Network Security Midterm Exam with answers., Exams of Advanced Education

Network Security Midterm Exam with answers.

Typology: Exams

2025/2026

Available from 05/22/2026

Allen_Nelson
Allen_Nelson 🇺🇸

5.6K documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 | P a g e
Network Security Midterm Exam with answers.
Cybersecurity attacks from state-sponsored actors are increasing at an
alarming rate. Which of the following would not be an objective of state
sponsored attacks? - ANSWERto sell vulnerabilities to the highest bidder
An organization that purchased security products from different vendors is
demonstrating which security principle? - ANSWERdiversity
___________ ensures that only authorized parties can view certain
information. - ANSWERConfidentiality
Which of the following is not a reason why it is difficult to defend against
today's hackers? - ANSWERgreater sophistication of defense tools
Which act requires banks and financial institutions to alert their customers of
their policies and practices in disclosing customer information? -
ANSWERGramm-Leach-Bliley Act (GLBA)
A series of instructions that can be grouped together as a single command
and are often used to automate a complex set of tasks or a repeated series of
tasks are known as: - ANSWERA macro
What type of malware consists of a set of software tools used by an attacker
to hide the actions or presence of other types of malicious software, such as
Trojans, viruses, or worms? - ANSWERrootkit
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Network Security Midterm Exam with answers. and more Exams Advanced Education in PDF only on Docsity!

Network Security Midterm Exam with answers.

Cybersecurity attacks from state-sponsored actors are increasing at an alarming rate. Which of the following would not be an objective of state sponsored attacks? - ANSWERto sell vulnerabilities to the highest bidder An organization that purchased security products from different vendors is demonstrating which security principle? - ANSWERdiversity ___________ ensures that only authorized parties can view certain information. - ANSWERConfidentiality Which of the following is not a reason why it is difficult to defend against today's hackers? - ANSWERgreater sophistication of defense tools Which act requires banks and financial institutions to alert their customers of their policies and practices in disclosing customer information? - ANSWERGramm-Leach-Bliley Act (GLBA) A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as: - ANSWERA macro What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms? - ANSWERrootkit

A virus that infects an executable program file is known as - ANSWERprogram virus Which of the following is malicious computer code that reproduces itself on the same computer? - ANSWERvirus Which of the following is not one of the four methods for classifying the various types of malware? - ANSWERSource Ransomware prevents a users device from properly functioning until a fee is paid. A recent form of ransomware is called crypto-malware. All of the following are characteristics of more recent crypto-malware except: - ANSWERcan encrypt files only on the user's hard drive The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as? - ANSWERTailgating An algorithm that uses elliptic curves instead of prime numbers to compute keys - ANSWERElitic Curve Cryptography A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks - ANSWERData Encryption Standard (DES) An asymmetric encryption key that does have to be protected. - ANSWERPrivate Key A cipher that manipulates an entire block of plaintext at one time. - ANSWERBlock Cipher

A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications - ANSWERApplication-aware firewall Injecting and executing commands to execute on a server - ANSWERCommand Injection An attack that corrupts the ARP cache - ANSWERARP Poisoning A form of verification used when accessing a secure web application - ANSWERSession Token Part of the TCP/IP protocol for determining the MAC address based on the IP address. - ANSWERAddress Resolution Protocol (ARP) An attacker broadcasts a network request to multiple computers but changes the address from which the request came - ANSWERSmurf attack This attack takes advantage of procedures for initiating a session using TCP/IP

  • ANSWERSYN flood attack A key that is generated by a symmetric cryptographic algorithm is said to be a: - ANSWERprivate key In cryptography, which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data? - ANSWERIntegrity

Cryptography is the process of changing original text into a scrambled message. Cryptographic ciphers use what type of data as their input? - ANSWERPlaintext The Hashed Message Authentication Code (HMAC) _____________ - ANSWERencrypts the key and the message Public key exchanges that generate random public keys that are different for each session are called - ANSWERperfect forward secrecy Which of the following is not one of the functions of a digital signature? - ANSWERProtect the public key If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? - ANSWERAlice's Public Key Which statement is not true regarding hierarchical trust models? - ANSWERit is designed for use on a large scale When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established? - ANSWERthird-party Public Key Infrastructure (PKI) ______________ - ANSWERis the management of digital certificates

addressed. - ANSWEROpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. The process for access private data is as follows:

  1. Send a request to the server sending a small payload ( perhaps 1 byte), but identify the size of the payload as 65, 536 bytes.
  2. The server copies the payload to memory and prepares to send a response
  3. The server locates the payload in memory and send a response to the requesting site. However, rather than responding with the actual payload ( byte), the server uses the" size" of the payload specified in the original message (65,536) to respond to the request. The information sent back included the original payload of 1 byte along with the next 65,535 bytes that were in memory from a previous user. Users can address the issue by upgrading to OpenSSL 1.0.1g. Users can alternatively recompile OpenSSl with SOPENSSL_NO_HEARTBEATS. The resolution to the issue was to fix the original programming error in the OpenSSL code. Upgrading to the latest version resolves the issue. Which of the following is not a tool/technology that can be used to encrypt data? - ANSWERIronGeek Conducts on-line tests to determine security of BOTH web servers and local browsers. - ANSWERQualys SSL Labs

Which of the following is not a SIEM product? - ANSWERFortify What type of additional attack does ARP spoofing rely on? - ANSWERMAC spoofing An attack that takes advantage of the procedures for initiating a session is known as what type of attack? - ANSWERSYN flood attack What criteria must be met for an XXS attack to occur on a specific website? - ANSWERThe website must accept user input without validating it and use that input in a response. On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? - ANSWERPrivilege escalation The exchange of information among DNS servers regarding configured zones is known as: - ANSWERzone transfer Choose the SQL injection statement example below that could be used to find specific users: - ANSWERwhatever' OR full_name LIKE '%Mia%' What protocol can be used by a host on a network to find the MAC address of another device based on an IP address? - ANSWERARP

In what type of cloud computing does the customer have some control over the operating systems, storage, and their installed applications? - ANSWERInfrastructure as a Service Select the security tool that is an inventory of applications and associated components that have been pre-approved and authorized to be active and present on the device? - ANSWERapplication whitelist What type of system is designed to collect and consolidate logs from multiple sources for easy analysis? - ANSWERcentralized device log analyzer What secure protocol is recommended for Network address translation? - ANSWERIPsec At what level of the OSI model does the IP protocol function? - ANSWERNetwork Layer DNS poisoning can be prevented using the latest edition of what software below? - ANSWERBIND