Infosec final 7

buntfu's version from 2012-05-06 17:54


Question Answer
A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.IDS
____ is the process of classifying IDPS alerts so that they can be more effectively managed.alarm filtering
____ is an event that triggers an alarm when no actual attack is in progress.False Attack Stimulus
False positiveAn alert or alarm that occurs in the absence of an actual attack.
The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________. noise
____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm.Alarm clustering
____ is the process of classifying IDPS alerts so that they can be more effectively managed.alarm filtering
Reasons to acquire and use and IDPS1. To prevent problem behaviors 2. To detect attacks 3. To detect probes 4. To document existing threats 5. To act as Quality Control 6. To provide useful info about successful attacks
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____.fingerprinting
footprintingthat is, getting a fully annotated diagram of the network.
The initial estimation of the defensive state of an organization’s networks and systems is calleddoorknob rattling
A(n) ____ IDPS is focused on protecting network information
A(n) ____________________ IDPS resides on a particular computer or server and monitors activity only on that
HIDPSs are also known as system ____________________ verifiers.integrity
____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.SPAN
Three methods dominate the IDPSs detection methods: ____________________ approach, statistical anomaly-based approach or the stateful packet inspection approach.signature-based
A signature-based IDPS is sometimes called a(n) ____________________-based IDPSknowledge
The ________ anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. statistical
is a process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations.stateful packet inspection
IDPS responses can be classified asactive or passive.
____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.biometric access control
The ____________________ error rate is the level at which the number of false rejections equals the false acceptances, also known as the equal error rate.crossover


Question Answer
____ is the process of converting an original message into a form that is unreadable to unauthorized individuals.encryption
The science of encryption is known as ____________________.cryptology
____________________ is the process of making and using codes to secure the transmission of information.Cryptography
____ is the entire range of values that can possibly be used to construct an individual key.keyspace
____________________ or cryptosystem is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption.cipher
The process of hiding messages within the digital encoding of a picture or graphic is called ____________________.stenography
______ or cleartext is the original unencrypted message, or a message that has been successfully decrypted.Plaintext
____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.Work factor
A(n) ____________________ substitution uses one alphabet.monoalphabetic
More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions.polyalphabetic
The ____________________ cipher simply rearranges the values within a block to create the ciphertext.Transposition
The ____________________ OR operation is a function of Boolean algebra in which two bits are compared, and if the two bits are identical, the result is a binary 0.exclusive
____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.hash
Hashing functions do not require the use of keys, but it is possible to attach a message ____________________ code.authentication
SHA-1 produces a(n) ____-bit message digest, which can then be used as an input to a digital signature algorithm.160
Hash algorithms are public functions that create a hash value by converting variable-length messages into a single fixed-length valuetrue
Cipher or __________ is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption.cryptosystem
A(n) ___________ attack attempts to intercept a public key or even to insert a known key structure in place of the requested public
____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem.correlation
_______, the attacker encrypts every word in a dictionary using the same cryptosystem as used by the target in an attempt to locate a match between the target ciphertext and the list of encrypted words.dictionary attack
In a(n) ____________________ attack, the attacker eavesdrops on the victim’s session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information.timing
____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.PKI
Digital ____________________ are public-key container files that allow computer programs to validate the key and identify to whom it belongs.certificates
The encapsulating security ____________________ protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.payload
__________ means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny.Nonrepudiation
Information is protected from being intercepted during transmission.Privacy
____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding.Pretty Good Privacy
PGP uses the freeware ___ algorithm to compress the message after it has been digitally signed but before it is encrypted.ZIP
____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.PGP
In IPSEC ____________________ mode, only the IP data is encrypted, not the IP headers.transport
In ________, the entire IP packet is encrypted with the attached ESP header. tunnel mode
The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.AH
_____ in transport mode can be used to establish a virtual private network, assuring encryption and authentication between networks communicating via the Internet.ESP