D) should require written permission of the manager of the person wishing to access the backup Answer: D Page Ref: 440 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate 58) The coordinated use of online storage and backup for messages is referred to as ________. A) mirroring B) striping C) retention D) redundancy Answer: C Page Ref: 440 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate 59) Courts have consistently ruled that if archives exist, companies under discovery orders must ________. A) use their own money to create programs to sort through the archives B) produce all archived messages at the expense of the state C) produce all archived messages at the expense of the federal government D) be allowed to delete all archived messages Answer: A Page Ref: 441 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate

60) ________ can be used to dredge up messages in which an employee has said something embarrassing or even obviously illegal. A) The archiving process B) Striping C) Retention D) The discovery process Answer: D Page Ref: 44 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate 61) A ________ provides strong access control, including authentication of suitable strength, authorizations, and auditing. A) vault server B) RAID 1 C) registry setting D) CDP Answer: A Page Ref: 444 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate 62) Backup management and good policies begin with an understanding of the current system and future needs. Answer: TRUE Page Ref: 439 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Easy 63) Backup media should be encrypted. Answer: TRUE Page Ref: 439 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate 64) In the long term, backup media should be stored in a locked safe on the company premises. Answer: FALSE Page Ref: 439 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate 65) Retention decisions in most companies is a moot point since it is standard to store incremental and full backups for 10 years. Answer: FALSE Page Ref: 440 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Moderate 13 Copyright © 2021 Pearson Education, Inc.

66) Companies should implement periodic audits to make sure their company is complying with policies. Answer: TRUE Page Ref: 440 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Easy 67) Retaining data can create negative consequences. Answer: TRUE Page Ref: 440 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Easy 68) Training users what not to include in e-mail messages is the most effective method of avoiding problems during the legal discovery process. Answer: TRUE Page Ref: 443 Learning Objective: 9.4 Explain the need for data storage policies Difficulty: Easy 69) ________ is an integrated collection of data. A) Information B) A database C) A vault server D) RAID 5 Answer: B Page Ref: 445 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Easy 70) Which of the following is NOT an accreditation standard? A) HIPAA B) CobiT C) PCI-DSS D) PKI Answer: D Page Ref: 446 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate

71) Relations in a database are commonly called ________. A) entities B) tables C) objects D) attributes Answer: B Page Ref: 446 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 72) ________ are types of objects that represent persons, places, things, or events. A) Entities B) Tables C) Tuples D) Rows Answer: A Page Ref: 446 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 73) A row in a database is also known as a(n) ________. A) entity B) table C) tuple D) object Answer: C Page Ref: 446 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 74) ________ are columns in a database table. A) Entities B) Tables C) Tuples D) Attributes Answer: D Page Ref: 447 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate

75) Which of the following is NOT a DBMS? A) SQL Server B) DBAN C) Oracle D) MySQL Answer: B Page Ref: 449 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 76) ________ are pieces of SQL code that are automatically run when changes are made to a database. A) Triggers B) HSMs C) Data models D) SQL injections Answer: A Page Ref: 451 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 77) ________ can be used to produce automatic responses if data have been altered. A) DDL triggers B) DML triggers C) SQL code D) Mirroring Answer: B Page Ref: 451 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 78) ________ can be used to produce automatic responses if the structure of the database has been altered. A) DDL triggers B) DML triggers C) SQL code D) Mirroring Answer: A Page Ref: 451 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate

79) A simple yet effective way of discouraging attackers from accessing a database is to change the default ________. A) DDL triggers B) listening port C) DML triggers D) SQL code Answer: B Page Ref: 452 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 80) Companies address the risk of losing a security key by using a(n) ________. A) encryption key reset B) DDL trigger C) key escrow D) listening port Answer: C Page Ref: 454 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 81) Most databases are relational databases. Answer: TRUE Page Ref: 446 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 82) It is important that data stored in a database not be cryptographically protected. Answer: FALSE Page Ref: 446 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 83) Applications that access databases must be secured. Answer: TRUE Page Ref: 446 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Easy

84) When performing trend analysis, increasing granularity in queries is desirable. Answer: FALSE Page Ref: 448 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 85) Validation can protect against SQL injection attacks. Answer: TRUE Page Ref: 449 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 86) Sanitation can protect against SQL injection attacks. Answer: TRUE Page Ref: 446 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 87) Encryption is never fully transparent to the PC user. Answer: FALSE Page Ref: 454 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 88) Encryption is desirable, but it makes sharing more difficult. Answer: TRUE Page Ref: 454 Learning Objective: 9.5 Explain database protections including access controls, auditing, and encryption Difficulty: Moderate 89) ________ is an example of PII. A) A database record number B) A data bit C) SQL code D) A social security number Answer: D Page Ref: 455 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate

90) Which of the following is NOT listed by the National Institute of Standards and Technology as PII? A) Address information B) Personal characteristics C) Name D) Database row number Answer: D Page Ref: 456 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 91) ________ obscures data such that it cannot identify a specific person but the data remains useful. A) Data masking B) Watermarking C) A listening port D) Profiling Answer: A Page Ref: 456 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 92) ________ uses statistical methods, algorithms, and mathematics to find patterns in a data set that uniquely identify an individual. A) Data masking B) Profiling C) Triangulation D) Mirroring Answer: B Page Ref: 457 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 93) A ________ is invisible information added to a file that can be used to identify its source. A) data mask B) watermark C) profile D) mirror Answer: A Page Ref: 457 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate

94) To find out who is sending trade secrets out of the firm, you can use a ________. A) data mask B) watermark C) data extrusion management D) DLP manager Answer: B Page Ref: 457 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 95) ________ can filter all incoming and outgoing content including e-mail and instant messaging. A) DLP systems B) Linking attributes C) DBMS systems D) DRM Answer: A Page Ref: 457 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 96) Data destruction is considered ________. A) inevitable B) optional C) frequent D) routine Answer: A Page Ref: 462 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 97) The most common form of deletion in Windows-based systems is ________. A) nominal deletion B) basic file deletion C) wiping D) clearing Answer: A Page Ref: 462 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate

98) ________ happens when, on a Windows system, you empty the Recycle Bin. A) Nominal deletion B) Basic file deletion C) Wiping D) Clearing Answer: B Page Ref: 462 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 99) ________ is logically and physically erasing data so that it is unrecoverable. A) Nominal deletion B) Basic file deletion C) Wiping D) Mirroring Answer: C Page Ref: 462 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 100) DRM restricts what people can do with sensitive material. Answer: TRUE Page Ref: 458 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 101) Typically, DRM is fairly easy to enforce. Answer: FALSE Page Ref: 458 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 102) For most companies, attempts to reduce unauthorized data transfers have proven fairly easy. Answer: FALSE Page Ref: 461 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 103) One of the most often overlooked mechanisms used to reduce data loss is employee training. Answer: TRUE Page Ref: 461 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate

104) Restrictions on removable media should be enforced by relying on user behavior, rather than technological restrictions. Answer: FALSE Page Ref: 461 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 105) Nominal deletion happens when you select a file and then press the delete key. Answer: TRUE Page Ref: 462 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 106) The most common form of deletion in Windows-based systems is nominal deletion. Answer: TRUE Page Ref: 462 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 107) The term sanitizing has lost its distinct meaning as special laboratory methods become ineffective. Answer: TRUE Page Ref: 464 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate 108) For media, the best approach seems to be physical shredding. Answer: TRUE Page Ref: 464 Learning Objective: 9.6 Describe how to prevent data loss, and how to securely delete data Difficulty: Moderate

Corporate Computer Security, 5e (Boyle/Panko) Chapter 10 Incident and Disaster Response 1) According to the Federal Bureau of Investigation, about ________ of concentrated attacks are successful. A) 1 percent B) 5 to 10 percent C) 12 percent D) 22 percent Answer: A Page Ref: 473 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate 2) Of the four category incidents, ________ are considered the least threatening. A) minor incidents B) false alarms C) disasters D) major incidents Answer: B Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Easy 3) Successful attacks are commonly called ________. A) minor incidents B) security incidents C) live tests D) major incidents Answer: B Page Ref: 473 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Easy 4) ________ tend to waste a lot of scarce and costly security time and may dull the true security efforts of the organization. A) Minor incidents B) Disasters C) False alarms D) Major incidents Answer: C Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate

5) A virus infection involving a dozen or so computers is an example of a ________. A) minor incident B) false alarm C) disaster D) major incident Answer: A Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate 6) For a ________, many companies create CSIRTs. A) minor incident B) false alarm C) disaster D) major incident Answer: D Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate 7) Which of the following is beyond the abilities of CSIRTs? A) Minor incidents B) False alarms C) Disasters D) Major incidents Answer: C Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate 8) Which of the following is LEAST likely to be active members of a computer security incident response team? A) IT security professionals B) The legal department C) Public relations D) The accounting department Answer: D Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate

9) ________ is the maintenance of day-to-day revenue-generating operations of a company. A) Business continuity B) CSIRT C) Public relations D) Business management Answer: B Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Easy 10) A walkthrough is also called a ________. A) table-top exercise B) live test C) CSIRT D) false positive Answer: A Page Ref: 476 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate 11) Which of the following about live tests is FALSE? A) Live tests have a team actually take the actions instead of describing what they would do. B) Live tests reveal subtle flaws that walkthroughs cannot. C) Live tests are typically inexpensive. D) Live tests are expensive. Answer: C Page Ref: 476 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate 12) With good planning and protection, a company can eliminate security incidents. Answer: FALSE Page Ref: 473 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Easy 13) In almost all intrusion detection systems, a small minority of suspicious activities turn out to be false positives. Answer: FALSE Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate

14) Minor incidents, in regard to security, are less severe than false alarms. Answer: FALSE Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate 15) Major security incidents are typically too large for on-duty IT staff to handle. Answer: TRUE Page Ref: 474 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Moderate 16) Business continuity plans aim at keeping a business running or getting it back in operation as quickly as possible. Answer: FALSE Page Ref: 476 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Easy 17) Despite time pressures after a security breach, businesses must realize that accuracy is as important as speed. Answer: TRUE Page Ref: 475 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Easy 18) Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests may miss. Answer: TRUE Page Ref: 475 Learning Objective: 10.1 Explain the basics of disaster response Difficulty: Easy 19) ________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery. A) Analysis B) Detection C) Containment D) Disconnection Answer: A Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate

20) ________ is the act of actually stopping an incident's damage. A) Analysis B) Detection C) Containment D) Disconnection Answer: C Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 21) ________ is the act of passing an incident to the CSIRT or business continuity team. A) Escalation B) Detection C) Containment D) Disconnection Answer: A Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 22) Disconnection ________. A) requires incidents to be raised with the CSIRT B) harms legitimate users C) is the most decisive way to do termination D) allows security analysts to understand a situation before effective action can be taken Answer: B Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 23) Dropping all future packets from a particular IP address is called ________. A) IP address spoofing B) containment C) disconnection D) black holing Answer: D Page Ref: 480 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate

24) Which of the following is NOT a priority at the beginning of an incident? A) Detection B) Analysis C) Escalate D) Recovery Answer: D Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 25) Very often, much of the intrusion analysis phase is done by ________. A) discussing issues with all members of the CSIRT B) reading through log files C) discussing issues with the business continuity team D) querying databases Answer: B Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 26) Allowing an attacker to continue working in a system after the attack has been discovered ________. A) may allow the company to collect evidence for prosecution B) poses little risk once the attacker has been discovered C) spreads the risk among various entities of the company D) requires immediate termination within one week Answer: A Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 27) Once an attack is contained, the ________ stage begins. A) analysis B) detection C) black holing D) recovery Answer: D Page Ref: 480 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate

28) If it can be applied, the least-damaging recovery option is ________. A) total reinstallation B) restoration from backup tapes C) repair during continuing server operation D) total software reinstallation Answer: C Page Ref: 480 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 29) Repair during continuing server operation is ________. A) dangerous B) rarely risky C) reliable D) effective Answer: A Page Ref: 480 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 30) ________ eliminates the problem of having to re-baseline a system to proper security levels. A) Using a disk image B) Total software reinstallation C) Using incremental backups D) Allowing continuing server operation Answer: A Page Ref: 481 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 31) Which of the following is NOT one of the three rules for apologies? A) Explain what happened. B) Explain what action will be taken to compensate victims, if any. C) Use wording aimed at reducing lawsuits. D) Acknowledge responsibility and harm. Answer: C Page Ref: 481 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate

32) ________ typically investigate(s) most violations of local and state computer laws. A) The local police B) The FBI C) A federal forensics team D) A state forensics team Answer: A Page Ref: 482 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy 33) ________ deals with interpretations of rights and duties that companies or individuals have relative to each other. A) Criminal law B) Civil law C) Forensics D) Local law Answer: B Page Ref: 485 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy 34) ________ deals with the violation of criminal statutes. A) Criminal law B) Civil law C) Forensics D) Local law Answer: A Page Ref: 485 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy 35) ________ punishments may result in jail time. A) Criminal law B) Civil law C) Forensics D) Local law Answer: A Page Ref: 485 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy

36) ________ initiate legal proceedings in civil cases. A) Defendants B) Prosecutors C) Plaintiffs D) Lawyers Answer: C Page Ref: 485 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 37) A ________ is the area of responsibility within which a government body can make and enforce laws but beyond which they cannot. A) jurisdiction B) district court C) court of appeals D) geographic boundary Answer: A Page Ref: 485 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 38) Which of the following is NOT one of the three court system levels? A) U.S. district courts B) U.S. circuit courts of appeal C) U.S. Supreme Court D) U.S. county courts Answer: D Page Ref: 486 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 39) The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial. A) mens rea B) reasonable doubt C) proof of preponderance of the evidence D) intention Answer: A Page Ref: 486 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate

40) Past judicial precedents constitute ________. A) case law B) criminal law C) federal law D) statutes Answer: A Page Ref: 486 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 41) ________ is law dealing with information technology. A) Section 1030 B) Cyberlaw C) Case law D) U.S. Code Title 18 Answer: B Page Ref: 486 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 42) In the United States, the main federal law regarding hacking is U.S. ________. A) 18 U.S.C. § 1030 B) 18 U.S.C. § 2511 C) 18 U.S.C. § 18 D) 18 U.S.C. § 1020 Answer: A Page Ref: 491 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 43) Which of the following is NOT prohibited by U.S. federal law 18 U.S.C. § 1030? A) Denial-of-service attacks B) Hacking C) Malware D) Spam Answer: D Page Ref: 486 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 44) Detection, analysis, and escalation are the three priorities at the beginning of an incident. Answer: TRUE Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate

45) Once an attack has begun, a company should never allow the attacker to continue. Answer: FALSE Page Ref: 478 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy 46) Black holing is an effective long-term containment solution. Answer: FALSE Page Ref: 480 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 47) Total software reinstallation effectively addresses data loss. Answer: FALSE Page Ref: 480 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 48) It's important for a company to realize that a system needs to be better than before an attack so that the attacker cannot come back in. Answer: TRUE Page Ref: 480 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 49) It is easier to punish employees than to prosecute outside attackers. Answer: TRUE Page Ref: 481 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy 50) Companies should realize that prosecution for possible incidents is a public process. Answer: TRUE Page Ref: 482 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy 51) Forensics evidence is evidence that is acceptable for court proceedings. Answer: TRUE Page Ref: 482 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy

52) In most civil cases, a prosecutor initiates a case against a defendant. Answer: FALSE Page Ref: 485 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 53) The normal standard for deciding a case in criminal trials is a preponderance of the evidence. Answer: FALSE Page Ref: 485 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 54) Mens reas usually is important in criminal trials. Answer: TRUE Page Ref: 486 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Moderate 55) If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial. Answer: TRUE Page Ref: 486 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy 56) International laws about cybercrime are fairly uniform throughout the globe. Answer: FALSE Page Ref: 487 Learning Objective: 10.2 Describe the intrusion response process for major incidents Difficulty: Easy 57) IDS false alarms cause ________. A) companies to ignore IDS alerts B) companies to install multiple IDSs using different methods C) companies to start persecuting perpetrators D) fines for criminals Answer: A Page Ref: 493 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate

58) False alarms in an IDS are known as ________. A) false positives B) false negatives C) minor incidents D) major incidents Answer: A Page Ref: 493 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 59) Which of the following is a function of IDSs? A) Creating logs B) Verifying logs C) Malware detection D) Automated analysis Answer: D Page Ref: 494 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 60) An IDS is a(n) ________ control. A) restorative B) preventative C) detective D) analytical Answer: C Page Ref: 493 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 61) Which of the following is NOT one of the four major functions of an IDS? A) Logging B) Automated analysis C) Administrator actions D) Prevention Answer: D Page Ref: 493 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate

62) Which of the following is FALSE about the logging function of an IDS? A) It logs each activity. B) It time stamps each activity C) It stores activities in a sequential file sorted by time. D) It suggests preventative measures for each activity. Answer: D Page Ref: 494 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 63) A ________ IDS sends data from many devices at a central management console. A) decentralized B) distributed C) centralized D) fragmented Answer: B Page Ref: 495 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 64) The ________ collects event data and stores that data in a log file on the monitoring devices. A) software agent B) software manager C) batch transfer D) real-time transfer Answer: A Page Ref: 495 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 65) The ________ is responsible for integrating the information from the multiple agents that run on multiple monitoring devices. A) software agent B) manager C) batch transfer D) real-time transfer Answer: B Page Ref: 493 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate

66) In ________, each event's data goes to a manager immediately. A) a software agent B) manager-agent communication C) batch transfer D) real-time transfer Answer: D Page Ref: 496 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 67) In ________, the agent waits until it has several minutes or several hours of data and then sends a block of log file data to the manager. A) manager-agent communication B) batch transfer C) a software agent D) real-time transfer Answer: B Page Ref: 493 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 68) ________ capture packets as they travel through a network. A) NIDSs B) Honeypots C) Hot sites D) Data logs Answer: A Page Ref: 497 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 69) ________ are boxes located at various points in a network. A) HIDSs B) Stand-alone NIDSs C) Router NIDSs D) Switch NIDSs Answer: B Page Ref: 497 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate

70) The main attraction of ________ is that they provide highly specific information about what happened on a particular host computer. A) HIDSs B) stand-alone NIDSs C) router NIDSs D) switch NIDSs Answer: A Page Ref: 497 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 71) The process of creating integrated log files is called ________. A) aggregation B) synchronization C) correlation D) analysis Answer: A Page Ref: 499 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 72) The analysis of multi-event patterns is called ________. A) aggregation B) synchronization C) event correlation D) event analysis Answer: C Page Ref: 500 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 73) In an IDS, ________ means that the IDS should report all attacks events and report as few false alarms as possible. A) aggregation B) synchronization C) event correlation D) precision Answer: D Page Ref: 500 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate

74) ________ is the turning off of unnecessary roles and reducing the severity level in alarms generated by other rules. A) Sensitivity B) Synchronization C) Tuning D) Precision Answer: C Page Ref: 500 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 75) A honeypot is a type of ________. A) HIDS B) stand-alone NIDS C) router NIDS D) IDS Answer: D Page Ref: 502 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 76) A(n) ________ is a fake server or entire network segment with multiple clients and servers. A) HIDS B) router NIDS C) IDS D) honeypot Answer: D Page Ref: 502 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 77) An IDS provides query and reporting tools to help administrators analyze the data interactively during and after an incident. Answer: TRUE Page Ref: 493 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate

78) Interactive log file analysis can filter out irrelevant entries. Answer: TRUE Page Ref: 494 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Easy 79) Each monitoring device has a software agent that collects event data. Answer: TRUE Page Ref: 495 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 80) Vendors cannot create new filtering rules for a company. Answer: FALSE Page Ref: 496 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 81) The Network Time Protocol allows a type of synchronization. Answer: TRUE Page Ref: 500 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 82) Companies do not need to update their IDS attack signatures as it is done automatically. Answer: FALSE Page Ref: 500 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 83) IDSs rarely have false negatives. Answer: FALSE Page Ref: 501 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Easy

84) Honeypots are used primarily by researchers studying attacker behavior by recording everything a visitor does or tries to do. Answer: TRUE Page Ref: 503 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 85) Traffic in a honeypot usually indicates an attack. Answer: TRUE Page Ref: 503 Learning Objective: 10.3 Describe the functions and types of intrusion detection systems (IDSs) levels Difficulty: Moderate 86) ________ specify how a company will maintain or restore core business operations after disasters. A) IT disaster recovery plans B) Business continuity plans C) Business process analysis D) IT contingency plans Answer: B Page Ref: 504 Learning Objective: 10.4 Describe business continuity planning Difficulty: Moderate 87) Which of the following is NOT one of the three basic principles that should underlie all thinking about business continuity? A) Reduce capacity in decision making B) Avoid rigidity C) Be creative D) People first Answer: C Page Ref: 505 Learning Objective: 10.4 Describe business continuity planning Difficulty: Moderate 88) Which of the following is considered the first step in creating a business continuity plan? A) Specifying resource needs B) Identifying business processes C) Prioritizing business processes D) Specifying actions and sequences Answer: B Page Ref: 506 Learning Objective: 10.4 Describe business continuity planning Difficulty: Moderate 19 Copyright © 2021 Pearson Education, Inc.

89) Which of the following is NOT considered a step in creating a business continuity plan? A) Specifying resource needs B) Identifying business processes C) Prioritizing business processes D) Creating logs Answer: D Page Ref: 506 Learning Objective: 10.4 Describe business continuity planning Difficulty: Moderate 90) Which of the following is considered the second step in creating a business continuity plan? A) Specifying resource needs B) Identifying business processes C) Prioritizing business processes D) Specifying actions and sequences Answer: C Page Ref: 506 Learning Objective: 10.4 Describe business continuity planning Difficulty: Moderate 91) In a crisis, rigid adherence to plans and processes for recovery is critical. Answer: FALSE Page Ref: 505 Learning Objective: 10.4 Describe business continuity planning Difficulty: Moderate 92) It can be assumed that in a crisis, people's cognitive ability is typically not at its best. Answer: TRUE Page Ref: 505 Learning Objective: 10.4 Describe business continuity planning Difficulty: Easy 93) The first job of planning and event management is to provide for the safety of people. Answer: TRUE Page Ref: 505 Learning Objective: 10.4 Describe business continuity planning Difficulty: Easy 94) In crises, communication within a company is usually enhanced. Answer: FALSE Page Ref: 506 Learning Objective: 10.4 Describe business continuity planning Difficulty: Moderate

95) It is important that a company not update their continuity plans since business conditions often remain static. Answer: FALSE Page Ref: 506 Learning Objective: 10.4 Describe business continuity planning Difficulty: Easy 96) ________ looks specifically at the technical aspects of how a company can get IT back into operation. A) A business continuity plan B) Business management C) An IT disaster recovery D) A live test Answer: C Page Ref: 507 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Easy 97) Which of the following is NOT considered a backup facility? A) A hot site B) A cold site C) Cloud-based hosting D) A CSIRT Answer: D Page Ref: 507 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate 98) A hot site ________. A) is less expensive than a cold site B) is a physical facility with power C) is a physical facility with everything except power D) is an empty room with connections to the outside world Answer: B Page Ref: 508 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Difficult

99) A cold site ________. A) is less expensive than a hot site B) is a physical facility with power C) is a physical facility with everything except power D) is an attractive backup facility in an emergency Answer: A Page Ref: 509 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate 100) Which of the following is the most cost effective in case of a disaster? A) A hot site B) A cold site C) Cloud-based hosting D) A hot and cold site have approximately similar costs. Answer: C Page Ref: 509 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate 101) As a primary start to wide-spread cloud-based hosting, Amazon launched Amazon Web Services in ________. A) 2000 B) 2002 C) 2006 D) 2012 Answer: C Page Ref: 509 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate 102) Which of the following is NOT a factor of cloud-based hosting? A) Lower costs B) Better disaster recovery C) Increased reliability D) Lessened scalability Answer: D Page Ref: 509 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate

103) Disaster recovery looks specifically at the technical aspects of how a company can get IT back into operation using backup facilities. Answer: TRUE Page Ref: 507 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate 104) A backup facility is usually on the same company premises. Answer: FALSE Page Ref: 508 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate 105) HVAC represents heating, ventilation, and air-conditioning. Answer: TRUE Page Ref: 508 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Easy 106) Cold sites offer electrical power and HVAC but are not connected to the outside world. Answer: FALSE Page Ref: 508 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate 107) Hot sites are attractive for a company but they are expensive to keep open. Answer: TRUE Page Ref: 509 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate 108) One important factor in pushing many organizations to cloud-based hosting is the lower cost than many other alternatives. Answer: TRUE Page Ref: 509 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate

109) Most companies using cloud-based hosting have their data backed up once per week. Answer: FALSE Page Ref: 509 Learning Objective: 10.5 Know the IT disaster recovery process and how to respond to security incidents Difficulty: Moderate

Corporate Computer Security, 5e (Boyle/Panko) Module A Networking Concepts 1) ________ is either an internet layer in the TCP/IP architecture or a collection of networks that is not the global Internet. A) A host B) The intranet C) The U.S. Internet D) An access router Answer: B Page Ref: 520 Learning Objective: A.1 Introduction Difficulty: Easy 2) A(n) ________ is a(n) ________. A) bit; byte B) octet; byte C) bit; octet D) byte; bit Answer: B Page Ref: 520 Learning Objective: A.1 Introduction Difficulty: Easy 3) A(n) ________ is any device attached to the global Internet. A) host B) server C) byte D) LAN Answer: A Page Ref: 520 Learning Objective: A.1 Introduction Difficulty: Easy 4) The terms octet and byte mean the same thing. Answer: TRUE Page Ref: 520 Learning Objective: A.1 Introduction Difficulty: Moderate 5) A server, a client PC, or a PDA can be referred to as a host. Answer: TRUE Page Ref: 520 Learning Objective: A.1 Introduction Difficulty: Moderate

6) What is the typical size of an access router? A) About the size of a hardback book B) About the size of a pack of cards C) Approximately the size of a laptop computer D) Approximately the size of three or four hardback books Answer: A Page Ref: 521 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 7) In a home network, a message sent by a PC is called a ________. A) server B) byte C) frame D) router Answer: C Page Ref: 521 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 8) In a typical home network, an access router connects the home network to ________. A) an intranet B) the Internet C) a LAN D) a WAN Answer: B Page Ref: 521 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 9) For a host on a home network to use the Internet, each host needs a(n) ________. A) switch B) NAT C) IP address D) DHCP Answer: C Page Ref: 521 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate

10) Which of the follow is FALSE about access routers? A) They all have an SPI firewall. B) They provide network address translation. C) They connect a network to another network. D) They have a DHCP server. Answer: A Page Ref: 521 Learning Objective: A.2 A Sampling of Networks Difficulty: Difficult 11) UTP is a ________. A) type of router B) network interface card C) type of wiring D) type of translation Answer: C Page Ref: 522 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 12) Which of the following is a type of twisted pair wiring? A) STP B) NAT C) IP D) DHCP Answer: A Page Ref: 523 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 13) A network that runs on a customer's premises is a(n) ________. A) WAN B) LAN C) host D) IETF Answer: B Page Ref: 52 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate

14) In a home network, ________ are used to connect computers to the network. A) core switches B) workgroup switches C) carriers D) PSDNs Answer: B Page Ref: 524 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 15) Companies use carriers for WAN transmission because ________. A) companies lack rights of way B) they are less expensive than a LAN C) companies can then employ fewer computer security personnel D) it is not legal to have carriers of their own Answer: A Page Ref: 524 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 16) A ________ connects switches to other switches. A) PSDN B) core switch C) workgroup switch D) carrier Answer: B Page Ref: 524 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 17) The organization that funded the creation of the Internet is ________. A) DARPA B) ISO C) ITU-T D) IETF Answer: A Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate

18) DARPA created ________. A) home networks B) the Internet C) intranets D) WANS Answer: B Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 19) Initially, only ________ could connect to the Internet. A) large corporations B) noncommercial networks C) commercial networks D) K-12 schools Answer: B Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 20) Messages that travel within a single network are called ________. A) packets B) switches C) frames D) core switches Answer: C Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 21) Messages that travel all the way from one computer to another across the Internet are called ________. A) packets B) switches C) frames D) core switches Answer: A Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate

22) An internal TCP/IP internet for a company's own communication is known as a(n) ________. A) Internet B) ISP C) intranet D) LAN Answer: C Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 23) Internet service providers connect at centers that are usually called ________. A) NAPs B) PSDNs C) switches D) LANs Answer: A Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 24) Networking circuitry is usually a component that you can choose to add to your circuit board in most PCs. Answer: FALSE Page Ref: 522 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 25) A home network needs an Internet access line to connect to the Internet. Answer: TRUE Page Ref: 523 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 26) Intercepting wireless LAN transmissions is difficult. Answer: FALSE Page Ref: 523 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 27) UTP wiring is much more expensive than is STP wiring. Answer: FALSE Page Ref: 522 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate

28) A home network must have an Internet access line in order to connect to the Internet. Answer: TRUE Page Ref: 522 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 29) Packets are carried inside frames. Answer: TRUE Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 30) The Internet uses transmission standards that are known as the TCP/IP standards. Answer: TRUE Page Ref: 526 Learning Objective: A.2 A Sampling of Networks Difficulty: Moderate 31) There is no central point of control over the Internet's operation. Answer: TRUE Page Ref: 521 Learning Objective: A.2 A Sampling of Networks Difficulty: Easy 32) Security that results from the inherent operation of a standard is called ________. A) incidental security B) defective implementation C) transmission security D) IPsec security Answer: A Page Ref: 529 Learning Objective: A.3 Network Protocols and Vulnerabilities Difficulty: Moderate 33) ________ is the main protocol for delivering packets over the Internet. A) ISP B) IPsec C) IP D) NAP Answer: C Page Ref: 529 Learning Objective: A.3 Network Protocols and Vulnerabilities Difficulty: Moderate

34) ________ was created to address the fact that IP originally had no security. A) ISP B) IPsec C) DHCP D) NAP Answer: B Page Ref: 529 Learning Objective: A.3 Network Protocols and Vulnerabilities Difficulty: Moderate 35) The TCP standard is difficult to attack because an attacker cannot send a false TCP message unless he or she can guess the sequence number of the next message. Answer: TRUE Page Ref: 528 Learning Objective: A.3 Network Protocols and Vulnerabilities Difficulty: Moderate 36) All computer standards were initially created with security. Answer: FALSE Page Ref: 529 Learning Objective: A.3 Network Protocols and Vulnerabilities Difficulty: Moderate 37) IP was originally created with advanced security. Answer: FALSE Page Ref: 529 Learning Objective: A.3 Network Protocols and Vulnerabilities Difficulty: Moderate 38) IPsec is burdensome and not widely used. Answer: TRUE Page Ref: 529 Learning Objective: A.3 Network Protocols and Vulnerabilities Difficulty: Moderate 39) When security is added to a standard, it usually is added only to later versions of the standard. Answer: TRUE Page Ref: 529 Learning Objective: A.3 Network Protocols and Vulnerabilities Difficulty: Moderate

40) Which of the following is NOT a core layer? A) Applications B) Internet C) Single-network D) Transport Answer: D Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Moderate 41) Which of the following is the highest core layer? A) Applications B) Internet C) Single-network D) Transport Answer: A Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Moderate 42) Which of the following is the middle core layer? A) Applications B) Internet C) Single-network D) Transport Answer: B Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Moderate 43) Standards at the ________ govern how packets are delivered across an internet. A) internet core layer B) single-network layer C) transport layer D) applications layer Answer: A Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Moderate

44) Single-network core standards are for message delivery through ________. A) a LAN or WAN B) twisted pair wires C) PSDNs D) public switches data networks Answer: A Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Moderate 45) At what core layer do you find WAN standards? A) Single-network layer B) Transport layer C) Internet core layer D) Applications layer Answer: D Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Moderate 46) Computer standards are complex. Answer: TRUE Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Easy 47) The lowest core layer is the internet core layer. Answer: FALSE Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Moderate 48) Standards are divided into five core layers. Answer: FALSE Page Ref: 529 Learning Objective: A.4 Core Layers in Layered Standards Difficulty: Moderate 49) Which of the following creates Internet standards? A) ISO B) DARPA C) TCP D) IETF Answer: D Page Ref: 530 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 10 Copyright © 2021 Pearson Education, Inc.

50) The name of the Internet standards architecture is ________. A) OSI B) TCP/IP C) IPsec D) ISO Answer: B Page Ref: 530 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 51) TCP/IP has ________ layers. A) 1 B) 2 C) 4 D) 7 Answer: C Page Ref: 530 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 52) The bottom layer of the TCP/IP standard is the ________. A) subnet access layer B) single-network core layer C) application layer D) transport layer Answer: A Page Ref: 530 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 53) How many layers does the OSI architecture have? A) 3 B) 5 C) 7 D) 11 Answer: C Page Ref: 531 Learning Objective: A.5 Standards Architectures Difficulty: Moderate

54) ________ is a standards architecture. A) ISO B) OSI C) ITU-T D) IETF Answer: B Page Ref: 531 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 55) Which of the following is an OSI standards agency? A) ITU-T B) IETF C) DARPA D) OSI Answer: A Page Ref: 531 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 56) The ________ is roughly the same in OSI and TCP/IP. A) subnet access layer B) single-network core layer C) application layer D) transport layer Answer: D Page Ref: 531 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 57) Most firms use the ________. A) hybrid TCP/IP-OSI standards architecture B) OSI application standards C) UTP links D) optical fiber Answer: A Page Ref: 531 Learning Objective: A.5 Standards Architectures Difficulty: Moderate

58) The ________ layer in the hybrid TCP/IP-OSI architecture comes from OSI. A) transport B) physical C) applications D) subnet Answer: B Page Ref: 531 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 59) The IETF is the standards agency for the Internet. Answer: TRUE Page Ref: 530 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 60) IETF documents are publicly available at no charge to the public. Answer: TRUE Page Ref: 530 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 61) OSI divides three core layers into a total of seven layers. Answer: TRUE Page Ref: 531 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 62) Hybrid architecture uses TCP/IP standards at the physical and data link layers and OSI standards at the internet and transport layers. Answer: FALSE Page Ref: 531 Learning Objective: A.5 Standards Architectures Difficulty: Moderate 63) The path that a frame takes through a single network is called a ________. A) physical link B) data link C) packet D) switch Answer: B Page Ref: 532 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate

64) A computer connects to the nearest switch via a ________. A) physical link B) data link C) packet D) transport layer Answer: A Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate 65) A popular transmission medium for longer distances is ________. A) TCP/IP B) twisted pair C) UTP D) optical fiber Answer: D Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate 66) ________ uses radio waves. A) Wireless B) TCP/IP C) Optical fiber D) UTP Answer: A Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate 67) In ________, signals can be read without tapping the cord. A) Wireless B) TCP/IP C) Optical fiber D) UTP Answer: D Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate

68) Spread-spectrum transmission is used in wireless LANs ________. A) for security B) to increase transmission speed C) to improve propagation reliability D) for cost savings Answer: C Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate 69) The ________ LAN standard is designed to limit switch-to-switch communication to authenticated switches. A) 802.1AE B) 802.1X C) TCP/IP D) IPsec Answer: A Page Ref: 534 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate 70) Radio signaling is considered very complex. Answer: TRUE Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate 71) In fiber optic transmission, signals have three different states, 0, 1, and 2. Answer: FALSE Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate 72) Ethernet dominates LAN standards. Answer: TRUE Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate 73) Spread-spectrum transmission in wireless LANs provides security. Answer: FALSE Page Ref: 533 Learning Objective: A.6 Single-Network Standards Difficulty: Moderate

74) The IETF divided the internetworking core layer into two layers—________. A) the internet and transport layers B) the subnet access and transport layers C) the single-network core and transport layers D) the application and internet layers Answer: D Page Ref: 534 Learning Objective: A.7 Internetworking Standards Difficulty: Moderate 75) The main standard at the internet layer is the Internet Protocol. Answer: TRUE Page Ref: 534 Learning Objective: A.7 Internetworking Standards Difficulty: Moderate 76) An IP header normally is shown by drawing several rows, with ________ in each row. A) 32 bytes B) 64 bits C) 32 bits D) 8 bytes Answer: C Page Ref: 535 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate 77) An IP header is divided into smaller units called ________. A) fields B) bytes C) packets D) switches Answer: A Page Ref: 536 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate 78) The ________ field has a value ________. A) of 0 or 1 B) between 0 and 2 C) between 0 and 56 D) between 0 and 255 Answer: D Page Ref: 536 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate

79) The ________ field in a packet ensures that misaddressed packets will not circulate endlessly. A) TTL B) header checksum C) data D) protocol Answer: B Page Ref: 537 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate 80) A value of 1 in the ________ field indicates that the data field contains an ICMP message. A) TTL B) header checksum C) data D) protocol Answer: D Page Ref: 536 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate 81) The ________ field allows the receiver to find errors. A) TTL B) header checksum C) data D) protocol Answer: B Page Ref: 536 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate 82) A packet is a long stream of 1s and 0s. Answer: TRUE Page Ref: 535 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate 83) IP fragmentation is common. Answer: FALSE Page Ref: 536 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate

84) A subnet can only have one host. Answer: FALSE Page Ref: 538 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate 85) IP was created in the early 1980s. Answer: TRUE Page Ref: 536 Learning Objective: A.8 The Internet Protocol Difficulty: Moderate 86) TCP messages are called ________. A) segments B) packers C) datagrams D) frames Answer: A Page Ref: 540 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 87) A TCP session opening ends with a(n) ________ message. A) SYN B) FIN C) ACK D) IP Answer: C Page Ref: 540 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 88) In TCP, ending a conversation normally takes ________. A) two messages B) three messages C) four messages D) six messages Answer: C Page Ref: 542 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate

89) What does a reliable protocol do? A) Detects every second error in a system B) Detects and corrects errors C) Only corrects errors, another node detects the errors D) Detects user error and correct many of them Answer: B Page Ref: 542 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 90) A one-bit field is called a ________ field. A) binary B) singlet C) flag D) TCP Answer: C Page Ref: 542 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 91) If a flag field is not set, that means its value is ________. A) 0 B) 1 C) 56 D) 256 Answer: A Page Ref: 542 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 92) The TCP ________ field is designed to control the other party's transmission rate. A) flow B) window C) segment D) maximum Answer: B Page Ref: 544 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate

93) ________ is a well-known port number for web-server programs. A) TCP Port 80 B) TCP Port 25 C) TCP Port 21 D) TCP Port 1023 Answer: A Page Ref: 545 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 94) ________ uses options extensively. A) IPsec B) A LAN C) TCP D) A WAN Answer: C Page Ref: 545 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 95) An unreliable protocol does not detect and correct errors. Answer: TRUE Page Ref: 542 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 96) TCP is considered a reliable protocol. Answer: TRUE Page Ref: 542 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate 97) To do TCP session hijacking, the attacker has to be able to predict the sequence number of the TCP segment currently being sent. Answer: FALSE Page Ref: 542 Learning Objective: A.9 The Transmission Control Protocol Difficulty: Moderate

98) ________ place a relatively small traffic load on a network. A) TCP B) IP C) UDP D) NAT Answer: C Page Ref: 547 Learning Objective: A.10 The User Datagram Protocol Difficulty: Moderate 99) TCP/IP's internet layer supervisory protocol is ________. A) ICMP B) DHCP C) DNS D) IP Answer: A Page Ref: 547 Learning Objective: A.10 The User Datagram Protocol Difficulty: Moderate 100) UDP is a good protocol for applications that need reliability. Answer: FALSE Page Ref: 547 Learning Objective: A.10 The User Datagram Protocol Difficulty: Moderate 101) ICMP messages are delivered in the data fields of ________. A) frames B) supervisory frames C) IP packets D) IPv4s Answer: C Page Ref: 548 Learning Objective: A.11 TCP/IP Supervisory Standards Difficulty: Moderate 102) An organization with a ________ domain name must maintain one or more DNS servers. A) fourth-level B) third-level C) second-level D) top-level Answer: C Page Ref: 550 Learning Objective: A.11 TCP/IP Supervisory Standards Difficulty: Moderate

103) DNS servers for ________ domains can include .com, .edu, and .CA. A) fourth-level B) third-level C) second-level D) top-level Answer: D Page Ref: 550 Learning Objective: A.11 TCP/IP Supervisory Standards Difficulty: Moderate 104) RIP, OSPF, and BGP are ________. A) static IP addresses B) dynamic host configuration protocols C) supervisory protocols D) dynamic routing protocols Answer: D Page Ref: 551 Learning Objective: A.11 TCP/IP Supervisory Standards Difficulty: Moderate 105) Many ICMP messages are error messages. Answer: TRUE Page Ref: 548 Learning Objective: A.11 TCP/IP Supervisory Standards Difficulty: Moderate 106) The best-know ICMP message types are the ICMP echo and echo reply messages. Answer: TRUE Page Ref: 548 Learning Objective: A.11 TCP/IP Supervisory Standards Difficulty: Moderate 107) Server hosts are given dynamic IP addresses. Answer: FALSE Page Ref: 550 Learning Objective: A.11 TCP/IP Supervisory Standards Difficulty: Moderate 108) In DNS cache poisoning, an attacker replaces the IP address of a host name with another IP address. Answer: TRUE Page Ref: 550 Learning Objective: A.11 TCP/IP Supervisory Standards Difficulty: Moderate

109) Which of the following is NOT a popular transfer standard for e-mail? A) POP B) IMAP C) SMTP D) DHCP Answer: D Page Ref: 554 Learning Objective: A.12 Application Standards Difficulty: Moderate 110) The ________ standard can be used in place of both FTP and Telnet while providing high security. A) SSH B) HTTP C) HTML D) DHCP Answer: A Page Ref: 554 Learning Objective: A.12 Application Standards Difficulty: Moderate 111) Most applications share the same application layer standard. Answer: FALSE Page Ref: 554 Learning Objective: A.12 Application Standards Difficulty: Moderate