ï»¿IS4560 Hacking and Countermeasures
Course Revision Table
Credit hours: 4.5
Contact/Instructional hours: 60 (30 Theory, 30 Lab)
Prerequisite: NT2580 Introduction to Information Security or equivalent
This exam covers Units 1â€“5 and is based on the following content from the textbook:
Chapter 1, â€œHacking: The Next Generationâ€
Chapter 2, â€œTCP/IP Reviewâ€
Chapter 3, â€œCryptographic Conceptsâ€
Chapter 4, â€œPhysical Securityâ€
...view middle of the document...
6. If money is the motivation now, what was the motivation for previous generations of hackers?
c. Source code access
d. Creation of botnets
7. Red teams, sneakers, and tiger teams are all examples of _________.
a. white hat hackers
c. social engineers
8. Which fallacy is described by the quote â€œAccessing a system without authorization is okay, as long as nothing is stolen or damaged in the processâ€?
a. The computer game fallacy
b. The law-abiding citizen fallacy
c. The no-harm was done fallacy
d. The hacker fallacy
9. Attacking a companyâ€™s Web applications to prevent them from being vulnerable is an example of which of the following?
a. Ethical hacking if you are an employee
b. A legal activity if the application is one you use
c. Black hat hacking
d. Ethical hacking if you disclose the vulnerabilities
10. Which of the following sets the ethical standards?
b. The government
c. Peer groups
d. Professional organizations and certifying bodies
11. What does hashing provide?
a. A guaranteed unique string for each file hashed
b. A quick way to check the author of a file
c. Cryptographic security
d. A fixed length string that represents the original file
12. Which capability of cryptography ensures that data can be verified as being valid and trusted?
13. What does losing the encryption key to stored data signify?
a. The passphrase must be re-created.
b. The data is typically lost.
c. The data can be recovered by hashing the stored file.
d. The data is no longer secure.
14. What can a digital signature provide?
d. Authentication, integrity, and non-repudiation
15. Symmetric encryption requires which of the following?
a. Both the parties should send the same length message.
b. Both the parties should use the same key.
c. Both the parties exchange messages only.
d. Both parties must exchange keys and handshakes.
16. Asymmetric encryption does not require ___________.
a. key exchange
b. secret keys
c. multiple keys
d. secure initial key exchange
17. Attacks against ciphers that feed information into a system and observe output are:
a. Ciphertext only
b. Known plaintext
c. Chosen plaintext
d. Chosen ciphertext
18. Symmetric encryption faces difficulty due to what issue?
b. Key exchange
c. Bit length
d. Software expense
19. What attack is being used if two messages are found to have the same message digest?
a. Brute force
b. Known plaintext
c. Birthday attack
20. The encryption used for Web traffic is _________.
21. What database of financial records should penetration testers review?
22. What technique should be used to secure DNS?