1. Which of the following is a kind of passive attack?(C) (a) The release of message contents (b) Replay
(c) Modification of messages (d) Denial of service
2. Which of the following is a primary method to illegally capture user sensitive information such as user passwords on a network? (C)
(a) Spamming (b) Spoofing (c) Sniffing (嗅探) (d) Smirking
3. Which of the following is not an asymmetric algorithm(非对称算法)(D) ?(a) RSA (b)Diffie-Hellman (c) DSS (d) DES
4. Triple Data Encryption Standard (DES) (three keys) is a method of encryption. What is the key size for triple DES encrypted data?(D)
(a) bits (b) 128 bits (c) 160 bits (d) 168 bits
5. In public key cryptography(公钥密码学), which key does the sender use to generate a signature?(D)
(a) Recipient's public key (b) Recipient's private key (c) Sender's public key (d) Sender's private key
6. What substantiates(证实) that a user's claimed identity is valid(有效的) and is normally applied through a user password at time of logon(注册)? (B)
(a) Integrity (b) Authentication(身份认证) (c) Identification(鉴别) (d) Confidentiality(机密性)
7. Which of the following types of malicious code (恶意代码)is often not parasitic(寄生)?(D)
(a)Virus (b)Trap door (c)Trojan Horse (d)Worm
8. The technique that each plaintext block is XORed (逻辑异或)with the previous ciphertext(密文) block before being encrypted is called:(B)
(a) Electronic Codebook
(b) Cipher Block Chaining(密码分组链接) (c) Cipher Feedback
(d) Round Function
9. Proxy server (代理服务器)is:(B) (a) Packet filter
(b) Application-Level gateway(方法) (c) Circuit gateway
(d) Stateful Inspection Firwalls
10. Which approach is an application-specific security services that embedded within (内嵌)the particular application?(C)
(a) IPSec (b) SSL (c) SET (d) TLS
11.A __(D)_____ layer security protocol provides end-to-end security services for applications. A) data link B) network
C) transport D) none of the above 12._____(C)_ is actually an IETF version of _____
A) TLS; TSS B) SSL; TLS C) TLS; SSL D) SSL; SLT
13.A SYN flood (泛红攻击)is an example of what type of attack?(B) A) Malicious code
B) Denial-of-service(拒绝服务) C) Man-in-the-middle D) Spoofing
14.An attack in which the attacker simply listens for(倾听) all traffic being transmitted across a network, in the hope of viewing something such as a user ID
and password combination, is known as:(C) A) A man-in-the-middle attack B) A denial-of-service attack C) A sniffing attack
D) A backdoor attack
15.In what type of attack does an attacker resend the series of commands and codes used in a financial transaction(财务交易) to cause the transaction(交易) to be
conducted multiple times(重复多次)?(C) A) Spoofing
B) Man-in-the-middle C) Replay(重播) D) Backdoor
16.A piece of malicious code (恶意代码)that must attach itself to another file to replicate itself is known as:(B)
A) A worm B) A virus C) A logic bomb D) A Trojan
17.A piece of malicious code that appears to be designed to do one thing (and may in fact do that thing) but that hides some other payload (often
malicious) is known as:(D) A) A worm B) A virus C) A logic bomb
D) A Trojan(特洛伊病毒)
18.Malicious code that is set to execute its payload (负荷)on a specific date or at a specific time is known as(A)
A) A logic bomb(逻辑) B) A Trojan horse C) A virus D) A time bomb
19.When a message is sent, no matter what its format, why do we care about its integrity(完整性)?(C)
A) To ensure proper formatting
B) To show that the encryption keys are undamaged C) To show that the message has not been edited in transit
D) To show that no one has viewed the message
20.If a message has a hash, how does the hash protect the message in transit?(A)
A) If the message is edited, the hash will no longer match.
B) Hashing destroys the message so that it cannot be read by anyone. C) Hashing encrypts the message so that only the private key holder can read it.
D) The hash makes the message uneditable.
21.What is the biggest drawback(缺点) to symmetric encryption(对称加密)?(C)
A) It is too easily broken.
B) It is too slow to be easily used on mobile devices. C) It requires a key to be securely shared. D) It is available only on UNIX.
22.What is Diffie-Hellman most commonly used for?(A) A) Symmetric encryption key exchange
B) Signing digital contracts C) Secure e-mail
D) Storing encrypted passwords
23.What is public key cryptography(公钥密码学) a more common name for?(A)
A) Asymmetric encryption(非对称加密) B) SHA
C) An algorithm that is no longer secure against cryptanalysis D) Authentication
24.How many bits are in a block of the SHA-1 algorithm(安全散列函数)?(C)
A) 128 B) C) 512 D) 1024
25.A good hash function is resistant to (抵抗。。)what?(D)
A) Brute-forcing B) Rainbow tables C) Interception D) Collisions(碰撞)
26.How is 3DES an improvement over normal DES?(C) A) It uses public and private keys.
B) It hashes the message before encryption.
C) It uses three keys and multiple encryption and/or decryption sets. D) It is faster than DES.
27.What is the best kind of key to have?(B) A) Easy to remember B) Long and random C) Long and predictable D) Short
28.Secure Sockets Layer uses what port to communicate?(D)
A) 53 B) 80 C) 143 D) 443
29.Honeypots (蜜罐)are used to:(A)
A) Attract attackers by simulating systems(模拟系统) with open network services
B) Monitor network usage by employees C) Process alarms from other IDSs D) Attract customers to e-commerce sites
30.Preventative(预防) intrusion detection systems(入侵检测系统):(B) A) Are cheaper
B) Are designed to stop malicious activity from occurring C) Can only monitor activity D) Were the first types of IDS
31.What are the two main types of intrusion detection systems?(A) A) Network-based and host-based B) Signature-based and event-based C) Active and reactive D) Intelligent and passive
32.What is a Trojan horse program?(B) A) A program that encrypts e-mail for security
B) A program that appears legitimate(合法的) but is actually malicious code(恶意代码)
C) A program that runs only on a single computer D) A program that self-compiles before it runs
33.____(A)__ is the science and art of transforming messages to make them secure and immune(不受感染)to attacks.
A) Cryptography B) Cryptoanalysis C) either (a) or (b) D) neither (a) nor (b)
34.The ___(B)_____is the original message before transformation.
A) ciphertext B) plaintext
C) secret-text D) none of the above
35.In a(n) ______(A)__, the key is called the secret key. A) symmetric-key(对称密钥) B) asymmetric-key C) either (a) or (b) D) neither (a) nor (b)
36.DES has an initial and final permutation(置换) block and ______(C)___ rounds.
A) 14 B) 15 C) 16 D) none of the above 37.PGP depends upon which model of trust?(B) A) direct trust model B) web of trust model C) hierarchical trust model D) none of the above
