ITN 262 Final Exam Review || A+ Guaranteed.
Session Layer correct answers OSI layer that handles a set of transport connections used for a
particular purpose.
Data Link Layer correct answers OSI layer that manages the structure and content of data carried
by the physical layer.
Presentation Layer correct answers OSI layer that reformats host data to meet network-wide
standards and vice versa.
Physical Layer correct answers OSI layer that includes the physical wiring and signaling
between nodes.
Application Layer correct answers OSI layer that provides a specific service to the user on a host
computer, such as email.
Transport Layer correct answers OSI layer that associates packets with specific application
processes in end-point hosts and ensures reliability.
Network Layer correct answers OSI layer that manages intranetwork routing of packets.
Six Steps of the NIST Risk Management Framework correct answers 1) Categorize information
systems. 2) Select security controls. 3) Implement security controls. 4) Assess security controls.
5) Authorize information systems. 6) Monitor security controls.
SSL Handshake Protocol correct answers A combination of shared secret hashing and an RSA-
protected key exchange. The client and the server exchange randomly generated nonces, then the
client uses the server's public key to transmit a randomly generated secret value. Each one then
uses the exchanged data to generate a set of shared secret keys to use.
, 3 Major DNS Vulnerabilities correct answers 1) Cache poisoning: A resolver receives a bogus
response to a DNS query. All subsequent queries receive the wrong information and redirect
connections to the wrong IP address. 2) Denial-of-service attack on major DNS servers:
Attackers try to disable part or all DNS service in parts of the Internet by attacking major DNS
servers. 3) DOS attack using a shared resolver: An attacker transmits numerous bogus DNS
queries to the shared resolver.
Steps DNS Domain Name Resolver Software takes to look up a Domain Name correct answers
1) The software retrieves the domain name of interest. 2) The software looks up the domain
name in the host's cache. Each host keeps a cache of previous domain name queries. 3) If the
name isn't in the cache, the host sends a query across the network to its assigned DNS server. 4)
The software saves the answer in the cache in case the same query recurs, and it returns the
answer to the caller.
3-Way Handshake correct answers The client sends a packet with the SYN flag set to a server.
The server responds with a packet that has the SYN and ACK flags set. The client sends a packet
with the ACK flag set back to the server.
Briefly explain the purpose of a routing table and identify the protocol that populates the table.
correct answers The internet layer of every protocol stack contains a routing table that chooses a
network and/or MAC address for outgoing packets. Most hosts rely on the Address Resolution
Protocol to fill in the routing table with addresses on its subnet. Packets destined for other IP
addresses go to a default router.
List five types of authentication vulnerabilities that apply to tokens. correct answers 1) Cloning
or borrowing the credential. 2) Sniffing the credential. 3) Trial and error guessing. 4) Denial of
service. 5) Retrieving a copy of the computer's database for authenticating tokens
Identify the five general steps of a security risk assessment. correct answers 1) Identify assets. 2)
Identify threat agents and attacks. 3) Estimate the likelihood of attacks. 4) Estimate the impact of
attacks. 5) Calculate the relative significance of attacks.
Briefly explain the two types of authentication vulnerabilities that most often occur with
biometrics. correct answers An attacker can clone or borrow the credential, such as cloning
Session Layer correct answers OSI layer that handles a set of transport connections used for a
particular purpose.
Data Link Layer correct answers OSI layer that manages the structure and content of data carried
by the physical layer.
Presentation Layer correct answers OSI layer that reformats host data to meet network-wide
standards and vice versa.
Physical Layer correct answers OSI layer that includes the physical wiring and signaling
between nodes.
Application Layer correct answers OSI layer that provides a specific service to the user on a host
computer, such as email.
Transport Layer correct answers OSI layer that associates packets with specific application
processes in end-point hosts and ensures reliability.
Network Layer correct answers OSI layer that manages intranetwork routing of packets.
Six Steps of the NIST Risk Management Framework correct answers 1) Categorize information
systems. 2) Select security controls. 3) Implement security controls. 4) Assess security controls.
5) Authorize information systems. 6) Monitor security controls.
SSL Handshake Protocol correct answers A combination of shared secret hashing and an RSA-
protected key exchange. The client and the server exchange randomly generated nonces, then the
client uses the server's public key to transmit a randomly generated secret value. Each one then
uses the exchanged data to generate a set of shared secret keys to use.
, 3 Major DNS Vulnerabilities correct answers 1) Cache poisoning: A resolver receives a bogus
response to a DNS query. All subsequent queries receive the wrong information and redirect
connections to the wrong IP address. 2) Denial-of-service attack on major DNS servers:
Attackers try to disable part or all DNS service in parts of the Internet by attacking major DNS
servers. 3) DOS attack using a shared resolver: An attacker transmits numerous bogus DNS
queries to the shared resolver.
Steps DNS Domain Name Resolver Software takes to look up a Domain Name correct answers
1) The software retrieves the domain name of interest. 2) The software looks up the domain
name in the host's cache. Each host keeps a cache of previous domain name queries. 3) If the
name isn't in the cache, the host sends a query across the network to its assigned DNS server. 4)
The software saves the answer in the cache in case the same query recurs, and it returns the
answer to the caller.
3-Way Handshake correct answers The client sends a packet with the SYN flag set to a server.
The server responds with a packet that has the SYN and ACK flags set. The client sends a packet
with the ACK flag set back to the server.
Briefly explain the purpose of a routing table and identify the protocol that populates the table.
correct answers The internet layer of every protocol stack contains a routing table that chooses a
network and/or MAC address for outgoing packets. Most hosts rely on the Address Resolution
Protocol to fill in the routing table with addresses on its subnet. Packets destined for other IP
addresses go to a default router.
List five types of authentication vulnerabilities that apply to tokens. correct answers 1) Cloning
or borrowing the credential. 2) Sniffing the credential. 3) Trial and error guessing. 4) Denial of
service. 5) Retrieving a copy of the computer's database for authenticating tokens
Identify the five general steps of a security risk assessment. correct answers 1) Identify assets. 2)
Identify threat agents and attacks. 3) Estimate the likelihood of attacks. 4) Estimate the impact of
attacks. 5) Calculate the relative significance of attacks.
Briefly explain the two types of authentication vulnerabilities that most often occur with
biometrics. correct answers An attacker can clone or borrow the credential, such as cloning
