78. Which of the following is a disadvantage of asymmetric cryptology?

Slower than symmetric cryptology.

79. What type of software should you run to check your email for malicious code?

ANTIVIRUS

80. If you must execute a file you don't know about, it is best to ______ first

Scan It For Malicious Code.

81. You should never open a  ______ without being sure of what it is / does first

Executable File.

82. Generated by an algorithm that creates a small fixed-sized block

Message Authentication Code

(MAC)

83. Which of the following is a disadvantage of asymmetric cryptology?

Slower than symmetric cryptology.

84. A  ______ application monitors all incoming and outgoing network traffic and blocks unauthorized packets from getting through

Personal Firewall

85. ______ is a device or application used to inspect all network traffic and alert the user or administrator when there has been unauthorized attempts or access.

IDS

86. When an attacker sends unsolicited communication, it is an example of:

Spamming.

87. This is a document that states in writing how a company plans to protect the company's physical and IT assets

security policy

88. – protecting the integrity of a message – validating identityof originator – non-repudiation oforigin (dispute resolution)

Message Authentication

89. Which of the following allows attackers to break passwords?

Crackers.

90. What is Denial of Service in Threat Modeling?

attack is to deliberately cause an application to be less available

91. If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system

Escalating Privileges

92.

Collecting as much information about the target

DNS Servers , IP Ranges , Administrative Contacts , Problems revealed by administrators

Footprinting

93. Takes128-bit (16-byte) key and expands into array of 44/52/60 32-bit words

RJINDAEL AES

94. What flaw arises from session tokens having poor randomness across a range of values?

Session Hijacking.

95. Security Misconfiguration can be prevented by:

Having a software update process in place; Generic Error Messaging; Default Password change; Disabling default and unnecessary functionality.

96. This is a set of related programs, usually located at a network gateway server, that protects the resources of a private network from other networks.

FIREWALL

97. This is a program or file that is specifically developed for the purpose of doing harm

malware.

98. has9/11/13 rounds in which state undergoes: ?

byte substitution (1 Sbox used on every byte)

shift rows (permute bytes between groups/columns)

mix columns (subs using matrix multiply of groups)

add round key (XOR state with key material)

view as alternating XOR key & scramble data bytes

The AES Cipher -Rijndael

99. What is a type of attack that involves trying all possible combinations to break a code or password?

Brute force attack

100. What is the first action you take once an intrusion is identified?

Evaluate -> Identify the intruder -> Identify the Vulnerability -> Return systems to operation

101. What key length does AES not support?

512-bit.

102. The Caesar Cipher is an example of what kind of cipher?

Substitution.

103. Which firewall does not keep a history of outgoing connections?

Packet-filtering.

104. What best describes a Trojan Horse?

Malicious code disguised as or inserted into a legitimate program.

105. In computer security, this describes a non-technical kind of intrusion that relies heavily on human interaction. It often involves tricking people to break their own security procedures

social engineering

106. Which of the following is a disadvantage of asymmetric cryptology?

Slower than symmetric cryptology.

107. Which of the following allows attackers to break passwords?

Crackers.

108. has 128/192/256 bit keys, 128 bit data

The AES Cipher – Rijndael

109. This is the conversion of data into a ciphertext that cannot be easily understood by unauthorized people

encryption

110. When an attacker sends unsolicited communication, it is an example of:

Spamming.

111. Which term relates specifically to the art and science of code breaking?

Cryptology

112. Initial criteria from AES

• security – effort for practical cryptanalysis

• cost – in terms of computational efficiency

algorithm & implementation characteristics

113. Which of the following is a centralized access control methodology?

RADIUS.

114. can use Triple-DES – but slow, has small blocks

AES

115. Background checks are what type of control?

Administrative.