ITN 261 MIDTERM QUESTIONS &
ANSWERS 100% CORRECT
What type of penetration testing is most often used when an organization wants to
closely simulate how an attacker views a system? - ANSWERBlack-box testing
Denial of service (DoS) and distributed denial of service (DDoS) attacks have the same
effect; however, a distributed denial of service (DDos) attack: - ANSWERis launched
from large numbers of hosts that have been compromised and act after receiving a
particular command.
Which of the following terms refers to the ability to verify that information has not been
altered and has remained in the form originally intended by the creator? -
ANSWERIntegrity
To create a digital signature, two steps take place that result in the actual signature that
is sent with data. In the first step, the message or information to be sent is passed
through a hashing algorithm that creates a hash to: - ANSWERverify the integrity of the
message.
Which password attack method uses long lists of words that have been predefined and
can be quickly downloaded for use to break a password that is a word or a name? -
ANSWERDictionary password attack
A measurement of the percentage of individuals who have gained access but should not
have been granted such is called: - ANSWERfalse acceptance rate (FAR).
Which of the following types of authentication is based on a behavioral or physiological
characteristic that is unique to an individual? - ANSWERBiometrics
Which of the following allows the placing of telephone calls over computer networks and
the Internet? - ANSWERVoice over IP (VoIP)
A measurement of the percentage of individuals who should have been granted, but
were not allowed access is called: - ANSWERfalse rejection rate (FRR).
To create a digital signature, two steps take place that result in the actual signature that
is sent with data. In the second step, the hash is passed through the encryption process
using the sender's: - ANSWERprivate key as the key in the encryption process.
, When performing a penetration test, the team should generally include members with: -
ANSWERdifferent but complementary skills.
Which of the following refers to a piece of software, a tool, or a technique that targets or
takes advantage of a vulnerability? - ANSWERExploit
Which of the following refers to the structured and methodical means of investigating,
uncovering, attacking, and reporting on a target system's strengths and vulnerabilities? -
ANSWERPenetration testing
Which of the following statements is true regarding ethical hackers? - ANSWEREthical
hackers engage in their activities only with the permission of the asset owner.
Which of the following refers to a piece of code designed to cause harm that is
intentionally inserted into a software system and will activate upon the occurrence of
some predetermined data, time, or event? - ANSWERLogic bomb
Accessing a system of computers without authorization is considered to be: -
ANSWERa network intrusion.
A major difference between a hacker and an ethical hacker is the: - ANSWERcode of
ethics to which each subscribes.
While "hacker" has become a universal term for people who break the law or break into
systems without authorization, these people are more correctly known as: -
ANSWERcrackers
A hierarchical system of servers and services specifically designed to translate IP
addresses into domain names (forward lookups) as well as the reverse (reverse
lookups) is called: - ANSWERDomain Name Service (DNS).
In order to realize the full potential of a sniffer, the network card must: - ANSWERbe put
in promiscuous mode
Which of the following offers the greatest level of security for wireless networks? -
ANSWERWi-Fi Protected Access 2 (WPA2)
Which of the following is the protocol used to enable communication securely between
points on a Virtual Private Network (VPN)? - ANSWERLayer 2 Tunneling Protocol
Robot-controlled workstations that are part of a collection of other robot-controlled
workstations are called: - ANSWERbotnets
Which of the following is a distributed denial of service (DDoS) attack in which the
attacker sends a succession of SYN packets with a spoofed return address to a
ANSWERS 100% CORRECT
What type of penetration testing is most often used when an organization wants to
closely simulate how an attacker views a system? - ANSWERBlack-box testing
Denial of service (DoS) and distributed denial of service (DDoS) attacks have the same
effect; however, a distributed denial of service (DDos) attack: - ANSWERis launched
from large numbers of hosts that have been compromised and act after receiving a
particular command.
Which of the following terms refers to the ability to verify that information has not been
altered and has remained in the form originally intended by the creator? -
ANSWERIntegrity
To create a digital signature, two steps take place that result in the actual signature that
is sent with data. In the first step, the message or information to be sent is passed
through a hashing algorithm that creates a hash to: - ANSWERverify the integrity of the
message.
Which password attack method uses long lists of words that have been predefined and
can be quickly downloaded for use to break a password that is a word or a name? -
ANSWERDictionary password attack
A measurement of the percentage of individuals who have gained access but should not
have been granted such is called: - ANSWERfalse acceptance rate (FAR).
Which of the following types of authentication is based on a behavioral or physiological
characteristic that is unique to an individual? - ANSWERBiometrics
Which of the following allows the placing of telephone calls over computer networks and
the Internet? - ANSWERVoice over IP (VoIP)
A measurement of the percentage of individuals who should have been granted, but
were not allowed access is called: - ANSWERfalse rejection rate (FRR).
To create a digital signature, two steps take place that result in the actual signature that
is sent with data. In the second step, the hash is passed through the encryption process
using the sender's: - ANSWERprivate key as the key in the encryption process.
, When performing a penetration test, the team should generally include members with: -
ANSWERdifferent but complementary skills.
Which of the following refers to a piece of software, a tool, or a technique that targets or
takes advantage of a vulnerability? - ANSWERExploit
Which of the following refers to the structured and methodical means of investigating,
uncovering, attacking, and reporting on a target system's strengths and vulnerabilities? -
ANSWERPenetration testing
Which of the following statements is true regarding ethical hackers? - ANSWEREthical
hackers engage in their activities only with the permission of the asset owner.
Which of the following refers to a piece of code designed to cause harm that is
intentionally inserted into a software system and will activate upon the occurrence of
some predetermined data, time, or event? - ANSWERLogic bomb
Accessing a system of computers without authorization is considered to be: -
ANSWERa network intrusion.
A major difference between a hacker and an ethical hacker is the: - ANSWERcode of
ethics to which each subscribes.
While "hacker" has become a universal term for people who break the law or break into
systems without authorization, these people are more correctly known as: -
ANSWERcrackers
A hierarchical system of servers and services specifically designed to translate IP
addresses into domain names (forward lookups) as well as the reverse (reverse
lookups) is called: - ANSWERDomain Name Service (DNS).
In order to realize the full potential of a sniffer, the network card must: - ANSWERbe put
in promiscuous mode
Which of the following offers the greatest level of security for wireless networks? -
ANSWERWi-Fi Protected Access 2 (WPA2)
Which of the following is the protocol used to enable communication securely between
points on a Virtual Private Network (VPN)? - ANSWERLayer 2 Tunneling Protocol
Robot-controlled workstations that are part of a collection of other robot-controlled
workstations are called: - ANSWERbotnets
Which of the following is a distributed denial of service (DDoS) attack in which the
attacker sends a succession of SYN packets with a spoofed return address to a
