IT-276 Security +

Mid Term Exam FALL 2010 pg. 1

Name:__Chuck Little______________ Date__________________ Questions 1-50 1pt each, total 50 Questions 51-60 5 points each, total 50 Exam total = 100. 1. What Is Rule #1? Dont be Stupid 2. What type of attack takes advantage of vulnerabilities that have not been previously revealed a. Undiscovered b. Zero day c. Loop back d. Glamour 3. After an attacker probes a computer or network for information, the next attack step is to: a. Penetrate any defenses b. Modify Security Settings c. Circulate to other systems d. Install a Root-Kit 4. ___________ is not revealing the type of computer, operating system, software, and network connections: a. Hacking b. Limiting c. Cyber Queryint d. Diversity 5. What term is used to generically describe anyone who illegally breaks into a computer system? a. Scoundrel b. Hacker c. Limiter d. Rogue 6. What is a general software security update intended to cover vulnerabilities that have been discovered? a. Service Pack b. Patch c. Hotfix d. Bit Recycler

IT-276 Security +

Mid Term Exam FALL 2010 pg. 2

7. A cookie that was not created on the Web site that attempts to access

8. A ____________ is a list of pre-approved e-mail addresses that the user will accept mail from.

it is a: a. First-party cookie b. Second-party cookie c. Third-party cookie d. Tertiary Cookie

a. White List b. Black List c. Client Account Access (CAA) d. POP3 forwarding list 9. Another name for a packet filter is: a. Switch b. Firewall c. Router d. Proxy 10. A _______ is a cumulative package of all security updates plus additional features. a. Service Pack b. Patch c. Hotfix d. Bit Recycler 11. A program that pretends to clean up a hard drive but actually performs a malicious activity is a: a. Virus b. Trojan Horse c. Root kit d. SPAM 12. A program that secretly attaches itself to a carrier (such as a document or a program) and then executes when that document is opened or the program is launched is a: a. Virus b. Trojan Horse c. Root kit d. SPAM 13. The first action a virus takes, once it infects a computer is to: a. Close all ports b. Format the hard disk c. Replicate itselv d. Authenticate to the system

IT-276 Security +

Mid Term Exam FALL 2010 pg. 3

14. The ability to move a Virtual Machine (VM) from one physical computer to another is: a. Live Migration b. Portable Replication c. Hot segmentation d. Heterogeneity 15. _SPYWARE__p51___ is the generic term used to describe software that violates a users privacy. a. Popups b. Active-X c. Adware d. Second-party Cookies 16. A firewall using ___________ is the most secure type of firewall. a. Asynchronous synthesis b. Anomaly recognition c. Stateful packet filtering d. Two-State Encryption 17. A ___________ intercepts internal user requests and processes that request on behalf of the user a. Proxy Server b. Content filter c. Reverse Proxy d. SPAM detector 18. A device that routes incoming requests to the correct server is a: a. Proxy Server b. Content filter c. Reverse Proxy d. SPAM detector 19. Subnetting is also called a. Network Reallocation b. Subnet addressing c. IP preservation d. Address Resolution Protocol (ARP) 20. Network Address Translation(NAT): a. Makes IP and MAC addresses interchangeable b. Removes private addresses when the packet leaves the network c. Translates network addresses to non-english alphabets d. Encrypts IP addresses for security 21. An attack that consumes network resources so that the device(s) can not respond to legitimate requests is a: a. ARP Spoofing Attack b. Denial of Service (DoS) c. Device Overflow d. Network disabler

IT-276 Security +

Mid Term Exam FALL 2010 pg. 4

22. _____ is used for Ethernet local area networks to resolve Internet Protocol Addresses (IP to MAC) a. ARP b. SMTP c. P2P d. FTP 23. What technique is used by wireless access points to send out information about their presence and configuration settings? a. Interrogation/Acknowledge (INT/ACK) b. Beaconing c. Broadcasting d. Location Frame Stamping (LFS) 24. A man-in-the-middle attack ________________________ a. Intercepts legitimate communications and forges a fictitious response b. Can be defeated by using Secure-TCP/IP c. Is only found on a wireless 802.11-n network d. Is fictitious 25. In a(n) _____________ attack, the attacker overflows a switchs address table with fake media access control (MAC) addresses and makes the switch act like a hub, sending packets to all devices. a. Switch flooding b. MAC-ARP impersonation c. Address Domain Resolution (ADR) d. Address Reverse Sequencing Protocol (ARSP) Acronyms and Terms: Call Out the following PC-Related Acronyms List what they stand for: Acronym Call-Out 26. AD Active Directory 27. ARP Address Resolution Protocol 28. ASLR Address Space Layout Randomization 29. BIND Berkeley Internet Name Domain 30. BIOS Basic Input Output System 31. DDoS Distributed Denial of Service 32. DNS Domain Name Service 33. DoS Denial of Service 34. HIPAA Health Insurance Portability and Accountability Act 35. HIPS Host Intrusion Prevention Systems 36. IRC Internet Relay Chat 37. MBR Master Boot Record 38. NAC Network Access Card 39. NAT Network Address Translation 40. NIPS Network Intrusion Prevention System

IT-276 Security + Acronym 41. NIPS 42. P2P 43. POP/POP3 44. SMTP 45. SNMP 46. SPOF 47. SQL 48. VLAN 49. VoIP 50. XSS

Mid Term Exam FALL 2010 pg. 5 Call-Out Network Intrusion Prevention System Peer-to-Peer Network Post Office Protocol Simple Mail Transfer Protocol Simple Network Management Protocol Structured Query Language Virtual Local Area Network Voice Over Internet Protocol Cross Site Scripting

Discussion questions 10 points each (x5=50) Answer 5 of the 10 questions (51-60)!! 51.What is the security triad? Give a definition of each term.

__________________________ __________________________ __________________________

52.Discuss Layering/Defense in Depth. What is it? Why is it important? What are its strengths? Layering is no more than having multiple means of defense to protect something in the case of an attack. Multiple barriers are put in place to either hinder or completely stop an intruder in the case of an attack. Having Layering as a defense is important so that information, goods or money can become protected and maintain that protection. The obvious strengths are the built in redundancy because of its multiple layers. Due to its structure, layered security is among the best designs of security to have.

53.In class weve discussed both homogenous and heterogeneous network environments. What are they? List some strengths and weaknesses of each.

54.Name two of the advantages of NATting and discuss benefits.

IT-276 Security +

Mid Term Exam FALL 2010 pg. 6

55.Discuss three reasons that passwords are the weakest security measure available. Password strength and security should not be put in second place due to a weak memory. There are multiple reasons why passwords are the weak link in security. First, some people use personal information as passwords. For example, the use of birth dates, pet names, and spouse names are all items that can be figured out through general conversation. Second, writing passwords down and then hiding them. This is a pet peeve of mine. Obviously, if you write a password down anyone that finds it then has it. If a person cant remember the password, what are the chances that they may forget where they put the note they wrote it down on in the first place. Finally, short passwords are not the way to go. There is less security due to the number of characters as well as they are easier to break than longer more complicated passwords that use special characters.

56.What is a logic bomb? Describe a hypothetical logic bomb and how it would work. A logic bomb is a malicious unused program on a computer system. The logic bomb will only activate based upon some sort of preset trigger. A hypothetical logic bomb would be, a student planting a malicious program on a school computer. This program is set up to travel to each server and corrupt grades and GPAs. This would only be triggered if the student did not receive an A in his security plus class.

57.What is Identity Theft? What types of privacy information are required to steal an identity? Identity Theft is using someone elses information as your own to establish credit, banking or incurs debt with the intention of then never paying it back. In doing so, it is then left up to the true individual to pay for the problem themself. By gathering social security numbers, birth dates, account numbers addresses for home and employers, one can go far in establishing the theft of someone elses identity.

58.What is a configuration baseline, and what security advantages does it offer the organization?

59.Briefly describe a De-Militarized Zone (DMZ) and how it offers protection to the network.

IT-276 Security +

Mid Term Exam FALL 2010 pg. 7

60.What does a content filter do? Content filters block or restrict a PC from going out to a specific IP address or receiving correspondence from that same IP address. With this said, they can be put in place to affect multiple addresses not just any one particular. They can be set to restrict employees from accessing personal networking sites such as Facebook, Skype, My-Space and so on. They could even be used to block email service like Yahoo, AOL, Hot Mail and the like.