Information Security

51. A stateful packet filtering firewall protects a web server. Which of the following is true:

1. The firewall will authenticate all users to the web server
2. The firewall will detect but not block application level attacks
3. The firewall will block application level attacks
4. The firewall will not block application level attacks

View answer

52. A station on a network is sending hundreds of SYN packets to a destination computer. What is the sending computer doing?

1. Sending the contents of a large file to the destination computer
2. Attempting to establish a TCP connection with the destination computer
3. Attacking the destination computer with a SYN flood
4. Transmitting streaming audio or video to the destination computer

View answer

53. A stream cipher encrypts data by XORing plaintext with the encryption key. How is the ciphertext converted back into plaintext?

1. XORing it with the encryption key
2. XORing it with the inverse of the encryption key
3. ANDing it with the encryption key
4. NANDing it with the encryption key

View answer

54. A suspect has been forging credit cards with the purpose of stealing money from their owners through ATM withdrawals. Under which U.S. law is this suspect most likely to be prosecuted?

1. Computer Fraud and Abuse Act
2. Access Device Fraud
3. Computer Security Act
4. Sarbanes-Oxley Act

View answer

55. A system administrator needs to harden a server. The most effective approach is:

1. Install security patches and install a firewall
2. Remove unneeded services, remove unneeded accounts, and configure a firewall
3. Remove unneeded services, disable unused ports, and remove unneeded accounts
4. Install security patches and remove unneeded services

View answer

56. A systems engineer has discovered that a web server supports only 56- bit SSL connections. What can the systems engineer deduce from this?

1. Web communications with this server are highly secure
2. The server does not support remote administration
3. Web communications with this server are not secure
4. The server is running the Windows operating system

View answer

57. A systems engineer is designing a system that consists of a central computer and attached peripherals. For fastest throughput, which of the following technologies should be used for communication with peripheral devices:

1. USB 2.0
2. Firewire 400
3. USB 1.1
4. IDE

View answer

58. A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as:

1. Cross site request forgery
2. Cross-site scripting
3. Broken authentication
4. Replay attack

View answer

59. A workstation that can remotely access the organization's network through a VPN and access the local LAN, all through the same physical network connection, is using:

1. Split tunneling
2. Split gateways
3. IPsec VPN software
4. SSL VPN software

View answer

60. After completing a risk assessment, an organization was able to reduce the risk through the addition of detective and preventive controls. However, these controls did not remove all risk. What options does the organization have for treating the remaining risk?

1. Accept, avoid, reduce, or transfer
2. None—the organization must accept the risk
3. The organization must either accept or transfer the risk
4. Does not apply: remaining risk cannot be treated further

View answer