CSS 211 - Introduction to Network Security

Review for First Test

The following questions are provided to help you study for the first test. Do not expect to see these exact questions on the test.

  1. Examine the list in chapter 1 of reasons why it is difficult to defend against attacks. Explain three of them.

  2. What are the three aspects of information systems that the author says are typically protected? Define each of them.

  3. What is the difference between a threat and a threat agent?

  4. What is the difference between a vulnerability and an exploit?

  5. How can our network be made totally free from risk of attack?

  6. What is the scope of each of these acts with regard to information security?
    • HIPAA
    • GLBA
    • Sarbox
    • Patriot Act
    • COPPA

  7. Is there a good definition of the word "hacker"?

  8. What is a script kiddie?

  9. Why are employees possible security threats? Explain three ways they could be.

  10. What is the difference between a cybercriminal and a cyberterrorist?

  11. In the text five step procedure for an attack, what step follows "probe for information"?

    What step follows "modify security settings"?

  12. What is the difference between layering security measures and showing diversity in them?

  13. Give an example of using obscurity as a security measure.

  14. What makes an email spam?

  15. Viruses and worms both infect systems. What is an operational difference between them?

  16. What part of a system does a boot virus infect?

  17. What is a virus signature? What else is it called?

  18. Metamorphic viruses change how they look. What do polymorphic viruses do in addition to that?

  19. What class of malware does a logic bomb belong in? What is another kind of malware in the same class?

  20. What is the ridiculous default configuration for Windows regarding filenames? How do you change it in Windows 7?

  21. Why can a rootkit virus be called a privilege elevator?

  22. What did Sony do with a rootkit on audio CDs in 2005?

  23. What is generally true about the cost of sending spam?

  24. Spammers can use several techniques to avoid a spam filter. (This does not always work.)
    What is it called when they send graphic images instead of text?

    What is it called when they break their graphic into pieces and overlay them in the email?

    What is it called when they make horizontal divisions in the letters of words?

  25. What aspect of a user's rights is violated by spyware?

  26. What is a key logger?

  27. Why would an attacker want to create a botnet?

    What might you call an infected computer?

  28. What would be the effect of erasing the BIOS of a computer?

  29. What would be easier to set up on your home network, a NAS or a SAN?
    Which one is more vulnerable to viruses that attach standard services?

  30. What is an MTSO?

  31. In a virtual machine scenario, what is a host system? What is a guest system?

  32. How does virtualization allow live migration?

    How does this improve the potential for load balancing?

  33. What is a hypervisor program?

  34. According the terminology in the text, which is more necessary: a critical update or a feature pack?

    Which is more likely to have a broader general audience, a patch or a hotfix?

    Which kind of release would tend to contain material from all the others?

  35. What are the three ways you can set Window so that it looks for updates?

  36. Why might an automated patch update service be useful for a large organization?

  37. Name the two Windows features the text recommended turning on to fight buffer overflow attacks.

  38. What is the difference between a configuration baseline and a security template?

  39. When is a cookie a first party cookie? When is it a third party cookie?

  40. What are some of the things a browser prevents a Javascript from doing?

  41. What is a Java sandbox, and when is one used?

  42. Why does the text refer to Cross Site Scripting as a form of injection?

  43. What privileges does an ActiveX control typically have on a computer?

  44. How could an attacker take advantage of a web site to plant a scripting attack?

  45. What common network protocol is often used on outgoing email servers?

    What two protocols are commonly used incoming email servers?

  46. What is a recommended defense against scripting attacks, regardless of the kind of script involved?

  47. What kind of addressing is commonly used in Instant Messaging?

  48. How is spim different from spam?

  49. What are two features of a BitTorrent network that make it different from most others?

  50. Why does the author think that virus signatures are a disadvantage regarding antivirus programs?

  51. How does a Host Intrusion Detection System notice intrusions?

  52. What to you call the practice of an administrator setting a managed switch to copy all traffic from one or more ports to a port the admin specifies?

  53. What is the purpose of a network tap? (Not a vampire tap.)

  54. Name two physically weak spots where an attacker might try to get access to your network medium.

  55. What does MAC flooding do to a switch?

  56. Give me three examples of bad practices regarding passwords.

    State three characteristics of a good password.

  57. What should be done regarding default accounts when installing an operating system or new equipment?

  58. Why do attackers like to find back doors?

    Why might an administrator set up a back door for a good purpose?

  59. What is a denial of service attack?

    Why would a botnet be useful for this kind of attack?

  60. What part of a typical handshake (series of connection events) might a denial of service attack use in an exploit?

  61. What common kind of network uses CSMA/CD?

  62. What kind of frames might an attacker send to wireless devices to disrupt their use of a network?

  63. Describe an attack on a wireless network involving expected ACK signals.

  64. How does a passive Man-in-the-Middle attack differ from an active one?

  65. What is a replay attack?

  66. What would cause you to consider replacing a protocol program on a network?

  67. What is typically contained in a hosts file on a computer?

  68. Where would you look for a hosts file on a Windows XP computer?

  69. What is a DNS zone transfer?

  70. What is DNS spoofing?

  71. What protocol pairs IP addresses with MAC addresses? Where are such pairs stored on a workstation?

  72. What is ARP poisoning?

  73. What is a rogue access point?

  74. What is war driving and why doesn't it require a car?

  75. What is a Bluetooth piconet?

    What is a scatternet?

  76. How is Bluesnarfing different from Bluejacking?

  77. What is the grace period for domain name registration?

  78. What is a classful IP address?

    What makes an IP address classless?

  79. What is a difference between public and private IP addresses?

  80. What are some organizational needs that could be addressed by subnetting?

  81. How is a subnet kind of the opposite of a VLAN?

  82. In terms of networking security, why might you want to set up a DMZ?

  83. What does an NAT server do if it has a bank of public IP addresses?

    What does it do if it only has one public IP address?

  84. Explain some of the metaphors used in the section on Network Access Control.

  85. Where are software firewalls typically installed?

    Where are hardware firewalls typically installed?

  86. What are three typical actions a firewall might take with a packet?

  87. Firewalls can work with stateless or stateful filtering. What state is this referring to?

  88. What does a proxy server do that could be considered a security function?

  89. What does a reverse proxy server know that a proxy server does not have to know?

  90. What are two purposes of a honeypot on a network?

  91. What is the difference between intrusion detection and intrusion prevention systems?

    How are these system similar?

  92. What does a protocol analyzer do?

  93. What do Internet content filters do?