網路入侵偵測

1. ____________ is used to describe those hackers who use their computer skills with malicious intent for illegal purposes or nefarious activities

Black Hats

Grey Hats

White Hats

Red Hats

2. A ___________ is a private network of computers that uses the public Internet to connect some nodes.

VPN

Routing Table

FINNet

UseNet

3. ______________ refers to a kind of electronic civil disobedience in which activists take direct action by breaking into, or protesting, government or corporate computer systems

Activism

Hacktivism

Attackvism

Defensiveness

4. An ____________ gathers and analyzes information from various areas within a computer, or network, in order to identify possible violations of security policy, including unauthorized access, as well as misuse.

intrusion detection system

extensible firewall

outbound packet filter

alert rule

5. ______________ refers to the pre-attack phase when the attacker scans the network with specific information gathered during reconnaissance.

Scanning

Spoofing

Parsing

Sniffing

6. ________________ can be said to be a security violation that results from a threat action.

Exposure

Rating

Disclosure

Ranking

7. The BIOS program is usually in the _______memory location

FFFF0h

EEEE0e

DDDD0d

MMMM0m

8. The __________ is a semi-trusted network zone that separates the untrusted Internet from the company's trusted internal network.

Demilitarized Zone

Demarcated Zone

Detoxified Zone

Destabilized Zone

9. The authentication process is done by exchanging a set of messages between a pair of entities, usually called as an _________________ protocol.

Authentication

Approval

Acceptable risk

DSA Risk

10. ____________ of the e-mail message has key role to play in e-mail tracing as it contains the unique IP address of the server that sent the message.

Header

Option

Signature

Key

11. HPFS is acronym for___________

High Performance File System

High Performance File Storage

High Percentile File Storage

High Pilferage File System

12. Choose the most appropriate definition for Cybercrime. Cybercrime is defined as…

Any illegal act that involves a computer, its systems, or its applications.

Any act violating human rights using a computer or its software

Any act where the computer hardware is damaged by the software

Any malfunctioning of software or denial of access to the Internet

13. The ___________ is a unique identifier that is used to establish, and maintain, wireless connectivity and acts as a single shared password between access points and clients.

SSID

SSLD

SSDI

DSDL

14. ________ is a program and/or device that monitors data traveling over a network.

Scanner

Sniffer

Strobe

Spammer

15. RADIUS, TACAS, IKE are _________

Secure Protocols

Secure Methodologies

Secure Technologies

Security Products

16. The objective of ______________ is to authenticate based on username, password, smart cards, tokens or PINs.

user authentication

host authentication

network authentication

resource authentication

17. In a ____________________, the IDS examine activity on each individual computer or host.

Host based

Network based

Software based

Hardware based

18. __________ is the technique attackers use to gain access to a network, sending messages to a computer with an IP address indicating that the message is coming from a trusted host.

IP Spoofing

Phishing

MAC Flooding

Cloning

19. E-mail crime can be categorized in two ways: one committed by sending mails and other _______

supported by e-mails

categorized by crime

sender’s location

ISP involved

20. Which options should be turned on in a wireless network to make it more secure?

SSID and WEP

SSID and WRP

IPSEC and SSL

SSH and SSL

21. __________ is the act of obtaining unauthorized access to a network by manipulating authorized users in to revealing their passwords and access information

Social Engineering

Sniffing

Scanning

Reverse Engineering

22. The most damaging of the denial of service attacks can be a _______________ attacks, where an attacker uses zombie software distributed over several machines

Distributed denial of service

Zombie

Bot

Discrete denial of service

23. _________ is a program that appears to be legitimate but is designed to have destructive effects.

Trojan

Worm

Bot

Virus

24. ____________ defines the way in which messages are transmitted over the Internet.

HTTP

POP

SMTP

SNMP

25. __________ is the art and science of hiding information by embedding messages within other, seemingly harmless messages.

Steganography

Encryption

Compression

Concurrency

26. IPSec aids two encryption modes:

Transport and Tunnel

Transfer and Transport

Twist and Tunnel

Telegraphic and Tunnel

27. Running a program that remotely finds ports opened and closed on remote systems, represents one of the most common types of __________attacks.

Reconnaissance

Reverse Mapping

Rendezvous

Re-engineering

28. __________ is a system integrity check tool.

Tripwire

Sysinternals

Limewire

MSBS

29. Logs can help in event reconstruction as they are_______

Time stamped

Targeted

Transient

Time bound

30. When there is sufficient power the computer looks for the ______for the start of the BIOS boot program.

BIOS ROM

BIOS POST

BIOS Setup

BIOS RAM

31. ___________ is a computer that is completely vulnerable to attacks.

Bastion host

Application Server

Firewall Server

Rogue Server

32. ____________ is a proxy server that doesn't have special caching abilities of a caching HTTP proxy server.

SOCKS

Anonymizer

Transparent Proxy

Protocol Analyzer

33. A _____________ is an application program that is used to identify an unknown or forgotten password to a computer or network resource.

Password cracker

Password hacker

Password cropper

Password hasher

34. _______________ refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of attack prior to launching an attack.

Reconnaissance

Scanning

Footprinting

Sniffing

35. Investigators must document digital evidence by creating an _________________

Evidence form

Album of evidence

Evidence Recovery Form

Evidence Diary

36. A __________ is simply a program, or hardware device, that protects the resources of a private network from users on other networks.

Firewall

IDS

Bastion Host

Honeypot

37. _____________ detects and drops packets that overload the server

Stateful packet filtering

Protocol based filtering

Stateless packet filtering

Packet Dropper

38. Common digital signature algorithms that are used include ______

RSA and DSA

ASA and DSA

MSA and RSA

MSA and ASA

39. In a ____________________, the IDS examine activity on each individual computer or host.

Denial of Service

Spamming

Phishing

Keylogging

40. A ___________is any circumstance or event that has the potential to cause harm to a system or network

Vulnerability

Threat

Attack

Disaster

41. Any ____________involves three phases – preparation, conduct and conclusion.

Security testing

Security reporting

Security finding

Security probing

42. ____________should begin with the identification of audience and objective of the particular report Report writing

Report writing

Case investigation

Case Classification

Cross examination

43. ______ is defined as the protection of networks and their services from unauthorized modification, destruction, or disclosure.

Network security

Physical security

Buffer Overflow

Ethical Hacking

44. _____________ layer deals with the mechanical, electrical, procedural interfaces and the physical transmission medium.

Physical

Transport

Network

Transmission

45. ___________ is a defined way to breach the security of an IT system through vulnerability.

Exploit

Hotfix

Scanning

Sniffing

46. A __ indicates successful access gained by the user and stands for the unsuccessful attempt made to gain the access.

Success event, failure event

Failure event, success event

Success event, unsuccessful event

Failure event, failed event

47. __________ is a means for ensuring private, secure communication between hosts over an insecure medium using tunneling.

VPN

IPSEC

SSH

SSL

48. During the power on self-test various tests are performed including:

Video card test

Webcam test

Napster test

UGA test

49. The basic function of ___________is transmission of data over the communication channel.

physical layer

data layer

transmission layer

data link layer

50. ___________ is an incident process in which a person or software program acting on behalf of any other person takes some action and then denies them to do it later.

Repudiation

Non Disclosure

Non Committal

Retraction

51. An ______________is a person who can investigate on a particular case, evaluate all findings, and educate the jury about his findings.

Expert witness

Jury Member

Crime Reporter

Court Reporter

52. _______ is a malicious program that replicates it self until it fills all of the storage space on a drive or network

Worm

Trojan

Bot

Virus

53. Cyber Crime is divided into the two T's

Tools and Target of the crime

Time and Target of the crime

Time and Tools of the crime

Time and Task of the crime

54. ______________are those that violate the confidentiality without affecting the state of the system.

Passive attacks

Active attacks

Subversive attacks

Scan attacks

55. _____________ monitors system files to determine whether an intruder has changed the system files.

System Integrity Verifiers

System Change Checkers

System Indicative Verifiers

System Change Implementers

56. __________ has been defined as an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

Attack

Threat

Vulnerability

Exploit

57. ______ is an online utility that helps an investigator/user to search for copyright records

LOCIS

AXIS

LOCUS

AXED

58. ___________ contain events generated by system component and deals with driver failures and hardware issues.

System Log

Event Log

Application Log

Security Log

59. The computer forensic investigator must maintain ___________whenever a case is being investigated.

objectivity

Personal judgement

perspective

subjectivity

60. ___________is a file system designed specifically for the OS/2 operating system to improve upon the limitations of the FAT file system.

HPFS

OSPF

HSPF

FSOS

61. An ________can be an event or set of events that threatens the security in computing systems and networks in any organization.

Incident

Outbreak

Event log

Alert

62. ___________ is also known as misuse detection and tries to identify events that misuse a system.

Signature recognition

Anomaly detection

Rule trigger system

Snort rule

63. Network forensics poses greater challenges as:

Evidence is found across multiple systems and is volatile

Evidence is stationary on the network and multiple locations are involved

Evidence is captured in the whole only with the use of a network forensic tool

There cannot be multiple investigators across multiple systems

64. Proxy based firewalls concentrate on the _____________ rather than just the packets

Application Layer

Transport Layer

Physical Layer

Network Layer

65. WEP stands for ____________

Wireless Encryption Protocol

Wired Equivalent Privacy

Wireless Encryption Privacy

Wired Equivalent Protocol

66. ___________ is a computer program that is designed to replicate itself by copying itself into the other programs stored in a computer

Virus

Trojan

Worm

Bot

67. ________ is a procedure by which a router changes data in packets to modify the network addresses

NAT

Packet filter

Proxy

Firewall

68. _______________firewalls concentrates on individual packets and analyzes their header information and which way they are directed to

packet filter based

Role based

Host based

Network based

69. ______ is a standard for encrypting and digitally signing electronic mail that contains attachments and for offering secure data transmissions.

Secure MIME

SSH

SSL

HTTPS

70. The __________________ characterizes the organization's idea of an apt computer, usage of the network and measures to deal with the network incidents.

network policy

security policy

disaster recovery policy

acceptable use policy

71. _________ determines what type of resources can be accessed per user basis.

Authorization

Authentication

Identification

Encryption

72. _____________ is an incident in which a system does not behave as it was expected to.

Subversion

Submersion

Subdivision

Supervision

73. __________ mainly involve government agencies that are responsible for criminal investigations and prosecution.

Public investigations

Private investigations

Corporate investigations

Confidential investigations

74. _________ is a program that handles external servers on behalf of internal servers.

Proxy

SOCKS

NAT

Firewall

75. Computer crimes pose certain challenges to solving the crime. These include:

Speed at which crime is committed, anonymity, volatility of evidence

Speed at which crime is committed, disclosure, evidence recovery

Speed at which crime is committed, disclosure, volatility of evidence

Speed at which crime is detected, anonymity, evidence recovery

網路入侵偵測

1. ____________ is used to describe those hackers who use their computer skills with malicious intent for illegal purposes or nefarious activities

2.

What first name or nickname would you like us to use?

2. A ___________ is a private network of computers that uses the public Internet to connect some nodes.

3. ______________ refers to a kind of electronic civil disobedience in which activists take direct action by breaking into, or protesting, government or corporate computer systems

4. An ____________ gathers and analyzes information from various areas within a computer, or network, in order to identify possible violations of security policy, including unauthorized access, as well as misuse.

5. ______________ refers to the pre-attack phase when the attacker scans the network with specific information gathered during reconnaissance.

6. ________________ can be said to be a security violation that results from a threat action.

7. The BIOS program is usually in the _______memory location

8. The __________ is a semi-trusted network zone that separates the untrusted Internet from the company's trusted internal network.

9. The authentication process is done by exchanging a set of messages between a pair of entities, usually called as an _________________ protocol.

10. ____________ of the e-mail message has key role to play in e-mail tracing as it contains the unique IP address of the server that sent the message.

11. HPFS is acronym for___________

12. Choose the most appropriate definition for Cybercrime. Cybercrime is defined as…

13. The ___________ is a unique identifier that is used to establish, and maintain, wireless connectivity and acts as a single shared password between access points and clients.

14. ________ is a program and/or device that monitors data traveling over a network.

15. RADIUS, TACAS, IKE are _________

16. The objective of ______________ is to authenticate based on username, password, smart cards, tokens or PINs.

17. In a ____________________, the IDS examine activity on each individual computer or host.

18. __________ is the technique attackers use to gain access to a network, sending messages to a computer with an IP address indicating that the message is coming from a trusted host.

19. E-mail crime can be categorized in two ways: one committed by sending mails and other _______

20. Which options should be turned on in a wireless network to make it more secure?

21. __________ is the act of obtaining unauthorized access to a network by manipulating authorized users in to revealing their passwords and access information

22. The most damaging of the denial of service attacks can be a _______________ attacks, where an attacker uses zombie software distributed over several machines

23. _________ is a program that appears to be legitimate but is designed to have destructive effects.

24. ____________ defines the way in which messages are transmitted over the Internet.

25. __________ is the art and science of hiding information by embedding messages within other, seemingly harmless messages.

26. IPSec aids two encryption modes:

27. Running a program that remotely finds ports opened and closed on remote systems, represents one of the most common types of __________attacks.

28. __________ is a system integrity check tool.

29. Logs can help in event reconstruction as they are_______

30. When there is sufficient power the computer looks for the ______for the start of the BIOS boot program.

31. ___________ is a computer that is completely vulnerable to attacks.

32. ____________ is a proxy server that doesn't have special caching abilities of a caching HTTP proxy server.

33. A _____________ is an application program that is used to identify an unknown or forgotten password to a computer or network resource.

34. _______________ refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of attack prior to launching an attack.

35. Investigators must document digital evidence by creating an _________________

36. A __________ is simply a program, or hardware device, that protects the resources of a private network from users on other networks.

37. _____________ detects and drops packets that overload the server

38. Common digital signature algorithms that are used include ______

39. In a ____________________, the IDS examine activity on each individual computer or host.

40. A ___________is any circumstance or event that has the potential to cause harm to a system or network

41. Any ____________involves three phases – preparation, conduct and conclusion.

42. ____________should begin with the identification of audience and objective of the particular report Report writing

43. ______ is defined as the protection of networks and their services from unauthorized modification, destruction, or disclosure.

44. _____________ layer deals with the mechanical, electrical, procedural interfaces and the physical transmission medium.

45. ___________ is a defined way to breach the security of an IT system through vulnerability.

46. A ____________ indicates successful access gained by the user and __________ stands for the unsuccessful attempt made to gain the access.

47. __________ is a means for ensuring private, secure communication between hosts over an insecure medium using tunneling.

48. During the power on self-test various tests are performed including:

49. The basic function of ___________is transmission of data over the communication channel.

50. ___________ is an incident process in which a person or software program acting on behalf of any other person takes some action and then denies them to do it later.

51. An ______________is a person who can investigate on a particular case, evaluate all findings, and educate the jury about his findings.

52. _______ is a malicious program that replicates it self until it fills all of the storage space on a drive or network

53. Cyber Crime is divided into the two T's

54. ______________are those that violate the confidentiality without affecting the state of the system.

55. _____________ monitors system files to determine whether an intruder has changed the system files.

56. __________ has been defined as an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

57. ______ is an online utility that helps an investigator/user to search for copyright records

58. ___________ contain events generated by system component and deals with driver failures and hardware issues.

59. The computer forensic investigator must maintain ___________whenever a case is being investigated.

60. ___________is a file system designed specifically for the OS/2 operating system to improve upon the limitations of the FAT file system.

61. An ________can be an event or set of events that threatens the security in computing systems and networks in any organization.

62. ___________ is also known as misuse detection and tries to identify events that misuse a system.

63. Network forensics poses greater challenges as:

64. Proxy based firewalls concentrate on the _____________ rather than just the packets

65. WEP stands for ____________

66. ___________ is a computer program that is designed to replicate itself by copying itself into the other programs stored in a computer

67. ________ is a procedure by which a router changes data in packets to modify the network addresses

68. _______________firewalls concentrates on individual packets and analyzes their header information and which way they are directed to

69. ______ is a standard for encrypting and digitally signing electronic mail that contains attachments and for offering secure data transmissions.

70. The __________________ characterizes the organization's idea of an apt computer, usage of the network and measures to deal with the network incidents.

71. _________ determines what type of resources can be accessed per user basis.

72. _____________ is an incident in which a system does not behave as it was expected to.

73. __________ mainly involve government agencies that are responsible for criminal investigations and prosecution.

74. _________ is a program that handles external servers on behalf of internal servers.

75. Computer crimes pose certain challenges to solving the crime. These include:

46. A __ indicates successful access gained by the user and stands for the unsuccessful attempt made to gain the access.