Chapter 8 Practice Test

Name:

True/False

Indicate whether the sentence or statement is true or false.

Information security involves more than protecting the information itself.

Employees pose only a small threat to networks.

Cryptography is a new invention of the 20th Century.

Open system authentication and shared key authentication are the only two types of wireless authentication available under the 802.11 standard.

Wireless DoS attacks are exactly the same as wired DoS attacks.

Multiple Choice

Identify the letter of the choice that best completes the statement or answers the question.

What disadvantage of wireless networks provides the biggest stumbling block to the adoption of wireless technology?

a.	speed	c.	security
b.	cost	d.	complexity

____ ensures that the information is correct and that no unauthorized person or malicious software program has altered that data.

a.	Integrity	c.	Confidentiality
b.	Availability	d.	Access control

A ____ is not malicious but often seeks to expose security flaws.

a.	cracker	c.	spy
b.	script kiddie	d.	hacker

Which type of attacker typically has a high skill level?

a.	hacker	c.	spy
b.	cracker	d.	All of the above

10.

____ was initially founded by the U.S. Department of Defense and is now part of the Software Engineering Institute at Carnegie Mellon University.

a.	Computer Emergency Response Team Coordination Center (CERT/CC)
b.	InfraGard
c.	National Security Institute (NSI)
d.	SysAdmin, Audit, Network, Security (SANS) Institute

11.

Which characteristic of information is guarded by access control?

a.	availability	c.	confidentiality
b.	integrity	d.	robustness

12.

MAC address filtering ____.

a.	is difficult to implement	c.	is expensive
b.	requires pre-approved authentication	d.	does not work well

13.

Which aspect of information security does WEP protect?

a.	availability	c.	confidentiality
b.	integrity	d.	All of the above

14.

When the recipient receives the encrypted text, it must be decrypted with the cipher and the key to produce the original ____.

a.	plaintext	c.	ciphertext
b.	detext	d.	deciphertext

15.

According to the IEEE 802.11 cryptography objectives, how strong should WEP be?

a.	difficult	c.	extremely
b.	reasonably	d.	unbreakable

16.

A WEP key can be a passphrase created by entering ____ ASCII characters.

a.	3	c.	10
b.	7	d.	16

17.

In WEP, the CRC generates a(n) ____ based on the contents of the text.

a.	initialization vector	c.	checksum
b.	cipher	d.	key

18.

RC4 is a ____ cipher that accepts keys up to 128 bits in length.

a.	stream	c.	cyclic
b.	key	d.	logical

19.

____ is another name for open systems authentication.

a.	Public key encryption	c.	WEP
b.	Symmetric key encryption	d.	SSID filtering

20.

In a brute force attack, what key combination would follow 00001?

a.	00000	c.	00010
b.	00002	d.	10000

21.

A standard personal computer can easily create over ____ possible password combinations per second.

a.	100	c.	1,000,000
b.	1,000	d.	1,000,000,000

22.

MAC address filtering is vulnerable because there are programs available that allow users to ____ a MAC address.

a.	spoof	c.	modify
b.	break	d.	disable

23.

In a 64-bit packet sent using WEP, how many bits are actually encrypted?

a.	10	c.	40
b.	24	d.	64

24.

A ____ attack on WEP involves viewing collisions to derive plaintext values.

a.	capture	c.	weak key
b.	keystream	d.	pseudo-random number

25.

On wireless networks, ____ attacks are commonly done by attackers setting up a “fake” access point.

a.	spoof	c.	DoS
b.	weak key	d.	man-in-the-middle

26.

A wireless DoS attack may involve an attacker sending a series of ____ frames to a wireless device.

a.	disassociation	c.	misaddressed
b.	drop	d.	incomplete

Completion

Complete each sentence or statement.

27.

The term _________________________ is frequently used to describe the tasks of guarding information that is in a digital format.

28.

While most attacks take advantage of vulnerabilities that someone has already uncovered, a(n) ____________________ attack occurs when an attacker discovers and exploits a previously unknown flaw.

29.

Access ____________________ is intended to guard one of the three CIA characteristics of information, namely the availability of information.

30.

Using the same (shared) secret key to both encrypt as well as decrypt is called ____________________ cryptography.

31.

In a(n) ____________________ attack, an attacker attempts to create every possible key combination by using a program to systematically change one character at a time in a possible default key, and then using each newly generated key to decrypt a message.

Matching

Match each term with the correct statement below.

a.	cipher	f.	computer spy
b.	keystream	g.	hacker
c.	cracker	h.	filter
d.	default key	i.	jam
e.	script kiddies

32.

limit a user’s admission to the access point

33.

person who uses his or her advanced computer skills to attack computers but not with a malicious intent

34.

key value that is used to encrypt wireless data transmissions when they are sent

35.

encryption algorithm

36.

person who violates system security with malicious intent

37.

attacker floods the radio frequency spectrum with noise

38.

unskilled or novice users who break into computer systems with malicious intent

39.

series of 1’s and 0’s equal in length to the text plus the ICV

40.

person who has been hired to break into a computer and steal information

Short Answer

41.

What are the three characteristics of information that must be protected by information security?

42.

Describe one trend that is making security increasingly difficult.

43.

What is a cracker?

44.

Briefly describe the goal of InfraGard.

45.

Briefly describe cryptography and discuss its history.

46.

Describe the five steps in the process of WEP encryption.

47.

Describe open system authentication.

48.

Describe at least four weaknesses of open system authentication.

49.

What is a dictionary attack?

50.

Describe a man-in-the-middle attack.