Professional Documents
Culture Documents
d. OLE DB
15. List an organization with online resources for learning more about Web application vulnerabilities.
Open Web Application Security Project (OWASP)
16. What tags identify ColdFusion as the scripting language?
c. the letters CF
17. What tags identify PHP as the scripting language?
c. <? ?>
18. An HTML Web page containing ASP code must be compiled before running. True or False?
False
19. Which of the following can be used to detect a new application vulnerability on a Web site?
c. Wapiti
20. IIS is used on more than twice as many Web servers as Apache Web Server. True or False?
False
False
9. Write the equation to calculate how many keys are needed to have 20 people communicate with symmetric keys.
n(n - 1) / 2 = number of symmetric keys, or 20(20 - 1) / 2 = 190 keys
10. Why did the NSA decide to drop support for DES?
c. The processing power of computers had increased.
11. Symmetric algorithms can be block ciphers or stream ciphers. True or False?
True
12. Which of the following describes a chosen-plaintext attack?
c. The attacker has plaintext, can choose what part of the text gets encrypted, and has access to the ciphertext.
13. Two different messages producing the same hash value results in which of the following?
c. Collision
14. Which of the following is a program for extracting Windows password hash values?
b. Fgdump
15. Advanced Encryption Standard (AES) replaced DES with which algorithm?
a. Rijndael
16. What cryptographic devices were used during World War II? (Choose all that apply.)
a. Enigma machine
c. Purple Machine
d. Bombe
17. Asymmetric cryptography systems are which of the following?
b. Slower than symmetric cryptography systems
18. Diffie-Hellman is used to encrypt e-mail messages. True or False?
False
19. Hiding data in a photograph is an example of which of the following?
a. Steganography
20. Which of the following is an asymmetric algorithm?
c. RSA
6. A standard IP access list can’t filter IP packets based on a destination address. True or False?
True
7. BASE is a Web-based tool for analyzing data from which of the following network protection systems?
d. Snort IDS
8. What’s the main purpose of a firewall? (Choose all that apply.)
a. Control traffic entering and leaving a network.
c. Protect internal network segments.
d. Prevent command-and-control data from being initiated from inside the network.
9. Firewalls are installed on a network to protect a company’s internal network from dangers on the Internet. True or
False?
True
10. Firewalls use which of the following to hide the internal network topology from outside users?
d. NAT
11. A stateful packet inspection firewall keeps track of network connections by using which of the following?
a. A state table
12. A firewall that blocks a Telnet session from leaving the network over TCP port 443 uses which of the following?
d. Application layer inspection
13. Web filters can prevent which type of malicious activity?
a. Drive-by download
14. A DMZ is also referred to as which of the following?
a. Perimeter network
15. A Cisco security appliance can include all the following functions except:
d. A honeypot
16. Where can you find information on creating a security incident response team?
b. www.cert.org
17. Which type of IDS can send an access list to a router or firewall when an intrusion is detected on a network?
a. Active system
18. A honeypot might be used in a network for which of the following reasons? (Choose all that apply.)
a. Lure or entrap hackers so that law enforcement can be informed.
b. Gather information on new attacks and threats.
c. Distract hackers from attacking legitimate network resources.
19. A benchmark is an industry consensus of best practices for writing access lists. True or False?
False
20. Anomaly detectors use a database of known attack signatures to function. True or False?
False