ITN 261 EXAM QUESTIONS WITH ALL
CORRECT ANSWERS
Which of the following involves overwriting all of the information on a drive? - Answer-
Drive wiping
The first step in penetration testing is to actually perform the attack. - Answer- False
Which of the following is a distributed denial of service (DDoS) attack in which the
attacker sends a succession of SYN packets with a spoofed return address to a
targeted destination IP device, but does not send the last ACK packet to acknowledge
and confirm receipt? - Answer- SYN flood
Penetration testing requires rules to be agreed upon in advance - Answer- True
To create a digital signature, two steps take place that result in the actual signature that
is sent with data. In the first step, the message or information to be sent is passed
through a hashing algorithm that creates a hash to: - Answer- verify the integrity of the
message.
The primary piece of equipment located at the Network or Internet Layer of the OSI
Reference Model is the router - Answer- True
When performing a penetration test, the team should generally include members with: -
Answer- different but complementary skills
Which of the following is specifically designed to passively gain information about a
target? - Answer- Footprinting
Which of the following terms refers to using a search engine to find useful data about a
targeted company? - Answer- Google hacking
Which of the following asymmetric algorithms is used to establish and exchange
asymmetric keys over an insecure medium? - Answer- Diffie-Hellman
IP addresses are non-persistent addresses assigned via software that cannot be
changed. - Answer- False
, In information security, the concept of defense in depth is based on the concept of
layering more than one control. These controls can be physical, administrative, or
technical in design. - Answer- True
Over the past few years, the hacking community has engaged in more "lone wolf" types
of hacking activities as opposed to working as teams. - Answer- False
Which of the following was designed for network diagnostics and to report logical
errors? - Answer- Internet Control Message Protocol (ICMP)
Symmetric encryption is also called public key cryptography. - Answer- False
The ever-increasing amount of personal information that people put online themselves
has made gathering information on human beings more difficult - Answer- False
Facebook, MySpace, LinkedIn, and Twitter are referred to as: - Answer- social
networking sites.
Most encryption cannot be broken. - Answer- False
In symmetric encryption, one key is used for encryption and a separate key is used for
decryption. - Answer- False
The ethical hacker is tasked with evaluating the overall state of security. The core
principles of security involve preserving all of the following except - Answer- disclosure
Cryptography provides an invaluable service to security by providing all of the following
except: - Answer- the ability to hack into systems and remain undetected.
Which of the following refers to a piece of software, a tool, or a technique that targets or
takes advantage of a vulnerability? - Answer- Exploit
The goals of confidentiality and integrity are basically the same. - Answer- False
A Trojan horse is an example of malicious code. - Answer- True
Which of the following statements is NOT true regarding asymmetric encryption? -
Answer- If the holder of the private key encrypts something with the private key, only
other individuals with access to the private key can decrypt
An application designed without security devices is considered a(n) - Answer- insecure
application
To create a digital signature, two steps take place that result in the actual signature that
is sent with data. In the second step, the hash is passed through the encryption process
using the sender's: - Answer- private key as the key in the encryption process.
CORRECT ANSWERS
Which of the following involves overwriting all of the information on a drive? - Answer-
Drive wiping
The first step in penetration testing is to actually perform the attack. - Answer- False
Which of the following is a distributed denial of service (DDoS) attack in which the
attacker sends a succession of SYN packets with a spoofed return address to a
targeted destination IP device, but does not send the last ACK packet to acknowledge
and confirm receipt? - Answer- SYN flood
Penetration testing requires rules to be agreed upon in advance - Answer- True
To create a digital signature, two steps take place that result in the actual signature that
is sent with data. In the first step, the message or information to be sent is passed
through a hashing algorithm that creates a hash to: - Answer- verify the integrity of the
message.
The primary piece of equipment located at the Network or Internet Layer of the OSI
Reference Model is the router - Answer- True
When performing a penetration test, the team should generally include members with: -
Answer- different but complementary skills
Which of the following is specifically designed to passively gain information about a
target? - Answer- Footprinting
Which of the following terms refers to using a search engine to find useful data about a
targeted company? - Answer- Google hacking
Which of the following asymmetric algorithms is used to establish and exchange
asymmetric keys over an insecure medium? - Answer- Diffie-Hellman
IP addresses are non-persistent addresses assigned via software that cannot be
changed. - Answer- False
, In information security, the concept of defense in depth is based on the concept of
layering more than one control. These controls can be physical, administrative, or
technical in design. - Answer- True
Over the past few years, the hacking community has engaged in more "lone wolf" types
of hacking activities as opposed to working as teams. - Answer- False
Which of the following was designed for network diagnostics and to report logical
errors? - Answer- Internet Control Message Protocol (ICMP)
Symmetric encryption is also called public key cryptography. - Answer- False
The ever-increasing amount of personal information that people put online themselves
has made gathering information on human beings more difficult - Answer- False
Facebook, MySpace, LinkedIn, and Twitter are referred to as: - Answer- social
networking sites.
Most encryption cannot be broken. - Answer- False
In symmetric encryption, one key is used for encryption and a separate key is used for
decryption. - Answer- False
The ethical hacker is tasked with evaluating the overall state of security. The core
principles of security involve preserving all of the following except - Answer- disclosure
Cryptography provides an invaluable service to security by providing all of the following
except: - Answer- the ability to hack into systems and remain undetected.
Which of the following refers to a piece of software, a tool, or a technique that targets or
takes advantage of a vulnerability? - Answer- Exploit
The goals of confidentiality and integrity are basically the same. - Answer- False
A Trojan horse is an example of malicious code. - Answer- True
Which of the following statements is NOT true regarding asymmetric encryption? -
Answer- If the holder of the private key encrypts something with the private key, only
other individuals with access to the private key can decrypt
An application designed without security devices is considered a(n) - Answer- insecure
application
To create a digital signature, two steps take place that result in the actual signature that
is sent with data. In the second step, the hash is passed through the encryption process
using the sender's: - Answer- private key as the key in the encryption process.
