• Choose a category
• All
• Classic-Fiction

17. Which of the following would provide additional security to an Internet web server?

a. Changing the port address to 80.

b. Changing the port address to 1019.

c. Adding a firewall to block port 80.

d. Web servers can’t be secured.

18. What type of program exists primarily to propagate and spread itself to other systems?

a. Virus

b. Trojan horse

c. Logic bomb

d. Worm

19. An individual presents herself at your office claiming to be a service technician. She wants to discuss your current server configuration. This may be an example of what type of attack?

a. Social engineering

b. Access control

c. Perimeter screening

d. Behavioral engineering

20. Which of the following is a major security problem with FTP servers?

a. Password files are stored in an unsecure area on disk.

b. Memory traces can corrupt file access.

c. User IDs and passwords are unencrypted.

d. FTP sites are unregistered.

21. Which system would you install to provide active protection and notification of security problems in a network connected to the Internet?

a. IDS

b. Network monitoring

c. Router

d. VPN

22. The process of verifying the steps taken to maintain the integrity of evidence is called what?

a. Security investigation

b. Chain of custody

c. Three A’s of investigation

d. Security policy

23. What encryption process uses one message to hide another?

a. Steganography

b. Hashing

c. MDA

d. Cryptointelligence

24. Which policy dictates how computers are used in an organization?

a. Security policy

b. User policy

c. Use policy

d. Enforcement policy

25. Which algorithm is used to create a temporary secure session for the exchange of key information?

a. KDC

b. KEA

c. SSL

d. RSA

26. You’ve been hired as a security consultant for a company that’s beginning to implement handheld devices, such as PDAs. You’re told that the company must use an asymmetric system. Which security standard would you recommend it implement?

a. ECC

b. PKI

c. SHA

d. MD

27. Which of the following backup methods will generally provide the fastest backup times?

a. Full backup

b. Incremental backup

c. Differential backup

d. Archival backup

28. You want to grant access to network resources based on authenticating an individual’s retina during a scan. Which security method uses a physical characteristic as a method of determining identity?

a. Smart card

b. I&A

c. Biometrics

d. CHAP

29. Which access control method is primarily concerned with the role that individuals have in the organization?

a. MAC

b. DAC

c. RBAC

d. STAC

30. The process of investigating a computer system for clues into an event is called what?

a. Computer forensics

b. Virus scanning

c. Security policy

d. Evidence gathering

Answers to Assessment Test

1. A. A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. For more information, see Chapter 8.

2. D. A mantrap limits access to a small number of individuals. It could be, for example, a small room. Mantraps typically use electronic locks and other methods to control access. For more information, see Chapter 6.

3. B. Public-Key Cryptography Standards is a set of voluntary standards for public-key cryptography. This set of standards is coordinated by RSA. For more information, see Chapter 7.

4. B. Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn’t considered highly secure. For additional information, see Chapter 7.

5. C. The Process layer interfaces with applications and encapsulates traffic through the Host-to-Host or Transport layer, the Internet layer, and the Network Access layer. For more information, see Chapter 2.

6. B. L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol