Question 11 out of 1 points In ____ mode, the data within an IP packet is encrypted, but the header information is not.1. TransportQuestion 21 out of 1 points The ____ is responsible for the fragmentation, compression, encryption, and attachment of anSSL header to the clear text prior to transmission. 4. SSL Record ProtocolQuestion 31 out of 1 points The CA periodically distributes a (n) ____ to all users that identifies all revoked certificates. 3. CRLQuestion 41 out of 1 points ____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.2. Work factorQuestion 51 out of 1 points A (n) ____ plan deals with the identification, classification, response, and recovery from an incident. 4. IRQuestion 61 out of 1 points ____ is the action of luring an individual into committing a crime to get a conviction.

1. EntrapmentQuestion 71 out of 1 points ____ is the entire range of values that can possibly be used to construct an individual key. 3. Key spaceQuestion 81 out of 1 points The restrictions most commonly implemented in packet-filtering firewalls are based on ____. 3. All of the aboveQuestion 91 out of 1 pointsBit stream methods commonly use algorithm functions like the exclusive OR operation (____). 2. XORQuestion 101 out of 1 points An X.509 v3 certificate binds a ____, which uniquely identifies a certificate entity, to a user’s public key. 3. Distinguished nameQuestion 111 out of 1 points The first phase in the development of the contingency planning process is the ____. 4. BIAQuestion 12

1 out of 1 points ____ Functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. 3. HashQuestion 131 out of 1 pointsThe ____ is an intermediate area between a trusted network and an untrusted network. 3. DMZQuestion 141 out of 1 points ____ is the information used in conjunction with an algorithm to create the cipher text from the plaintext or derive the plaintext from the cipher text. 4. KeyQuestion 151 out of 1 points ____ Inspection firewalls keep track of each network connection between internal and external systems. 3. TastefulQuestion 161 out of 1 points SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____. 3. BlueprintQuestion 171 out of 1 points

RAID ____ drives can be hot swapped. 3. 5Question 181 out of 1 points ____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. 3. InlineQuestion 190 out of 1 points The stated purpose of ____ is to “give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization.” 1. BS7799 (Part 2)Question 201 out of 1 points ____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding.3. PGPQuestion 211 out of 1 points ____ Controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization. 1. ManagerialQuestion 221 out of 1 points ICMP uses port ____ to request a response to a query and can be the first indicator of a malicious attack.

2. 7Question 231 out of 1 points A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event. 3. DynamicQuestion 241 out of 1 points The dominant architecture used to secure network access today is the ____ firewall. 3. Screened subnetQuestion 251 out of 1 pointsAn alert ____ is a document containing contact information for the people to be notified in the event of an incident. 4. RosterQuestion 261 out of 1 points Firewalls fall into ____ major processing-mode categories.4. fiveQuestion 271 out of 1 points To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base.1. SignaturesQuestion 281 out of 1 points

Kerberos ____ provides tickets to clients who request services. 3. TGSQuestion 291 out of 1 points In a ____ attack, the attacker eavesdrops during the victim’s session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information. 3. TimingQuestion 301 out of 1 points IDPS researchers have used padded cell and honeypot systems since the late ____. 1. 1980sQuestion 311 out of 1 points In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____. 4. WAPsQuestion 321 out of 1 points Which of the following is a valid version of TACACS? 1. All of the aboveQuestion 331 out of 1 points A(n) ____ is a network tool that collects copies of packets from the network and analyzes them.1.

Packet snifferQuestion 341 out of 1 points Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. 4. CorrectionQuestion 351 out of 1 points ____ Attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the cipher text that is the output of the cryptosystem. 4. CorrelationQuestion 361 out of 1 points A(n) ____ IDPS is focused on protecting network information assets. 4. Network-basedQuestion 371 out of 1 points A(n) ____ is a proposed systems user. 1. SupplicantQuestion 381 out of 1 points A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.4. MAC

Question 391 out of 1 points ____ is the process of classifying IDPS alerts so that they can be more effectively managed. 1. Alarm filteringQuestion 401 out of 1 points In most common implementation models, the content filter has two components: ____. 2. Rating and filteringQuestion 411 out of 1 points Telnet protocol packets usually go to TCP port ____.1. 23Question 421 out of 1 points The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees. 4. CISOQuestion 431 out of 1 points ISA Server can use ____ technology. 4. Point to Point Tunneling ProtocolQuestion 441 out of 1 points A buffer against outside attacks is frequently referred to as a (n) ____.

1. DMZQuestion 451 out of 1 points Using ____, the system reviews the log files generated by servers, network devices, and even other IDPSs. 2. LFMQuestion 461 out of 1 points ____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines. 2. NetworkQuestion 471 out of 1 points SHA-1 produces a (n) ____-bit message digest, which can then be used as an input to a digital signature algorithm. 2. 160Question 481 out of 1 points The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts. 4. EISPQuestion 491 out of 1 points ____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.

4. FuzzQuestion 501 out of 1 points ____ And TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection. 1. RADIUSQuestion 511 out of 1 points A (n) ____ is “a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and securityprocedures.” 3. VPNQuestion 521 out of 1 points ____ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.3. StaticQuestion 531 out of 1 points Which of the following ports is commonly used for the HTTP protocol? 1. 80Question 541 out of 1 points The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____.

3. IETFQuestion 551 out of 1 points ____ Controls address personnel security, physical security, and the protection of production inputs and outputs.1. OperationalQuestion 561 out of 1 points The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. 4. CERQuestion 571 out of 1 points Effective management includes planning and ____. 3. All of the aboveQuestion 581 out of 1 pointsSince the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host. 3. SacrificialQuestion 591 out of 1 points The proxy server is often placed in an unsecured area of the network or is placed in the ____zone. 3. DemilitarizedQuestion 601 out of 1 points

Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident. 1. AssessmentQuestion 611 out of 1 pointsThe ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication. 4. AHQuestion 621 out of 1 points____ is the protocol used to secure communications across any IP-based network such as LANs, WANs, and the Internet. 2. IPSecQuestion 631 out of 1 points ____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. 3. Biometric access controlQuestion 641 out of 1 points Security ____ are the areas of trust within which users can freely communicate. 1. DomainsQuestion 651 out of 1 points More advanced substitution ciphers use two or more alphabets, and are referred to as ____substitutions.

1. PolyalphabeticQuestion 661 out of 1 points ____ Applications use a combination of techniques to detect an intrusion and then trace it back to its source. 1. Trap and traceQuestion 671 out of 1 points A (n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. 2. IDSQuestion 681 out of 1 points Strategic planning is the process of moving the organization towards its ____. 2. VisionQuestion 691 out of 1 points In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a (n) ____. 1. PACQuestion 701 out of 1 points The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use. 2.

RSAQuestion 711 out of 1 points ____ generates and issues session keys in Kerberos.2. KDCQuestion 721 out of 1 points ____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files. 2. H I D P S sQuestion 731 out of 1 points Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. 1. fingerprintingQuestion 741 out of 1 points In TCP/IP networking, port ____ is not used.4. 0Question 751 out of 1 points ____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. 3. PGP

Question 761 out of 1 points ____ are decoy systems designed to lure potential attackers away from critical systems. 4. HoneypotsQuestion 771 out of 1 points A ____ site provides only rudimentary services and facilities. 1. ColdQuestion 781 out of 1 points Among all possible biometrics, ____ is (are) considered truly unique. Selected Answer: 3. All of the aboveQuestion 791 out of 1 points Digital signatures should be created using processes and products that are based on the ____.2. DSSQuestion 801 out of 1 points The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources. 4. SecurityQuestion 811 out of 1 points

A method of encryption that requires the same secret key to encipher and decipher the message is known as ____ encryption. 3. SymmetricQuestion 821 out of 1 points Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs.1. PassiveQuestion 831 out of 1 points ____ is a federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure. 3. AESQuestion 841 out of 1 points ____ often function as standards or procedures to be used when configuring or maintaining systems. 4. S y s S P sQuestion 851 out of 1 points ____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.3. Packet-filteringQuestion 861 out of 1 pointsStandards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.

1. de jureQuestion 871 out of 1 points ____ is an event that triggers an alarm when no actual attack is in progress.1. False Attack StimulusQuestion 881 out of 1 points ____ are encrypted messages that can be mathematically proven to be authentic.3. Digital signaturesQuestion 891 out of 1 points ____ is the protocol for handling TCP traffic through a proxy server. 3. S O C K SQuestion 901 out of 1 points What country adopted ISO/IEC 17799? 4. None of the aboveQuestion 911 out of 1 points ____ firewalls are designed to operate at the media access control sub layer of the data link layer of the OSI network model. 1. MAC layerQuestion 921 out of 1 points

____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. 1. N I D P S sQuestion 931 out of 1 points A security ____ is an outline of the overall information security strategy for the organization and roadmap for planned changes to the information security environment of the organization. 4. FrameworkQuestion 941 out of 1 points ____ is the process of converting an original message into a form that is unreadable to unauthorized individuals. 4. EncryptionQuestion 951 out of 1 points The application gateway is also known as a (n) ____. 2. Application-level firewallQuestion 960 out of 1 points ____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. 1. N I D P SQuestion 971 out of 1 points Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.

2. All of the aboveQuestion 981 out of 1 points DES uses a (n) ____-bit block size.2. 64Question 991 out of 1 points The transfer of large batches of data to an off-site facility is called ____. 1. Electronic vaultingQuestion 1001 out of 1 points ____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. 4. PKIQuestion 1011 out of 1 points To assist in the footprint intelligence collection process, you can use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses.1. TrueQuestion 1021 out of 1 points A HIDPS can monitor systems logs for predefined events. 1.

TrueQuestion 1030 out of 1 points.

The asymmetric encryption systems use a single key to both encrypt and decrypt a message.1. TrueQuestion 1041 out of 1 points The encapsulating security payload protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. 1. TrueQuestion 1051 out of 1 points Failure to develop an information security system based on the organization’s mission, vision, and culture guarantees the failure of the information security program. 2. TrueQuestion 1061 out of 1 points The application firewall runs special software that acts as a proxy for a service request. 2. TrueQuestion 1071 out of 1 points There are limits to the level of configurability and protection that software firewalls can provide. 1. TrueQuestion 1080 out of 1 points

To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted.1. TrueQuestion 1091 out of 1 points A VPN allows a user to turn the Internet into a private network. 1. TrueQuestion 1100 out of 1 points Intrusion detection and prevention systems can deal effectively with switched networks. 2. TrueQuestion 1111 out of 1 points The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies. 2. TrueQuestion 1121 out of 1 points Dictionary attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the cipher text generated by the cryptosystem. 2. FalseQuestion 1131 out of 1 points A starting scanner is one that initiates traffic on the network in order to determine security holes.

1. FalseQuestion 1141 out of 1 points You can create a single comprehensive ISSP document covering all information security issues.1. TrueQuestion 1151 out of 1 points A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network. 2. FalseQuestion 1161 out of 1 points The ability to restrict a specific service is now considered standard in most routers and is invisible to the user.1. TrueQuestion 1171 out of 1 points Database shadowing only processes a duplicate in real-time data storage but does not duplicate the databases at the remote site. 1. FalseQuestion 1181 out of 1 points A false positive is the failure of an IDPS system to react to an actual attack event. 2. FalseQuestion 119

1 out of 1 points In order to determine which IDPS best meets an organization’s needs, first consider the organizational environment in technical, physical, and political terms. 2. TrueQuestion 1200 out of 1 points Your organization’s operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. 1. TrueQuestion 1211 out of 1 points A content filter is technically a firewall. 1. FalseQuestion 1221 out of 1 points A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. 2. TrueQuestion 1231 out of 1 points All IDPS vendors target users with the same levels of technical and security expertise. 2. FalseQuestion 1241 out of 1 points

Nmap uses incrementing Time-To-Live packets to determine the path into a network as well as the default firewall policy. 1. FalseQuestion 1251 out of 1 points Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. 2. FalseQuestion 1261 out of 1 points Firewall Rule Set 1 states that responses to internal requests are not allowed.1. FalseQuestion 1270 out of 1 points It is important that e-mail traffic reach your e-mail server and only your e-mail server.2. FalseQuestion 1281 out of 1 points The Extended TACACS version uses dynamic passwords and incorporates two-factor authentication. 1. FalseQuestion 1291 out of 1 points One method of protecting the residential user is to install a software firewall directly on the user’s system. 2.

TrueQuestion 1301 out of 1 points To remain viable, security policies must have a responsible individual, a schedule of reviews, method for making recommendations for reviews, and a policy issuance and planned revision date. 1. TrueQuestion 1311 out of 1 points Internet connections via dial-up and leased lines are becoming more popular. 2. FalseQuestion 1321 out of 1 points HIDPSs are also known as system integrity verifiers.1. TrueQuestion 1331 out of 1 points One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message. 2. TrueQuestion 1341 out of 1 points NIDPSs can reliably ascertain if an attack was successful or not. 2. FalseQuestion 1351 out of 1 points

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on the network. 1. TrueQuestion 1361 out of 1 points Secure Electronic Transactions was developed by MasterCard and VISA in 1997 to protect against electronic payment fraud. 2. TrueQuestion 1371 out of 1 points Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall’s database. 2. TrueQuestion 1381 out of 1 points In 1917, Gilbert S. Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key.1. TrueQuestion 1390 out of 1 points The ISSP sets out the requirements that must be met by the information security blueprint or framework. 2. True

Question 1400 out of 1 points

The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus.1. TrueQuestion 1411 out of 1 points Many industry observers claim that ISO/IEC 17799 is not as complete as other frameworks. 1. TrueQuestion 1421 out of 1 points Information security safeguards provide two levels of control: managerial and remedial. 1. FalseQuestion 1431 out of 1 points A sniffer cannot be used to eavesdrop on network traffic.2. FalseQuestion 1441 out of 1 points Circuit gateway firewalls usually look at data traffic flowing between one network and another. 2. FalseQuestion 1451 out of 1 points NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans.1.

TrueQuestion 1461 out of 1 points The Simple Network Management Protocol contains trap functions, which allow a device to send message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively. 1. TrueQuestion 1471 out of 1 points IDPS responses can be classified as active or passive. 1. TrueQuestion 1481 out of 1 points An HIDPS can detect local events on host systems and also detect attacks that may elude network-based IDPS. 1. TrueQuestion 1490 out of 1 points Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny. 1. FalseQuestion 1501 out of 1 points Each policy should contain procedures and a timetable for periodic review. 1.

True