ITSY 2341 FINAL QUESTIONS WITH CORRECT ANSWERS GRADED A+
signature recognition - Answers Which of the following biometric authentication systems is the
most accepted by users?
It uses a secret key to encrypt and decrypt. - Answers Which of the following is true about
symmetric encryption?
False - Answers A semialphabetic substitution cipher is one that incorporates two or more
alphabets in the encryption process.
- Answers Which of the following is true about symmetric encryption?
false reject rate - Answers The rate at which authentic users are denied or prevented access to
authorized areas as a result of a failure in the biometric device is known as the __________.
stateful packet inspection - Answers Which type of firewall keeps track of each network
connection established between internal and external systems?
authentication - Answers Which of the following access control processes confirms the identity
of the entity seeking access to a logical or physical area?
False - Answers A validity table is a tabular record of the state and context of each packet in a
conversation between an internal and external user or system. __________
port-address translation - Answers Which technology employs sockets to map internal private
network addresses to a public address using one-to-many mapping?
True - Answers A packet filtering firewall is a networking device that examines the header
information of data packets that come into a network and determines whether to drop them
(deny) or forward them to the next network connection (allow), based on its configuration rules.
__________
IP Security Protocol - Answers Which technology has two modes of operation: transport and
tunnel?
digital signature - Answers What is most commonly used for the goal of nonrepudiation in
cryptography?
False - Answers The "something a person has" authentication mechanism takes advantage of
something inherent in the user that is evaluated using biometrics.
packet sniffer - Answers What tool would you use if you want to collect information as it is
being transmitted on the network and analyze the contents for the purpose of solving network
problems?
socket - Answers The combination of a system's TCP/IP address and a service port is known as
,a __________.
True - Answers The KDC component of Kerberos knows the secret keys of all clients and
servers on the network.
False - Answers A smart chip is an authentication component, similar to a dumb card, that
contains a computer chip to verify and validate several pieces of information instead of just a
PIN. __________
anomaly-based - Answers Which type of IDPS is also known as a behavior-based intrusion
detection system?
cryptanalysis - Answers The process of obtaining the plaintext message from a ciphertext
message without knowing the keys used to perform the encryption is known as __________.
signature-based - Answers Which type of IDPS works like antivirus software?
True - Answers A wireless access point is a device used to connect wireless networking users
and their devices to the rest of the organization's network(s). __________
something a person says - Answers Which of the following is NOT among the three types of
authentication mechanisms?
False - Answers The action level is a predefined assessment level of an IDPS that triggers a
predetermined response when surpassed. __________
fingerprinting - Answers What is the next phase of the pre-attack data gathering process after
an attacker has collected all of an organization's Internet addresses?
sending DoS packets to the source - Answers Which of the following is NOT a method employed
by IDPSs to prevent an attack from succeeding?
key - Answers Which of the following is used in conjunction with an algorithm to make computer
data secure from anybody except the intended recipient of the data?
honey pot - Answers What is an application that entices individuals who are illegally perusing
the internal areas of a network by providing simulated rich content areas while the software
notifies the administrator of the intrusion?
footprinting - Answers What is the organized research and investigation of Internet addresses
owned or controlled by a target organization?
dual-homed host - Answers The bastion host is usually implemented as a __________, as it
contains two network interfaces: one that is connected to the external network and one that is
connected to the internal network, such that all traffic must go through the device to move
between the internal and external networks.
, True - Answers A password should be difficult to guess. __________
Both of these are correct. - Answers In an IDPS, a piece of software that resides on a system
and reports back to a management server is known as a(n) __________.
False - Answers In e-commerce situations, some cryptographic tools can be used for
misrepresentation in order to assure that parties to the transaction are authentic, and that they
cannot later deny having participated in a transaction. __________
Evaluate how the new technology will enhance employee skills. - Answers When an information
security team is faced with a new technology, which of the following is NOT a recommended
approach?
PKI - Answers An integrated system of software, encryption methodologies, protocols, legal
agreements, and third-party services that enables users to communicate securely through the
use of digital certificates.
asymmetric encryption - Answers A cryptographic method that incorporates mathematical
operations involving both a public key and a private key to encipher or decipher a message.
footprinting - Answers The organized research and investigation of Internet addresses owned or
controlled by a target organization.
transport mode - Answers In IPSec, an encryption method in which only a packet's IP data is
encrypted, not the IP headers themselves; this method allows intermediate nodes to read the
source and destination addresses.
Vernam cipher - Answers A cryptographic technique developed at AT&T and known as the "one-
time pad," this cipher uses a set of characters for encryption operations only one time and then
discards it.
SSL - Answers Was developed by Netscape in 1994 to provide security for online e-commerce
transactions.
content filter - Answers A software program or hardware/software appliance that allows
administrators to restrict content that comes into or leaves a network—for example, restricting
user access to Web sites with material that is not related to business, such as pornography or
entertainment.
VPN - Answers A private, secure network operated over a public and insecure network.
transposition cipher - Answers A cryptographic operation that involves simply rearranging the
values within a block based on an established pattern.
digital certificate - Answers Public key container files that allow PKI system components and
end users to validate a public key and identify its owner.
signature recognition - Answers Which of the following biometric authentication systems is the
most accepted by users?
It uses a secret key to encrypt and decrypt. - Answers Which of the following is true about
symmetric encryption?
False - Answers A semialphabetic substitution cipher is one that incorporates two or more
alphabets in the encryption process.
- Answers Which of the following is true about symmetric encryption?
false reject rate - Answers The rate at which authentic users are denied or prevented access to
authorized areas as a result of a failure in the biometric device is known as the __________.
stateful packet inspection - Answers Which type of firewall keeps track of each network
connection established between internal and external systems?
authentication - Answers Which of the following access control processes confirms the identity
of the entity seeking access to a logical or physical area?
False - Answers A validity table is a tabular record of the state and context of each packet in a
conversation between an internal and external user or system. __________
port-address translation - Answers Which technology employs sockets to map internal private
network addresses to a public address using one-to-many mapping?
True - Answers A packet filtering firewall is a networking device that examines the header
information of data packets that come into a network and determines whether to drop them
(deny) or forward them to the next network connection (allow), based on its configuration rules.
__________
IP Security Protocol - Answers Which technology has two modes of operation: transport and
tunnel?
digital signature - Answers What is most commonly used for the goal of nonrepudiation in
cryptography?
False - Answers The "something a person has" authentication mechanism takes advantage of
something inherent in the user that is evaluated using biometrics.
packet sniffer - Answers What tool would you use if you want to collect information as it is
being transmitted on the network and analyze the contents for the purpose of solving network
problems?
socket - Answers The combination of a system's TCP/IP address and a service port is known as
,a __________.
True - Answers The KDC component of Kerberos knows the secret keys of all clients and
servers on the network.
False - Answers A smart chip is an authentication component, similar to a dumb card, that
contains a computer chip to verify and validate several pieces of information instead of just a
PIN. __________
anomaly-based - Answers Which type of IDPS is also known as a behavior-based intrusion
detection system?
cryptanalysis - Answers The process of obtaining the plaintext message from a ciphertext
message without knowing the keys used to perform the encryption is known as __________.
signature-based - Answers Which type of IDPS works like antivirus software?
True - Answers A wireless access point is a device used to connect wireless networking users
and their devices to the rest of the organization's network(s). __________
something a person says - Answers Which of the following is NOT among the three types of
authentication mechanisms?
False - Answers The action level is a predefined assessment level of an IDPS that triggers a
predetermined response when surpassed. __________
fingerprinting - Answers What is the next phase of the pre-attack data gathering process after
an attacker has collected all of an organization's Internet addresses?
sending DoS packets to the source - Answers Which of the following is NOT a method employed
by IDPSs to prevent an attack from succeeding?
key - Answers Which of the following is used in conjunction with an algorithm to make computer
data secure from anybody except the intended recipient of the data?
honey pot - Answers What is an application that entices individuals who are illegally perusing
the internal areas of a network by providing simulated rich content areas while the software
notifies the administrator of the intrusion?
footprinting - Answers What is the organized research and investigation of Internet addresses
owned or controlled by a target organization?
dual-homed host - Answers The bastion host is usually implemented as a __________, as it
contains two network interfaces: one that is connected to the external network and one that is
connected to the internal network, such that all traffic must go through the device to move
between the internal and external networks.
, True - Answers A password should be difficult to guess. __________
Both of these are correct. - Answers In an IDPS, a piece of software that resides on a system
and reports back to a management server is known as a(n) __________.
False - Answers In e-commerce situations, some cryptographic tools can be used for
misrepresentation in order to assure that parties to the transaction are authentic, and that they
cannot later deny having participated in a transaction. __________
Evaluate how the new technology will enhance employee skills. - Answers When an information
security team is faced with a new technology, which of the following is NOT a recommended
approach?
PKI - Answers An integrated system of software, encryption methodologies, protocols, legal
agreements, and third-party services that enables users to communicate securely through the
use of digital certificates.
asymmetric encryption - Answers A cryptographic method that incorporates mathematical
operations involving both a public key and a private key to encipher or decipher a message.
footprinting - Answers The organized research and investigation of Internet addresses owned or
controlled by a target organization.
transport mode - Answers In IPSec, an encryption method in which only a packet's IP data is
encrypted, not the IP headers themselves; this method allows intermediate nodes to read the
source and destination addresses.
Vernam cipher - Answers A cryptographic technique developed at AT&T and known as the "one-
time pad," this cipher uses a set of characters for encryption operations only one time and then
discards it.
SSL - Answers Was developed by Netscape in 1994 to provide security for online e-commerce
transactions.
content filter - Answers A software program or hardware/software appliance that allows
administrators to restrict content that comes into or leaves a network—for example, restricting
user access to Web sites with material that is not related to business, such as pornography or
entertainment.
VPN - Answers A private, secure network operated over a public and insecure network.
transposition cipher - Answers A cryptographic operation that involves simply rearranging the
values within a block based on an established pattern.
digital certificate - Answers Public key container files that allow PKI system components and
end users to validate a public key and identify its owner.
