How well do you know IT Security – Pt 2? Quiz Answers.

How did you do with the quiz? Answers are in bold.

  • 0-1  Security fail (maybe time to consider another career)
  • 3-5  Hacker’s delight (see recommendation above)
  • 6-8  Formidable defender (not too shabby)
  • 9-10 Best practices model (worth every penny you are paid)


1. In IPSec, what kind of tunnel is first set up to initiate the VPN-creation process?

  • a. IKE

•b.      ISAKMP

  • c. Lincoln Tunnel
  • d. SSL

The tunnel is used to negotiate security parameters for the main IPSec tunnel

2. How can ports 80 and 443 be defended against Web-based threats?

  • a. Web application firewalls
  • b. Content filtering
  • c. White lists
  • d. Black lists

•e.      All of the above

3. Two-factor authentication can include something you have, something you know and…

•a.       Something you are

  • b. Something you make up
  • c. Something encrypted
  • d. Something unique

This can include retina or fingerprint scans or other biometrics

4. What do corporate security executives regard as the biggest threat to security?

  • a. Removable media such as thumb drives
  • b. Malicious insiders

•c.       Web 2.0 applications

  • d. Unpatched operating systems

According to Symantec, this can include social media such as Facebook and Twitter

5. The goal of network access control (NAC) is:

  • a. Remediating security shortcomings of machines before they connect to networks
  • b. Making sure devices adhere to access policies once admitted to networks
  • c. Linking machines with user identities to impose appropriate polices on them

•d.      All of the above

And some vendors say NAC should do more

6. What means did attackers in China use to infiltrate Google’s network?

  • a. Social engineering using Facebook
  • b. Introducing malware via cross-site scripting of Web sites

•c.       Exploiting a flaw in Internet Explorer

  • d. Brute-force attack of Google executive’s passwords

7. Which botnet advance has made eradicating them more difficult?

•a.       Embedding command and control capabilities in zombie machines

  • b. Reinfection via social media sites
  • c. Sheer number overwhelms defensive measures
  • d. Use of rootkits to make bot software more difficult to dislodge

When command and control nodes shift, it becomes more difficult to shut them and their subject machines down

8. Which of the following is not an example of an application vulnerability?

  • a. Lack of sufficient logging
  • b. Fail-open error handling
  • c. Failure to properly close database connections

•d.      Running with least privilege

This is actually recommended to strengthen applications

9. What is one downside of public key encryption?

  • a. It is less secure than using secret keys

•b.      It requires trusting party to verify public keys

  • c. It cannot ensure confidentiality
  • d. It cannot ensure authenticity

10. Which is not a Wi-Fi security option?

  • a. WEP
  • b. WPA

•c.       ICMP

  • d. 802.11i