| Author |
Java Security MOCK
|
Gurumurthy Ramamurthy
Ranch Hand
Joined: Feb 13, 2003
Posts: 272
|
|
Guys,
Any answers?
1)Which of the following is NOT a strength of message digest functions?
Choice 1
There are no active patents.
Choice 2
Relative speed.
Choice 3
No export restrictions.
Choice 4
The digest will always be smaller than the original message.
Choice 5
High reliability for detecting tampering.
2)Which of the following can firewalls NOT protect against?
Choice 1
Unauthorized access to legacy systems.
Choice 2
Attackers with direct access to the protected side.
Choice 3
Viruses.
Choice 4
Inappropriate use of the Internet.
Choice 5
Unauthorized access to web servers.
3)In order to hide internal IP addresses from prying eyes on the Internet, what
would be the best option for an organization to employ?
Choice 1
A DNS server.
Choice 2
An E-mail server.
Choice 3
A proxy server.
Choice 4
A file server.
Choice 5
A web server.
4)Secure E-mail means which of the following is encrypted?
Choice 1
"From:" Category
Choice 2
Contents
Choice 3
Checksum
Choice 4
"To:" Category
Choice 5
Header
5)Companies A and B exchange electronic invoices and orders using encrypted
communications as shown above. This is an example of what technology?
Choice 1
subnet
Choice 2
intranet
Choice 3
extranet or VPN
Choice 4
supranet
Choice 5
value-added network
6)
A)port number
B)destination IP address
C)source IP address
D)mime type
E)username / password
Modern firewalls can allow/deny access on the basis of which of the above?
Choice 1
A only
Choice 2
A and C only
Choice 3
A, B, and C only
Choice 4
A, D, and E only
Choice 5
A, B, C, D, and E
7)Which of the following is NOT a firewall incident handling response when
beginning an investigation of a system comprise?
Choice 1
The firewall should be examined on a weekly basis to determine if attacks have
been detected.
Choice 2
The firewall should reject all forms of probing or scanning tools.
Choice 3
The firewall should be restored in a different configuration than was used
prior to the incident or break-in.
Choice 4
The firewall administrator should be notified at anytime of a security alarm
in the event of suspicious activity detection.
Choice 5
The firewall should be configured to log all activity.
8)What are file system permissions called that are enforced when a user
attaches to a file system?
Choice 1
Cumulative
Choice 2
Shared
Choice 3
Closed
Choice 4
File
Choice 5
Open
9)Which of the following is NOT a risk when an organization is hacked?
Choice 1
Delivery service might be interrupted.
Choice 2
Financial damages might result due to illegal activity.
Choice 3
Damage to an organization's reputation might result in business loss.
Choice 4
Hackers could break into the cgi-bin directory, causing redirection of
critical data.
Choice 5
Stolen data might be used against an organization.
10)What should the security practitioner do to ensure the control objectives of
a system design?
Choice 1
Get senior management's approval on the impact analysis.
Choice 2
Complete the vulnerability assessment first.
Choice 3
Make sure the auditing procedures have been defined per instructions.
Choice 4
Ensure the system design has proper security administrator authorization.
Choice 5
Check that properly formatted objectives are on file with the auditor.
11)When does a problem with using persistent cookies or client certificates for
user authentication occur?
Choice 1
When a user changes computers.
Choice 2
When a user does not log on for more than 30 days.
Choice 3
When the IP address of the server changes.
Choice 4
When the IP address of the user changes.
Choice 5
When a user wishes to change preferences.
12)Which layer of the OSI reference model is typically used to perform
cryptography?
Choice 1
Data Link
Choice 2
Presentation
Choice 3
Session
Choice 4
Transport
Choice 5
Network
13)Which of the following could be characterized as a "denial-of-service"
attack on a system?
Choice 1
A Java applet is loaded that creates multiple threads that consume 99% of a
CPU for no useful purpose.
Choice 2
A JavaScript window mimics an operating system window to trick you into doing
something malicious.
Choice 3
A person uses a password sniffer to learn usernames and passwords and then
breaks in.
Choice 4
A virus captures and then transmits credit card numbers when they are entered
by a user.
Choice 5
An Active/X control secretly sends a password or configuration file to an
attacker
14)List
A)Creating symmetric keys
B)Message authentication
C)Sender identification
D)Double encryption
E)Generating digital signatures
Which of the above can message digests be used for?
Choice 1
A only
Choice 2
C only
Choice 3
E only
Choice 4
A and B only
Choice 5
A, C, and D
15)What is the current standard for certificate format?
Choice 1
LDAP
Choice 2
NDS
Choice 3
x.500
Choice 4
ASN.1
Choice 5
x.509
16)The packet filter above ensures all outbound requests must come from the
proxy server. Which of the following is an important security advantage of this
arrangement?
Choice 1
It processes all requests very efficiently.
Choice 2
The proxy can store all private keys assigned to internal users.
Choice 3
The outside network sees only one internal address.
Choice 4
The two networks can use different protocols.
Choice 5
The level of protection can be customized for each internal host.
17)An Internet application uses certificates issued by your company to identify
users. What is the minimum information about each user that should be stored in
the certificate?
Choice 1
Information necessary to uniquely identify each user.
Choice 2
All information submitted by the user applying for the certificate.
Choice 3
The user's passphrase and name.
Choice 4
The user's name.
Choice 5
Name, logon ID, and password, if appropriate.
18)Of the following, which one is NOT a potential weakness in firewalls using
packet filtration?
Choice 1
Programming is often specialized.
Choice 2
Most internal networks change daily, requiring programming changes.
Choice 3
Only works for TCP packets, not UDP.
Choice 4
Extensive filter lists slow the routing process.
Choice 5
Can be easily compromised or defeated.
19)What is the part of an incoming IP packet that identifies the application
that requests data?
Choice 1
source port number
Choice 2
sequence count
Choice 3
destination address
Choice 4
destination port number
Choice 5
source address
20)How would a person authenticate a digital certificate issued by a public
certificate authority?
Choice 1
Decrypt the subject identification information using the subject's private
key.
Choice 2
Check the certificate authority's digital signature.
Choice 3
Call the subject and have them repeat the digital signature of the
certificate.
Choice 4
Decrypt the subject identification information using the certificate
authority's private key.
Choice 5
Check the subject's digital signature.
21)When considering employing a firewall, you will expect to find all of the
following services but one. Which is it?
Choice 1
IP Masquerade
Choice 2
Proxy Services
Choice 3
Packet Switching
Choice 4
Packet Filtering
Choice 5
Encrypted Tunnels
22)What do you need to decipher an encrypted E-mail message that uses public
key encryption?
Choice 1
Your public key.
Choice 2
The sender's public key.
Choice 3
The sender's private key.
Choice 4
The digital signature included with the message.
Choice 5
Your private key.
23)Java applets can open new windows on the user's system. How do most modern
browsers prevent them from spoofing or fooling the user by pretending to be a
different application?
Choice 1
The window is displayed inside the browser's main display area.
Choice 2
The window does not permit users to enter any data.
Choice 3
The browser produces an audible warning whenever a user enters information
into the applet window.
Choice 4
The window is always modal.
Choice 5
The window indicates that it is an unsecure applet window.
24)What is the rule of thumb when designing a system that must protect data in
transit across the Internet?
Choice 1
An encryption mechanism is only as strong as the secrecy of its private key.
Choice 2
To ensure that the cost of breaking the encryption method exceeds the value of
the data.
Choice 3
Private keys should always be stored in the configuration file, never in their
own file.
Choice 4
Use symmetric key encryption if you do not know who you will be communicating
with ahead of time.
Choice 5
Always authenticate and encrypt data using different keys.
25)Which is NOT a fundamental security risk to an Internet host?
Choice 1
Inadequate activity logging.
Choice 2
Inadequate backup procedures.
Choice 3
Failure to upgrade software after bugs/security holes are detected.
Choice 4
Failure to upgrade hardware to increase processing efficiency.
Choice 5
Plain text password transmission.
26)What is the most common method of combating spam attacks?
Choice 1
Counter-spamming
Choice 2
Source post office blocking
Choice 3
Source address blocking
Choice 4
Content filtering
Choice 5
Source port blocking
27)How does one ensure non-repudiation on an e-commerce system?
Choice 1
By using hardware tokens.
Choice 2
By using public key cryptography.
Choice 3
By using private key cryptography.
Choice 4
By using proper access control.
Choice 5
By using digital signatures.
28)Files access rights are what type of permissions?
Choice 1
Cumulative
Choice 2
File
Choice 3
Open
Choice 4
Shared
Choice 5
Closed
29)Which of the following is NOT an appropriate action to take regarding misuse
of organizational network resources?
Choice 1
Termination
Choice 2
Verbal Reprimand
Choice 3
Hiding the incident from public scrutiny.
Choice 4
Written Reprimand
Choice 5
Demotion
30)Which of the below controls best enhances the confidentiality of internet
mail?
Choice 1
Making all post office connections with POP protocol.
Choice 2
Encrypting messages with RSA.
Choice 3
Hashing message contents with MD5.
Choice 4
Signing messages with PGP.
Choice 5
Using the digital signature standard.
31)What is the MOST COMMON use of server certificates?
Choice 1
Signed applets
Choice 2
SSL
Choice 3
Authenticode
Choice 4
Secure E-mail
Choice 5
Citizen Identification
32)Using public key encryption, how can Betty ensure a message she sends Bill
cannot be read by anyone else and that Bill can be sure she sent it?
Choice 1
Encrypt it with her private key and sign it with her private key.
Choice 2
Encrypt it with Bill's public key and sign it with Bill's public key.
Choice 3
Encrypt it with Bill's public key and sign it with her public key.
Choice 4
Encrypt it with Bill's public key and sign it with her private key.
Choice 5
Encrypt it with her public key and sign it with Bill's public key
33)Which is NOT a benefit of having a single sign-on for all applications
within a corporate environment?
Choice 1
Facilitating employee access from home via the Internet.
Choice 2
Making security administration easier.
Choice 3
Easing the memory burden on users.
Choice 4
Reducing the likelihood that users will write down their passwords.
Choice 5
Reducing the time spent by users gaining access to systems.
34)What is Kerberos used for?
Choice 1
To secure credit card authorization of all magnitudes.
Choice 2
Providing a secure single sign-on capability in a distributed environment.
Choice 3
For user identification and authentication for E-mail.
Choice 4
Approving small charges over the Internet.
Choice 5
Providing real-time authentication for teleconferencing applications.
35)How could a photo, like the one above, be transmitted across the Internet
resistant to tampering AND enabling the recipient to positively identify the
sender?
Choice 1
It could be encrypted with the sender's public key.
Choice 2
It could be encrypted with the receiver's public key.
Choice 3
File compression could be used.
Choice 4
It could be digitally signed by the sender.
Choice 5
It could be encrypted with the receiver's private key
36)Which of the below SMTP packets is suspicious and should be blocked?
Choice 1
An incoming TCP packet to a source port >1023 from a destination port of 25.
Choice 2
An incoming TCP packet to a source port 25 from a destination port of >1023.
Choice 3
An outgoing TCP packet to a source port >1023 from a destination port of 25.
Choice 4
An outgoing TCP packet to a source port 25 from a destination port of >1023.
Choice 5
None of the above is suspicious.
37)
A)username/password
B)certificates
C)biometrics
D)smart cards or tokens
Which of the above techniques for user authentication can be used over the
Internet?
Choice 1
A only
Choice 2
A and B only
Choice 3
A, B, and C only
Choice 4
B and D only
Choice 5
A, B, C, and D
38)If your organization wished to communicate with an outside organization
using a means that is authenticated and encrypted, what should you get
management to invest in?
Choice 1
3DES Network
Choice 2
Secure Access Network
Choice 3
Virtual Public Network
Choice 4
Ethernet
Choice 5
Virtual Private Network
39)What is the first step any organization should take when considering
internet/network security options?
Choice 1
Disconnect from the Internet until option is implemented.
Choice 2
Develop a good security plan.
Choice 3
Perform a risk analysis.
Choice 4
Attempt a full host scan on the network.
Choice 5
Employ a firewall.
40)What is always necessary to decipher symmetrically encrypted data?
Choice 1
The message digest.
Choice 2
The check sum file.
Choice 3
The digital signature.
Choice 4
The key.
Choice 5
The signature file.
Quiz2:
1)Which of the following can firewalls NOT protect against?
a Unauthorized access to legacy systems.
b Attackers with direct access to the protected side.
c Viruses.
d Inappropriate use of the Internet.
e Unauthorized access to web servers.
2)Secure E-mail means which of the following is encrypted?
a "From:" Category
b Contents
c Checksum
d "To:" Category
e Header
3)Which of the following is NOT a firewall incident handling response when
beginning an investigation of a system comprise?
a The firewall should be examined on a weekly basis to determine if attacks
have been detected.
b The firewall should reject all forms of probing or scanning tools.
c The firewall should be restored in a different configuration than was
used prior to the incident or break-in.
d The firewall administrator should be notified at anytime of a security
alarm in the event of suspicious activity detection.
e The firewall should be configured to log all activity.
4)What are file system permissions called that are enforced when a user
attaches to a file system?
a Cumulative
b Shared
c Closed
d File
e Open
5)Which layer of the OSI reference model is typically used to perform
cryptography?
a Data Link
b Presentation
c Session
d Transport
e Network
6)List
A)Creating symmetric keys
B)Message authentication
C)Sender identification
D)Double encryption
E)Generating digital signatures
Which of the above can message digests be used for?
a A only
b C only
c E only
d A and B only
e A, C, and D
7)The packet filter above ensures all outbound requests must come from the
proxy server. Which of the following is an important security advantage of
this arrangement?
a It processes all requests very efficiently.
b The proxy can store all private keys assigned to internal users.
c The outside network sees only one internal address.
d The two networks can use different protocols.
e The level of protection can be customized for each internal host.
8)An Internet application uses certificates issued by your company to
identify users. What is the minimum information about each user that should
be stored in the certificate?
a Information necessary to uniquely identify each user.
b All information submitted by the user applying for the certificate.
c The user's passphrase and name.
d The user's name.
e Name, logon ID, and password, if appropriate.
9)Of the following, which one is NOT a potential weakness in firewalls using
packet filtration?
a Programming is often specialized.
b Most internal networks change daily, requiring programming changes.
c Only works for TCP packets, not UDP.
d Extensive filter lists slow the routing process.
e Can be easily compromised or defeated.
10)When considering employing a firewall, you will expect to find all of the
following services but one. Which is it?
a IP Masquerade
b Proxy Services
c Packet Switching
d Packet Filtering
e Encrypted Tunnels
11)What is the rule of thumb when designing a system that must protect data
in transit across the Internet?
a An encryption mechanism is only as strong as the secrecy of its private
key.
b To ensure that the cost of breaking the encryption method exceeds the
value of the data.
c Private keys should always be stored in the configuration file, never in
their own file.
d Use symmetric key encryption if you do not know who you will be
communicating with ahead of time.
e Always authenticate and encrypt data using different keys.
12)What is the most common method of combating spam attacks?
a Counter-spamming
b Source post office blocking
c Source address blocking
d Content filtering
e Source port blocking
13)How does one ensure non-repudiation on an e-commerce system?
a By using hardware tokens.
b By using public key cryptography.
c By using private key cryptography.
d By using proper access control.
e By using digital signatures.
14)Which of the below controls best enhances the confidentiality of internet
mail ?
a Making all post office connections with POP protocol.
b Encrypting messages with RSA.
c Hashing message contents with MD5.
d Signing messages with PGP.
e Using the digital signature standard.
15)Using public key encryption, how can Betty ensure a message she sends
Bill cannot be read by anyone else and that Bill can be sure she sent it?
a Encrypt it with her private key and sign it with her private key.
b Encrypt it with Bill's public key and sign it with Bill's public key.
c Encrypt it with Bill's public key and sign it with her public key.
d Encrypt it with Bill's public key and sign it with her private key.
e Encrypt it with her public key and sign it with Bill's public key.
16)What is Kerberos used for?
a To secure credit card authorization of all magnitudes.
b Providing a secure single sign-on capability in a distributed environment.
c For user identification and authentication for E-mail.
d Approving small charges over the Internet.
e Providing real-time authentication for teleconferencing applications.
17)How could a photo, like the one above, be transmitted across the Internet
resistant to tampering AND enabling the recipient to positively identify the
sender?
a It could be encrypted with the sender's public key.
b It could be encrypted with the receiver's public key.
c File compression could be used.
d It could be digitally signed by the sender.
e It could be encrypted with the receiver's private key
18)Which of the below SMTP packets is suspicious and should be blocked?
a An incoming TCP packet to a source port >1023 from a destination port of
25.
b An incoming TCP packet to a source port 25 from a destination port of
>1023.
c An outgoing TCP packet to a source port >1023 from a destination port of
25.
d An outgoing TCP packet to a source port 25 from a destination port of
>1023.
e None of the above is suspicious.
19)What is always necessary to decipher symmetrically encrypted data?
a The message digest.
b The check sum file.
c The digital signature.
d The key.
e The signature file.
20)A firewall that uses two separate network cards and does not allow direct
routing between the two connected networks cannot be which of the following?
a application-level gateway
b border gateway
c proxy server
d packet filter
e bastion host
21)Cryptography is useful for each of the following EXCEPT for which choice?
a authentication
b confidentiality
c integrity
d transmission reliability
e nonrepudiation
22)Which type of certificates would you expect to be bundled in popular web
browser software?
a Certificate(s) for the browser vendor.
b Individual certificates for individuals certified by the browser vendor.
c Certificate Authority certificates.
d Software publisher certificates for vendors distributing software over the
Internet.
e Server certificates for the major web sites
|
 |
 |
|
|
subject: Java Security MOCK
|
|
|
0
