7. Users must type PINs when they use their access cards. This is an example of …54. Jason sends a message to Kristin using public key encryption for confidentiality. What key will Jason use to encrypt the message?55. Which of the following is needed in order to encrypt the following message that you want to send to a business partner? “The total amount to be paid for order #C1222 is $23,000.00” (Circle all that apply)56. Encryption is used for _____.57. In symmetric encryption in a two-way dialog, how many keys are used in total for confidentiality?MIS 4850 Systems SecurityFinal Exam Review QuestionsAccess Control and Site Security1. Which of the following operating systems does not provide RAM buffer protection? a) Windows Vistab) Windows XP Professionalc) Windows NTd) Windows 2000e) None of the above2. With which of the following operating systems the login password can be bypassed by hitting the escape key?a) Windows Vistab) Windows XP Professionalc) Windows NTd) Windows 2000e) None of the above3. Which of the following is true about Access cards that are designed for two-factor authentication? a) their PINs are usually short like 4 characters for instanceb) a 4-character PIN is too risky for access cardsc) if an access card is lost, the best security measure is to cancel or disable itd) None of the above4. You need to implement a wireless network with 3 Access Points and 13 wireless laptops. How many SSIDs need to be used in order to have all devices be part of the same WLAN?a. Three different SSIDsb. One same SSID c. 16 different SSIDsd. None of the above.5. In a wireless network that uses WEP (Wired Equivalent Privacy) to provide wireless security, which of the following may authenticate to an access point?a) Only the administrator.b) Only users with the correct WEP key. c) Only users within the company.d) Anyone can authenticate.7. Users must type PINs when they use their access cards. This is an example of …a. piggybackingb. one-factor authenticationc. weak authenticationd. three-factor authenticatione. None of the above8. A user walks up to a door, has his or her face scanned, and is admitted through the door. Assume nothing else. This is an example of...a. verificationb. certificationc. None of the above9. How could we prevent someone from installing a sniffer where wires connect to a switch?a. Use newer switchesb. install sniffer detection systemsc. use switches with non-standard ports d. use optical fiber instead of UTPe. lock telecommunications closets10. It may be possible to find media containing sensitive corporate data through...a. Data diggingb. two-factor recognitionc. sensitivity analysisd. Shreddinge. None of the aboveExplanation: This is dumpster diving.11. The network administrator created a group account. He added all employees with last name beginning with letter A, B, or C to the group. He then created another group account and added all the other employees to it. He finally assigned access rights to the groups. What access control strategy did he use?a) Mandatory Access Controlb) Role Based Access Controlc) Discretionary Access Controld) Logic Based Access Controle) None of the aboveExplanation: This is List-Based Access Control.TCP/IP Internetworking14. Which of the following is true in TCP/IP-based encapsulation?a. Requests are encapsulated in TCP segmentsb. Frames are encapsulated in packetsc. Neither a. nor b.d. Both a and b.15. If Layer N receives a message, which layer de-encapsulates the message? a. N+1b. Nc. N-1d. Any of the abovee. None of the above16. When it receives, which of the following does a router do first?a. encapsulateb. decapsulate (or de-encapsulate)c. Neither a. nor b.d. Both a. and b.17. Which of the following is connectionless?a. IPc. TCPd. None of the above.18. With classful IP addresses, the network part of a class B IP address is ___ bits long.a. 8b. 24d. 32e. None of the above19. How many messages are sent in a TCP opening?a. Oneb. Two (the message and its acknowledgement)c. Fourd. None of the aboveExplanation: Three messages are sent altogether in an opening21. How many messages are sent in an abrupt TCP close, i.e. in a Reset?a. Two (the message and its acknowledgement)b. Threec. Fourd. None of the above24. What do we call messages at the Transport layer?a. Framesb. Packetsc. Both of the above.d. Neither a. nor b.Explanation: They are called segments (i.e. TCP segments) or datagrams (i.e. UDP datagrams)25. A host sends a TCP segment with source port number 25 and destination port number 64562. Which of the following is true? (Choose all correct answers)a) The source host is a client computerb) The source host is an email serverc) The destination host is a client computerd) The destination host is a server computere) The source host is a web server26. Use the ADDing technique to determine the logical network that computer A (IP address 192.168.1.5 with subnet mask 255.255.255.128) belongs to. --------------------------- 32 bit notation ---------------------- Dotted decimalIP address:Mask:Network:27. Use the ADDing technique to determine the logical network that computer B (IP address 192.168.2.3 with subnet mask 255.255.255.128) belongs to. --------------------------- 32 bit notation ---------------------- Dotted decimalIP address:Mask:Network:28. Are both computers on the same logical network? Why?__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________Attacks29. In preparing his attack, the attacker used the ping command to determine whether or not a specific target computer is connected and responsive. Which of the following did the attacker do?a) Network scanningb) Port scanningc) Fingerprintingd) Host scanninge) None of the above30. In preparing his attack, the attacker used a IP Scanning software called fPing to determine whether or not computers with IP addresses in the range 220.35.36.1 to 220.35.36.20 are connected and responsive. Which of the following did the attacker do?a) Network scanningb) Port scanningc) Fingerprintingd) Host scanninge) None of the aboveExplanation: host scanning could be done for a single host or for multiple hosts using a range of IP addresses.31. In preparing his attack, the attacker sent normal HTTP requests to a web server. Then, he spent some