






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Network Security Midterm Exam with answers.
Typology: Exams
1 / 10
This page cannot be seen from the preview
Don't miss anything!







Cybersecurity attacks from state-sponsored actors are increasing at an alarming rate. Which of the following would not be an objective of state sponsored attacks? - ANSWERto sell vulnerabilities to the highest bidder An organization that purchased security products from different vendors is demonstrating which security principle? - ANSWERdiversity ___________ ensures that only authorized parties can view certain information. - ANSWERConfidentiality Which of the following is not a reason why it is difficult to defend against today's hackers? - ANSWERgreater sophistication of defense tools Which act requires banks and financial institutions to alert their customers of their policies and practices in disclosing customer information? - ANSWERGramm-Leach-Bliley Act (GLBA) A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as: - ANSWERA macro What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms? - ANSWERrootkit
A virus that infects an executable program file is known as - ANSWERprogram virus Which of the following is malicious computer code that reproduces itself on the same computer? - ANSWERvirus Which of the following is not one of the four methods for classifying the various types of malware? - ANSWERSource Ransomware prevents a users device from properly functioning until a fee is paid. A recent form of ransomware is called crypto-malware. All of the following are characteristics of more recent crypto-malware except: - ANSWERcan encrypt files only on the user's hard drive The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as? - ANSWERTailgating An algorithm that uses elliptic curves instead of prime numbers to compute keys - ANSWERElitic Curve Cryptography A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks - ANSWERData Encryption Standard (DES) An asymmetric encryption key that does have to be protected. - ANSWERPrivate Key A cipher that manipulates an entire block of plaintext at one time. - ANSWERBlock Cipher
A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications - ANSWERApplication-aware firewall Injecting and executing commands to execute on a server - ANSWERCommand Injection An attack that corrupts the ARP cache - ANSWERARP Poisoning A form of verification used when accessing a secure web application - ANSWERSession Token Part of the TCP/IP protocol for determining the MAC address based on the IP address. - ANSWERAddress Resolution Protocol (ARP) An attacker broadcasts a network request to multiple computers but changes the address from which the request came - ANSWERSmurf attack This attack takes advantage of procedures for initiating a session using TCP/IP
Cryptography is the process of changing original text into a scrambled message. Cryptographic ciphers use what type of data as their input? - ANSWERPlaintext The Hashed Message Authentication Code (HMAC) _____________ - ANSWERencrypts the key and the message Public key exchanges that generate random public keys that are different for each session are called - ANSWERperfect forward secrecy Which of the following is not one of the functions of a digital signature? - ANSWERProtect the public key If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? - ANSWERAlice's Public Key Which statement is not true regarding hierarchical trust models? - ANSWERit is designed for use on a large scale When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established? - ANSWERthird-party Public Key Infrastructure (PKI) ______________ - ANSWERis the management of digital certificates
addressed. - ANSWEROpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. The process for access private data is as follows:
Which of the following is not a SIEM product? - ANSWERFortify What type of additional attack does ARP spoofing rely on? - ANSWERMAC spoofing An attack that takes advantage of the procedures for initiating a session is known as what type of attack? - ANSWERSYN flood attack What criteria must be met for an XXS attack to occur on a specific website? - ANSWERThe website must accept user input without validating it and use that input in a response. On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? - ANSWERPrivilege escalation The exchange of information among DNS servers regarding configured zones is known as: - ANSWERzone transfer Choose the SQL injection statement example below that could be used to find specific users: - ANSWERwhatever' OR full_name LIKE '%Mia%' What protocol can be used by a host on a network to find the MAC address of another device based on an IP address? - ANSWERARP
In what type of cloud computing does the customer have some control over the operating systems, storage, and their installed applications? - ANSWERInfrastructure as a Service Select the security tool that is an inventory of applications and associated components that have been pre-approved and authorized to be active and present on the device? - ANSWERapplication whitelist What type of system is designed to collect and consolidate logs from multiple sources for easy analysis? - ANSWERcentralized device log analyzer What secure protocol is recommended for Network address translation? - ANSWERIPsec At what level of the OSI model does the IP protocol function? - ANSWERNetwork Layer DNS poisoning can be prevented using the latest edition of what software below? - ANSWERBIND