ITS 2110 - Introduction to Network Security

Review for First Test

The following questions are provided to help you study for the first test. Do not expect to see these exact questions on the test.

  1. Examine the list in chapter 1 of reasons why it is difficult to defend against attacks. Explain three of them.

  2. What are the three aspects of information systems that the author says are typically protected? Define each of them.

  3. What is the difference between a threat and a threat agent?

  4. What is the difference between a vulnerability and an exploit?

  5. How can our network be made totally free from risk of attack?

  6. What is the scope of each of these acts with regard to information security?
    • HIPAA
    • GLBA
    • Sarbox
    • Patriot Act
    • COPPA

  7. What is a script kiddie?

  8. Why are employees possible security threats? Explain three ways they could be.

  9. What is the difference between layering security measures and showing diversity in them?

  10. Give an example of using obscurity as a security measure.

  11. What makes an email spam?

  12. Viruses and worms both infect systems. What is an operational difference between them?

  13. What part of a system does a boot virus infect?

  14. What is a virus signature? What else is it called?

  15. Metamorphic viruses change how they look. What do polymorphic viruses do in addition to that?

  16. What class of malware does a logic bomb belong in? What is another kind of malware in the same class?

  17. What is the ridiculous default configuration for Windows regarding filenames? How do you change it in Windows 7?

  18. Why can a rootkit virus be called a privilege elevator?

  19. What is generally true about the cost of sending spam?

  20. Spammers can use several techniques to avoid a spam filter. (This does not always work.)
    What is it called when they send graphic images instead of text?

    What is it called when they break their graphic into pieces and overlay them in the email?

    What is it called when they make horizontal divisions in the letters of words?

  21. What is a key logger?

  22. Why would an attacker want to create a botnet?

  23. What would be the effect of erasing the BIOS of a computer?

  24. In a virtual machine scenario, what is a host system? What is a guest system?

  25. How does virtualization allow live migration?

    How does this improve the potential for load balancing?

  26. What is a hypervisor program?

  27. According the terminology in the text, which is more necessary: a critical update or a feature pack?

    Which is more likely to have a broader general audience, a patch or a hot fix?

    Which kind of release would tend to contain material from all the others?

  28. Why might an automated patch update service be useful for a large organization?

  29. When is a cookie a first party cookie? When is it a third party cookie?

  30. Why does the text refer to Cross Site Scripting as a form of injection?

  31. What privileges does an ActiveX control typically have on a computer?

  32. How could an attacker take advantage of a web site to plant a scripting attack?

  33. What common network protocol is often used on outgoing email servers?

    What two protocols are commonly used incoming email servers?

  34. What kind of addressing is commonly used in Instant Messaging?

  35. How is spim different from spam?

  36. What are two features of a BitTorrent network that make it different from most others?

  37. Why does the author think that virus signatures are a disadvantage regarding antivirus programs?

  38. How does a Host Intrusion Detection System notice intrusions?

  39. Name two physically weak spots where an attacker might try to get access to your network medium.

  40. What does MAC flooding do to a switch?

  41. Give me three examples of bad practices regarding passwords.

    State three characteristics of a good password.

  42. What should be done regarding default accounts when installing an operating system or new equipment?

  43. Why do attackers like to find back doors?

    Why might an administrator set up a back door for a good purpose?

  44. What is a denial of service attack?

    Why would a botnet be useful for this kind of attack?

  45. What part of a typical handshake (series of connection events) might a denial of service attack use in an exploit?

  46. What common kind of network uses CSMA/CD?

  47. What kind of frames might an attacker send to wireless devices to disrupt their use of a network?

  48. Describe an attack on a wireless network involving expected ACK signals.

  49. How does a passive Man-in-the-Middle attack differ from an active one?

  50. What is a replay attack?

  51. What would cause you to consider replacing a protocol program on a network?

  52. What is typically contained in a hosts file on a computer?

  53. Where would you look for a hosts file on a Windows computer?

  54. What is a DNS zone transfer?

  55. What protocol pairs IP addresses with MAC addresses? Where are such pairs stored on a workstation?

  56. What is ARP poisoning?

  57. What is a rogue access point?

  58. What is war driving and why doesn't it require a car?

  59. How is Bluesnarfing different from Bluejacking?

  60. What is the grace period for domain name registration?

  61. What is a classful IP address?

    What makes an IP address classless?

  62. What is a difference between public and private IP addresses?

  63. What are some organizational needs that could be addressed by subnetting?

  64. How is a subnet kind of the opposite of a VLAN?

  65. In terms of networking security, why might you want to set up a DMZ?

  66. What does an NAT server do if it has a bank of public IP addresses?

    What does it do if it only has one public IP address?

  67. Where are software firewalls typically installed?

    Where are hardware firewalls typically installed?

  68. What are three typical actions a firewall might take with a packet?

  69. Firewalls can work with stateless or stateful filtering. What state is this referring to?

  70. What does a proxy server do that could be considered a security function?

  71. What is the difference between intrusion detection and intrusion prevention systems?

    How are these system similar?

  72. What does a protocol analyzer do?

  73. What do Internet content filters do?