Infosec final 7


Section
Question | Answer |
---|---|
A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. | IDS |
____ is the process of classifying IDPS alerts so that they can be more effectively managed. | alarm filtering |
____ is an event that triggers an alarm when no actual attack is in progress. | False Attack Stimulus |
False positive | An alert or alarm that occurs in the absence of an actual attack. |
The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________. | noise |
____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm. | Alarm clustering |
____ is the process of classifying IDPS alerts so that they can be more effectively managed. | alarm filtering |
Reasons to acquire and use and IDPS | 1. To prevent problem behaviors 2. To detect attacks 3. To detect probes 4. To document existing threats 5. To act as Quality Control 6. To provide useful info about successful attacks |
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. | fingerprinting |
footprinting | that is, getting a fully annotated diagram of the network. |
The initial estimation of the defensive state of an organization’s networks and systems is called | doorknob rattling |
A(n) ____ IDPS is focused on protecting network information assets. | network-based |
A(n) ____________________ IDPS resides on a particular computer or server and monitors activity only on that system. | host-based |
HIDPSs are also known as system ____________________ verifiers. | integrity |
____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. | SPAN |
Three methods dominate the IDPSs detection methods: ____________________ approach, statistical anomaly-based approach or the stateful packet inspection approach. | signature-based |
A signature-based IDPS is sometimes called a(n) ____________________-based IDPS | knowledge |
The ________ anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. | statistical |
is a process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations. | stateful packet inspection |
IDPS responses can be classified as | active or passive. |
____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. | biometric access control |
The ____________________ error rate is the level at which the number of false rejections equals the false acceptances, also known as the equal error rate. | crossover |
Question | Answer |
---|---|
____ is the process of converting an original message into a form that is unreadable to unauthorized individuals. | encryption |
The science of encryption is known as ____________________. | cryptology |
____________________ is the process of making and using codes to secure the transmission of information. | Cryptography |
____ is the entire range of values that can possibly be used to construct an individual key. | keyspace |
____________________ or cryptosystem is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption. | cipher |
The process of hiding messages within the digital encoding of a picture or graphic is called ____________________. | stenography |
______ or cleartext is the original unencrypted message, or a message that has been successfully decrypted. | Plaintext |
____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown. | Work factor |
A(n) ____________________ substitution uses one alphabet. | monoalphabetic |
More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions. | polyalphabetic |
The ____________________ cipher simply rearranges the values within a block to create the ciphertext. | Transposition |
The ____________________ OR operation is a function of Boolean algebra in which two bits are compared, and if the two bits are identical, the result is a binary 0. | exclusive |
____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. | hash |
Hashing functions do not require the use of keys, but it is possible to attach a message ____________________ code. | authentication |
SHA-1 produces a(n) ____-bit message digest, which can then be used as an input to a digital signature algorithm. | 160 |
Hash algorithms are public functions that create a hash value by converting variable-length messages into a single fixed-length value | true |
Cipher or __________ is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption. | cryptosystem |
A(n) ___________ attack attempts to intercept a public key or even to insert a known key structure in place of the requested public key. | man-in-the-middle |
____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem. | correlation |
_______, the attacker encrypts every word in a dictionary using the same cryptosystem as used by the target in an attempt to locate a match between the target ciphertext and the list of encrypted words. | dictionary attack |
In a(n) ____________________ attack, the attacker eavesdrops on the victim’s session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information. | timing |
____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. | PKI |
Digital ____________________ are public-key container files that allow computer programs to validate the key and identify to whom it belongs. | certificates |
The encapsulating security ____________________ protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. | payload |
__________ means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny. | Nonrepudiation |
Information is protected from being intercepted during transmission. | Privacy |
____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding. | Pretty Good Privacy |
PGP uses the freeware ___ algorithm to compress the message after it has been digitally signed but before it is encrypted. | ZIP |
____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. | PGP |
In IPSEC ____________________ mode, only the IP data is encrypted, not the IP headers. | transport |
In ________, the entire IP packet is encrypted with the attached ESP header. | tunnel mode |
The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication. | AH |
_____ in transport mode can be used to establish a virtual private network, assuring encryption and authentication between networks communicating via the Internet. | ESP |
Pages linking here (main versions and versions by same user)
No other pages link to this page. See Linking Quickstart for more info.