Do I Know This Already Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide whether you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 8-question quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 2-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 2-1. "Do I Know This Already?" Foundation Topics Section-to-Question Mapping

Foundation Topics Section

Questions Covered in This Section

Vulnerabilities

14

Threats

5, 6

Intruder Motivations

7

Types of Network Attacks

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. A good rule of thumb for "strong" passwords is that they follow which of the following guidelines?

a. Should be upper- and lowercase, numbers, and special characters b. Should be complex and documented someplace c. Should be common words all strung together d. Should be documented so you can reference it e. Only a. and c.

f. All of the above

2 The types of technology weaknesses are operating system, protocol, and_

a. Communications, wiring b. Application, network equipment c. Network equipment, wiring d. Inexperienced staff, application e. None of the above

3 In general, which protocol is not considered "weak"?

a. HTTP

b. ICMP

d. RIPv1

f. All of the above

4. To help ensure that network equipment weaknesses are identified, a good rule of thumb is to_.

a. Test the unit in a production environment b. Trial the unit in a simulated load and protocol environment c. Trust the vendor and product engineers d. Read through all the documentation e. All of the above

5 Which of the following are considered intruders on a computer system?

a. Crackers b. Hackers c. Phreakers d. Script kiddies e. a., b., and d f. All of the above

6. An intruder who enjoys the challenge of being able to bypass security measures is considered intruding for_.

a. Curiosity b. Fun and pride c. Revenge d. Profit e. Political purpose f. None of the above

7. What three major types of attacks are implemented by an intruder?

a. DoS, reconnaissance, and access attacks b. Spoof, reconnaissance, and access attacks c. DoS, flood, and access attacks d. DoS, reconnaissance, and sweep e. Spoof, flood, and sweep f. None of the above

8. A virus, Trojan horse, or worm is considered which type of a function of an access attack?

a. Interception b. Fabrication c. Modification d. Analysis e. All of the above

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

• 6 or less overall score Read the entire chapter. This includes the "Foundation Topics" and "Foundation Summary" sections and the "Q&A" section.

• 7 or 8 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the "Q&A" section. Otherwise, move on to Chapter 3, "Defense in Depth."

4 PREV

0 0

Post a comment