DeVry SEC 280 Final Exam Latest

http://www.spinwoop.com/?download=devry-sec280-final-exam-latest

For Further Information And For A+ Work Contact US At

SPINWOOP@GMAIL.COM

SEC 280 Final Exam DeVry 2015

Question :

(TCO 2) What are the security risks of installing games on an

organizations system?

Student Answer:

There are no significant risks.

Users cant always be sure where the software came from
and it may have hidden software inside of it.
The users may play during work hours instead of during
breaks.
The games may take up too much memory on the computer
and slow down processing, making it difficult to work.

Instructor
Explanation:

Points Received:

page 75

4 of 4

Comments:

Question 2
.

Question :

Student Answer:

(TCO 2) All of the following are techniques used by a social

engineer EXCEPT for which one?

An attacker replaces a blank deposit slip in a bank lobby with

one containing his own account number.
An attacker calls up the IT department posing as an
employee and requests a password reset.
An attacker runs a brute-force attack on a password.
An attacker sends a forged e-mail with a link to a bogus
website that has been set to obtain personal information.

Instructor
Explanation:

page 68

Points Received:

4 of 4

Comments:

Question 3
.

Question :

Student Answer:

(TCO 2) Attackers need a certain amount of information

before launching their attack. One common place to find
information is to go through the trash of the target to find
information that could be useful to the attacker. This process
of going through a targets trash is known in the community
as _____

trash rummaging
garbage surfing
piggy diving
dumpster diving

Instructor
Explanation:

Points Received:
Comments:

page 74

4 of 4

Question 4
.

Question :

Student Answer:

(TCO 2) What are the SSL and TLS used for?

A means of securing application programs on the system

To secure communication over the Internet
A method to change from one form of PKI infrastructure to
another
A secure way to reduce the amount of SPAM a system
receives

Instructor
Explanation:

Points Received:

page 161

0 of 4

Comments:

Question 5
.

Question :

Student Answer:

(TCO 2) What is the ISO 17799?

A standard for creating and implementing security policies

A standard for international encryption of e-mail
A document used to develop physical security for a building
A document describing the details of wireless encryption

Instructor
Explanation:

page 173

Points Received:

4 of 4

Comments:

Question 6
.

Question :

Student Answer:

(TCO 2) What is XKMS?

Key Management Specification, which defines services to

manage PKI operations within the Extensible Markup
Language (XML) environment
An XML standard for e-mail encryption
An XML standard that is used for wireless data exchange
A primary XML standard that is for application development

Instructor
Explanation:

Points Received:

pages 164-165

4 of 4

Comments:

Question 7
.

Question :

(TCO 3) A(n) _____ is a network typically smaller in terms of

size and geographic coverage, and consists of two or more

connected devices. Home or office networks are typically

classified as this type of network.

Student Answer:

local-area network
office-area network
wide-area network
internal-area network

Instructor
Explanation:

Points Received:

page 205

4 of 4

Comments:

Question 8
.

Question :

Student Answer:

(TCO 3) What is the main difference between TCP and UDP

packets?

UDP packets are a more widely used protocol.

TCP packets are smaller and thus more efficient to use.
TCP packets are connection oriented, whereas UPD packets
are connectionless.
UDP is considered to be more reliable because it performs
error checking.

Instructor
Explanation:

page 210

Points Received:

4 of 4

Comments:

Question 9
.

Question :

Student Answer:

(TCO 3) Unfortunately, hackers abuse the ICMP protocol by

using it to _____.

send Internet worms

launch denial-of-service (DoS) attacks
steal passwords and credit card numbers
send spam

Instructor
Explanation:

Points Received:

pages 211-212

4 of 4

Comments:

Question 10
.

Question
:

(TCO 3) Which of the following is a benefit provided

by Network Address Translation (NAT)?

Student Answer:

Compensates for the lack of IP addresses

Allows devices using two different protocols to communicate
Creates a DMZ
Translates MAC addresses to IP addresses

Instructor
Explanation:

Points Received:

pages 217-218

4 of 4

Comments:

Question 11.

Question
:

Student Answer:

(TCO 3) Which transport layer protocol is connectionless?

UDP
TCP
IP
ICMP

Instructor
Explanation:

page 210

Points Received:

4 of 4

Comments:

Question 12
.

Question
:

Student Answer:

(TCO 3) Which transport layer protocol is connection

oriented?

UDP
TCP
IP
ICMP

Instructor
Explanation:

Points Received:

page 210

4 of 4

Comments:

Question 13
.

Question
:

(TCO 3) Which of the following is an example of a MAC

address?

Student Answer:

00:07:H9:c8:ff:00
00:39:c8:ff:00
00:07:e9:c8:ff:00
00:07:59:c8:ff:00:e8

Instructor
Explanation:

Points Received:

page 213

4 of 4

Comments:

Question 14
.

Question
:

Student Answer:

(TCO 4) It is easier to implement, back up, and recover keys

in a _____.

centralized infrastructure
decentralized infrastructure
hybrid infrastructure
peer-to-peer infrastructure

Instructor
Explanation:

page 132

Points Received:

4 of 4

Comments:

Question 15
.

Question
:

Student Answer:

(TCO 4) All of the following statements sum up the

characteristics and requirements of proper private key use
EXCEPT which one?

The key should be stored securely.

The key should be shared only with others whom you trust.
Authentication should be required before the key can be
used.
The key should be transported securely.

Instructor
Explanation:

Points Received:

page 135

4 of 4

Comments:

Question 16
.

Question
:

(TCO 4) Outsourced CAs are different from public CAs in

what way?

Student Answer:

Outsourced services can be used by hundreds of companies.

Outsourced services provide dedicated services and
equipment to individual companies.
Outsourced services do not maintain specific servers and
infrastructures for individual companies.
Outsourced services are different in name only. They are
essentially the same thing.

Instructor
Explanation:

Points Received:

page 139

4 of 4

Comments:

Question 17
.

Question
:

Student Answer:

(TCO 4) Cryptographic algorithms are used for all of the

following EXCEPT _____.

confidentiality
integrity
availability
authentication

Instructor
Explanation:

pages 104-109

Points Received:

4 of 4

Comments:

Question 18
.

Question
:

Student Answer:

(TCO 4) When a message sent by a user is digitally signed

with a private key, the person will not be able to deny sending
the message. This application of encryption is an example of
_____.

authentication
nonrepudiation
confidentiality
auditing

Instructor
Explanation:

Points Received:

page 104

4 of 4

Comments:

Question 19
.

Question
:

(TCO 6) Alice sends an e-mail that she encrypts with a shared

key, which only she and Bob have. Upon receipt, Bob
decrypts the e-mail and reads it. This application of
encryption is an example of _____.

Student Answer:

confidentiality
integrity
authentication
nonrepudiation

Instructor
Explanation:

Points Received:

page 104

4 of 4

Comments:

Question 20
.

Question
:

Student Answer:

(TCO 6) A hub operates at which of the following?

Layer 1, the physical layer

Layer 2, the data-link layer
Layer 2, the MAC layer
Layer 3, the network layer

Instructor
Explanation:

page 233

Points Received:

4 of 4

Comments:

Question 21
.

Question
:

Student Answer:

(TCO 6) The following are steps in securing a workstation

EXCEPT _____.

install NetBIOS and IPX

install antivirus
remove unnecessary software
disable unnecessary user accounts

Instructor
Explanation:

Points Received:

page 229

4 of 4

Comments:

Question 22
.

Question
:

(TCO 8) The Wassenaar Arrangement can be described as

which of the following?

Student Answer:

An international arrangement on export controls for

conventional arms as well as dual-use goods and technologies
An international arrangement on import controls
A rule governing import of encryption in the United States
A rule governing export of encryption in the United States

Instructor
Explanation:

Points Received:

page 606

4 of 4

Comments:

Question 23
.

Question
:

Student Answer:

(TCO 8) The electronic signatures in the Global and National

Commerce Act _____.

implement the principle that a signature, contract, or other

record may not be denied legal effect, validity, or
enforceability solely because it is electronic form
address a myriad of legal privacy issues resulting from the
increased use of computers and other technology specific to
telecommunications
make it a violation of federal law to knowingly use anothers
identity
are a major piece of legislation affecting the financial
industry, and contains significant privacy provisions for
individuals

Instructor
Explanation:

Points Received:

page 608

4 of 4

Comments:

Question 24
.

Question
:

Student Answer:

(TCO 8) Which of the following is a characteristic of the

Patriot Act?

Extends the tap-and-trace provisions of existing wiretap

statutes to the Internet, and mandates certain technological
modifications at ISPs to facilitate electronic wiretaps on the
Internet
A major piece of legislation affecting the financial industry,
and also one with significant privacy provisions for
individuals
Makes it a violation of federal law to knowingly use
anothers identity
Implements the principle that a signature, contract, or other
record may not be deleted
Denies legal effect, validity, or enforceability solely because
it is electronic form

Instructor
Explanation:

page 603

Points Received:

4 of 4

Comments:

Question 25
.

Question
:

Student Answer:

(TCO 8) What is the Convention on Cybercrime?

A convention of black hats who trade hacking secrets

The first international treaty on crimes committed via the
Internet and other computer networks
A convention of white hats who trade hacker prevention
knowledge
A treaty regulating international conventions

Instructor
Explanation:

Points Received:

page 601

0 of 4

Comments:

(TCO 2) Give an example of a hoax and how it might actually be destructive.

Student Answer:

An example of a hoax that might be destructive would be

when a hacker defaces a website and puts up that everything
90% off. This isnt real but the company will have to uphold
the discount or else get sued for false advertisement.

Instructor
Explanation:

page 71
An e-mail is sent that gets a user to delete critical system files.

Points Received:

9 of 10

Comments:

An e-mail is sent that gets a user to delete critical system

files.

Question 2
.

Question :

Student Answer:

Instructor
Explanation:

(TCO 2) List the four ways backups are conducted and stored.

The easiest type of backup is a full backup. In a full backup,

all files and software are copied on the storage media. In a
differential backup, only the files and software that have
changed since the last full backup are backed up. The
incremental backup is a variation on differential backup, with
the difference being that instead of copying all files that have
changed since the last full backup, the incremental back up
backs up only files that have changed since the last full or
incremental backup occurred. Lastly the delta backup is to
back up as little information as possible each time you
perform a backup. This backup can be; CD-ROM, FTP, Tape
Drives or USB drives.
pages 497-498
Full backup, differential backup, incremental backup, delta
backup

Points Received:

10 of 10

Comments:

Question 3
.

Question :

Student Answer:

(TCO 2) List at least five types of disasters that can damage

or destroy the information of an organization.

Five types of disasters that can damage or destroy the

information of an organization are; fire, flood, tornado,
terrorism, and a gas leak or explosion.
page 493
Possible answers include the following:

Instructor
Explanation:

Points Received:
Comments:

Fire
Flood
Tornado
Hurricane
Electrical storm
Earthquake
Political unrest
Blizzard
Gas leak/explosion
Chemical spill
Terrorism
War

10 of 10

Question 4
.

Question :

The easiest type of backup is a full backup. In a full backup,

all files and software are copied on the storage media. In a
differential backup, only the files and software that have
changed since the last full backup are backed up. The
incremental backup is a variation on differential backup, with
the difference being that instead of copying all files that have
changed since the last full backup, the incremental back up
backs up only files that have changed since the last full or
incremental backup occurred.

Student Answer:

Instructor
Explanation:

(TCO 2) What are the various ways a backup can be

conducted and stored?

pages 495-497
Backups should include the organizations critical data, and
critical software as well. Backups may be conducted by backing
up all files (full backup), only the files that have changed since
the last full backup (differential backup), only the files that have
changed since the last full or differential backup (incremental
backup), or only the portion of the files that has changed since the
last delta or full backup (delta backup). Backups should be stored
both on-site for quick access if needed, as well as off-site in case a
disaster destroys the primary facility, its processing equipment,
and the backups that are stored on-site.

Points Received:

10 of 10

Comments:

Question 5
.

Question :

(TCO 2) Your boss wants you to give him some suggestions

for a policy stating what the individual user responsibilities
for information security should be. Create a bulleted list of
those responsibilities.

The responsibilities for the information security policy

include: Change Management Classification of Information
Privacy

Student
Answer:

page 77
The following are examples:

Instructor
Explanation:

Lock the door to your office or workspace.

Do not leave sensitive information inside your car
unprotected.
Secure storage media containing sensitive information in a
secure storage device.
Shred paper containing organizational information before
discarding it.
Do not divulge sensitive information to individuals
(including other employees) who do not have an authorized
need to know it.
Do not discuss sensitive information with family members.
Be aware of who is around you when discussing sensitive
corporate information. Does everybody within earshot have
the need to hear this information?
Enforce corporate access control procedures.
Be aware of the correct procedures to report suspected or
actual violations of security policies.
Follow procedures established to enforce good password
security practices. Passwords are such a critical element that
they are frequently the ultimate target of a socialengineering attack.

Points Received:

5 of 10

Comments:

page 77 The following are examples: Lock the door to your

office or workspace. Do not leave sensitive information
inside your car unprotected. Secure storage media
containing sensitive information in a secure storage device.
Shred paper containing organizational information before
discarding it. Do not divulge sensitive information to
individuals (including other employees) who do not have an

authorized need to know it. Do not discuss sensitive

information with family members. Be aware of who is
around you when discussing sensitive corporate
information. Does everybody within earshot have the need
to hear this information? Enforce corporate access control
procedures. Be aware of the correct procedures to report
suspected or actual violations of security policies. Follow
procedures established to enforce good password security
practices. Passwords are such a critical element that they
are frequently the ultimate target of a social-engineering
attack.

Question 6
.

Question :

Student Answer:
Instructor
Explanation:

(TCO 3) List three kinds of information contained in an IP

packet header.

Version, IP Header Length (number of 32 -bit words forming

the header, usually five) Type of Service (ToS), today known
as Differentiated Services Code Point (DSCP) (usually set to
0, however may indicate particular Quality of Service needs
from the network, the DSCP defines the way routers should
queue packets while they are waiting to be forwarded).
pages 215-216
The kind of packet it is (protocol version number)
The size of the packets header (packet header length)
How to process this packet (type of service telling the
network whether or not to use options such as minimize
delay, maximize throughput, maximize reliability, and
minimize cost)
The size of the entire packet (Overall length of packet, as
this is a 16-bit field; the maximum size of an IP packet is
65,535 bytes, but in practice most packets are around 1500
bytes.)
A unique identifier, distinguishing this packet from other
packets
Whether or not this packet is part of a longer data stream,
and how it should be handled relative to other packets

Points Received:

A description of where this packet fits into the data stream

as compared to other packets (the fragment offset)
A checksum of the packet header (to minimize the
potential for data corruption during transmission)
Where the packet is from (source IP address such as
10.10.10.5)
Where the packet is going (destination IP address such as
10.10.10.10)
Option flags that govern security and handling restrictions,
such as whether or not to record the route this packet has
taken, whether or not to record timestamps, and so forth
The data this packet carries

10 of 10

Comments:

Question 7
.

Question :

Student Answer:
Instructor
Explanation:

(TCO 3) What is the difference between TCP and UDP?

TCP header size is 20 bytes. UDP Header size is 8 bytes. TCP

rearranges data packets in the order specified. UDP has no
inherent order as all packets are independent of each other. If
ordering is required, it has to be managed by the application
layer. TCP is suited for applications that require high
reliability, and transmission time is relatively less critical.
UDP is suitable for applications that need fast, efficient
transmission, such as games. UDPs stateless nature is also
useful for servers that answer small queries from huge
numbers of clients.
page 210
UDP is known as a connectionless protocol, as it has very few
error-recovery services and no guarantee of packet delivery. UDP

is considered to be an unreliable protocol and is often only used

for network services that are not greatly affected by the occasional
lost or dropped packet. TCP is a connection-oriented protocol,
and was specifically designed to provide a reliable connection
between two hosts exchanging data. As part of the TCP protocol,
each packet has a sequence number to show where that packet fits
into the overall conversation. With the sequence numbers, packets
can arrive in any order and at different times and the receiving
system will still know the correct order for processing them.

Points Received:

10 of 10

Comments:

Question 8
.

Question :

Student Answer:

Instructor
Explanation:

(TCO 4) What are the laws that govern encryption and digital
rights management?

Worldwide, many laws have been created which criminalize

the circumvention of DRM, communication about such
circumvention, and the creation and distribution of tools used
for such circumvention. Such laws are part of the Copyright
Directive, the Digital Millennium Copyright Act, and
DADVSI.
pages 609-610
Encryption technology is used to protect digital rights
management and prevent unauthorized use. Circumventing
technological controls used to protect intellectual property is a
violation of the DMCA. In some countries, carrying encrypted
data can result in authorities demanding the keys or threatening
prosecution for failure to disclose the keys.

Points Received:

10 of 10

Comments:

Question 9
.

Question :

The Electronic Signatures Act went into effect on October 1,

2000 and gives electronic contracts the same weight as those
executed on paper. The act has some specific exemptions or
preemptions, notably the provision concerning student loans.

Student Answer:

Instructor
Explanation:

(TCO 5) Describe the laws that govern digital signatures.

pages 607-608
Digital signatures have the same legal status as written signatures.
Digital signatures use PINs or other secrets that require enduser protection to be protected from fraud.

Points Received:

10 of 10

Comments:

Question 10
.

Question
:

(TCO 6) What are the four common methods for connecting

equipment at the physical layer?

The four common methods for connecting equipment at the

physical layer are; coaxial cable, twisted-pair cable, fiber
optics and wireless.

Student Answer:

Instructor
Explanation:

page 245
Coaxial cable, twisted-pair cable, fiber-optics, and wireless

Points Received:

10 of 10

Comments:

Question 11.

Question
:

Student Answer:

Instructor
Explanation:

Points Received:
Comments:

(TCO 6) Explain a simple way to combat boot disks.

A simple way to combat boot disks would be to load the boot

disk onto a USB flash drive. Boot up from the flash drive.
pages 180-181
Physically remove or disable them in the BIOS, floppy, and CDROM drives.

10 of 10

Question 12
.

Question
:

SSL or secure sockets layer is a protocol that is used by TLS,

SSH, and IPsec. They provide the most common means of
interacting with a PKI and certificates. They are
cryptographic protocols to provide data integrity and security
over networks by encrypting network connections at the
transport layer.

Student Answer:

Instructor
Explanation:

(TCO 6) Describe the functioning of the SSL/TLS suite.

pages 446-447
SSL and TLS use a combination of symmetric and asymmetric
cryptographic methods to secure traffic. Before an SSL session
can be secured, a handshake occurs to exchange cryptographic
information and keys.

Points Received:

10 of 10

Comments:

Question 13
.

Question
:

Student Answer:
Instructor
Explanation:

(TCO 6) What are some of the security issues associated with

web applications and plug-ins?

Some of the security issues associated with web applications

and plug-ins are but not limited to, SQL injection, cross site
scripting, automatic updates, virtual machines running in the
back ground, and sensitive data exposure. some web
applications circumvent security settings and make a system
vulnerable.
pages 465-467

Web browsers have mechanisms to enable plug-in programs to

manage applications such as Flash objects and videos. Firefox has
a No-Script helper that blocks scripts from functioning. Plug-ins
that block pop-up windows and phishing sites can improve enduser security by permitting greater control over browser
functionality.

Points Received:

10 of 10

Comments:

Question 14
.

Question
:

(TCO 7) What are some ethical issues associated with

information security?

Many of the ethical issues that face IT professionals involve

privacy. For example: Should you read the private e-mail of
your network users just because you can? Is it okay to read
employees e-mail as a security measure, to ensure that
sensitive company information isnt being disclosed? Is it
okay to read employees e-mail to ensure that company rules
(for instance, against personal use of the e-mail system) arent
being violated? If you do read employees e-mail, should you
disclose that policy to them? Before or after the fact? Is it
okay to monitor the Web sites visited by your network users?
Should you routinely keep logs of visited sites? Is it negligent
to not monitor such Internet usage, to prevent the possibility
of pornography in the workplace that could create a hostile
work environment? Is it okay to place key loggers on
machines on the network to capture everything the user
types? Screen capture programs so you can see everything
thats displayed? Should users be informed that theyre being
watched in this way? Is it okay to read the documents and
look at the graphics files that are stored on users computers
or in their directories on the file server?

Student Answer:

Instructor
Explanation:

page 611
Ethics is the social-moral environment in which a person makes
decisions. Ethics can vary by sociocultural factors and groups.

Points Received:

10 of 10

Comments:

Question 15
.

Question
:

Student Answer:

(TCO 9) What are password and domain password policies?

In many operating systems, the most common method to

authenticate a users identity is to use a secret passphrase or

password. A secure network environment requires all users to
use strong passwords, which have at least eight characters and
include a combination of letters, numbers, and symbols.
These passwords help prevent the compromise of user
accounts and administrative accounts by unauthorized users
who use manual methods or automated tools to guess weak
passwords. Strong passwords that are changed regularly
reduce the likelihood of a successful password attack.

Instructor
Explanation:

Points Received:
Comments:

pages 564-566
Password policies are sets of rules that help users select, employ,
and store strong passwords. Tokens combine something you
have with something you know, such as a password or PIN,
and can be hardware- or software-based. Passwords should have a
limited span and should expire on a scheduled basis.

10 of 10