System Security Final Exam Study Guide
– System Security Course – Complete
Practice Questions with Answers
Introduction:
This document contains a comprehensive set of practice
questions and answers covering key system security concepts,
including password cracking, scanning techniques,
countermeasures, access control, and cryptography. It also
addresses important topics such as information security goals,
encryption methods, and attack strategies.
The material is structured in a Q&A format, making it useful
for exam preparation and quick revision of core concepts. It
aligns well with typical final exam topics in system security
courses.
Exam Questions and Answers with Rationales:
Assume that a system uses passwords that are 3 decimal
number long. What is the maximum number of passwords that
an attacker would have to try in order to crack the password?
a) 4
b) 67108864
,c) 1000
d) None of the above -Answer:-1000
Rationale: N^Password Length in characters = Maximum
number of passwords
N=10
10^3=1000
What is the maximum time (in minutes) that it will take to
crack a system's passwords assuming that the system uses
passwords that are 2 decimal number long. Also, assume that
it takes 1.8 second to try cracking each password?
a) 2 minutes
b) 3 minutes
c) 4 minutes
d) None of the above -Answer:-3 minutes
Rationale: The maximum number of passwords is 10^2 = 100
in this case. Since it take 1.8 sec to try each password, it will
take a maximum of 1.8 x 100 = 180 sec or 3 minutes to crack
the passwords.
, Which of the following is not the type of activity that attackers
can engage in before launching their attacks?
a) Fingerprinting
b) Network scanning
c) Port scanning
d) Host scanning
e) None of the above -Answer:-None of the above
Which of the following cannot be considered an unobtrusive
information collection?
a) An attacker reading trade press in order to find information
about projects or products under development by the company
he is planning on attacking.
b) Searching the WHOIS database of the Internet Corporation
for Assigned Names and Numbers to gather information about
a company's domain.
c) Visiting a corporate website in search for information about
the organizational structure and senior officers.
d) Sending odd IP packets to a corporate network in an attempt
to learn about the network infrastructure.
– System Security Course – Complete
Practice Questions with Answers
Introduction:
This document contains a comprehensive set of practice
questions and answers covering key system security concepts,
including password cracking, scanning techniques,
countermeasures, access control, and cryptography. It also
addresses important topics such as information security goals,
encryption methods, and attack strategies.
The material is structured in a Q&A format, making it useful
for exam preparation and quick revision of core concepts. It
aligns well with typical final exam topics in system security
courses.
Exam Questions and Answers with Rationales:
Assume that a system uses passwords that are 3 decimal
number long. What is the maximum number of passwords that
an attacker would have to try in order to crack the password?
a) 4
b) 67108864
,c) 1000
d) None of the above -Answer:-1000
Rationale: N^Password Length in characters = Maximum
number of passwords
N=10
10^3=1000
What is the maximum time (in minutes) that it will take to
crack a system's passwords assuming that the system uses
passwords that are 2 decimal number long. Also, assume that
it takes 1.8 second to try cracking each password?
a) 2 minutes
b) 3 minutes
c) 4 minutes
d) None of the above -Answer:-3 minutes
Rationale: The maximum number of passwords is 10^2 = 100
in this case. Since it take 1.8 sec to try each password, it will
take a maximum of 1.8 x 100 = 180 sec or 3 minutes to crack
the passwords.
, Which of the following is not the type of activity that attackers
can engage in before launching their attacks?
a) Fingerprinting
b) Network scanning
c) Port scanning
d) Host scanning
e) None of the above -Answer:-None of the above
Which of the following cannot be considered an unobtrusive
information collection?
a) An attacker reading trade press in order to find information
about projects or products under development by the company
he is planning on attacking.
b) Searching the WHOIS database of the Internet Corporation
for Assigned Names and Numbers to gather information about
a company's domain.
c) Visiting a corporate website in search for information about
the organizational structure and senior officers.
d) Sending odd IP packets to a corporate network in an attempt
to learn about the network infrastructure.
