leahnanceab
SEC 280 Final Exam
SEC 280 Final Exam
Purchase here
chosecourses.com/index.php?route=product/category&pat...
Product Description
Product Description
SEC 280 Final Exam
(TCO 2) What is XKMS?
Key Management Specification, which defines services to manage PKI operations within the Extensible Markup Language (XML) environment
An XML standard for e-mail encryption
An XML standard that is used for wireless data exchange
A primary XML standard that is for application development
(TCO 2) All of the following are techniques used by a social engineer EXCEPT for which one?
An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number
An attacker calls up the IT department posing as an employee and requests a password reset
An attacker runs a brute-force attack on a password
An attacker sends a forged e-mail with a link to a bogus website that has been set to obtain personal information
(TCO 2) Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target’s trash is known in the community as _____
Trash rummaging
Garbage surfing
Piggy diving
Dumpster diving
(TCO 2) What are the SSL and TLS used for?
A means of securing application programs on the system
To secure communication over the Internet
A method to change from one form of PKI infrastructure to another
A secure way to reduce the amount of SPAM a system receives
(TCO 2) What are the security risks of installing games on an organization’s system?
There are no significant risks
Users can’t always be sure where the software came from and it may have hidden software inside of it.
The users may play during work hours instead of during breaks
The games may take up too much memory on the computer and slow down processing, making it difficult to work
(TCO 2) What is the ISO 17799?
A standard for creating and implementing security policies
A standard for international encryption of e-mail
A document used to develop physical security for a building
A document describing the details of wireless encryption
(TCO 3) A(n) _____ is a network typically smaller in terms of size and geographic coverage, and consists of two or more connected devices. Home or office networks are typically classified as this type of network
Local-area network
Office-area network
Wide-area network
(TCO 3) What is the main difference between TCP and UDP packets?
UDP packets are a more widely used protocol
TCP packets are smaller and thus more efficient to use
TCP packets are connection oriented, whereas UPD packets are connectionless
UDP is considered to be more reliable because it performs error checking
Internal-area network
(TCO 3) Unfortunately, hackers abuse the ICMP protocol by using it to _____.
Send Internet worms
Launch denial-of-service (DoS) attacks
Steal passwords and credit card numbers
Send spam
(TCO 3) Which transport layer protocol is connectionless?
UDP
TCP
IP
ICMP
(TCO 3) Which of the following is a benefit provided by Network Address Translation (NAT)?
Compensates for the lack of IP addresses
Allows devices using two different protocols to communicate
Creates a DMZ
Translates MAC addresses to IP addresses
(TCO 3) Which transport layer protocol is connection oriented?
UDP
RCP
IS
ICMP
(TCO 3) Which of the following is an example of a MAC address?
00:07:H9:c8:ff:00
00:39:c8:ff:00
00:07:e9:c8:ff:00
00:07:59:c8:ff:00:e8
(TCO 4) All of the following statements sum up the characteristics and requirements of proper private key use EXCEPT which one?
The key should be stored securely
The key should be shared only with others whom you trust
Authentication should be required before the key can be used
The key should be transported securely
(TCO 4) It is easier to implement, back up, and recover keys in a _____.
Centralized infrastructure
Decentralized infrastructure
Hybrid infrastructure
Peer-to-peer infrastructure
(TCO 4) When a message sent by a user is digitally signed with a private key, the person will not be able to deny sending the message. This application of encryption is an example of _____.
Authentication
Nonrepudiation
Confidentiality
Auditing
(TCO 4) Outsourced CAs are different from public CAs in what way?
Outsourced services can be used by hundreds of companies
Outsourced services provide dedicated services and equipment to individual companies
Outsourced services do not maintain specific servers and infrastructures for individual companies
Outsourced services are different in name only. They are essentially the same thing
(TCO 4) Cryptographic algorithms are used for all of the following EXCEPT _____.
Confidentiality
Integrity
Availability
Authentication
(TCO 6) A hub operates at which of the following?
Layer 1, the physical layer
Layer 2, the data-link layer
Layer 2, the MAC layer
Layer 3, the network layer
(TCO 6) Alice sends an e-mail that she encrypts with a shared key, which only she and Bob have. Upon receipt, Bob decrypts the e-mail and reads it. This application of encryption is an example of _____.
Confidentiality
Integrity
Authentication
Nonrepudiation
(TCO 6) The following are steps in securing a workstation EXCEPT _____.
Install NetBIOS and IPX
Install antivirus
Remove unnecessary software
Disable unnecessary user accounts
(TCO 8) Which of the following is a characteristic of the Patriot Act?
Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet
A major piece of legislation affecting the financial industry, and also one with significant privacy provisions for individuals
Makes it a violation of federal law to knowingly use another’s identity
Implements the principle that a signature, contract, or other record may not be deleted
Denies legal effect, validity, or enforceability solely because it is electronic form
(TCO 8) The Wassenaar Arrangement can be described as which of the following?
An international arrangement on export controls for conventional arms as well as dual-use goods and technologies
An international arrangement on import controls
A rule governing import of encryption in the United States
A rule governing export of encryption in the United States
(TCO 8) What is the Convention on Cybercrime?
A convention of black hats who trade hacking secrets
The first international treaty on crimes committed via the Internet and other computer networks
A convention of white hats who trade hacker prevention knowledge
A treaty regulating international conventions
(TCO 8) The electronic signatures in the Global and National Commerce Act _____.
Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form
Address a myriad of legal privacy issues resulting from the increased use of computers and other technology specific to telecommunications
Make it a violation of federal law to knowingly use another’s identity
Are a major piece of legislation affecting the financial industry, and contains significant privacy provisions for individuals
(TCO 2) Give an example of a hoax and how it might actually be destructive
(TCO 2) What are the various ways a backup can be conducted and stored?
Backups should include the organization’s critical data, and…
(TCO 2) List at least five types of disasters that can damage or destroy the information of an organization
(TCO 2) List the four ways backups are conducted and stored.
Full back up, differential backup,…
(TCO 2) List at least five types of disasters that can damage or destroy the information of an organization.
Flood, chemical spill…
(TCO 2) Your boss wants you to give him some suggestions for a policy stating what the individual user responsibilities for information security should be. Create a bulleted list of those responsibilities.
Do not divulge sensitive information to individuals…
(TCO 3) What is the difference between TCP and UDP?
UDP is known as a connectionless protocol, as it has very few…
(TCO 3) List three kinds of information contained in an IP packet header
A unique identifier, distinguishing this packet from other packets…
(TCO 4) What are the laws that govern encryption and digital rights management?
Encryption technology is used to protect digital…
(TCO 5) Describe the laws that govern digital signatures
Digital signatures have the same…
(TCO 6) What are some of the security issues associated with web applications and plug-ins?
Web browsers have mechanisms to enable…
(TCO 6) What are the four common methods for connecting equipment at the physical layer?
Coaxial cable, twisted-pair…
(TCO 6) Describe the functioning of the SSL/TLS suite
SSL and TLS use a combination of symmetric and…
(TCO 6) Explain a simple way to combat boot disks
Disable them or… them in the…
(TCO 7) What are some ethical issues associated with information security?
Ethics is the social-moral environment in which a person makes…
(TCO 9) What are password and domain password policies?
Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords…
SEC 280 Final Exam
SEC 280 Final Exam
Purchase here
chosecourses.com/index.php?route=product/category&pat...
Product Description
Product Description
SEC 280 Final Exam
(TCO 2) What is XKMS?
Key Management Specification, which defines services to manage PKI operations within the Extensible Markup Language (XML) environment
An XML standard for e-mail encryption
An XML standard that is used for wireless data exchange
A primary XML standard that is for application development
(TCO 2) All of the following are techniques used by a social engineer EXCEPT for which one?
An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number
An attacker calls up the IT department posing as an employee and requests a password reset
An attacker runs a brute-force attack on a password
An attacker sends a forged e-mail with a link to a bogus website that has been set to obtain personal information
(TCO 2) Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target’s trash is known in the community as _____
Trash rummaging
Garbage surfing
Piggy diving
Dumpster diving
(TCO 2) What are the SSL and TLS used for?
A means of securing application programs on the system
To secure communication over the Internet
A method to change from one form of PKI infrastructure to another
A secure way to reduce the amount of SPAM a system receives
(TCO 2) What are the security risks of installing games on an organization’s system?
There are no significant risks
Users can’t always be sure where the software came from and it may have hidden software inside of it.
The users may play during work hours instead of during breaks
The games may take up too much memory on the computer and slow down processing, making it difficult to work
(TCO 2) What is the ISO 17799?
A standard for creating and implementing security policies
A standard for international encryption of e-mail
A document used to develop physical security for a building
A document describing the details of wireless encryption
(TCO 3) A(n) _____ is a network typically smaller in terms of size and geographic coverage, and consists of two or more connected devices. Home or office networks are typically classified as this type of network
Local-area network
Office-area network
Wide-area network
(TCO 3) What is the main difference between TCP and UDP packets?
UDP packets are a more widely used protocol
TCP packets are smaller and thus more efficient to use
TCP packets are connection oriented, whereas UPD packets are connectionless
UDP is considered to be more reliable because it performs error checking
Internal-area network
(TCO 3) Unfortunately, hackers abuse the ICMP protocol by using it to _____.
Send Internet worms
Launch denial-of-service (DoS) attacks
Steal passwords and credit card numbers
Send spam
(TCO 3) Which transport layer protocol is connectionless?
UDP
TCP
IP
ICMP
(TCO 3) Which of the following is a benefit provided by Network Address Translation (NAT)?
Compensates for the lack of IP addresses
Allows devices using two different protocols to communicate
Creates a DMZ
Translates MAC addresses to IP addresses
(TCO 3) Which transport layer protocol is connection oriented?
UDP
RCP
IS
ICMP
(TCO 3) Which of the following is an example of a MAC address?
00:07:H9:c8:ff:00
00:39:c8:ff:00
00:07:e9:c8:ff:00
00:07:59:c8:ff:00:e8
(TCO 4) All of the following statements sum up the characteristics and requirements of proper private key use EXCEPT which one?
The key should be stored securely
The key should be shared only with others whom you trust
Authentication should be required before the key can be used
The key should be transported securely
(TCO 4) It is easier to implement, back up, and recover keys in a _____.
Centralized infrastructure
Decentralized infrastructure
Hybrid infrastructure
Peer-to-peer infrastructure
(TCO 4) When a message sent by a user is digitally signed with a private key, the person will not be able to deny sending the message. This application of encryption is an example of _____.
Authentication
Nonrepudiation
Confidentiality
Auditing
(TCO 4) Outsourced CAs are different from public CAs in what way?
Outsourced services can be used by hundreds of companies
Outsourced services provide dedicated services and equipment to individual companies
Outsourced services do not maintain specific servers and infrastructures for individual companies
Outsourced services are different in name only. They are essentially the same thing
(TCO 4) Cryptographic algorithms are used for all of the following EXCEPT _____.
Confidentiality
Integrity
Availability
Authentication
(TCO 6) A hub operates at which of the following?
Layer 1, the physical layer
Layer 2, the data-link layer
Layer 2, the MAC layer
Layer 3, the network layer
(TCO 6) Alice sends an e-mail that she encrypts with a shared key, which only she and Bob have. Upon receipt, Bob decrypts the e-mail and reads it. This application of encryption is an example of _____.
Confidentiality
Integrity
Authentication
Nonrepudiation
(TCO 6) The following are steps in securing a workstation EXCEPT _____.
Install NetBIOS and IPX
Install antivirus
Remove unnecessary software
Disable unnecessary user accounts
(TCO 8) Which of the following is a characteristic of the Patriot Act?
Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet
A major piece of legislation affecting the financial industry, and also one with significant privacy provisions for individuals
Makes it a violation of federal law to knowingly use another’s identity
Implements the principle that a signature, contract, or other record may not be deleted
Denies legal effect, validity, or enforceability solely because it is electronic form
(TCO 8) The Wassenaar Arrangement can be described as which of the following?
An international arrangement on export controls for conventional arms as well as dual-use goods and technologies
An international arrangement on import controls
A rule governing import of encryption in the United States
A rule governing export of encryption in the United States
(TCO 8) What is the Convention on Cybercrime?
A convention of black hats who trade hacking secrets
The first international treaty on crimes committed via the Internet and other computer networks
A convention of white hats who trade hacker prevention knowledge
A treaty regulating international conventions
(TCO 8) The electronic signatures in the Global and National Commerce Act _____.
Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form
Address a myriad of legal privacy issues resulting from the increased use of computers and other technology specific to telecommunications
Make it a violation of federal law to knowingly use another’s identity
Are a major piece of legislation affecting the financial industry, and contains significant privacy provisions for individuals
(TCO 2) Give an example of a hoax and how it might actually be destructive
(TCO 2) What are the various ways a backup can be conducted and stored?
Backups should include the organization’s critical data, and…
(TCO 2) List at least five types of disasters that can damage or destroy the information of an organization
(TCO 2) List the four ways backups are conducted and stored.
Full back up, differential backup,…
(TCO 2) List at least five types of disasters that can damage or destroy the information of an organization.
Flood, chemical spill…
(TCO 2) Your boss wants you to give him some suggestions for a policy stating what the individual user responsibilities for information security should be. Create a bulleted list of those responsibilities.
Do not divulge sensitive information to individuals…
(TCO 3) What is the difference between TCP and UDP?
UDP is known as a connectionless protocol, as it has very few…
(TCO 3) List three kinds of information contained in an IP packet header
A unique identifier, distinguishing this packet from other packets…
(TCO 4) What are the laws that govern encryption and digital rights management?
Encryption technology is used to protect digital…
(TCO 5) Describe the laws that govern digital signatures
Digital signatures have the same…
(TCO 6) What are some of the security issues associated with web applications and plug-ins?
Web browsers have mechanisms to enable…
(TCO 6) What are the four common methods for connecting equipment at the physical layer?
Coaxial cable, twisted-pair…
(TCO 6) Describe the functioning of the SSL/TLS suite
SSL and TLS use a combination of symmetric and…
(TCO 6) Explain a simple way to combat boot disks
Disable them or… them in the…
(TCO 7) What are some ethical issues associated with information security?
Ethics is the social-moral environment in which a person makes…
(TCO 9) What are password and domain password policies?
Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords…