SAMPLE EXAM FOR NETWORK SECURITY
Please hit your browser's "REFRESH" button each time you visit this page to be
certain you are viewing the most current version of this page.
1. Which of the following would be an example of LOGICAL
computer security?
A. cable locking mechanism
B. removable drive hot swap
C. logon authentication schemes *
D. aluminum mesh case cover
2. Normal degradation of computer equipment over time would
be considered a:
A. Threat *
B. Risk
C. Vulnerability
D. Accident
3. VULNERABILITY is to WEAKNESS as:
A. Risk is to Control
B. Disaster is to Failure
C. Failure is to Accident
D. Countermeasure is to Risk *
4. What is the best way to permanently destroy/erase computer
circuitry or media?
A. reformat it several times
B. do a memory bit dump
C. set it on fire *
D. use high-powered magnets
5. What type of countermeasure would be most appropriate for
network sniffing of passwords?
A. placing alarm boxes along the cable lines
B. installing biometric identification and authentication
C. informing users to change their passwords
D. encryption and dynamic passwords *
6. Computer security managers should concentrate on what area
of RISK?
A. Low Impact - High Probability
B. Low Impact - Low Probability
C. High Impact - High Probability *
D. High Impact - Low Probability
7. What percentage of computer security violations can be
attributed to insiders?
A. 65%
B. 75%
C. 85% *
D. 95%
8. What is involved in the fundamental paradox or tradeoff of
computer security?
A. usability and safety *
B. confidentiality and privilege
C. security and safety
D. privacy and democracy
9. Why would an IT department be involved in training users
about intellectual property?
A. it helps keep them from revealing proprietary information
B. it reminds them anything they do or say on company equipment is the company's
*
C. it helps to reduce piracy on the network
D. it substitutes for their not having read any instructional manuals
10. When would an IT department do maintenance on a system?
A. while the system is running and being used *
B. while the system is down for scheduled tests
C. while the users are on vacation or off work
D. while a minimal number of users are on the system
11. What is the most common source of computer system
problems?
A. bad users
B. lazy administrators
C. poor data quality *
D. shoddy equipment
12. Sending an echo check through the system to audit for
attached peripheral devices would be what kind of control?
A. Input
B. Output
C. Hardware *
D. Operations
13. Checking to make sure form fields on a input screen only
handle the number of characters they're supposed to is an example of what type
of audit or control?
A. Data security
B. Reasonableness *
C. Dependency
D. Matching
14. What term would describe the technical specifications you
provide or work out with a software vendor after they have won the best bid in
response to your RFP?
A. implementation
B. prototyping
C. requirements *
D. deliverables
15. Which of the following would be the best example of
reasonableness as a factor in determining whether something is mission-critical
or not?
A. the amount of time the system is down
B. the company is scheduled to mail out accounts receivable *
C. how frantically the IT department is working on the problem
D. how many calls are received by the Help Desk
16. The survivability approach differs from the control
approach in what basic way?
A. metrics of information assurance are used instead of quality control
indicators *
B. threats are looked upon as risks more than vulnerabilities
C. target hardening takes priority over system strengthening
D. data quality is sacrificed for usability
17. What area of a computer security policy manual would
likely contain an IT 5-year Plan?
A. Hardware *
B. Access Control
C. E-Mail and WWW
D. Training
18. Functional User Specifications are different from User
Requirement Specifications in that they:
A. mention the operating system platform
B. contain safety and security assurances
C. invite comment on system impact
D. delineate installation and troubleshooting issues *
19. What data classification level do employees that sign
Non-Disclosure Agreements promise to keep secret?
A. Top Secret
B. Confidential and above
C. Proprietary and above *
D. Internal Use Only and above
20. What is the most commonly used pre-incident algorithm for
a system security audit?
A. MD5 *
B. Kerberos
C. IPSEC
D. ACL
21. The concept of Best Practices most implies that
management is attempting to:
A. establish policy that creates expectations of performance
B. more fully explain the reasons why something needs to be done a certain way
C. lay groundwork for policy in a area where there is little control *
D. create a more user-friendly policy environment
22. What kind of policy would place restrictions on user use
of AOL Instant Messenger?
A. Downloading
B. Spam control
C. Code of conduct
D. Workplace productivity *
23. If users create their own websites on the organization's
equipment, what should their Terms and Conditions also contain?
A. Non-Disclosure statement
B. Privacy statement *
C. Work for Hire statement
D. Company Logo
24. Performing a Trap-and-Trace would require compliance with
Title III, an explanation in the Monitoring Access Control policy, and a
justification in what other section of the policy manual?
A. Acceptable Use Policy *
B. IT Strategy
C. Inventory
D. Internet/Intranet/Extranet
25. IT departments are only under obligation to provide user
training when:
A. new users are hired by the organization
B. it is apparent an employee needs training
C. new systems are cutover or come online *
D. management refers a disgruntled employee
26. What type of plan is most likely involved with
e-commerce?
A. IT Plan
B. Continuity Plan *
C. Capacity Plan
D. Disaster Recovery Plan
27. How does a computer security manager most commonly
communicate with users to create a more security-conscious organization?
A. telephone calls
B. monthly newsletters
C. symposiums and workshops
D. bulletins and alerts *
28. What type of cybercrime results in the largest financial
"take" by criminals?
A. theft-oriented cybercrime *
B. hacker hooliganism
C. corporate espionage
D. organized crime
29. What does your instructor think is most different about
cybercrime?
A. the actus reus
B. the mens rea *
C. concurrence of actus reus and mens rea
D. mitigating circumstances
30. What social movement in the mid-80s gave rise to the
hacker culture?
A. generation X
B. heavy metal
C. cyberpunk *
D. cypherpunk
31. What legal doctrine applies to the
investigation/prosecution of Internet crimes conducted overseas?
A. plain view
B. minimal contact *
C. independent components
D. reasonable suspicion
32. In the computer as target/tool typology, where would
malicious destruction fit it?
A. computer as target *
B. computer as tool
C. both target/tool
D. neither target/tool
33. What is warez?
A. a hacker group operating out of Mexico
B. the name of a point-and-click hacking tool
C. a state of delight or glee after a successful hack
D. pirated commercial software or cheat codes *
34. What approach does the FBI use to classify computer
crimes?
A. the target/tool typology
B. the insider/outsider typology *
C. psychological profiling
D. lifestyles profiling
35. What is the most common type of computer offender?
A. employees *
B. recreational hackers
C. professional hackers
D. cyberterrorists
36. Who is most likely to engage in "data-diddling"?
A. recreational hackers
B. groups of hackers
C. solo hackers *
D. husband-and-wife hackers
37. What most clearly distinguishes a "script kiddie" from a
real hacker?
A. youthful age
B. how challenging and secure the target is
C. the tools and methods used for the attack
D. the level of programming skill *
38. What is the difference between a kluge and elegant
solution in hacker jargon?
A. when the target knows they've been hacked and when they don't
B. when the method involves a foo rather than crock
C. where the hacker is working with others and when the hacker is working alone
D. when the hack works for all the wrong reasons and for all the right reasons *
39. Which of the following would be the name of a hactivist
organization?
A. Hizbollah
B. Ethical hackers against pedophilia
C. Electronic Disturbance Theatre *
D. The 0101pOp group
40. Which two countries have been at cyberwar for decades?
A. Russia and the U.S.
B. India and Pakistan
C. Japan and Mexico
D. Taiwan and China *
41. Using the lifestyle/personality approach to classifying
hackers, what type is most likely to actually hate computers?
A. Scamps
B. Vandals
C. War gamers *
D. Fairylanders
42. Which role in a hacker network is most comparable to the
Logistics role in terrorist networks?
A. Communicators
B. Extenders
C. Monitors *
D. Crossovers
43. When an investigator contacts by telephone the domain administrator or
controller listed by a whois lookup to request all e-mails sent and received for
a user account be preserved, what U.S.C. statute authorizes this phone call and
obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section Chapter 90
C. Title 18, Section 2703(d)
D. Title 18, Section 2703(f) *
44. With what type of incident response does encryption and file
verification software come in most handy?
A. fishbowling
B. packet sniffing
C. live response *
D. forensic duplication
45. What term is used to describe an approach to quality control or
information assurance that relies upon pre-set indicators of events like number
of viruses received in a given month?
A. survivability
B. metrics *
C. requirements
D. auditing
46. How many characters long is the fixed-length MD5 algorithm checksum of
a critical system file?
A. 16
B. 32 *
C. 54
D. 66
47. What type of plan usually outlines what software downloaded off the
Internet and/or hardware purchased individually is the user's responsibility to
install, troubleshoot, and upgrade?
A. User Requirement Specifications (URS)
B. Functional Requirement Specifications (FRS) *
C. Requests for Comment (RFC)
D. Acceptable Use Policies (AUP)
48. Which Supreme Court case in 1997 held that law enforcement can
dispense with the "knock and announce" rule if they have a reasonable suspicion
that knocking and announcing would be dangerous or futile?
A. O'Connor v. Ortega
B. New Jersey v. T.L.O.
C. Richards v. Wisconsin *
D. United States v. Lamb
49. What is the number one cause of downtime for computer networks?
A. hardware and equipment failure *
B. power outages and fires
C. viruses, worms, and trojans
D. denial of service attacks
50. What is the proper agency to report computer crimes involving system
intrusive hacking to?
A. Internet Fraud Complaint Center
B. local or national office of the U.S. Secret Service
C. National Infrastructure Protection Center *
D. CERT Coordination Center
51. Which computer security expert was long associated with the Electronic
Frontier Foundation and an outspoken privacy advocate?
A. Dorothy Denning
B. Esther Dyson *
C. Simson Garfinkel
D. Lawrence Tribe
52. In computer jargon, what is the term for old, redundant, or superceded
code?
A. Kludge
B. Cruft *
C. Foo
D. Waldo
53. What is the term for using an Ethernet device to sniff on all network
traffic?
A. port scanning
B. buffer overflow
C. door knob rattling
D. promiscuous mode *
54. Which Intrusion Detection System (IDS) usually produces the most false
alarms due to the unpredictable behaviors of users and networks?
A. network-based IDS systems (NIDS)
B. host-based IDS systems (HIDS)
C. anomaly detection *
D. signature recognition
55. Which method of faking or spoofing e-mail would involve use of an
e-mail server in a "legally uncooperative" country?
A. remailing
B. relaying *
C. spamming
D. stealing
56. In a forensic examination of hard drives for digital evidence, what
type of user is most likely to have the most file slack to analyze?
A. one who has lots of allocation units per block or cluster *
B. one who has NTFS 4 or 5 partitions
C. one who uses dynamic swap file capability
D. one who uses hard disk writes on IRQ 13 and 21
57. What legal doctrine or standard seems to be emerging as the dominant
standard in the collection, handling, analysis, and admissibility of digital
evidence?
A. the articulable suspicion test
B. the experienced officer rule
C. the independent component rule
D. the totality of circumstances test *
58. Which type of network typology allows the largest packet sizes to be
communicated?
A. Ethernet
B. Bus
C. Star
D. Token Ring *
59. What hacker method sends fragmented or malformed packet data to a
target computer in order to enumerate what type of network operating system is
installed?
A. Ping of Death
B. covert channeling *
C. MIME header exploits
D. TCP or UDP port scans
60. Which protocol controls the source and destination ports on machines
that communicate over a networked environment?
A. TCP *
B. IP
C. SMTP
D. FINGER
61. What part of the protocol stack maps the logical IP address to the
physical MAC address on a LAN?
A. NIC
B. ICMP
C. ARP *
D. UDP
62. With common mail servers like Sendmail and Microsoft Exchange, what
protocol is used for SENDING, but not retrieving e-mail?
A. SMTP *
B. POP
C. IMAP
D. RARP
63. TRANSPARENCY is to SCALABILITY as:
A. multiprocessing is to multitasking
B. dynamic link libraries are to OCX controls
C. channeling is to tunneling
D. client/server architecture is to caching solution *
64. Which part of the Windows Registry contains the user's password file?
A. HKEY_Current_User
B. HKEY_User *
C. HKEY_Local_Machine
D. HKEY_Current_Configuration
65. Which of the following statements is FALSE?
A. Both Windows 98 and Windows 2000 support Plug and Play
B. Both Windows 98 and Windows 2000 support multimedia applications
C. Both Windows 98 and Windows 2000 support preemptive multitasking
D. Both Windows 98 and Windows 2000 support multiprocessing *
66. What header field in the TCP/IP protocol stack involves the hacker
exploit known as the Ping of Death?
A. API header field
B. TCP header field
C. IP header field *
D. UDP header field
67. What protocol has most likely been manipulated when an attacker sends
a "fire-and-forget" embedded multimedia clip that opens immediately when the
e-mail is viewed or previewed?
A. API
B. TCP
C. IP
D. UDP *
68. What is usually involved when a trojan horse, such as BackOrifice or
SubSeven, is using one application on a user's computer to call upon processes
executed by other applications on the user's computer to send UDP packets to a
remote IP address?
A. API function calls *
B. port binding
C. Javascript
D. cryptography
69. What Windows product is most vulnerable to "island-hopping" attacks
aimed at home users?
A. Windows 95
B. Windows 98
C. Windows ME *
D. Windows XP
70. What Response Toolkit Tool (listed in Chapter 9, Table 9-1) will show
listening status of ports that might be servicing remote systems?
A. fport
B. netstat *
C. nbtstat
D. rmtshare
71. What is the most commonly-encountered critical vulnerability of
Windows NT/2000 networks?
A. personal web servers
B. roaming profiles *
C. Internet connection sharing
D. backup domain controllers
72. For improved incident response, the textbook says what action should
be required when a user's anti-virus software is triggered?
A. Attempt to clean file
B. Repair file (if possible)
C. Delete file
D. Quarantine file *
73. The hacker exploit known as "privilege escalation" involves what
sought-after feature of Windows NT/2000 networks?
A. domains *
B. access control lists
C. ISAPI DLLs
D. Shared Registry Keys
74. Where is the Event Viewer located on a Windows 2000 system?
A. in the Registry hive
B. in the Registry key
C. under Programs > Accessories
D. under Control Panel > Administrative Tools *
75. What method of computer forensics will allow you to trace all
ever-established user accounts on a Windows 2000 system over the course of its
lifetime?
A. forensic duplication of hard drive
B. analysis of volatile data
C. comparison of MD5 checksums
D. review of SIDs in the Registry *
76. Which response organization tracks hoaxes as well as
viruses?
A. NIPC
B. FEDCIRC
C. CERT
D. CIAC *
77. Which federal computer crime law specifically refers to
fraud and related activity in connection with access devices like routers?
A. 18 U.S.C. 1029 *
B. 18 U.S.C. 1362
C. 18 U.S.C. 2511
D. 18 U.S.C. 2703
78. Carnivore is to Magic Lantern as:
A. malware is to spyware
B. fake mail is to chain mail
C. sniffer is to virus *
D. scanner is to sniffer
79. MD5, one of the most frequently used tools in computer
forensics is a __________ algorithm.
A. pseudo-random sequence cipher
B. cascading multiple stream cipher
C. one-way hash function *
D. three-way discrete
80. SPAM is to HOAX as:
A. fraud is to fear *
B. profit is to play
C. pain is to pleasure
D. trojan is to virus
81. On Windows NT/2000/XP systems, what is the flaw behind
most buffer overflow exploits?
A. weak file system encryption
B. unupdated DLL files
C. unprivileged applications *
D. insufficient RAM memory
82. What operating system uses "inodes"?
A. Windows ME
B. Windows NT
C. UNIX *
D. Windows XP
83. A "beacon packet" refers to:
A. the first bit in the ACK byte
B. the last part of an Internet packet
C. an application process that provides remote access
D. a rogue process that alerts a remote intruder *
84. Office documents (Word, Excel, Powerpoint) contain a code
that allows tracking the MAC, or unique identifier, of the machine that created
the document. What is that code called?
A. the Microsoft Virtual Machine Identifier
B. the Personal Application Protocol
C. the Globally Unique ID *
D. the Individual ASCII String
85. When a computer forensic investigator is "sandboxing",
what are they doing?
A. setting trap and trace on a hacker
B. dynamic analysis of a hacker tool *
C. live analysis of confiscated hacker equipment
D. countering the hacker's moves at each and every turn
86. What utility program would a forensic investigator most
likely use to examine network shares on a network where there are many different
platforms; i.e., WinNT, UNIX, and Mac?
A. SAMBA *
B. SATAN
C. SAINT
D. SOLARIS NetStat
87. What is it called when an IIS server has all the latest
patches and hotfixes installed?
A. hardened *
B. upgraded
C. hotfixed
D. secured
88. PANDA, the Anti-Virus Program used on network servers
operates at what InfoCom level?
A. InfoCom Level 1
B. InfoCom Level 2
C. InfoCom Level 3 *
D. InfoCom Level 4
89. Programs like NetNanny as opposed to programs like
SurfControl use what technique to block access to websites that are deemed
objectionable?
A. Access Control Lists
B. Proxy Filtering
C. Real Time Analysis *
D. Signature Analysis
90. A virus that slowly infects files at random over time
while the user uses their computer would be called a:
A. slow file infector
B. companion virus
C. polymorphic virus
D. sparse infector *
91. Which of the following is NOT normally counted when the
costs of anti-virus protection and repair are added up?
A. person-hours
B. lost revenue
C. warnings
D. hoaxes *
92. Which company maintains a website that reports the IP
address of the world's Top Attacker and the Most Attacked Port?
A. CERT
B. CVS
C. SANS *
D. FBI
93. What does the term "zoo" mean in hacker circles?
A. the whole Internet
B. a network site protected by good firewalls and IDS
C. a network to practice hacker skills on *
D. when a hacker has been detected and locked out
94. What TCP/UDP port does the toolkit program, netstat, use?
A. Port 7
B. Port 15 *
C. Port 23
D. Port 69
95. What is the most "stealthy and undetectable" network
(ping or port) scanner?
A. STROBE
B. SAINT
C. Netcat
D. Nmap *
96. Which of the following hacker groups is semi-underground
and claims to hold high standards of hacker ethics by not making their
virus-creation tools polymorphic?
A. L0pht Heavy Industries
B. Digicrime
C. Cult of the Dead Cow *
D. the electrohippies
97. Which stage of hacking exists when the hacker attempts to
cover their tracks by modifying the logfiles to erase any record of their visit?
A. Casing
B. Scanning
C. Enumeration *
D. Exploiting
98. The Code Red virus was actually a worm infecting what?
A. Windows NT workstations
B. Windows IIS servers *
C. NT domains, trees, and forests
D. Microsoft Back Office/Exchange products
99. Which virus may contain a payload that destroys all files
on the 13th of March or September?
A. Sircam
B. Goner
C. Chernobyl
D. Klez *
100. What do experts say that hackers suffer from who think
they're doing society a favor by hacking?
A. White Hat syndrome
B. Oedipal Complex
C. Robin Hood syndrome *
D. Epistemological dilemma
Last updated: July 23, 2006
Not an official webpage of APSU, copyright restrictions apply, see
Megalinks in Criminal Justice
O'Connor, T. (Date of Last Update at bottom of page). In Part of web cited
(Windows name for file at top of browser), MegaLinks in Criminal Justice.
Retrieved from http://www.apsu.edu/oconnort/rest of URL accessed on
today's date.