SEC 280 Final Exam

$22.50

SEC 280 Final Exam 
(TCO 2) List at least five types of disasters that can damage or destroy…

SKU: SEC 280 Final Exam Categories: , Tags: , ,

Description

SEC 280 Final Exam

SEC 280 Final Exam

A+

(TCO 2) What is XKMS?
Key Management Specification, which defines services to manage PKI operations within the Extensible Markup Language (XML) environment

An XML standard for e-mail encryption

An XML standard that is used for wireless data exchange

A primary XML standard that is for application development

(TCO 2) All of the following are techniques used by a social engineer EXCEPT for which one?

An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number

An attacker calls up the IT department posing as an employee and requests a password reset

An attacker runs a brute-force attack on a password

An attacker sends a forged e-mail with a link to a bogus website that has been set to obtain personal information

(TCO 2) Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target’s trash is known in the community as _____

Trash rummaging

Garbage surfing

Piggy diving

Dumpster diving

 (TCO 2) What are the SSL and TLS used for?

A means of securing application programs on the system

To secure communication over the Internet

A method to change from one form of PKI infrastructure to another

A secure way to reduce the amount of SPAM a system receives

(TCO 2) What are the security risks of installing games on an organization’s system?

There are no significant risks

Users can’t always be sure where the software came from and it may have hidden software inside of it.

The users may play during work hours instead of during breaks

The games may take up too much memory on the computer and slow down processing, making it difficult to work

(TCO 2) What is the ISO 17799?

A standard for creating and implementing security policies

A standard for international encryption of e-mail

A document used to develop physical security for a building

A document describing the details of wireless encryption

(TCO 3) A(n) _____ is a network typically smaller in terms of size and geographic coverage, and consists of two or more connected devices. Home or office networks are typically classified as this type of network

Local-area network

Office-area network

Wide-area network

(TCO 3) What is the main difference between TCP and UDP packets?

UDP packets are a more widely used protocol

TCP packets are smaller and thus more efficient to use

TCP packets are connection oriented, whereas UPD packets are connectionless

UDP is considered to be more reliable because it performs error checking

Internal-area network

(TCO 3) Unfortunately, hackers abuse the ICMP protocol by using it to _____.

Send Internet worms

Launch denial-of-service (DoS) attacks

Steal passwords and credit card numbers

Send spam

(TCO 3) Which transport layer protocol is connectionless?

UDP

TCP

IP

ICMP

(TCO 3) Which of the following is a benefit provided by Network Address Translation (NAT)?

Compensates for the lack of IP addresses

Allows devices using two different protocols to communicate

Creates a DMZ

Translates MAC addresses to IP addresses

(TCO 3) Which transport layer protocol is connection oriented?

UDP

RCP

IS

ICMP

(TCO 3) Which of the following is an example of a MAC address?

00:07:H9:c8:ff:00

00:39:c8:ff:00

00:07:e9:c8:ff:00

00:07:59:c8:ff:00:e8

(TCO 4) All of the following statements sum up the characteristics and requirements of proper private key use EXCEPT which one?

The key should be stored securely

The key should be shared only with others whom you trust

Authentication should be required before the key can be used

The key should be transported securely

(TCO 4) It is easier to implement, back up, and recover keys in a _____.

Centralized infrastructure

Decentralized infrastructure

Hybrid infrastructure

Peer-to-peer infrastructure

(TCO 4) When a message sent by a user is digitally signed with a private key, the person will not be able to deny sending the message. This application of encryption is an example of _____.

Authentication

Nonrepudiation

Confidentiality

Auditing

(TCO 4) Outsourced CAs are different from public CAs in what way?

Outsourced services can be used by hundreds of companies

Outsourced services provide dedicated services and equipment to individual companies

Outsourced services do not maintain specific servers and infrastructures for individual companies

Outsourced services are different in name only. They are essentially the same thing

(TCO 4) Cryptographic algorithms are used for all of the following EXCEPT _____.

Confidentiality

Integrity

Availability

Authentication

(TCO 6) A hub operates at which of the following?

Layer 1, the physical layer

Layer 2, the data-link layer

Layer 2, the MAC layer

Layer 3, the network layer

(TCO 6) Alice sends an e-mail that she encrypts with a shared key, which only she and Bob have. Upon receipt, Bob decrypts the e-mail and reads it. This application of encryption is an example of _____.

Confidentiality

Integrity

Authentication

Nonrepudiation

(TCO 6) The following are steps in securing a workstation EXCEPT _____.

Install NetBIOS and IPX

Install antivirus

Remove unnecessary software

Disable unnecessary user accounts

(TCO 8) Which of the following is a characteristic of the Patriot Act?

Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet

A major piece of legislation affecting the financial industry, and also one with significant privacy provisions for individuals

Makes it a violation of federal law to knowingly use another’s identity

Implements the principle that a signature, contract, or other record may not be deleted

Denies legal effect, validity, or enforceability solely because it is electronic form

(TCO 8) The Wassenaar Arrangement can be described as which of the following?

An international arrangement on export controls for conventional arms as well as dual-use goods and technologies

An international arrangement on import controls

A rule governing import of encryption in the United States

A rule governing export of encryption in the United States

(TCO 8) What is the Convention on Cybercrime?

A convention of black hats who trade hacking secrets

The first international treaty on crimes committed via the Internet and other computer networks

A convention of white hats who trade hacker prevention knowledge

A treaty regulating international conventions

(TCO 8) The electronic signatures in the Global and National Commerce Act _____.

Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form

Address a myriad of legal privacy issues resulting from the increased use of computers and other technology specific to telecommunications

Make it a violation of federal law to knowingly use another’s identity

Are a major piece of legislation affecting the financial industry, and contains significant privacy provisions for individuals

SEC 280 Final Exam

(TCO 2) Give an example of a hoax and how it might actually be destructive

(TCO 2) What are the various ways a backup can be conducted and stored?

Backups should include the organization’s critical data, and…

(TCO 2) List at least five types of disasters that can damage or destroy the information of an organization

(TCO 2) List the four ways backups are conducted and stored.

Full back up, differential backup,…

(TCO 2) List at least five types of disasters that can damage or destroy the information of an organization.

Flood, chemical spill…

(TCO 2) Your boss wants you to give him some suggestions for a policy stating what the individual user responsibilities for information security should be. Create a bulleted list of those responsibilities.

Do not divulge sensitive information to individuals…

(TCO 3) What is the difference between TCP and UDP?

UDP is known as a connectionless protocol, as it has very few…

(TCO 3) List three kinds of information contained in an IP packet header

A unique identifier, distinguishing this packet from other packets…

(TCO 4) What are the laws that govern encryption and digital rights management?

Encryption technology is used to protect digital…

(TCO 5) Describe the laws that govern digital signatures

Digital signatures have the same…

(TCO 6) What are some of the security issues associated with web applications and plug-ins?

Web browsers have mechanisms to enable…

(TCO 6) What are the four common methods for connecting equipment at the physical layer?

Coaxial cable, twisted-pair…

(TCO 6) Describe the functioning of the SSL/TLS suite

SSL and TLS use a combination of symmetric and…

(TCO 6) Explain a simple way to combat boot disks

Disable them or… them in the…

(TCO 7) What are some ethical issues associated with information security?

Ethics is the social-moral environment in which a person makes…

(TCO 9) What are password and domain password policies?

Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords…

SEC 280 Final Exam

DeVry