OS Hardening - SEC340 Chapter 1 & 2

10 September 2022
4.7 (114 reviews)
40 test answers

Unlock all answers in this set

Unlock answers (36)
question
A hacktivist can best be described as which of the following? a. consider themselves seekers of knowledge b. an unskilled programmer that spreads malicious scripts c. use DoS attacks on Web sites with which they disagree d. deface Web sites by leaving messages for their friends to read
answer
c. use DoS attacks on Web sites with which they disagree
question
Defense in depth can best be described as which of the following? a. a firewall that protects the network and the servers b. antivirus software and firewalls c. authentication and encryption d. a layered approach to security
answer
d. a layered approach to security
question
In which form of authentication does the authenticating device generate a random code and send it to the user who wants to be authenticated? a. biometrics b. signature c. challenge/response d. basic
answer
c. challenge/response
question
Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following? a. logic bomb b. botnet c. Trojan d. packet monke
answer
b. botnet
question
What can an attacker use a port scanner to test for on a target computer? a. invalid IP addresses b. SYN flags c. open sockets d. ping floods
answer
c. open sockets
question
What is a program that appears to do something useful but is actually malware? a. virus b. back door c. Trojan d. logic bomb
answer
c. Trojan
question
What is a VPN typically used for? a. detection of security threats b. filter harmful scripts c. secure remote access d. block open ports
answer
c. secure remote access
question
What is the name of a storage area where viruses are placed by antivirus software so they cannot replicate or do harm to other files? a. quarantine b. firewall c. demilitarized zone d. recycle bin
answer
a. quarantine
question
What tool do you use to secure remote access by users who utilize the Internet? a. DiD b. VPN c. DMZ d. IDS D. DiD
answer
b. VPN
question
Which of the following is a type of script that automates repetitive tasks in an application such as a word processor but can also be programmed to be a virus? a. macro b. Trojan c. worm d. back door
answer
a. macro
question
Which of the following is NOT information that a packet filter uses to determine whether to block a packet? a. port b. protocol c. checksum d. IP address
answer
c. checksum
question
Which of the following is NOT one of the three primary goals of information security? a. confidentiality b. availability c. integrity d. impartiality
answer
d. impartiality
question
Which security layer verifies the identity of a user, service, or computer? a. physical security b. authorization c. repudiation d. authentication
answer
d. authentication
question
Which security tool works by recognizing signs of a possible attack and sending notification to an administrator? a. VPN b. IDPS c. DiD d. DMZ
answer
b. IDPS
question
Which term is best described as an attack that relies on the gullibility of people? a. back door b. social engineering c. malicious code d. script kiddie
answer
b. social engineering
question
Which type of attack causes the operating system to crash because it is unable to handle arbitrary data sent to a port? a. SYN flood b. malicious port scanning c. ICMP message abuse d. RPC attacks
answer
d. RPC attacks
question
Which type of attack works by an attacker operating between two computers in a network and impersonating one computer to intercept communications? a. malicious port scanning b. man-in-the-middle c. remote procedure call d. denial of service
answer
b. man-in-the-middle
question
Which type of firewall policy calls for a firewall to deny all traffic by default? a. restrictive policy b. demilitarized policy c. perimeter policy d. permissive policy
answer
a. restrictive policy
question
Why might you want your security system to provide nonrepudiation? a. so a user can't deny sending or receiving a communication b. to prevent a user from capturing packets and viewing sensitive information c. to trace the origin of a worm spread through email d. to prevent an unauthorized user from logging into the system
answer
a. so a user can't deny sending or receiving a communication
question
With which access control method do system administrators establish what information users can share? a. administrative access control b. discretionary access control c. mandatory access control d. role-based access control
answer
c. mandatory access control
question
Which of the following is the IPv6 loopback address? a. ::FFFF b. 1000:127:0:0:1 c. ::1 d. 000:000::
answer
c. ::1
question
How are the two parts of an IP address determined? a. host identifier b. network identifier c. routing table d. subnet mask
answer
d. subnet mask
question
How large is the IPv6 address space? a. 168 bits b. 128 bits c. 64 bits d. 32 bits
answer
b. 128 bits
question
If you are subnetting a class B network, what subnet mask will yield 64 subnets? a. 255.255.224.0 b. 255.255.192.0 c. 255.255.252.0 d. 255.255.64.0
answer
c. 255.255.252.0
question
In which OSI model layer will you find the OSPF protocol? a. Transport b. Network c. Session d. Application
answer
b. Network
question
What does a sliding window do in a TCP packet? a. ensures all packets are delivered b. ensures transmission reliability c. provides packet security d. provides flow control
answer
d. provides flow control
question
What feature in ICMPv6 replaces ARP in IPv4? a. Echo Request b. Authentication Header c. Multicast Listener Discovery d. Neighbor Discovery
answer
d. Neighbor Discovery
question
What is the TCP portion of a packet called? a. data b. segment c. frame d. header
answer
b. segment
question
What should you do when configuring DNS servers that are connected to the Internet in order to improve security? a. setup DNS proxy b. disable DNS buffers c. delete the DNS cache d. disable zone transfers
answer
d. disable zone transfers
question
Which field in the IP header is an 8-bit value that identifies the maximum amount of time the packet can remain in the network before it is dropped? a. ECN b. Options c. Fragment Offset d. TTL
answer
d. TTL
question
Which IPv6 header field is known as the priority field? a. Traffic Class b. Version c. Flow Label d. Hop Limit
answer
a. Traffic Class
question
Which of the following addresses is a Class B IP address? a. 211.55.119.7 b. 224.14.9.11 c. 189.77.101.6 d. 126.14.1.7
answer
c. 189.77.101.6
question
Which of the following is a reason that UDP is faster than TCP? a. it doesn't guarantee delivery b. it doesn't use port numbers c. the header is smaller d. it has a higher priority on the network
answer
a. it doesn't guarantee delivery
question
Which of the following is a valid IPv6 address? a. 1080::8:800:200C:417A b. 24::5B1A::346C c. 5BA4:2391:0:0:4C3E d. 5510:ABCD::34:1::2
answer
a. 1080::8:800:200C:417A
question
Which of the following is considered a flooded broadcast IP address? a. 255.255.255.255 b. 10.255.255.255 c. 200.15.6.255 d. FFFF.FFFF.FFFF
answer
a. 255.255.255.255
question
Which of the following is NOT a reason for subnetting a network? a. increasing network security b. making larger groups of computers c. planning for growth d. controlling network traffic
answer
b. making larger groups of computers
question
Which of the following is NOT an advantage of IPv6 versus IPv4? a. built-in security b. NAT is unnecessary c. larger address space d. supports static configuration
answer
d. supports static configuration
question
Which of the following is the broadcast address for subnet 192.168.10.32 with subnet mask 255.255.255.240 a. 192.168.10.95 b. 192.168.10.23 c. 192.168.10.63 d. 192.168.10.47
answer
d. 192.168.10.47
question
Which of the following is the first packet sent in the TCP three-way handshake? Select one: a. ACK b. PSH c. RST d. SYN
answer
d. SYN
question
Which protocol is responsible for automatic assignment of IP addresses? Select one: a. FTP b. SNMP c. DHCP d. DNS
answer
c. DHCP