Tutorial 6-Internet Security-new perspectives on the internet-9th edition-Schneider and Evans-test bank

---

 

Download  file with the answers

Not a member!
Create a FREE account here to get access and download this file with answers

---

Tutorial 6: Internet Security

TRUE/FALSE

1. Physical security includes protecting assets using physical means.

2. A counterstrike is a procedure that recognizes, reduces, or eliminates a threat.

3. Computer security experts generally classify computer security threats into three categories: secrecy, integrity, and necessity.

4. The process of using a key to reverse encrypted text is called cryptography.

5. Public-key encryption is also called symmetric encryption.

ANS: F PTS: 1 REF: WEB 301

6. A Trojan horse is a potentially harmful program hidden inside another program.

7. DoS attacks can happen on mobile networks.

8. Computers hijacked without the owner’s knowledge are often called spammers.

9. A DoS filter can help defend against DoS attacks.

10. The text recommends having your Social Security number printed on your checks.

11. ActiveX technology was developed by Microsoft.

12. You can purchase a digital signature from a certificate authority site.

13. Malware is short for malfunctioning freeware.

14. Software that gathers personal information about the user’s behavior or the user’s computer without their knowledge is called infoware.

15. A bulkhead is a software program or hardware device that controls access between two networks.

16. A port scan tests whether a computer’s various ports are open, closed, or stealth.

17. A digital ID is most often used by people using social networks, such as Facebook, to verify their posts.

18. A client certificate authenticates a Web site so site visitors can be confident in the identity of the Web server.

19. In a brute force attack, a cracker uses a program to enter character combinations until the system accepts a user name and password.

20. The latest, most secure form of SSL certificate is known as SSL-EV.

MODIFIED TRUE/FALSE

1. The use of nonphysical security techniques to protect data stored on computers is sometimes called computer security. _________________________

ANS: F, logical

PTS: 1 REF: WEB 298

2. Encrypted information is called cipher text. _________________________

3. Asymmetric encryption uses a public and a private key to exchange encrypted messages. _________________________

4. Many viruses can send you an email that includes the name of someone you know in the message’s From line, a tactic called phishing. _________________________

5. A(n) packet sniffer examines the structure of the data elements that flow through a network. _________________________

6. A talented computer programmer who uses his skills to commit illegal acts is sometimes known as a(n) snacker. _________________________

ANS: F
hacker
cracker

PTS: 1 REF: WEB 301

7. When an “@” symbol appears in a URL, all characters that precede the symbol are ignored. _________________________

ANS: T PTS: 1 REF: WEB 305

8. A digital logo is a digital pattern containing copyright information that is inserted into a digital image, animation, or audio or video file. _________________________

9. Java, JavaScript, and ActiveX programs are all considered proactive content. _________________________

10. A Web phish is a small, hidden graphic on a Web page or email message that works with a cookie to obtain information about the person viewing the page or email message. _________________________

11. The use of spyware is always illegal. _________________________

12. Most firewalls are installed to prevent traffic from entering the network. _________________________

13. A(n) certificate authority authenticates the certificate holder’s identity and issues digital certificates. _________________________

14. A(n) identity manager stores user name and password information in encrypted form on a computer. _________________________

15. The combination of user login plus password is called multifactor authentication. _________________________

MULTIPLE CHOICE

1. There are two types of security: ____ and ____.
a. physical, logical c. active, passive
b. client, server d. internal, external

2. Computer security is the use of ____ security techniques to protect data stored on computers.
a. physical c. logical
b. port d. encrypted

3. The figure above shows a(n) ____ page that contains a Web bug.
a. HTTPS page c. HTML page
b. User History page d. FTP page

4. The location of the clear GIF shown in the figure above is a URL for DoubleClick, a division of ____ that develops tools for Internet marketing and advertising.
a. Yahoo! c. Microsoft
b. Google d. Apple

5. When the user loads the Web page that contains the code shown in the figure above, the browser downloads the ____ file from the DoubleClick server.
a. clear GIF c. clear widget
b. clear JPG d. clear screensaver

6. Referring to the figure above, the process of downloading a Web bug can identify ____.
a. your IP address c. information about your use of the site
b. the Web site you last visited d. all of the above

7. All of the following are categories of computer security threat EXCEPT ____.
a. secrecy c. integrity
b. subterfuge d. necessity

8. According to the text, any act or object that endangers an asset is known as a(n) ____.
a. challenge c. opportunity
b. threat d. virus

9. A(n) ____ threat permits unauthorized data disclosure.
a. secrecy c. necessity
b. integrity d. none of the above

10. Unencrypted information is called ____.
a. plain text c. cipher text
b. a private key d. cryptography

11. A(n) ____ is a formula or set of steps to solve a particular problem.
a. thought process c. key
b. steganograph d. algorithm

12. ____ encryption uses a single key that both the sender and receiver know.
a. Private-key c. Asymmetric
b. Public-key d. Man-in-the-Middle

13. A ____ is a technologically skilled person who uses his or her skills to obtain unauthorized entry into computers.
a. zombie c. script kiddie
b. cracker d. whacker

14. A ____-bit key is considered a(n) ____ key.
a. 256, impervious c. 128, strong
b. 128, weak d. 64, strong

15. Email ____ involves a virus sending you an email that includes the name of someone you know in the message’s From line.
a. scamming c. spoofing
b. spamming d. goofing

16. A(n) ____ attack involves phony email messages that include links to spoofed Web sites.
a. DoS c. man-in-the-middle
b. DDoS d. phishing

17. If you click a link in a phishing email, you will likely be taken to ____.
a. a legitimate Web site, in which you can do business safely
b. a competitor’s Web site (say, going to BarnesandNoble.com when you thought you were going to Amazon.com)
c. the phishing perpetrator’s Web site
d. A Web site that is being targeted by a denial-of-service attack

18. All characters that precede a(n) “____” symbol in a URL are ignored by a Web server.
a. @ c. _
b. / d. %

19. APWG stands for ____ Working Group.
a. All-Protocol c. Autoplay
b. Anti-Phishing d. Auxiliary Port

20. Email programs alert users when a link in an email message opens a Web page that is coded to a different ____ than the one displayed in the message.
a. sender name c. category of Web site
b. URL d. date

21. A digital ____ is a pattern containing copyright information that is inserted into a digital image, animation, or audio or video file.
a. Web bug c. watermark
b. worm d. stenograph

22. ____ is a process that hides encrypted messages within different types of files.
a. Stegography c. Steganography
b. Stenography d. Stenagography

23. A(n) ____ attack occurs when an attacker disrupts normal computer processing or denies processing entirely.
a. necessity c. secrecy
b. integrity d. man-in-the-middle

24. Computers that have been “hijacked” and used to help a DDoS attack are known as ____.
a. droids c. phish
b. reluctants d. zombies

25. Another term for a zombie is a(n) ____.
a. drone c. vampire
b. bot d. droid

26. If you believe that your computer is involved in a DoS attack, you should contact your ____ immediately.
a. network administrator c. either a. or b.
b. ISP d. neither a. nor b.

27. All of the following are listed in the text as ways to avoid identity theft EXCEPT ____.
a. matching credit card receipts to monthly statements
b. keeping credit card, bank account, and investment account information together in a safe place
c. canceling and reopening credit card accounts once every three months
d. shredding all mail that contains any personal information

28. The text recommended purchasing identity theft ____, which can help pay the expenses required to clear and restore your identity in case of a theft.
a. insurance c. tracking
b. security d. vaults

29. If you believe you are a victim of identity theft, you must act quickly to contact the ____ credit reporting agencies, every financial institution at which you have an account, and the issuer of every credit card you hold.
a. two c. four
b. three d. five

30. If you are the victim of identity theft, file a police report with ____ law enforcement to document the theft, and keep a copy of the report.
a. local c. Internet
b. UN d. national

31. ____ components can make a Web page more useful by providing interactive elements like shipping calculators or mortgage payment tables.
a. Active content c. Clickstream
b. Static d. Graphic

32. When a digital signature authenticates an ActiveX control’s developer or source, it is called a(n) ____ ActiveX control.
a. safe c. signed
b. logical d. encrypted

33. A Java ____ is a program written in the Java programming language, could execute and consume a computer’s resources.
a. apple c. cookie
b. applet d. widget

34. In the text, the term “applet” is associated with ____.
a. ActiveX c. the Java programming language
b. JavaScript d. none of the above

35. A(n) ____ is a self-replicating program usually hidden within another file and sent as an email attachment.
a. virus c. phish
b. Trojan horse d. worm

36. ____ is a general category of software that includes advertisements to pay for the product for which it appears.
a. Adware c. Web bug-ware
b. Spyware d. Abandonware

37. The term “Web bug” is most associated with the term “____.”
a. phishing c. active content
b. cookie d. adware

38. The Ad-Aware ad blocker was created by ____.
a. Java c. Microsoft
b. McAfee d. Lavasoft

39. A(n) ____ is a small, hidden graphic on a Web page, designed to work in conjunction with a cookie to obtain information about the person viewing the page.
a. biscuit c. applet
b. Web bug d. no-see-um

40. DoubleClick is a division of ____.
a. Microsoft c. Java
b. Mozilla d. Google

41. A Web bug can ____.
a. identify your IP address
b. identify the last Web site you visited
c. both a. and b.
d. neither a. nor b.

42. By setting your Internet security program or other program, such as ____, to remove cookies on a regular basis, you can eliminate cookies that store user data from your computer.
a. Spy-Kids c. Bug-Aware
b. Ad-Aware d. Cookie-Kids

43. Firewalls can be used on Web ____.
a. servers c. either a. or b.
b. clients d. neither a. nor b.

44. A Web bug is an example of spyware because ____.
a. it is small and unobtrusive
b. it involves the use and manipulation of cookies
c. the clear GIF and its actions are hidden from the user
d. the user is made explicitly aware of its presence and function

45. Virtual ports use numbers to isolate traffic by type; a computer has more than ____ virtual ports for different processes.
a. 650 c. 65,000
b. 6,500 d. 650,000

46. A computer ____ permits traffic to leave and enter a computer.
a. packet sniffer c. gatehouse
b. terminus d. port

47. Most ____ are installed to prevent traffic from entering the network, though they can also prevent data from leaving the network.
a. firewalls c. gatehouses
b. ports d. certificates

48. ____ is a general term for the process of verifying the identity of a person or a Web site.
a. Spoofing c. Inspection
b. Authentication d. Firewalling

49. A port may be ____.
a. open c. stealth
b. closed d. any of the above

50. The combination of ____ and ____ is sometimes called a login.
a. retinal scan, password c. user name, password
b. password, passkey d. user name, retinal scan

51. The ____ firewall software program offers a free version.
a. ZoneAlarm c. Defend & Protect
b. WalledOff d. DMZ

52. A ____ stores login information in an encrypted form on a computer.
a. rolodex c. private key
b. login shuffler d. password manager

53. The countermeasure that protects individuals from becoming victims of ____ attacks is to use unique user names and passwords at each Web site that requires a login.
a. DDoS c. phishing
b. brute force d. none of the above

54. A ____ attack occurs when a cracker uses a program to enter character combinations until the system accepts a user name and password.
a. phishing c. brute force
b. man-in-the-middle d. none of the above

55. ____ is the process of associating a person and his identification with a very high level of assurance.
a. User authentication c. Cross-checking
b. Digitally ID’ing d. E-Clearance

56. The combination of user login plus password is called ____ authentication.
a. multifactor c. unbreakable
b. single-factor d. strong

57. ____ means employing more than one authentication method.
a. Overkill c. Multiple layers of control
b. Airlocking d. Hoop-jumping

58. A digital certificate usually contains all of the following EXCEPT ____.
a. the certificate holder’s name, address, and email address
b. the certificate’s expiration date or validity period
c. a keycode that destroys all evidence of the certificate upon use
d. verification from a trusted third party

59. A digital ID is usually used by ____.
a. individuals c. authorized dealers
b. companies d. ISPs

60. A digital ID is purchased from ____.
a. the government c. a certificate authority
b. your employer d. eBay

61. A server certificate authenticates ____.
a. individual users c. governmental authorities
b. a Web browser d. a Web site

62. ____ was one of the first certificate authorities to issue server certificates.
a. VeriTab c. Google CA
b. Thawte d. Mozilla

63. SSL stands for ____.
a. Safe Surfing Linkage c. Standard Security Label
b. Security Sweep Layer d. Secure Sockets Layer

64. TLS was released in ____.
a. 1999 c. 2003
b. 1994 d. 2008

65. Web pages secured by SSL have URLs that begin with ____.
a. S-http:// c. SSL://
b. https:// d. IETF://

66. ____ keys exist only during a single connection between a browser and a server.
a. Public c. Session
b. Private d. none of the above

67. ____ emerged in 2008 from concerns that fraudulent Web sites had started obtaining certificates.
a. SSL-II c. Super-SSL
b. SSL-EV d. SSL 2.0

ANS: B PTS: 1 REF: WEB 342

68. If a Web site is using the Extended Validation version of SSL in Internet Explorer, the background of the address window turns ____.
a. green c. opaque
b. blue d. transparent

69. When using SSL-EV with Chrome, the site’s verified organization name appears in the Address bar to the left of the URL with a green background and the ____ site information icon.
a. Close c. Confirm
b. Open d. View

70. When using SSL-EV with Firefox, the site’s verified organization name appears in the Location bar ____ the URL with a green background.
a. to the right of c. underneath
b. to the left of d. above

Case-Based Critical Thinking Questions

Case 6-1
Ian is beginning his studies toward a degree in computer security. He knows that he has a lot to learn and wants as solid a footing in the basics as he can get. He has asked you to come over and help him make sure he’s got a good grasp of the fundamentals.

71. You start with a simple question for Ian. You ask him which category of threat a computer virus falls under. He replies: ____.
a. necessity c. secrecy
b. integrity d. ephemeral

72. Next, you ask Ian what category of threat encryption is meant to tackle, and which encryption method works best on the Internet. He replies: ____ and ____.
a. necessity; symmetrical c. secrecy; symmetrical
b. integrity; asymmetrical d. necessity; symmetrical

73. Impressed with Ian’s knowledge, you decide to test him further. You ask him what kind of software tool or program is most helpful in defending against necessity attacks. He replies: ____.
a. packet sniffer c. ad blocker
b. script kiddie d. secret key

74. Moving on, you ask Ian what type of computers commonly participate in a DDoS attacks. He answers ____.
a. zombies c. both a. and b.
b. bots d. neither a. nor b.

75. Lastly, you ask Ian what it is about a digital sound or video file that permits steganography. Again, he correctly responds that ____.
a. an individual sound or video file is usually broken up into many pieces on a hard drive
b. the steganographic mark can be seen or heard by other users as a means of free and fast advertising
c. sound and video files contain portions of unused data where secret messages can be hidden
d. none of the above

Case-Based Critical Thinking Questions

Case 6-2
Heather’s friend recently had her identity stolen after accidentally responding to a phishing email. Worried that it might happen to her, Heather has read up on how phishing attacks work. You come over to help make sure she understands it.

76. You tell Heather, hypothetically, that an email was sent to her asking her to click the following URL link: https://www.chase.com/customer/private@218.36.41.188/index.html. You ask her where this link will take her. She replies: ____.
a. to the www.chase.com Web site, in the customer/private folder
b. to the www.chase.com main page
c. to the home page of a Web site with the URL 218.36.41.188
d. none of the above

77. Next, you ask Heather whether it is safe to click a URL link in an email if there is no @ symbol anywhere in it. She replies: ____.
a. yes, because the URL link will be legitimate
b. yes, because all email client software will alert users if a link points to a Web page with an address other than that listed on the email
c. no, it is never OK ever to click a URL link in any email
d. that it is considered unsafe to click a URL link in an email unless you have previously verified that the sender is who they say they are, and whom you trust

78. You next hypothesize to Heather that she has clicked a URL link in an email, and a Web site has come up that looks legitimate. Even the browser’s address bar has the correct URL in it. Should she consider the site safe?
a. She should click the Reload or Refresh button once, and then consider the site safe.
b. She should immediately turn the computer off and reboot it. Again, she should never click a URL link in any email ever.
c. She should still use extreme caution. Modern phishing programs are able to place a popup with phony address information directly over a browser’s address bar.
d. none of the above

79. Offhand, Heather asks you why this kind of attack was named “phishing” in the first place. You reply that ____.
a. the first such attack was perpetrated against the band Phish in the 1990s, and the personal information of several thousand fans was compromised
b. the attack “fishes” for information by masquerading as an email from someone known and trustworthy
c. for the first few years, all such attacks seemed “fishy” to all but the most gullible
d. none of the above

ANS: B PTS: 1 REF: WEB 303 TOP: Critical Thinking

80. You feel that Heather knows her stuff. Before you leave, you remind her to visit the Web site that has the most current, detailed information about phishing attacks, ____.
a. Phish Phinders c. the Anti-Phishing Working Group
b. Bephuddler Web-Safe d. Phishbait

COMPLETION

1. The use of logical security techniques to protect data stored on computers is sometimes called ____________________.

2. An integrity threat permits unauthorized data ____________________.

ANS: modification

PTS: 1 REF: WEB 300

3. The process of using a key to reverse encrypted text is called ____________________.

4. A(n) ____________________ is a pattern containing copyright information that is inserted into a digital image, animation, audio, or video file.

5. An attack that consumes a network’s bandwidth is called a(n) ____________________ attack.

6. Figure 6-2 shows a(n) ____ denial of service attack.

7. A company can defend its Web server from DoS attacks by adding a DoS ____________________ to monitor communication between the Web server and the router that connects it to the Internet.

8. A(n) ____________________ examines the structure of the data elements that flow through a network

9. In a(n) ____________________ crime, a thief can use the victim’s personal information to open bank accounts, obtain new credit cards, and purchase items using credit cards.

ANS: identity theft

PTS: 1 REF: WEB 312

10. Facebook is a type of social ____________________.

11. Users with Facebook accounts can “____________________” the Facebook Security page to make it easy to view security updates when viewing their own pages.

12. With the popularity of sites that allow users to send very short updates of approximately ____________________ characters or less to their friends, the ability to abbreviate links to Web sites has become a necessity.

ANS: 160

PTS: 1 REF: WEB 317

13. ____________________ components are Microsoft’s technology for writing small applications that perform some action in Web pages.

14. A(n) ____________________ is a small, hidden graphic on a Web page.

15. A(n) ____________________ vendor does not inform the customer that the software he is providing will track your use of the programs and of the Internet.

16. A Web client firewall might be a dedicated ____________________, or a program running on the Web client computer.

17. A(n) ____________________ port is one in which traffic is not filtered and the port permits entry through it.

ANS: open

PTS: 1 REF: WEB 334

18. A login generally consists of a user name and ____________________.

ANS: password

PTS: 1 REF: WEB 335

19. A digital certificate contains verification from a trusted third party, called a(n) ____________________.

ANS:
certificate authority
CA

PTS: 1 REF: WEB 337

20. A server certificate ensures that transfer of data between a user’s computer and the server is ____________________ so that it is tamperproof and free from being intercepted.

MATCHING

a. spoofing g. hacker
b. adware h. necessity
c. steganography i. authentication
d. spyware j. secrecy
e. port scan k. secret key
f. port l. password manager

1. people who write programs or manipulate technologies to obtain unauthorized access to computers

2. type of threat that permits data delays or denial

3. verifying the identity of a person

4. it permits traffic to leave and enter a computer

5. a component of asymmetric encryption

6. occurs when data is disclosed to an unauthorized party

7. hides encrypted messages within different types of files

8. many freeware and shareware programs are sold as this

9. user has no control over or knowledge of the ads

10. sending a message with the name of someone known in the From line

11. tests whether network traffic is filtered or not on a computer

12. stores login information in an encrypted form

ESSAY

1. Name and describe the three basic types of computer security threats.

ANS:
A secrecy threat permits unauthorized data disclosure and ensures the authenticity of the data’s source.
An integrity threat permits unauthorized data modification.
A necessity threat permits data delays (slowing down the transmission of data) or denials (preventing data from getting to its destination).

PTS: 1 REF: WEB 300 TOP: Critical Thinking

2. Describe the terms cryptography, encryption, algorithm, and key and how they interact together to secure information.

ANS:
The study of ways to secure information is called cryptography. Encryption is the most common cryptographic process and the most widely used form of protection for data transmitted on any network, including the Internet. Encryption is the process of coding information using an algorithm to produce a string of characters that is unreadable. An algorithm is a formula or set of steps that solves a particular problem; some algorithms also use a key, which is a fact that the encryption algorithm uses as part of its formula.

3. What do DoS and DDoS stand for? Please describe each type of security attack?

ANS:
The most common necessity attack, called a denial-of-service (DoS) attack, occurs when an attacker floods a computer, server, or network with messages with the goal of consuming the network’s bandwidth resources and disabling its services and communications.

In a distributed denial-of-service (DDoS) attack, the attacker takes control of one or more computers without the owner’s permission and uses those computers to launch a DoS attack on other computers, servers, or networks. Most DDoS attacks are launched after the attacking computers are infected with Trojan horse programs.