Computer Security Basics I

Copyright ©2003-2005 Marathon Computer Press
All rights are reserved.
This material may not be reproduced or stored
on any medium without the expressed permission
of the owner of copyright.

     This is a self-grading exam. Answers are entered by selecting the checkbox corresponding to your answer choice(s) or by typing-in your answers in the case of fill-in test items (if applicable). The examination is scored by clicking the 'Grade Test' button at the bottom of the form. Correct answers and explanations are found through hyperlinks at the bottom of the page. This test requires that your browser be JavaScript enabled. Please verify that JavaScript is activated if you encounter any problems. NOTE: Fill-in/Essay test items (if any) cannot be graded and thus are ignored. However, you may view these test items for their correct answers in the 'Correct Answers' section below (if provided by your instructor).



1. (90) Which of the below can be exploited by a hacker on a network?
    (A) Running arbitrary code.
    (B) Denial of service.
    (C) Elevated privileges.
    (D) Brute force.
    (E) All of the above.


2. (100) What is one of the main vulnerabilities of Dynamic Host Configuration Protocol (DHCP)?
    (A) As it is used to externally name an internal LAN address, spurious packets can be appended to Internet traffic and allow hackers to gain entry to your network.
    (B) It must be publicly registered with the DNS system, so it can be utilized by Phreakers to determine LAN entry points.
    (C) Both A & B.
    (D) Anyone that has physical access to a network can gain IP addresses, access the common DNS table, and then launch an attack with that information.
    (E) None of the above applies.


3. (40) Layer 2 Tunneling Protocol (L2TP) is defined as what?
    (A) A key exchange protocol used with CISCO routers only.
    (B) A message integrity system commonly used in conjunction with Microsoft Exchange, or other popular email systems. It optionally provides 40-128 bits of encryption.
    (C) A system where hackers can gain access to your system(s), and install privileges for unauthorized accounts.
    (D) A virtual private networking protocol that was the predecessor to Internet Key Exchange (IKE).
    (E) A networking protocol that can be used to route non-IP traffic over an IP network. Can be combined with Internet Protocol Security (IPSEC) for additional security.


4. (70) The Domain Name System (DNS) is best described as what?
    (A) A website registration process that involves registration of a World Wide Web location to a tradename. Requires a payment to a registry authority (e.g. NetworkSolutions, GoDaddy, etc.)
    (B) A collection of special purpose servers in an IP-based network that is used in translating noun names to specific IP addresses. An example would be www.mydogsandcats.com to 192.168.0.5.
    (C) A Microsoft invention that is used to identify network Domain Controllers. Used to deconflict the names of Primary, and Backup Domain controllers.
    (D) A process used to name a given website. Many special servers are set up on the Internet to provide this functionality. It is a fee-based system.
    (E) A system of cooperative standards organizations dedicated to uniquely naming web sites on the Internet.


5. (50) NAT is used for what?
    (A) NAT is a system for network analysis and testing.
    (B) NAT is a networking protocol similar to NETBEUI that can be utilized for transferring large files across the Internet. It is specifically designed for TCP/IP networks.
    (C) NAT is used by Novell Netware for analysis and testing.
    (D) NAT is used to hide an internal network through IP translation of traffic within and exiting a private LAN. Most commonly utilized by Firewalls, or Routers.
    (E) Both A & C above.


6. (80) Which organization(s) below is/are considered to be a Gray Hat site? Select all that apply.
    (A) IBM.
    (B) The L2TP standards organization (LSO).
    (C) L0ht.
    (D) SECFIND.
    (E) Phrack.


7. (150) Examples of Malware would be what? Select all that apply.
    (A) Hactivist manifestos.
    (B) Computer Viruses.
    (C) Worms.
    (D) Software firewalls.
    (E) Border router firmware.


8. (120) What 32-bit utility is the best choice for configuring permissions on DCOM and COM+ components?
    (A) Regedit.
    (B) Winipcfg.
    (C) Dcomcnfg.
    (D) Administrative Services Applet.
    (E) Control Panel.


9. (10) SNORT is what sort of computer program?
    (A) A firewall system developed by Symantec.
    (B) An open source Intrusion Detection System.
    (C) A shareware key-logger program.
    (D) A buffer overflow sniffer.
    (E) A firewall log analyzer.


10. (130) Internet Connection Sharing (ICS) is best described as what?
    (A) Sharing a common external IP address. A process where more than one computer can use the same entry/exit point from a LAN or peer network.
    (B) The process where an Internet Service Provider dynamically allocates IP addresses for it's customers.
    (C) The physical sharing of Network Interface Cards (NIC). A hard-wired alternative to software based solutions.
    (D) None of the above.


11. (60) A digital signature is defined as what?
    (A) An electronic equivalent to a handwritten signatory element. Usually a hashed value that has been calculated for a message that has been encrypted with a private key.
    (B) A TIFF based facsimile of a handwritten signature. Universally accepted by financial institutions and the IEEE as the method of choice for network identification.
    (C) Part of the Advanced Encryption Standard (AES).
    (D) The trailer of an IPSec transmission, that is utilized exclusively for VPN authentication.
    (E) Both C & D.


12. (110) Named Pipes is an Interprocess Communication (IPC) method that utilizes a "Last in, First out" method of retrieval?
    (A) True.
    (B) False.


13. (30) What is a basic description of the File Transfer Protocol (FTP), and what TCP/IP port is commonly utilized?
    (A) FTP is a protocol for transferring files across the Internet, or other IP-based network. Port 21.
    (B) FTP is a hypertext transfer protocol used for viewing web pages, and transferring files. Port 80.
    (C) FTP is an object-oriented programming language that is designed to provide a platform independent development environment. Port 116.
    (D) FTP is a protocol used to transfer files from PDA's to network servers. Port 200.
    (E) None of the above.


14. (20) The term "Ethical Hacking" refers to what activity?
    (A) Breaking into perimeter defenses of suspected industrial spies when they have attacked your company.
    (B) Applying encryption to data to prevent unauthorized viewing.
    (C) Leaving key-loggers on company computers to monitor the activity of employees in an attempt to prevent theft of company trade secrets.
    (D) Using Internet security devices to monitor incoming/outgoing traffic from your LAN.
    (E) Detecting/Identifying system vulnerabilities by having an internal or external entity attempt to penetrate a given network. The details of which are then reported to network security personnel.


15. (140) Which Microsoft operating system was the first to debut the Encrypting File System (EFS).
    (A) DOS 5.0.
    (B) Windows NT with SP4.
    (C) Windows 98 Second Edition.
    (D) Windows XP Professional.
    (E) Windows 2000.





Correct Answers:
(Click on the number below to jump to the answer)

1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15

GO BACK TO TOP
1. (90) Which of the below can be exploited by a hacker on a network?
Answer: (E) All of the above.
BACK
2. (100) What is one of the main vulnerabilities of Dynamic Host Configuration Protocol (DHCP)?
Answer: (D) Anyone that has physical access to a network can gain IP addresses, access the common DNS table, and then launch an attack with that information.
BACK
3. (40) Layer 2 Tunneling Protocol (L2TP) is defined as what?
Answer: (E) A networking protocol that can be used to route non-IP traffic over an IP network. Can be combined with Internet Protocol Security (IPSEC) for additional security.
BACK
4. (70) The Domain Name System (DNS) is best described as what?
Answer: (B) A collection of special purpose servers in an IP-based network that is used in translating noun names to specific IP addresses. An example would be www.mydogsandcats.com to 192.168.0.5.
BACK
5. (50) NAT is used for what?
Answer: (D) NAT is used to hide an internal network through IP translation of traffic within and exiting a private LAN. Most commonly utilized by Firewalls, or Routers.
BACK
6. (80) Which organization(s) below is/are considered to be a Gray Hat site? Select all that apply.
Answer: (C) L0ht.
Answer: (E) Phrack.
BACK
7. (150) Examples of Malware would be what? Select all that apply.
Answer: (B) Computer Viruses.
Answer: (C) Worms.
BACK
8. (120) What 32-bit utility is the best choice for configuring permissions on DCOM and COM+ components?
Answer: (C) Dcomcnfg.
BACK
9. (10) SNORT is what sort of computer program?
Answer: (B) An open source Intrusion Detection System.
BACK
10. (130) Internet Connection Sharing (ICS) is best described as what?
Answer: (A) Sharing a common external IP address. A process where more than one computer can use the same entry/exit point from a LAN or peer network.
BACK
11. (60) A digital signature is defined as what?
Answer: (A) An electronic equivalent to a handwritten signatory element. Usually a hashed value that has been calculated for a message that has been encrypted with a private key.
BACK
12. (110) Named Pipes is an Interprocess Communication (IPC) method that utilizes a "Last in, First out" method of retrieval?
Answer: (B) False.
BACK
13. (30) What is a basic description of the File Transfer Protocol (FTP), and what TCP/IP port is commonly utilized?
Answer: (A) FTP is a protocol for transferring files across the Internet, or other IP-based network. Port 21.
BACK
14. (20) The term "Ethical Hacking" refers to what activity?
Answer: (E) Detecting/Identifying system vulnerabilities by having an internal or external entity attempt to penetrate a given network. The details of which are then reported to network security personnel.
BACK
15. (140) Which Microsoft operating system was the first to debut the Encrypting File System (EFS).
Answer: (E) Windows 2000.
BACK

GO BACK TO TOP























back.gif (149 bytes) Home