Chapter 17 – Human Resources Security TRUE/FALSE QUESTIONS

Computer Security: Principles and Practice, 2nd EditionChapter 17

Chapter 17 – Human Resources Security

TRUE/FALSE QUESTIONS:

T F 1. Complying with regulations and contractual obligations is a benefit of

security awareness, training, and education programs.

T F 2. Employee behavior is not a critical concern inensuring the security of

computer systems.

T F 3. Employees cannot be expected to follow policies and procedures of

which they are unaware.

T F 4. Security awareness, training, and education programs may be needed to

comply with regulations and contractual obligations.

T F 5. The education and experience learning level provides the foundation

for subsequent training by providing a universal baseline of key security terms and concepts.

T F 6. Security basics and literacy is required for those employees, including

contractor employees, who are involved in anyway with IT systems.

T F 7. Awareness only communicates information security policies and


procedures that need to be followed and does not provide the foundation for any sanctions ordisciplinary actions imposed for noncompliance.

T F 8. Awareness is used to explain the rules of behavior for using an

agency’s information systems and information and establishes a level of expectation on the acceptable use of the information and information systems.

T F 9. To emphasize the importance of security awareness, an organization

should have a security awareness policy document that is provided to all employees.

T F 10. Programmers, developers, and system maintainers require less

advanced security training than other employees.

T F 11. Security education is most often taught by outside sources.

T F 12. An employer cannot be held liable for negligent hiring if an

employee causes harm to a third party while acting as an employee.

T F 13. As part of their contractual obligation, employees should agree and

sign the terms and conditions of their employment contract, which should state their and the organization’s responsibilities for information security.

T F 14. Having all of the security functions and audit responsibilities reside in


the same person is a wise decision on the part of the organization.

T F 15. Many companies incorporate specific e-mail and Internet use policies

into the organization’s security policy document.

MULTIPLE CHOICE QUESTIONS:

1. _______ is a benefit of security awareness, training, and education programs to organizations.

A. Improving employee behavior

B. Increasing the ability to hold employees accountable for their actions

C. Mitigating liability of the organization for anemployee’s behavior

D. All of the above

2. Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees’ knowledge of their ________ and of potential penalties.

A. regulations B. accountability

C. liability D. incidents

3. The _______ category is a transitional stage between awareness and training.

A. roles and responsibilities relative to IT systems


B. security basics and literacy

C. education and experience

D. security awareness

4. ________ is explicitly required for all employees.

A. Security awareness

B. Education and experience

C. Security basics and literacy

D. Roles and responsibilities relative to IT systems

5. The _________ level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.

A. security basics and literacy

B. roles and responsibilities relative to IT systems

C. education and experience

D. security awareness

6. _______ are ways for an awareness program to promote the security message to employees.

A. Posters B. Newsletters

C. Workshops and training sessions D. All of the above


7. ________ need training on the development of risk management goals, means of measurement, and the need tolead by example in the area of security awareness.

A. Executives B. Analysts

C. Managers D. Trainers

8. From a security point of view, which of the following actions should be done upon the termination of an employee?

A. remove the person’s name from all lists of authorized access

B. recover all assets, including employee ID, disks, documents and equipment

C. remove all personal access codes

D. all of the above

9. ________ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling.

A. Incident B. Triage

C. Constituency D. Handling

10. CERT stands for ___________.

A. Computer Error Response Team

B. Compliance Error Repair Technology


C. Computer Emergency Response Team

D. Compliance Emergency Response Technology

11. ________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits.

A. Artifacts B. Vulnerabilities

C. CSIRT D. Constituencies

12. A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______.

A. CIRT B. CIRC

C. CSIRT D. all of the above

13. ___________ scan critical system files, directories, and services to ensure they have not been changed without proper authorization.

A. Intrusion prevention systems

B. System integrity verification tools

C. Log analysis tools

D. Network and host intrusion detection systems

14. A _______ policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy.

A. standard of conduct B. unlawful activity prohibited

C. company rights D. business use only


15. A _______ policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company.

A. disciplinary action B. company rights

C. policy scope D. business use only

SHORT ANSWER QUESTIONS:

1. The principal problems associated with employee behavior are errors and omissions, fraud, and actions by disgruntled employees.

2. There is a need for a continuum of learning programs that starts with awareness builds to training, and evolves into education.

3. The four layers of the learning continuum as summarizedby NIST SP 800-16 are: security awareness, security basics and literacy, roles and responsibilities relative to IT systems, and the education and experience level.

4. After security basics and literacy, training becomes focused on providing the knowledge, skills, and abilities specific to an individual’s roles and responsibilities relative to IT systems.

5. In general, a security awareness program seeks to inform and focus an employee’s attention on issues related to security within the organization.

6. The principles that should be followed for personnel security are: limited reliance on key employees, separation of duties, and least privilege.


7. In large and medium-sized organizations, a computer security incident response team (CSIRT) is responsible for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services.

8. Any action that threatens one or more of the classic security services of confidentiality, integrity, availability, accountability, authenticity, and reliability in a system constitutes a(n) incident.

9. ISO 27002 lists the following security objective with respect to current employees: to ensure that employees, contractors, and third-party users are awareof information security threats and concerns and their responsibilities and liabilities with regard to information security and are equipped to support organizational security policy in the course of their normal work and to reduce the risk of human error.

10. A vulnerability is a characteristic of a piece of technology that can be exploited to perpetrate a security incident.

11. Network and host intrusion detection systems (IDS)monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents.

12. The goal of the triage function is to ensure thatall information destined for the incident handling service is channeled through a single focal point regardless of the method by which it arrives for appropriate redistribution and handling within the service.


13. A(n) artifact is any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures.

14. The group of users, sites, networks, or organizations served by the CSIRT is a constituency.

15. Employees have no expectation of privacy in theiruse of company-provided e-mail or Internet access,even if the communication is personal in nature.


Chapter 18 – Security Auditing


T F 1. Although important, security auditing is not a key element in computer

security.

T F 2. The basic audit objective is to establish accountability for system

entities that initiate or participate in security-relevant events and actions.

T F 3. Means are needed to generate and record a security audit trail and to

review and analyze the audit trail to discover and investigate attacks and security compromises.

T F 4. Audit trails are different from audit logs.

T F 5. The audit analyzer prepares human-readable security reports.

T F 6. The security administrator must define the setof events that are

subject to audit.

T F 7. Event and audit trail analysis software, tools, and interfaces may be

used to analyze collected data as well as for investigating data trends and anomalies.


T F 8. According to ISO 27002, the person(s) carryingout the audit should be

independent of the activities audited.

T F 9. Data representing behavior that does not trigger an alarm cannot serve

as input to intrusion detection analysis.

T F 10. The first order of business in security audittrail design is the selection

of data items to capture.

T F 11. Protection of the audit trail involves both integrity and confidentiality.

T F 12. The foundation of a security auditing facility is the initial capture of

the audit data.

T F 13. All UNIX implementations will have the same variants of the syslog

facility.

T F 14. Thresholding is a form of baseline analysis.

T F 15. Applications, especially applications with a certain level of privilege,

present security problems that may not be captured by system-level or user-level auditing data.


1. Security auditing can:

A. provide data that can be used to define anomalous behavior


B. maintain a record useful in computer forensics

C. generate data that can be used in after-the-fact analysis of an attack

D. all of the above

2. A _______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures.

A. security audit trail B. security audit

C. user-level audit D. system-level audit trail

3. The _________ is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect.

A. event discriminator B. audit analyzer

C. archive D. alarm processor

4. The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail.

A. audit dispatcher B. audit analyzer

C. audit trail collector D. audit provider


5. The ________ is a module that transmits the audit trailrecords from its local system to the centralized audit trail collector.

A. audit dispatcher B. audit analyzer

C. audit trail collector D. none of theabove

6. _________ identifies the level of auditing, enumerates the types of auditable events, and identifies the minimum set of audit-related information provided.

A. Event selection B. Data generation

C. Automatic response D. Audit analysis

7. Data items to capture for a security audit trail include:

A. events related to the security mechanisms on the system

B. operating system access

C. remote access

D. all of the above

8. _________ audit trails are generally used to monitor and optimize system performance.

A. User-level B. Physical-level

C. System-level D. All of the above


9. _________ audit trails may be used to detect security violations within an application or to detect flaws in the application’s interaction with the system.

A. Application-level B. System-level

C. User-level D. None of the above

10. Windows allows the system user to enable auditing in _______ different categories.

A. five B. seven

C. nine D. eleven

11. Severe messages, such as immediate system shutdown, is a(n) _____ severity.

A. alert B. emerg

C. crit D. warning

12. System conditions requiring immediate attention isa(n) _______ severity.

A. alert B. err

C. notice D. emert

13. With _________ the linking to shared library routines is deferred until load time so that if changes


are made any program that references the library is unaffected.

A. statically linked shared libraries

B. dynamically linked shared libraries

C. system linked shared libraries

D. all of the above

14. ______ is the identification of data that exceed aparticular baseline value.

A. Anomaly detection B. Real-time analysis

C. Thresholding D. All of the above

15. ______ software is a centralized logging software package similar to, but much more complex than, syslog.

A. NetScan B. McAfee

C. IPConfig D. SIEM


16. Security auditing is a form of auditing that focuses on the security of an organization’s IS assets.

17. A security audit trial is a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to final results.


18. A security audit is an independent review and examination of a system’s records and activities.

19. The audit trial examiner is an application or userwho examines the audit trail and the audit archives forhistorical trends, for computer forensic purposes, and for other analysis.

20. The audit archives are a permanent store of security-related events on a system.

21. Monitoring areas suggested in ISO 27002 include: authorized access, all privileged operations, unauthorized access attempts, changes to (or attempts to change) system security settings and controls, and system alerts or failure.

22. User-level audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions.

23. RFC 2196 (Site Security Handbook) lists three alternatives for storing audit records: read/write file on a host, write-once/read-many device, and write-only device.

24. Windows is equipped with three types of event logs: system event log, security event log, and application event log.

25. Syslog is UNIX’s general-purpose logging mechanism found on all UNIX variants and Linux.

26. Messages in the BSD syslog format consist of three parts: PRI, Header, and Msg.

27. The audit repository contains the auditing code to be inserted into an application.


28. Baselining is the process of defining normal versus unusual events and patterns.

29. Windowing is detection of events within a given set of parameters, such as within a given time period or outside a given time period.

30. SIEM software has two general configuration approaches: agentless and agent-based.

Chapter 19 – Legal and Ethical Aspects


T F 1. The legal and ethical aspects of computer security encompass a broad

range of topics.

T F 2. Computer attacks are considered crimes but donot carry criminal

sanctions.

T F 3. Computers as targets is a form of crime that involves an attack on data

integrity, system integrity, data confidentiality, privacy, or availability.

T F 4. The relative lack of success in bringing cybercriminals to justice has

led to an increase in their numbers, boldness, and the global scale of their operations.

T F 5. No cybercriminal databases exist that can point investigators to


likely suspects.

T F 6. The successful use of law enforcement depends much more on

technical skills than on people skills.

T F 7. Software is an example of real property.

T F 8. An example of a patent from the computer security realm is the RSA

public-key cryptosystem.

T F 9. A servicemark is the same as a trademark except that it identifies and

distinguishes the source of a service rather than a product.

T F 10. Concerns about the extent to which personal privacy has been and

may be compromised have led to a variety of legal and technical approaches to reinforcing privacy rights.

T F 11. The purpose of the privacy functions is to provide a user protection

against discovery and misuse of identity by other users.

T F 12. The Common Criteria specification is primarily concerned with the

privacy of personal information concerning the individual rather than the privacy of an individual with respect to that individual’s use of computer resources.

T F 13. Computer technology has involved the creationof new types of

entities for which no agreed ethical rules havepreviously been formed.


T F 14. Anyone can join the Ad Hoc Committee on Responsible Computing.

T F 15. The first comprehensive privacy legislation adopted in the United

States was the Privacy Act of 1974.


1. _______ is a form of crime that targets a computer system to acquire information stored on that computer system, to control the target system without authorization or payment, or to alter the integrity of data or interfere with the availability of the computer or server.

A. Computers as targets B. Computers as storage devices

C. Computers as mediums D. Computers as communication tools

2. The success of cybercriminals, and the relative lack of success of law enforcement, influence the behavior of _______.

A. cyber thieves B. cybercrime victims

C. cybercrime acts D. cyber detectives

3. Land and things permanently attached to the land, such as trees, buildings, and stationary mobile homes are _______.

A. real property B. cyber property


C. personal property D. intellectual property

4. Personal effects, moveable property and goods, such as cars, bank accounts, wages, securities, a small business, furniture, insurance policies, jewelry, patents, and pets are all examples of _________.

A. intellectual property B. real property

C. personal property D. cyber property

5. Any intangible asset that consists of human knowledge and ideas is _______.

A. cyber property B. personal property

C. intellectual property D. real property

6. _____ can be copyrighted.

A. Dramatic works B. Architectural works

C. Software-related works D. All of the above

7. The copyright owner has which exclusive right(s)?

A. reproduction right B. distribution right

C. modification right D. all of the above

8. A _______ for an invention is the grant of a property right to the inventor.

A. patent B. copyright

C. trademark D. claim


9. A ______ is a word, name, symbol, or device that is usedin trade with goods to indicate the source of the goods and to distinguish them from the goods of others.

A. copyright B. patent

C. trademark D. none of the above

10. _____ strengthens the protection of copyrighted materials in digital format.

A. HIPPA B. DMCA

C. WIPO D. DRM

11. A ________ provides distribution channels, such as an online shop or a Web retailer.

A. content provider B. distributor

C. consumer D. clearinghouse

12. ________ ensures that a user may make multiple uses ofresources or services without others being able to link these uses together.

A. Anonymity B. Pseudonymity

C. Unobservability D. Unlinkability

13. ________ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries.


A. Anonymization B. Data transformation

C. Immutable audit D. Selective revelation

14. ______ is intended to permit others to perform, show, quote, copy, and otherwise distribute portions of the work for certain purposes.

A. Reverse engineering B. Personal privacy

C. Fair use D. Encryption research

15. ________ is a method for minimizing exposure of individual information while enabling continuous analysis ofpotentially interconnected data.

A. Immutable audit B. Selective revelation

C. Associative memory D. Anonymization


31. Computer crime or cybercrime, is a term used broadly to describe criminal activity in which computers or computer networks are a tool, a target, ora place of criminal activity.

32. The 2001 Convention on Cybercrime is the first international treaty seeking to address Internet crimesby harmonizing national laws, improving investigative techniques, and increasing cooperation among nations.


33. The U.S. legal system distinguishes three primary types of property: real property, personal property, and intellectual property.

34. The three main types of intellectual property for which legal protection is available are: copyrights, patents, and trademarks

35. The invasion of the rights secured by patents, copyrights, and trademarks is infringement.

36. The right to seek civil recourse against anyone infringing his or her property is granted to the IP owner.

37. The three types of patents are: utility patents, design patents, and plant patent.

38. A(n) utility patent may be granted to anyone who invents or discovers any new and useful process, machine, article of manufacture, or composition of matter, or any new and useful improvement thereof.

39. Trademark rights may be used to prevent others from using a confusingly similar mark, but not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark.

40. A clearinghouse handles the financial transactionfor issuing the digital license to the consumer and pays royalty fees to the content provider and distribution fees to the distributor accordingly.

41. The Children’s Online Privacy Protection Act places restrictions on online organizations in the collection of data from children under the age of 13.


42. Privacy is broken down into four major areas: anonymity, unlinkability, unobservability, and pseudonymity.

43. Ethics refers to a system of moral principles that relates to the benefits and harms of particular actions, and to the rightness and wrongness of motives and ends of those actions.

44. The Fair Credit Reporting Act confers certain rights on individuals and obligations on credit reporting agencies.

45. Both policy and technical approaches are needed to protect privacy when both government and nongovernment organization seek to learn as much as possible about individuals.

Chapter 22 – Internet Security Protocols and Standards


T F 1. MIME is an extension to the old RFC 822 specification of an Internet

mail format.

T F 2. MIME provides the ability to sign and/or encrypt e-mail messages.

T F 3. Recipients without S/MIME capability can view the message content,

although they cannot verify the signature.

T F 4. The recipient of a message can decrypt the signature using DSS and the

sender’s public DSS key.


T F 5. As an alternative the RSA public-key encryption algorithm can be used

with either the SHA-1 or the MD5 message digestalgorithm for forming signatures.

T F 6. In S/MIME each conventional key is used a total of three times.

T F 7. DKIM has been widely adopted by a range of e-mail providers and

many Internet service providers.

T F 8. SMTP is used between the message user agent and the mail submission

agent.

T F 9. A message store cannot be located on the same machine as the MUA.

T F 10. An ADMD is an Internet e-mail provider.

T F 11. DKIM is designed to provide an e-mail authentication technique that

is transparent to the end user. T F 12. Most browsers come equipped with SSL and mostWeb servers have

implemented the protocol.

T F 13. Search engines support HTTPS.

T F 14. The IAB included authentication and encryption as necessary security

features in IPv6.

T F 15. Transport mode provides protection primarily for lower-layer

protocols.



1. _____ defines a number of content formats, which standardize representations for the support of multimedia e-mail.

A. MEM B. MIME

C. MSC D. DKIM

2. The ________ function consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients.

A. clear-signed data B. signed data

C. enveloped data D. signed and enveloped data

3. In the case of ________ only the digital signature is encoded using base64.

A. enveloped data B. signed and enveloped data

C. signed data D. clear-signed data

4. The result of S/MIME encrypting the digest using DSS andthe sender’s private DSS key is the ________.

A. digital signature B. envelope

C. digest code D. mail extension

5. To protect the data, either the signature alone or the signature plus the message are mapped into printable ASCII


characters using a scheme known as ________ or base64mapping.

A. radix-64 B. ASCII-64

C. ESP-64 D. safe mapping

6. The basic tool that permits widespread use of S/MIME is ________.

A. the domain key B. the public-key certificate

C. the MIME security payload D. radix-64

7. At its most fundamental level the Internet mail architecture consists of a user world in the form of _________.

A. MHS B. MSA

C. MUA D. MDA

8. The ______ is responsible for transferring the message from the MHS to the MS.

A. MDA B. MS

C. MUA D. MSA

9. The ________ accepts the message submitted by a message user agent and enforces the policies of the hosting domain and the requirements of Internet standards.

A. mail submission agent B. message user agent

C. mail delivery agent D. message transfer agent


10. The most complex part of SSL is the __________.

A. TLS B. message header

C. payload D. handshake protocol

11. _______ is a list that contains the combinations of cryptographic algorithms supported by the client.

A. Compression method B. Session ID

C. CipherSuite D. All of the above

12. ESP supports two modes of use: transport and _________.

A. padding B. tunnel

C. payload D. sequence

13. IPsec can assure that _________.

A. a router advertisement comes from an authorized router

B. a routing update is not forged

C. a redirect message comes from the router to which the initial packet was sent

D. all of the above

14. A benefit of IPsec is __________.


A. that it is below the transport layer and transparent to applications

B. there is no need to revoke keying material when users leave the organization

C. it can provide security for individual users if needed

D. all of the above

15. The _______ field in the outer IP header indicates whether the association is an AH or ESP security association.

A. protocol identifier B. security parameter index

C. IP destination address D. sequence path counter


46. S/MIME is a security enhancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security.

47. S/MIME content-types support four new functions: enveloped data, signed data clear-signed data, and signed and enveloped data.

48. A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer.

49. A signed data message can only be viewed by a recipient with S/MIME capability.


50. The default algorithms used for signing S/MIME messages are SHA-1 and the Digital Signature Standard (DSS).

51. The default algorithms used for encrypting S/MIME messages are the triple DES and a public-key scheme known as ElGamal.

52. If encryption is used alone, radix-64 is used to convert the ciphertext to ASCII format.

53. DomainKeys Identified Mail (DKIM) is a specification for cryptographically signing e-mail messages, permitting a signing domain to claim responsibility for a message in the mail stream.

54. The message user agent (MUA) is housed in the user’s computer and is referred to as a client e-mail program or a local network e-mail server.

55. The domain name system (DNS) is a directory lookup service that provides a mapping between the nameof a host on the Internet and its numerical address.

56. The SSL record protocol provides two services forSSL connection: message integrity and confidentiality.

57. The alert protocol is used to convey SSL-related alerts to the peer entity.

58. A security association is uniquely identified by three parameters: security parameter index, protocol identifier, and IP destination address.

59. IP-level security encompasses three functional areas: authentication, confidentiality, and key management.


60. IPsec provides two main functions: a combined authentication/encryption function called EncapsulatingSecurity Payload (ESP) and a key exchange function.

Chapter 24 – Wireless Network Security


T F 1. The concerns for wireless security, in terms of threats, and

countermeasures, are different to those found in a wired environment, such as an Ethernet LAN or a wired wide-area network.

T F 2. The most significant source of risk in wireless networks in the

underlying communications medium.

T F 3. The wireless access point provides a connection to the network or

service.

T F 4. The transmission medium carries the radio waves for data transfer.

T F 5. Company wireless LANs or wireless access points to wired LANs in

close proximity may create overlapping transmission ranges.

T F 6. An extended service set (ESS) is a set of stations controlled by a

single coordination function.

T F 7. Any device that contains an IEEE 802.11 conformant MAC and


physical layer is a basic service set.

T F 8. WPA2 incorporates all of the features of the IEEE 802.11i WLAN

security specifications.

T F 9. The MAC service data unit contains any protocol control

information needed for the functioning of theMAC protocol.

T F 10. CRC is an error detecting code.

T F 11. In most data-link control protocols, the data-link protocol entity is

responsible not only for detecting errors using the CRC, but for

recovering from those errors by retransmitting damaged frames.

T F 12. The association service enables transfer of data between a station

on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN.

T F 13. The primary purpose of the MAC layer is to transfer MSDUs

between MAC entities.

T F 14. The purpose of the discovery phase is for an STA and an AP to

recognize each other, agree on a set of security capabilities, and establish an association for future communication using those security capabilities.


T F 15. The purpose of the authentication phase is tomaintain backward

compatibility with the IEEE 802.11 state machine.


2. A wireless client can be _______.

A. a cell phone B. a Wi-Fi enabled laptop

C. a Bluetooth device D. all of the above

2. A wireless access point is a _______.

A. cell tower B. Wi-Fi hot spot

C. wireless access point to a LAN or WAND. all of the above

3. The wireless environment lends itself to a ______ attackbecause it is so easy for the attacker to direct multiple wireless messages at the target.

A. DoS B. man-in-the-middle

C. network injection D. identity theft

4. An example of a __________ attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance.

A. identity theft B. ad hoc network


C. network injection D. man-in-the-middle

5. A(n) __________ is any entity that has station functionality and provides access to the distribution systemvia the wireless medium for associated stations.

A. ESS B. access point

C. distribution system D. MPDU

6. The unit of data exchanged between two peer MAC entitiesusing the services of the physical layer is a(n) ____________.

A. extended service set B. MPDU

C. MSDU D. station

7. A system used to interconnect a set of basic service sets and LANs to create an extended service set is a _________.

A. distribution system B. coordination function

C. MAC data unit D. wireless access system

8. The function of the ________ layer is to control access to the transmission medium and to provide an orderly and efficient use of that capacity.

A. CRC B. MPDU

C. MAC D. MSDU

9. The final form of the 802.11i standard is referred to as________.

A. WEP B. RSN


C. Wi-Fi D. WPA

10. In order to accelerate the introduction of strong security into WLANs the Wi-Fi Alliance promulgated ________,a set of security mechanisms that eliminates most 802.11 security issues, as a Wi-Fi standard.

A. WPA B. WEP

C. RSN D. MAC

11. The specification of a protocol, along with the chosen key length, is known as a ___.

A. distribution set B. open system

C. cipher suite D. realm

12. A ________ is a secret key shared by the AP and a STA and installed in some fashion outside the scope of IEEE 802.11i.

A, pre-shared key B. master session key

C. pairwise master key D. group master key

13. The MPDU exchange for distributing pairwise keys is known as the _______.

A. pseudorandom function B. cryptographic function

C. nonce D. 4-way handshake

14. ______ is the recommended technique for wireless network security.

A. Using encryption


B. Using anti-virus and anti-spyware software

C. Turning off identifier broadcasting

D. All of the above

15. The smallest building block of a wireless LAN is a ______.

A. BSS B. ESS

C. WPA D. CCMP


1. The security requirements are: confidentiality, integrity, availability, authenticity, and accountability.

2. The wireless environment consists of three components that provide point of attack: the wireless client, thetransmission medium, and the wireless access point.

3. A man-in-the-middle attack involves persuading a user and an access point to believe that they are talking toeach other when in fact the communication is going through an intermediate attacking device.

4. A denial of service (DoS) attack occurs when an attacker continually bombards a wireless access point or some other accessible wireless port with various protocol messages designed to consume system resources.

5. A network injection attack targets wireless access points that are exposed to non-filtered network traffic, such as routing protocol messages or network management messages.


6. The principal threats to wireless transmission are disruption, eavesdropping and altering or inserting messages.

7. Like TKIP, CCMP provides two services: message integrity and data confidentiality.

8. Two types of countermeasures are appropriate to deal with eavesdropping: signal-hiding techniques and encryption.

9. The lowest layer of the IEEE 802 reference model is thephysical layer.

10. The fields preceding the MSDU field are referred to as the MAC header.

11. The field following the MSDU field is referred toas the MAC trailer.

12. The two services involved with the distribution of messages within a DS are distribution and integration.

13. The 802.11i RSN security specification defines thefollowing services: authentication, privacy with message integrity, and access control.

14. There are two types of keys: pairwise keys used for communication between a STA and an AP and group keys used for multicast communication.

15. At the top level of the group key hierarchy is the group master key (GMK).


Documents

Chapter 17 – Human Resources Security TRUE/FALSE QUESTIONS