Infosec final 7
rename
buntfu's
version from
2012-05-06 17:54
Section
| Question | Answer |
|---|---|
| A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. | IDS |
| ____ is the process of classifying IDPS alerts so that they can be more effectively managed. | alarm filtering |
| ____ is an event that triggers an alarm when no actual attack is in progress. | False Attack Stimulus |
| False positive | An alert or alarm that occurs in the absence of an actual attack. |
| The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________. | noise |
| ____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm. | Alarm clustering |
| ____ is the process of classifying IDPS alerts so that they can be more effectively managed. | alarm filtering |
| Reasons to acquire and use and IDPS | 1. To prevent problem behaviors 2. To detect attacks 3. To detect probes 4. To document existing threats 5. To act as Quality Control 6. To provide useful info about successful attacks |
| Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. | fingerprinting |
| footprinting | that is, getting a fully annotated diagram of the network. |
| The initial estimation of the defensive state of an organization’s networks and systems is called | doorknob rattling |
| A(n) ____ IDPS is focused on protecting network information assets. | network-based |
| A(n) ____________________ IDPS resides on a particular computer or server and monitors activity only on that system. | host-based |
| HIDPSs are also known as system ____________________ verifiers. | integrity |
| ____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. | SPAN |
| Three methods dominate the IDPSs detection methods: ____________________ approach, statistical anomaly-based approach or the stateful packet inspection approach. | signature-based |
| A signature-based IDPS is sometimes called a(n) ____________________-based IDPS | knowledge |
| The ________ anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. | statistical |
| is a process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations. | stateful packet inspection |
| IDPS responses can be classified as | active or passive. |
| ____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. | biometric access control |
| The ____________________ error rate is the level at which the number of false rejections equals the false acceptances, also known as the equal error rate. | crossover |
| Question | Answer |
|---|---|
| ____ is the process of converting an original message into a form that is unreadable to unauthorized individuals. | encryption |
| The science of encryption is known as ____________________. | cryptology |
| ____________________ is the process of making and using codes to secure the transmission of information. | Cryptography |
| ____ is the entire range of values that can possibly be used to construct an individual key. | keyspace |
| ____________________ or cryptosystem is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption. | cipher |
| The process of hiding messages within the digital encoding of a picture or graphic is called ____________________. | stenography |
| ______ or cleartext is the original unencrypted message, or a message that has been successfully decrypted. | Plaintext |
| ____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown. | Work factor |
| A(n) ____________________ substitution uses one alphabet. | monoalphabetic |
| More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions. | polyalphabetic |
| The ____________________ cipher simply rearranges the values within a block to create the ciphertext. | Transposition |
| The ____________________ OR operation is a function of Boolean algebra in which two bits are compared, and if the two bits are identical, the result is a binary 0. | exclusive |
| ____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. | hash |
| Hashing functions do not require the use of keys, but it is possible to attach a message ____________________ code. | authentication |
| SHA-1 produces a(n) ____-bit message digest, which can then be used as an input to a digital signature algorithm. | 160 |
| Hash algorithms are public functions that create a hash value by converting variable-length messages into a single fixed-length value | true |
| Cipher or __________ is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption. | cryptosystem |
| A(n) ___________ attack attempts to intercept a public key or even to insert a known key structure in place of the requested public key. | man-in-the-middle |
| ____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem. | correlation |
| _______, the attacker encrypts every word in a dictionary using the same cryptosystem as used by the target in an attempt to locate a match between the target ciphertext and the list of encrypted words. | dictionary attack |
| In a(n) ____________________ attack, the attacker eavesdrops on the victim’s session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information. | timing |
| ____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. | PKI |
| Digital ____________________ are public-key container files that allow computer programs to validate the key and identify to whom it belongs. | certificates |
| The encapsulating security ____________________ protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. | payload |
| __________ means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny. | Nonrepudiation |
| Information is protected from being intercepted during transmission. | Privacy |
| ____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding. | Pretty Good Privacy |
| PGP uses the freeware ___ algorithm to compress the message after it has been digitally signed but before it is encrypted. | ZIP |
| ____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. | PGP |
| In IPSEC ____________________ mode, only the IP data is encrypted, not the IP headers. | transport |
| In ________, the entire IP packet is encrypted with the attached ESP header. | tunnel mode |
| The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication. | AH |
| _____ in transport mode can be used to establish a virtual private network, assuring encryption and authentication between networks communicating via the Internet. | ESP |
Pages linking here (main versions and versions by same user)
No other pages link to this page. See Linking Quickstart for more info.
