Sample Chapter

 

 

INSTANT DOWNLOAD COMPLETE TEST BANK WITH ANSWERS

 

Test Bank Of Business Data Networks And Security 9th Edition by Raymond R. Panko , Julia L. Panko

 

 

SAMPLE QUESTIONS

 

Business Data Networks and Security, 9e (Panko)

Chapter 3  Network Security

 

1) The threat environment includes ________.

  1. A) attackers
  2. B) attacks
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

2) Which phase of the plan-protect-respond cycle takes the largest amount of work?

  1. A) Plan.
  2. B) Protect.
  3. C) Respond.
  4. D) Each phase requires about equal effort.

Answer:  B

 

3) Compromises also are called ________.

  1. A) breeches
  2. B) incidents
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

4) A compromise is an attempted attack.

Answer:  FALSE

 

5) Malware is a generic name for evil software.

Answer:  TRUE

 

6) The generic name for evil software is ________.

  1. A) viruses
  2. B) worms
  3. C) exploits
  4. D) malware

Answer:  D

 

7) The generic name for a security flaw in a program is a ________.

  1. A) virus
  2. B) malware
  3. C) security fault
  4. D) vulnerability

Answer:  D

 

 

8) A ________ is a flaw in a program that permits a specific attack or set of attacks against this problem.

  1. A) malware
  2. B) security error
  3. C) vulnerability
  4. D) security fault

Answer:  C

9) Users typically can eliminate a vulnerability in one of their programs by ________.

  1. A) installing a patch
  2. B) doing a zero-day installation
  3. C) using an antivirus program
  4. D) All of the above

Answer:  A

 

10) An attack that occurs before a patch is available is called a zero-day attack.

Answer:  TRUE

 

11) Universal malware requires a vulnerability to succeed.

Answer:  FALSE

 

12) Viruses propagate within a computer by infecting other programs in that computer.

Answer:  TRUE

 

13) Viruses most commonly spread from one computer to another ________.

  1. A) via e-mail
  2. B) by propagating directly by themselves
  3. C) through obfuscation
  4. D) All of the above

Answer:  A

 

14) An action that will stop many viruses is ________.

  1. A) installing a firewall
  2. B) the use of an antivirus program
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

15) An action that will stop many viruses is ________.

  1. A) installing patches
  2. B) the use of an antivirus program
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

 

16) Firewalls typically stop viruses.

Answer:  FALSE

 

17) Which of the following attach themselves to other programs?

  1. A) Viruses.
  2. B) Worms.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

18) Which of the following sometimes uses direct propagation between computers?

  1. A) Viruses.
  2. B) Worms.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

19) Which of the following is a propagation vector for some worms?

  1. A) E-mail.
  2. B) Direct propagation.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

20) Which of the following can spread more rapidly?

  1. A) Directly-propagating viruses.
  2. B) Directly-propagating worms.
  3. C) Both of the above can spread with approximately equal speed.

Answer:  B

 

21) Which of the following can thwart directly-propagating worms?

  1. A) Firewalls.
  2. B) Antivirus programs.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

22) Which of the following can thwart directly-propagating worms?

  1. A) Applying patches.
  2. B) Firewalls.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

23) Antivirus programs can usually stop directly-propagating worms.

Answer:  FALSE

 

24) Scripts may execute software when a webpage is downloaded.

Answer:  TRUE

 

25) Scripts are normally bad.

Answer:  FALSE

 

26) Scripts are likely to be dangerous primarily if a computer has a vulnerability.

Answer:  TRUE

 

27) Mobile code is another name for ________.

  1. A) virus
  2. B) worm
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  D

28) Pieces of code that are executed after the virus or worm has spread are called ________.

  1. A) vulnerabilities
  2. B) exploits
  3. C) compromises
  4. D) payloads

Answer:  D

 

29) Malware programs that masquerade as system files are called ________.

  1. A) social engineers
  2. B) scripts
  3. C) payloads
  4. D) Trojan horses

Answer:  D

 

30) Trojan horses can get onto computers by ________.

  1. A) self-propagation
  2. B) hackers
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

31) Trojan horses can get onto computers by ________.

  1. A) viruses
  2. B) hackers
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

 

32) The general name for malware on a user’s PC that collects sensitive information and sends this information to an attacker is ________.

  1. A) keystroke loggers
  2. B) anti-privacy software
  3. C) spyware
  4. D) data mining software

Answer:  C

 

33) A program that can capture passwords as you type them is ________.

  1. A) a keystroke logger
  2. B) data mining software
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

34) Tricking users into doing something against their interests is ________.

  1. A) social engineering
  2. B) hacking
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

35) ________ is lying to get victims to do something against their financial self interest.

  1. A) Social engineering
  2. B) Fraud
  3. C) Neither A nor B

Answer:  B

 

36) Unsolicited commercial e-mail is better known as ________.

  1. A) spam
  2. B) adware
  3. C) social engineering
  4. D) identity theft

Answer:  A

 

37) Spam can be used to ________.

  1. A) implement a fraud
  2. B) cause the reader to go to a website that will download malware to the victim’s computer
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

 

38) An attack in which an authentic-looking e-mail or website entices a user to enter his or her username, password, or other sensitive information is called ________. (Select the most specific answer.)

  1. A) phishing
  2. B) identity theft
  3. C) social engineering
  4. D) a spyware attack

Answer:  A

 

39) In identity theft, the attacker steals credit card numbers, which he or she will use to make unauthorized purchases.

Answer:  FALSE

 

40) Credit card number thieves are called ________. (Pick the most precise answer.)

  1. A) numbers racketeers
  2. B) fraudsters
  3. C) identity thieves
  4. D) carders

Answer:  D

 

41) Which of the following tends to be more damaging to the victim?

  1. A) Credit card theft.
  2. B) Identity theft.
  3. C) Both are about equally damaging to the victim.

Answer:  B

 

42) The last stage in a hacking attack is the break-in.

Answer:  FALSE

43) The last stage in a hacking attack is ________.

  1. A) scanning
  2. B) the break-in
  3. C) creating a back door
  4. D) None of the above

Answer:  D

 

44) It is still hacking if a person breaks into a computer accidentally.

Answer:  FALSE

 

45) Hackers identify possible victim computers by sending ________.

  1. A) scouts
  2. B) probe packets
  3. C) exploits
  4. D) Mocking Jays

Answer:  B

 

 

46) Hackers send probe packets to identify ________.

  1. A) IP addresses with active hosts
  2. B) hosts running certain applications
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

47) Methods that hackers use to break into computers are ________.

  1. A) cracks
  2. B) magics
  3. C) exploits
  4. D) compromises

Answer:  C

 

48) After a break-in, the first step usually is to ________.

  1. A) do damage manually
  2. B) delete log files
  3. C) create a backdoor
  4. D) download a hacker toolkit

Answer:  D

 

49) What does a hacker usually do IMMEDIATELY after downloading a hacker toolkit?

  1. A) Install a Trojan horse.
  2. B) Create a backdoor.
  3. C) Execute an exploit.
  4. D) None of the above

Answer:  D

 

50) A way back into a system that an attacker can use to get into the compromised computer later is called a ________. (Choose the most specific answer.)

  1. A) backdoor
  2. B) Trojan horse
  3. C) compromise
  4. D) rootkit

Answer:  A

51) Which of the following can be a type of backdoor?

  1. A) A new account.
  2. B) A Trojan horse.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

 

52) DoS attacks attempt to ________.

  1. A) hack a computer
  2. B) reduce the availability of a computer
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

53) Attack programs that can be remotely controlled by an attacker are ________.

  1. A) bots
  2. B) DoS programs
  3. C) exploits
  4. D) All of the above

Answer:  A

 

54) Which of the following can be upgraded after it is installed on a victim computer?

  1. A) Trojan horses.
  2. B) Bots.
  3. C) Viruses.
  4. D) Worms.

Answer:  B

 

55) In distributed DoS attacks, the attacker sends messages directly to ________.

  1. A) bots
  2. B) the intended victim of the DoS attack
  3. C) backdoors
  4. D) DOS servers

Answer:  A

 

56) Most hackers today are driven by curiosity, a sense of power, and, sometimes, a desire to increase their reputation among peers.

Answer:  FALSE

 

57) It is generally illegal to write malware.

Answer:  FALSE

 

58) What are the most dangerous types of employees?

  1. A) Financial employees.
  2. B) Manufacturing employees.
  3. C) IT security employees.
  4. D) Former employees.

Answer:  A

 

59) What type of attacker are most attackers today?

  1. A) Disgruntled employees and ex-employees.
  2. B) Criminals.
  3. C) Hackers motivated by a sense of power.
  4. D) Cyberterrorists.

Answer:  B

 

60) Which type of attack is made by national governments?

  1. A) Cyberterror attacks.
  2. B) Cyberwar attacks.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

61) What type of attacker can do the most damage?

  1. A) Criminal attackers.
  2. B) Hackers driven by curiosity.
  3. C) Employees and ex-employees.
  4. D) National governments.

Answer:  D

 

62) Security is primarily a management issue.

Answer:  TRUE

 

63) Which of the following is not one of the four major security planning principles?

  1. A) Perimeter defense.
  2. B) Risk analysis.
  3. C) Comprehensive security.
  4. D) Defense in depth.

Answer:  A

 

64) Balancing threats against protection costs is called ________.

  1. A) economic justification
  2. B) risk analysis
  3. C) comprehensive security
  4. D) defense in depth

Answer:  B

 

65) Security attempts to eliminate risk.

Answer:  FALSE

 

 

66) Attackers only need to find a single weakness to break in. Consequently, companies must ________.

  1. A) have comprehensive security
  2. B) have insurance
  3. C) do risk analysis
  4. D) only give minimum permissions

Answer:  A

67) An attacker must break through two firewalls to get to a host. This illustrates the principle called ________. (Select the most specific answer.)

  1. A) comprehensive security
  2. B) risk assurance
  3. C) perimeter/internal defenses
  4. D) defense in depth

Answer:  D

 

68) Vulnerabilities are occasionally found in even the best security products. Consequently, companies must ________. (Select the best answer.)

  1. A) have comprehensive security
  2. B) have defense in depth
  3. C) do risk analysis
  4. D) only give minimum permissions

Answer:  B

 

69) Access control involves ________.

  1. A) limiting access to each resource
  2. B) limiting the permissions of users to each resource
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

70) Actions that people are allowed to take on a resource comes under the heading of ________.

  1. A) hacks
  2. B) permissions
  3. C) exploits
  4. D) risks

Answer:  B

 

71) In general, people who receive access to a resource should be given maximum permissions so that they can do their jobs with few restrictions.

Answer:  FALSE

 

 

72) Which of the following specifies what should be done?

  1. A) Policies.
  2. B) Implementation.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

73) A policy specifies ________.

  1. A) what should be done
  2. B) how to do it
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

74) Policies are separated by implementation to take advantage of ________.

  1. A) implementer knowledge
  2. B) the delegation of work principle

Answer:  A

75) Oversight helps ensure that a policy is implemented faithfully.

Answer:  TRUE

 

76) Implementation guidance is less specific than implementation.

Answer:  TRUE

 

77) Which of the following must be followed?

  1. A) Standards.
  2. B) Guidelines.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

78) Which of the following is true?

  1. A) Guidelines must be followed.
  2. B) Guidelines must be considered.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

79) Oversight activities include ________.

  1. A) vulnerability testing
  2. B) creating guidelines
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

 

80) Attacking your own firm occurs in ________.

  1. A) vulnerability testing
  2. B) auditing
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

81) Policies should drive ________.

  1. A) implementation
  2. B) oversight
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

82) Requiring someone requesting to use a resource to prove his or her identity is ________.

  1. A) confidentiality
  2. B) authentication
  3. C) authorization
  4. D) Both B and C

Answer:  B

83) In authentication, the ________ is the party trying to prove his or her identity.

  1. A) supplicant
  2. B) verifier
  3. C) true party
  4. D) All of the above

Answer:  A

 

84) ________ is the general name for proofs of identity in authentication.

  1. A) Credentials
  2. B) Authorizations
  3. C) Certificates
  4. D) Signatures

Answer:  A

 

85) Authentication should generally be as strong as possible.

Answer:  FALSE

 

86) Passwords are widely used because ________.

  1. A) they can be used at little or no additional cost
  2. B) they offer very strong authentication
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

87) Passwords are widely used because they can be used at little or no additional cost.

Answer:  TRUE

 

88) Passwords are widely used because they offer very strong authentication.

Answer:  FALSE

 

89) Passwords are widely used because they ________.

  1. A) are demanded by users
  2. B) offer strong authentication
  3. C) are the only authentication techniques known by most security professionals
  4. D) are inexpensive to use

Answer:  D

 

90) A user picks the password tiger. This is likely to be cracked most quickly by a(n) ________.

  1. A) attack on an application running as root
  2. B) brute-force attack
  3. C) dictionary attack
  4. D) hybrid dictionary attack

Answer:  C

 

91) Prepare2 can be cracked most quickly by a(n) ________.

  1. A) authentication attack
  2. B) brute-force attack
  3. C) dictionary attack
  4. D) hybrid dictionary attack

Answer:  D

92) A password that can be defeated by a hybrid dictionary attack can be adequately long if it ________.

  1. A) can only be broken by a brute force-attack
  2. B) is sufficiently long
  3. C) begins with a capital letter and ends with a digit (number)
  4. D) None of the above

Answer:  D

 

93) A password that can be broken by a dictionary attack or a dictionary attack in hybrid mode can be adequately strong if it is very long.

Answer:  FALSE

 

94) A password cracking attack that tries all combinations of keyboard characters is called a ________.

  1. A) simple dictionary attack
  2. B) hybrid mode dictionary attack
  3. C) brute force attack
  4. D) comprehensive keyboard attack

Answer:  C

 

 

95) To defeat brute-force attacks, a password must be ________.

  1. A) long
  2. B) complex
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

96) With complex passwords, adding a single character increases the number of passwords that must be tried in brute force guessing by a factor of about ________.

  1. A) 2
  2. B) 10
  3. C) 25
  4. D) 70

Answer:  D

 

97) With a complex password, adding two characters will require the attacker to make more than 1,000 attempts to crack the password.

Answer:  FALSE

 

98) According to the book, passwords should be at least ________ characters long.

  1. A) 6
  2. B) 8
  3. C) 12
  4. D) 20

Answer:  B

 

99) The password velociraptor can be defeated most quickly by a ________.

  1. A) dictionary attack
  2. B) hybrid mode dictionary attack
  3. C) brute-force attack
  4. D) None of the above because it is more than 8 characters long

Answer:  A

100) The password velociraptor is adequately strong.

Answer:  FALSE

 

101) The password Velociraptor can be defeated most quickly by a ________.

  1. A) dictionary attack
  2. B) hybrid mode dictionary attack
  3. C) brute force attack
  4. D) All of the above could defeat the password equally quickly.

Answer:  B

 

102) The password Velociraptor is adequately strong.

Answer:  FALSE

 

 

103) The password NeVEr can be defeated by a ________.

  1. A) dictionary attack
  2. B) hybrid dictionary attack
  3. C) brute force attack
  4. D) None of the above

Answer:  C

 

104) The password NeVEr is adequately strong.

Answer:  FALSE

 

105) The password R7%t& can be defeated by a ________.

  1. A) dictionary attack
  2. B) hybrid mode dictionary attack
  3. C) brute-force attack
  4. D) All of the above could defeat the password equally quickly.

Answer:  C

 

106) The password R7%t& is adequately strong.

Answer:  FALSE

 

107) The password 7u3aB& can be defeated most quickly by a ________.

  1. A) simple dictionary attack
  2. B) hybrid mode dictionary attack
  3. C) brute-force attack
  4. D) All of the above could defeat the password equally quickly.

Answer:  A

 

108) The password 7u3aB& is adequately strong.

Answer:  FALSE

 

109) Biometrics is the use of body measurements to authenticate you.

Answer:  TRUE

 

110) Which of the following is a criterion by which biometrics can be judged?

  1. A) Cost.
  2. B) Susceptibility to deception.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

111) Fingerprint scanning may be an acceptable access control method for ordinary laptops.

Answer:  TRUE

 

 

112) Iris scanning is attractive because of its ________.

  1. A) low cost
  2. B) precision
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

113) Which of the following can be done today without the target’s knowledge?

  1. A) Iris scanning.
  2. B) Face recognition.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

114) In digital certificate authentication, the supplicant does a calculation with ________.

  1. A) the supplicant’s private key
  2. B) the verifier’s private key
  3. C) the true party’s private key
  4. D) None of the above

Answer:  A

 

115) In digital certificate authentication, the verifier uses ________.

  1. A) the supplicant’s public key
  2. B) the verifier’s public key
  3. C) the true party’s public key
  4. D) None of the above

Answer:  C

 

116) In digital certificate authentication, the verifier uses ________.

  1. A) the supplicant’s public key
  2. B) the true party’s public key
  3. C) Both of A and B
  4. D) Neither A nor B

Answer:  B

 

117) The digital certificate provides the ________.

  1. A) private key of the supplicant
  2. B) private key of the true party
  3. C) public key of the supplicant
  4. D) None of the above

Answer:  D

 

 

118) In digital certificate authentication, the verifier gets the key it needs directly from the ________.

  1. A) supplicant
  2. B) verifier
  3. C) true party
  4. D) None of the above

Answer:  D

119) In authentication, defense in depth is provided through ________.

  1. A) the use of digital certificates
  2. B) passing authentication messages through firewalls
  3. C) two-factor authentication
  4. D) None of the above

Answer:  C

 

120) Two-factor authentication usually will work even if the attacker controls the supplicant’s computer.

Answer:  FALSE

 

121) Two-factor authentication usually will work even if the attacker can intercept all authentication communication.

Answer:  FALSE

 

122) Two-factor authentication usually will work ________.

  1. A) even if the attacker controls the supplicant’s computer
  2. B) even if the attacker can intercept all authentication communication
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  D

 

123) When a firewall identifies an attack packet, it ________.

  1. A) discards the packet
  2. B) copies information about the packet into a log file
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

124) A firewall drops a packet if it probably is an attack packet.

Answer:  FALSE

 

125) A firewall will drop a packet if it ________.

  1. A) is a definite attack packet
  2. B) is a probable attack packet
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

126) Firewall log files should be read ________.

  1. A) every hour
  2. B) every day
  3. C) every week
  4. D) usually only when a serious attack is suspected

Answer:  B

 

127) Egress filtering examines packets ________.

  1. A) arriving from the outside
  2. B) leaving to the outside
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

128) Static packet filtering ________.

  1. A) only looks at a single packet at a time, without context
  2. B) may be used for pre-screening before the main packet firewall
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

129) ACLs are used for packets in the ________ state.

  1. A) connection-opening
  2. B) ongoing communication
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

130) When a packet that is part of an ongoing connection arrives at a stateful inspection firewall, the firewall usually ________.

  1. A) drops the packet
  2. B) drops the packet and notifies an administrator
  3. C) passes the packet
  4. D) passes the packet, but notifies an administrator

Answer:  C

 

131) When a packet that is not part of an ongoing connection and that does not attempt to open a connection arrives at a stateful inspection firewall, the firewall ________. (Read this question carefully.)

  1. A) drops the packet
  2. B) passes the packet
  3. C) opens a new connection
  4. D) does not approve the connection

Answer:  A

 

 

132) Stateful firewalls are attractive because of their ________.

  1. A) high filtering sophistication
  2. B) ability to filter complex application content
  3. C) QoS guarantees
  4. D) low cost

Answer:  D

 

133) ________ is the dominant firewall filtering method used on main border firewalls today.

  1. A) ACL filtering
  2. B) Application content filtering
  3. C) Stateful packet inspection
  4. D) None of the above

Answer:  C

 

134) How will an SPI firewall handle a packet containing a TCP segment which is an acknowledgement?

  1. A) Process it through the ACL.
  2. B) Pass it if it is part of an approved connection.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

135) How will an SPI firewall handle a packet containing a TCP SYN segment?

  1. A) Process it through the ACL.
  2. B) Pass it if it is part of an approved connection.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

136) How will an SPI firewall handle a packet containing a TCP FIN segment?

  1. A) Process it through the ACL.
  2. B) Pass it if it is part of an approved connection.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

137) Which type of firewall filtering collects streams of packets to analyze them as a group?

  1. A) Static packet filtering.
  2. B) Stateful packet inspection.
  3. C) Deep inspection.
  4. D) None of the above

Answer:  C

 

 

138) Which type of firewall filtering always looks at application-layer content?

  1. A) Static packet filtering.
  2. B) Stateful packet inspection.
  3. C) Deep inspection.
  4. D) All of the above

Answer:  C

 

139) What type of filtering does an application-aware firewall use?

  1. A) Static packet filtering.
  2. B) Stateful packet inspection.
  3. C) Deep inspection.
  4. D) All of the above

Answer:  C

 

140) Deep inspection firewalls grew out of ________.

  1. A) static packet filtering
  2. B) stateful packet inspection
  3. C) intrusion detection systems
  4. D) None of the above

Answer:  C

 

141) ASIC technology has been critical to the development of ________.

  1. A) static packet filtering
  2. B) stateful packet inspection
  3. C) deep packet inspection
  4. D) None of the above

Answer:  C

142) A specific encryption method is called a ________.

  1. A) code
  2. B) schema
  3. C) key method
  4. D) cipher

Answer:  D

 

143) Using encryption, you make it impossible for attackers to read your messages even if they intercept them. This is ________.

  1. A) authentication
  2. B) confidentiality
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

 

144) In two-way dialogues using symmetric key encryption, how many keys are used for encryption and decryption?

  1. A) 1
  2. B) 2
  3. C) 4
  4. D) None of the above

Answer:  A

 

145) In symmetric key encryption, a key must be ________ bits long or longer to be considered strong. (Choose the choice closest to the correct answer.)

  1. A) 40
  2. B) 56
  3. C) 128
  4. D) None of the above

Answer:  C

 

146) Electronic signatures provide message-by-message ________.

  1. A) authentication
  2. B) confidentiality
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

147) Electronic signatures provide message-by-message ________.

  1. A) integrity
  2. B) authentication
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

148) Which of the following is not one of the four response phases for when attacks occur?

  1. A) Detecting the attack.
  2. B) Stopping the attack.
  3. C) Repairing the damage.
  4. D) All of the above are response phases.

Answer:  D

149) Forensic procedures are ways to capture and safeguard data in ways that fit rules of evidence in court proceedings.

Answer:  TRUE

 

150) Computer security incident response teams (CSIRTs) are used in ________.

  1. A) false alarms
  2. B) normal incidents
  3. C) major incidents
  4. D) disasters

Answer:  C

 

151) CSIRTs should include ________.

  1. A) IT personnel
  2. B) senior line managers
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  D

 

152) ________ is the reestablishment of information technology operations after a disaster.

  1. A) Business continuity recovery
  2. B) Disaster recovery

Answer:  B

 

Business Data Networks and Security, 9e (Panko)

Chapter 11  Networked Applications

 

1) A networked application is an application that requires a network to operate.

Answer:  TRUE

 

2) The way in which application layer functions are spread among computers to deliver service to users is called ________.

  1. A) distributed processing
  2. B) peer-to-peer computing
  3. C) client/server computing
  4. D) an application architecture

Answer:  D

 

3) Users are primarily concerned about the ________ layer.

  1. A) application
  2. B) transport
  3. C) internet
  4. D) physical

Answer:  A

 

4) The advance that made the client/server application architecture possible was ________.

  1. A) the Internet
  2. B) client processing power
  3. C) application sophistication
  4. D) input/output methods

Answer:  A

 

5) If a hacker takes over an application, he or she gets all the privileges of the application on the computer.

Answer:  TRUE

 

6) Having all privileges on a computer is known as having ________.

  1. A) all access
  2. B) total control
  3. C) root privileges
  4. D) All of the above

Answer:  C

 

7) RFC 822 and RFC 2822 standards govern ________.

  1. A) plain text content of e-mail messages
  2. B) HTTP page contents
  3. C) HTML commands and content
  4. D) plain text, graphic, and video content of e-mail messages

Answer:  A

 

 

8) E-mail bodies that have non-English text use ________.

  1. A) RFC 822 and RFC 2822
  2. B) HTTP
  3. C) POP
  4. D) UNICODE

Answer:  D

9) A traditional e-mail user sending messages to his or her mail server would most likely use ________.

  1. A) the IMAP standard
  2. B) the POP standard
  3. C) either the IMAP or POP standard
  4. D) the SMTP standard

Answer:  D

 

10) Mail servers communicate with each other by using ________.

  1. A) POP
  2. B) HTTP
  3. C) RFC 2822
  4. D) SMTP

Answer:  D

 

11) If you are using a Web-enabled e-mail system ________.

  1. A) you have to install a special Web-enabled e-mail client to access your e-mail
  2. B) you access and send mail by using a Web browser
  3. C) you are more likely to be susceptible to viruses being introduced on your computer
  4. D) you are unable to send/receive e-mail messages containing information other than letters or numbers

Answer:  B

 

12) Which of the following allows you to read your e-mail easily on an Internet cafés computer?

  1. A) POP.
  2. B) Web-enabled e-mail.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

13) Antivirus software checks e-mail attachments for ________.

  1. A) viruses
  2. B) Trojan horses
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

14) If companies place antivirus software on all of their client PCs, this will stop almost all virus infections.

Answer:  FALSE

 

15) Which of the following offers more reliable antivirus protection?

  1. A) Antivirus software on user PCs.
  2. B) Antivirus software on the mail server.
  3. C) Both A and B are about equally reliable.

Answer:  B

16) According to the principle of defense in depth, antivirus filtering should be done in at least ________ location(s).

  1. A) 1
  2. B) 2
  3. C) 3
  4. D) 4

Answer:  B

 

17) VoIP uses ________ switching.

  1. A) circuit
  2. B) packet
  3. C) Either A or B

Answer:  A

 

18) Telephones that can plug directly into a VoIP network are called PCs with multimedia hardware and added software.

Answer:  FALSE

 

19) A media gateway connects a client computer or VoIP phone to the VoIP network.

Answer:  FALSE

 

20) A media gateway translates ________ transmissions.

  1. A) signaling
  2. B) transport
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

21) Which of the following is likely to dominate in VoIP?

  1. A) SIP.
  2. B) H.323.

Answer:  A

 

22) SIP is a ________ protocol for VoIP.

  1. A) signaling
  2. B) transport
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

23) VoIP users have ________ in their phones or on their computers.

  1. A) media gateways
  2. B) codecs
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

24) Speech codecs vary with respect to ________.

  1. A) compression
  2. B) voice quality
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

25) For the transport layer, VoIP uses ________ for transport transmission.

  1. A) TCP
  2. B) UDP
  3. C) codec standards
  4. D) IP

Answer:  B

 

26) Variability in time delays between successive packets in a transport stream is called ________.

  1. A) a timing error
  2. B) a warble
  3. C) a SIP violation
  4. D) jitter

Answer:  D

 

27) RTP supports ________.

  1. A) faster transmission speed
  2. B) jitter control
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

28) Which header comes SECOND in a VoIP transport packet?

  1. A) RTP.
  2. B) UDP.
  3. C) TCP.
  4. D) Application.

Answer:  B

 

 

29) Codec data comes after the ________ header in VoIP transport frames.

  1. A) IP
  2. B) TCP
  3. C) UDP
  4. D) RTP

Answer:  D

 

30) Which of the following is used to retrieve Web pages?

  1. A) HTTP.
  2. B) HTML.
  3. C) RTP.
  4. D) SQL.

Answer:  A

31) Which of the following is used in webpage bodies?

  1. A) HTTP.
  2. B) HTML.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

32) How many HTTP request-response cycles are needed to transfer a webpage containing three graphics images?

  1. A) 1
  2. B) 2
  3. C) 3
  4. D) None of the above

Answer:  D

 

33) How many HTTP request-response cycles are needed to transfer a webpage containing 88 lines of text and three different images?

  1. A) 3
  2. B) 4
  3. C) 88
  4. D) 91

Answer:  B

 

34) In HTTP, fields normally are ended by a ________.

  1. A) colon (:)
  2. B) carriage return/line feed
  3. C) blank line
  4. D) space

Answer:  B

 

 

35) In HTTP, keywords usually are followed by a ________.

  1. A) colon (:)
  2. B) carriage return/line feed
  3. C) blank line
  4. D) space

Answer:  A

 

36) The code “200” may be found in HTTP ________ messages.

  1. A) request
  2. B) response
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

37) ________ is a standard to describe a file’s format type.

  1. A) RFC 2822
  2. B) SMTP
  3. C) HTML
  4. D) MIME

Answer:  D

38) In HTTP response messages, the attached file is preceded by a ________.

  1. A) colon (:)
  2. B) space
  3. C) blank line
  4. D) None of the above

Answer:  C

 

39) SaaS software vendors may make an application available by ________.

  1. A) hosting it on their own webservers
  2. B) allowing the application to be downloaded to the consumer device
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

40) In cloud ________, the user accesses the software over the Internet, often with a browser.

  1. A) SaaS
  2. B) utility computing

Answer:  A

 

41) An organization that provides cloud services is called a cloud ISP.

Answer:  FALSE

 

 

42) Which of the following is an attraction of cloud SaaS?

  1. A) Potential lowered costs in hardware and personnel.
  2. B) Mobility.
  3. C) Collaboration.
  4. D) All of the above

Answer:  D

 

43) Which of the following is not an issue for cloud Software as a Service?

  1. A) The possibility of losing access.
  2. B) The possibility of getting locked into proprietary software.
  3. C) Security concerns.
  4. D) All of the above are issues for cloud Software as a Service.

Answer:  D

 

44) Utility computing is a new phenomenon.

Answer:  FALSE

 

45) In ________, a company offloads server processing work to another company at a remote site.

  1. A) utility computing
  2. B) Software as a Service
  3. C) None of the above

Answer:  A

 

46) Utility computing is usually offered as a pay-as-you-go service.

Answer:  TRUE

47) If a company runs its own data center, it might face problems with ________.

  1. A) overprovisioning
  2. B) underprovisioning
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

48) Which of the following is an attraction of cloud utility computing?

  1. A) Flexibility.
  2. B) Control over operations.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

49) Which of the following is not an issue for cloud utility computing?

  1. A) The possibility of losing access.
  2. B) The possibility of getting locked into proprietary software.
  3. C) Security concerns.
  4. D) All of the above are issues for cloud utility computing.

Answer:  D

 

50) Which of the following is not an issue for cloud utility computing?

  1. A) The possibility of losing access.
  2. B) The possibility of getting locked into proprietary software.
  3. C) Very high costs.
  4. D) Security concerns.

Answer:  C

 

51) Which of the following is a factor that has contributed to the popularity of cloud computing?

  1. A) The Internet.
  2. B) Web services.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

52) Virtualization has contributed to the popularity of cloud computing.

Answer:  TRUE

 

53) In virtualization, the real computer’s capacity is divided among a number of ________.

  1. A) hypervisors
  2. B) virtual machines
  3. C) Neither A nor B

Answer:  B

 

54) In virtualization, each virtual machine acts like a stand-alone computer to its users.

Answer:  TRUE

 

55) When deciding whether to use cloud computing, a company must consider security risk.

Answer:  TRUE

56) A service-oriented architecture is an application architecture in which a few large programs interact to provide a unified service.

Answer:  FALSE

 

57) In SOA, calls are placed to ________.

  1. A) programs
  2. B) subprograms
  3. C) subroutines
  4. D) service objects

Answer:  D

 

58) SOAs are attractive because of ________.

  1. A) reuse
  2. B) language independence
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

59) In SOA, what language can be used to create service objects?

  1. A) Java.
  2. B) C++.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

60) SOAs are language-independent.

Answer:  TRUE

 

61) In SOAs, a program written in C++ can communicate with a program written in Java.

Answer:  TRUE

 

62) ________ use ________ that provide services to customers using WWW interaction standards.

  1. A) Web services, service objects
  2. B) Service objects, web services

Answer:  A

 

63) The terms SOA and Web services mean the same thing.

Answer:  FALSE

 

64) By definition, Web services are implemented using SOAP.

Answer:  FALSE

 

65) In SOA, SOAP messages are encoded in ________.

  1. A) HTML
  2. B) XML
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

66) The purpose of ________ is to allow a calling program to understand how to use a service object.

  1. A) SOAP
  2. B) XML
  3. C) WDSL
  4. D) UDDI

Answer:  C

 

67) The purpose of ________ is to help someone to find an appropriate service object.

  1. A) SOAP
  2. B) XML
  3. C) WDSL
  4. D) UDDI

Answer:  D

 

68) Which of the following is true?

  1. A) A Web service is one way to implement a SOA.
  2. B) SOAP is one way to implement a Web service.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

69) Which of the following is true?

  1. A) Web service is one way to implement a SOA.
  2. B) SA Web service is one way to implement SOAP.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

70) To be considered a peer-to-peer application architecture, there can be no dedicated servers included on the network.

Answer:  FALSE

 

71) Which of the following is considered a bigger problem with traditional client/server based architectures than with peer-to-peer architectures?

  1. A) Underutilized processing capacity of client PCs.
  2. B) Potential for essential data/services to become unavailable as a device is turned off.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

72) Transient client presence tends to be a problem in ________.

  1. A) P2P applications
  2. B) client/server applications
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

73) In ________ file retrieval, your computer downloads a file from a server.

  1. A) P2P
  2. B) client/server
  3. C) BitTorrent
  4. D) None of the above

Answer:  B

 

74) In BitTorrent file sharing, you download parts of the file simultaneously from multiple peers.

Answer:  TRUE

 

 

75) In BitTorrent, a(n) ________ website is a site the BitTorrent client program goes to in order to get .torrent files.

  1. A) swarm
  2. B) index
  3. C) tracker
  4. D) None of the above

Answer:  B

 

76) In BitTorrent, a(n) ________ is a server that coordinates the file transfer.

  1. A) swarm
  2. B) index
  3. C) tracker
  4. D) None of the above

Answer:  C

 

77) In BitTorrent, the group of all connected computers that have all or part of the file to be downloaded is called the ________.

  1. A) swarm
  2. B) index
  3. C) tracker
  4. D) None of the above

Answer:  A

 

78) Which of the following is a security risk associated with BitTorrent?

  1. A) Danger caused by opening TCP ports on the firewall.
  2. B) Danger that an employee may download an infected file.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

79) The main advantage of ________ file sharing is that it brings cost savings by using clients rather than server processing power.

  1. A) BitTorrent
  2. B) client/server
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

80) Skype offers ________.

  1. A) free calling among Skype customers
  2. B) free calling to and from Public Switched Telephone Network customers
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  A

 

 

81) Which of the following is not one of the main elements of the Skype network?

  1. A) Login server.
  2. B) Proxy server.
  3. C) Host node.
  4. D) Super node.

Answer:  B

 

82) In Skype, ________ is the process where a Skype application looks up the username and IP address of the party it wants to contact.

  1. A) login
  2. B) directory search
  3. C) transport
  4. D) signaling

Answer:  B

 

83) Which element of the Skype network is in charge of signaling?

  1. A) The login server.
  2. B) Host nodes.
  3. C) Super nodes.
  4. D) Media gateways.

Answer:  C

 

84) Which element of the Skype network is in charge of transport?

  1. A) The login server.
  2. B) Host nodes.
  3. C) Super nodes.
  4. D) Media gateways.

Answer:  B

 

85) Which of the following steps in Skype is done P2P?

  1. A) Login.
  2. B) Signaling.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

86) Which of the following steps in Skype is done P2P?

  1. A) Signaling.
  2. B) Transport.
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  C

 

87) Login is done P2P (instead of using servers) in ________.

  1. A) Skype
  2. B) traditional VoIP
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  D

 

88) Signaling is done using servers (not P2P) in ________.

  1. A) Skype
  2. B) traditional VoIP
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  B

 

89) Transport is done using servers (not P2P) in ________.

  1. A) Skype
  2. B) traditional VoIP
  3. C) Both A and B
  4. D) Neither A nor B

Answer:  D

 

90) Skype’s security protocols have been publically studied and approved.

Answer:  FALSE

 

91) The detailed method of Skype’s encryption for confidentiality is unknown.

Answer:  TRUE

 

92) Skype requires people to prove their identity before they specify a username.

Answer:  FALSE

 

93) The Skype protocol is relatively ________ for corporate firewalls to filter.

  1. A) easy
  2. B) difficult

Answer:  B

 

94) Which of the following is a processor-sharing application?

  1. A) BitTorrent.
  2. B) [email protected]
  3. C) SIP.
  4. D) Skype.

Answer:  B

 

 

95) If most P2P applications use facilitating servers, why do we still call them peer-to-peer?

  1. A) We accept sloppy terminology.
  2. B) We do NOT still call them peer-to-peer.
  3. C) User computers do most of the work.
  4. D) P2P applications do NOT use servers.

Answer:  C