Course Introduction
Network Security Practice Exam
Network Security is a comprehensive course that explores the principles, technologies, and practices essential for safeguarding computer networks against cyber threats. Students will learn about common vulnerabilities and attacks, cryptographic methods for securing communication, authentication procedures, firewall design, intrusion detection and prevention systems, and security policies. Through a combination of theoretical knowledge and hands-on labs, the course equips learners with practical skills to assess risks and implement robust security solutions, preparing them for challenges in modern networked environments.
Recommended Textbook
Computer Security Principles and Practice 2nd Edition by William Stallings
Available Study Resources on Quizplus
24 Chapters
1078 Verified Questions
1078 Flashcards
Source URL: https://quizplus.com/study-set/3971
Page 2
Chapter 1: Computer Systems Overview
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79799
Sample Questions
Q1) Establishing,maintaining,and implementing plans for emergency response,backup operations,and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.
Answer: contingency
Q2) Security implementation involves four complementary courses of action: prevention,detection,response,and _________.
Answer: recovery
Q3) An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n)__________.
A)risk
B)attack
C)asset
D)vulnerability
Answer: B
Q4) Misappropriation and misuse are attacks that result in ________ threat consequences.
Answer: usurpation
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Cryptographic Tools
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79788
Sample Questions
Q1) Combined one byte at a time with the plaintext stream using the XOR operation,a __________ is the output of the pseudorandom bit generator.
A)keystream
B)digital signature
C)secure hash
D)message authentication code
Answer: A
Q2) The purpose of a __________ is to produce a "fingerprint" of a file,message,or other block of data.
A)secret key
B)digital signature
C)keystream
D)hash function
Answer: D
Q3) An important element in many computer security services and applications is the use of cryptographic algorithms.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: User Authentication
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/79782
Sample Questions
Q1) A good technique for choosing a password is to use the first letter of each word of a phrase.
A)True
B)False
Answer: True
Q2) Identifiers should be assigned carefully because authenticated identities are the basis for other security services.
A)True
B)False
Answer: True
Q3) Enrollment creates an association between a user and the user's biometric characteristics.
A)True
B)False
Answer: True
Q4) Voice pattern,handwriting characteristics,and typing rhythm are examples of __________ biometrics.
Answer: dynamic
Q5) The __________ is the pattern formed by veins beneath the retinal surface.
Answer: retinal pattern
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Access Control
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79781
Sample Questions
Q1) __________ controls access based on comparing security labels with security clearances.
A)MAC
B)DAC
C)RBAC
D)MBAC
Q2) __________ refers to setting a maximum number with respect to roles.
A)Cardinality
B)Prerequisite
C)Exclusive
D)Hierarchy
Q3) An approval to perform an operation on one or more RBAC protected objects is
A)support
B)prerequisite
C)permission
D)exclusive role
Q4) A __________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned.
Q5) The basic elements of access control are: subject,__________,and access right.
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Database Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79780
Sample Questions
Q1) A _________ is the result of a query that returns selected rows and columns from one or more tables.
Q2) In a ___________ administration a small number of privileged users may grant and revoke access rights.
Q3) The __________ is a human entity that presents requests (queries)to the system.
Q4) A(n)__________ is a user who has administrative responsibility for part or all of the database.
A)administrator
B)database relations manager
C)application owner
D)end user other than application owner
Q5) The database management system operates on the assumption that the computer system has authenticated each user.
A)True
B)False
Q6) __________ is a standardized language that can be used to define schema,manipulate,and query data in a relational database.
Q7) The information transfer path by which unauthorized data is obtained is referred to as an ___________ channel.
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Malicious Software
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/79779
Sample Questions
Q1) __________ is malware that encrypts the user's data and demands payment in order to access the key needed to recover the information.
A)Trojan horse
B)Ransomware
C)Crimeware
D)Polymorphic
Q2) __________ is the first function in the propagation phase for a network worm.
A)Propagating
B)Fingerprinting
C)Keylogging
D)Spear phishing
Q3) Sometimes referred to as the "infection vector",the __________ is the means by which a virus spreads or propagates.
Q4) A virus that attaches to an executable program can do anything that the program is permitted to do.
A)True
B)False
Q5) Countermeasures for malware are generally known as _________ mechanisms because they were first developed to specifically target virus infections.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Denial-Of-Service Attacks
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79778
Sample Questions
Q1) In reflection attacks,the ______ address directs all the packets at the desired target and any responses to the intermediary.
Q2) The SYN spoofing attack targets the table of TCP connections on the server.
A)True
B)False
Q3) Requests and _______ are the two different types of SIP messages.
Q4) A _______ flood refers to an attack that bombards Web servers with HTTP requests.
Q5) A ______ triggers a bug in the system's network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded.
A)echo
B)reflection
C)poison packet
D)flash flood
Q6) Slowloris is a form of ICMP flooding.
A)True
B)False
Q7) The standard protocol used for call setup in VoIP is the ________ Protocol.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Intrusion Detection
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79777
Sample Questions
Q1) __________ is a security service that monitors and analyzes system events for the purpose of finding,and providing real-time warning of attempts to access system resources in an unauthorized manner.
Q2) _________ anomaly detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations.
Q3) The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager.
A)central manager agent
B)LAN monitor agent
C)host agent
D)architecture agent
Q4) ________ are decoy systems that are designed to lure a potential attacker away from critical systems.
Q5) The _________ (RFC 4766)document defines requirements for the Intrusion Detection Message Exchange Format (IDMEF).
Q6) An intruder can also be referred to as a hacker or cracker.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Firewalls and Intrusion Prevention Systems
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79776
Sample Questions
Q1) Identified as a critical strong point in the network's security,the _________ serves as a platform for an application-level or circuit-level gateway.
Q2) __________ protocols operate in networking devices,such as a router or firewall,and will encrypt and compress all traffic going into the WAN and decrypt and uncompress traffic coming from the WAN.
Q3) __________ looks for deviation from standards set forth in RFCs.
A)Statistical anomaly
B)Protocol anomaly
C)Pattern matching
D)Traffic anomaly
Q4) A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.
A)packet filtering firewall
B)distributed firewall
C)personal firewall
D)stateful inspection firewall
Q5) The firewall follows the classic military doctrine of _________ because it provides an additional layer of defense.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Buffer Overflow
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79798
Sample Questions
Q1) The _______ exploited a buffer overflow in Microsoft SQL Server 2000.
A)Morris Internet Worm
B)Code Red Worm
C)Sasser Worm
D)Slammer Worm
Q2) A stack overflow can result in some form of denial-of-service attack on a system.
A)True
B)False
Q3) _______ was one of the earliest operating systems written in a high-level language.
Q4) The _________ aims to provide useful information to people who perform penetration testing,IDS signature development,and exploit research.
A)Metasploit Project
B)Manhattan Project
C)Levy Project
D)RAD Project
Q5) The attacker can specify the return address used to enter code as a location somewhere in the run of NOPs,which is called a NOP ______.
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Software Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79797
Sample Questions
Q1) In the ________ attack the user supplied input is used to construct a SQL request to retrieve information from a database.
Q2) Program _______ refers to any source of data that originates outside the program and whose value is not explicitly known by the programmer when the code was written.
Q3) Cross-site scripting attacks attempt to bypass the browser's security checks to gain elevated access privileges to sensitive data belonging to another site.
A)True
B)False
Q4) The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _______ on the shared file,ensuring that each process has appropriate access in turn.
A)lock
B)code injection
C)chroot jail
D)privilege escalation
Q5) A ________ occurs when multiple processes and threads compete to gain uncontrolled access to some resource.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Operating System Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79796
Sample Questions
Q1) A plan needs to identify appropriate personnel to install and manage the system,noting any training needed.
A)True
B)False
Q2) The purpose of the system does not need to be taken into consideration during the system security planning process.
A)True
B)False
Q3) The ______ process makes copies of data at regular intervals for recovery of lost or corrupted data over short time periods.
A)logging
B)backup
C)hardening
D)archive
Q4) ______ are resources that should be used as part of the system security planning process.
A)Texts
B)Online resources
C)Specific system hardening guides
D)All of the above
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Trusted Computing and Multilevel Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79795
Sample Questions
Q1) The BLP model includes a set of rules based on abstract operations that change the state of the system.
A)True
B)False
Q2) A multilevel secure system for confidentiality must enforce:
A)no read up
B)ss-property
C)no write down
D)all of the above
Q3) "No write down" is also referred to as the *-property.
A)True
B)False
Q4) ________ is a process that ensures a system is developed and operated as intended by the system's security policy.
A)Trust
B)Assurance
C)Evaluation
D)Functionality
Q5) In the United States the ______ and the NSA jointly operate the Common Criteria Evaluation and Validation Scheme.
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: It Security Management and Risk Assessment
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79794
Sample Questions
Q1) A threat may be either natural or human made and may be accidental or deliberate.
A)True B)False
Q2) Legal and regulatory constraints may require specific approaches to risk assessment.
A)True B)False
Q3) The _________ provides the most accurate evaluation of an organization's IT system's security risks.
Q4) Not proceeding with the activity or system that creates the risk is _________.
Q5) Implementing the risk treatment plan is part of the ______ step.
A)check
B)act C)do D)plan
Q6) A(n)_________ is anything that has value to the organization.
Q7) The __________ approach to risk assessment aims to implement a basic general level of security controls on systems using baseline documents,codes of practice,and industry best practice.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: It Security Controls, plans, and Procedures
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79793
Sample Questions
Q1) _______ management is concerned with specifically keeping track of the configuration of each system in use and the changes made to each.
Q2) It is likely that the organization will not have the resources to implement all the recommended controls.
A)True
B)False
Q3) _________ controls focus on preventing security beaches from occurring by inhibiting attempts to violate security policies or exploit a vulnerability.
Q4) The objective of the ________ control category is to avoid breaches of any law,statutory,regulatory,or contractual obligations,and of any security requirements.
A)access
B)asset management
C)compliance
D)business continuity management
Q5) All controls are applicable to all technologies.
A)True
B)False
Q6) Incident response is part of the ________ class of security controls.
To view all questions and flashcards with answers, click on the resource link above. Page 17
Chapter 16: Physical and Infrastructure Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79792
Sample Questions
Q1) _______ includes destruction of equipment and data.
A)Misuse
B)Vandalism
C)Theft
D)Unauthorized physical access
Q2) Relative humidity should be maintained between ________ to avoid the threats from both low and high humidity.
A)20% and 80%
B)40% and 60%
C)50% and 50%
D)30% and 70%
Q3) Human-caused threats can be grouped into the following categories: unauthorized physical access,theft,_________ and misuse.
Q4) Unauthorized physical access can lead to other threats.
A)True
B)False
Q5) If a computer's temperature gets too cold the system can undergo thermal shock when it is turned on.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 18
Chapter 17: Human Resources Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79791
Sample Questions
Q1) A(n)________ is any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures.
Q2) The group of users,sites,networks,or organizations served by the CSIRT is a _______.
Q3) From a security point of view,which of the following actions should be done upon the termination of an employee?
A)remove the person's name from all lists of authorized access
B)recover all assets,including employee ID,disks,documents and equipment
C)remove all personal access codes
D)all of the above
Q4) Network and host __________ monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents.
Q5) Programmers,developers,and system maintainers require less advanced security training than other employees.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 19
Chapter 18: Security Auditing
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79790
Sample Questions
Q1) The ______ repository contains the auditing code to be inserted into an application.
Q2) Although important,security auditing is not a key element in computer security.
A)True
B)False
Q3) RFC 2196 (Site Security Handbook)lists three alternatives for storing audit records: read/write file on a host,write-once/read-many device,and ______.
Q4) Applications,especially applications with a certain level of privilege, present security problems that may not be captured by system-level or user-level auditing data.
A)True
B)False
Q5) The foundation of a security auditing facility is the initial capture of the audit data.
A)True
B)False
Q6) A _______ is an independent review and examination of a system's records and activities.
To view all questions and flashcards with answers, click on the resource link above. Page 20
Chapter 19: Legal and Ethical Aspects
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79789
Sample Questions
Q1) The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers,boldness,and the global scale of their operations.
A)True
B)False
Q2) A servicemark is the same as a trademark except that it identifies and distinguishes the source of a service rather than a product.
A)True
B)False
Q3) The invasion of the rights secured by patents,copyrights,and trademarks is
Q4) The success of cybercriminals,and the relative lack of success of law enforcement,influence the behavior of _______.
A)cyber thieves
B)cybercrime victims
C)cybercrime acts
D)cyber detectives
Q5) The ___________ Act places restrictions on online organizations in the collection of data from children under the age of 13.
To view all questions and flashcards with answers, click on the resource link above. Page 21
Chapter 20: Symmetric Encryption and Message
Confidentiality
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79787
Sample Questions
Q1) With ______ encryption each vulnerable communications link is equipped on both ends with an encryption device.
Q2) A ________ is a key used between entities for the purpose of distributing session keys.
A)permanent key
B)session key
C)distribution key
D)all of the above
Q3) An encryption scheme is _________ if the cost of breaking the cipher exceeds the value of the encrypted information and/or the time required to break the cipher exceeds the useful lifetime of the information.
Q4) A symmetric encryption scheme has five ingredients: plaintext,encryption algorithm,ciphertext,decryption algorithm and _________.
Q5) If both sender and receiver use the same key the system is referred to as asymmetric.
A)True
B)False
Q6) The three most important symmetric block ciphers are: 3DES,AES,and _____.
Page 22
Q7) _________ is the process of attempting to discover the plaintext or key.
To view all questions and flashcards with answers, click on the resource link above.
Chapter 21: Public-Key Cryptography and Message
Authentication
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79786
Sample Questions
Q1) SHA-2 shares the same structure and mathematical operations as its predecessors and this is a cause for concern.
A)True
B)False
Q2) Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES.
A)True
B)False
Q3) The DSS makes use of the _________ and presents a new digital signature technique,the Digital Signature Algorithm (DSA).
A)HMAC
B)XOR
C)RSA
D)SHA-1
Q4) _________ attacks have several approaches,all equivalent in effort to factoring the product of two primes.
A)Mathematical
B)Brute-force
C)Chosen ciphertext
D)Timing
To view all questions and flashcards with answers, click on the resource link above. Page 23
Chapter 22: Internet Security Protocols and Standards
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79785
Sample Questions
Q1) The _______ is a directory lookup service that provides a mapping between the name of a host on the Internet and its numerical address.
Q2) IP-level security encompasses three functional areas: authentication,confidentiality,and _________.
Q3) The default algorithms used for encrypting S/MIME messages are the triple DES and a public-key scheme known as _______.
Q4) A message store cannot be located on the same machine as the MUA.
A)True
B)False
Q5) MIME provides the ability to sign and/or encrypt e-mail messages.
A)True
B)False
Q6) The ________ is housed in the user's computer and is referred to as a client e-mail program or a local network e-mail server.
Q7) The recipient of a message can decrypt the signature using DSS and the sender's public DSS key.
A)True
B)False
Q8) The _________ is used to convey SSL-related alerts to the peer entity.
To view all questions and flashcards with answers, click on the resource link above. Page 24
Chapter 23: Internet Authentication Applications
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79784
Sample Questions
Q1) One of the earliest and most widely used services is _________.
A)Kerberos
B)FIM
C)PKI
D)X.509
Q2) The overall scheme of Kerberos is that of a trusted third-party authentication service.
A)True
B)False
Q3) Because serial numbers are unique within a CA,the serial number is sufficient to identify the certificate.
A)True
B)False
Q4) The ticket contains the user's ID,the server's ID,a __________,a lifetime after which the ticket is invalid,and a copy of the same session key sent in the outer message to the client.
Q5) In Kerberos,the ___________ decrypts the ticket and authenticator,verifies the request,and creates ticket for requested server.
Q6) In a generic identity management architecture a ________ is an identity holder.
25
To view all questions and flashcards with answers, click on the resource link above.
Chapter 24: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79783
Sample Questions
Q1) The wireless environment consists of three components that provide point of attack: the wireless client,the transmission medium,and the _________.
Q2) Like TKIP,CCMP provides two services: message integrity and ________.
Q3) A __________ attack targets wireless access points that are exposed to non-filtered network traffic,such as routing protocol messages or network management messages.
Q4) A ____________ attack involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device.
Q5) A wireless access point is a _______.
A)cell tower
B)Wi-Fi hot spot
C)wireless access point to a LAN or WAN
D)all of the above
Q6) Two types of countermeasures are appropriate to deal with eavesdropping: signal-hiding techniques and ____________.
Q7) The transmission medium carries the radio waves for data transfer.
A)True
B)False
Page 26
To view all questions and flashcards with answers, click on the resource link above.