100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CNIT 455 Final Exam with Complete Exam Verified 2024 $12.99   Add to cart

Exam (elaborations)

CNIT 455 Final Exam with Complete Exam Verified 2024

 1 view  0 purchase
  • Course
  • CNIT 455
  • Institution
  • CNIT 455

CNIT 455 Final Exam with Complete Exam Verified 2024

Preview 4 out of 37  pages

  • October 14, 2024
  • 37
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CNIT 455
  • CNIT 455
avatar-seller
CLOUND
CNIT 455 Final Exam with Complete
Exam Verified 2024
how are buffer overflows commonly used? - ANSWER-used to cause attacker code to
get executed by overwriting the stack to replace the return address with the address of
the attacker code, so that when the function completes, it runs the attacker code

how are certificate authorities organized? - ANSWER-they are organized in hierarchical
fashion

how are client access VPNs implemented? - ANSWER-a tunnel exists between a client
and a VPN server, where a virtual NIC is created when establishing the tunnel, and the
vNIC gets an internal network address

how are commerical CAs setup? - ANSWER-1. commerical CAs set up as a "trusted
path" by defauly in more OS/browsers
2. costs money to get certificate from commerical CA
3. once you have a server certificate from your CA, you can issue your own trusted
certificates

how are host based IDS architectured? - ANSWER-1. automated log parsing to check
sytem and application for anomalous activity
2. stack based analyzer that integrates in the host's IP stack and remove offending
traffic from the stack

how are private CAs setup? - ANSWER-1. you setup your own CA
2. trust is usually limited to an organization
3. need to manually/push certificates onto client devices

how are site to site VPNs implemented? - ANSWER-they are implemented on the
devices that face the public network, with the traffic being routed and enapsulated by
the VPN devices

how can a root bridge spanning tree attack be mitigated? - ANSWER-1. physically force
a known root bridge
2. limit switches that can join the STP topology after the initial election process

how can one avoid detection while performing fingerprinting? - ANSWER-1. edit out
information from logs by overwriting with zeros
2. utilize rootkits to gain persistence and hide from security scanners

how can one remain nonymous while performing direct reconnaissance? - ANSWER-
employing stealth techniques like using public proxies, internet cafes, or VPNs

,how can packet sniffing be detected? - ANSWER-send a packet with a bad/impossible
address yet a correct IP address, and if it gets a response, then that host must be in
promiscuous mode

how can PKI be used to provide data encryption? - ANSWER-1. used to encrypt data on
an encrypted file system
2. usually doesn't require a complete certificate system
3. can use straight two key encryption
4. keys are commonly stored in the network directory entry for the user

how do ALGs increase latency? - ANSWER-two separate sessions must be managed
per "connection"

how does 802.1x work? - ANSWER-1. uses MAC address or certificates to authenticate
device
2. allows access to the appropriate network upon successful compliance check
3. can use VLANs

how does an IDS proactively close a connection? - ANSWER-it sends a TCP "FIN" flag
to both ends, though it requires the IDS to be able to send traffic (but not necessarily be
in-line)

how does bridging increase latency? - ANSWER-requirement of NICs being in
promiscuous mode reduces efficiency

how does DHCP proxy work? - ANSWER-1. DHCP requests are forward to special
DHCP server(s)
2. identification is based on MAC address

how does DNAT increase latency? - ANSWER-src/dst L3 and L4 addresses must be
rewritten

how does dynamic packet filtering work? - ANSWER-keeps ports closed, then opens
ports based on the context by building a state table that tracks things like TCP
sequence numbers and UDP data flows, as well as examining layer 7 to ensure traffic is
what it says it is

how does hardware protection for preventing overflow attacks work? - ANSWER-a bit in
the memory address denotes whether it is executable or not, so you would mark the
stack and heap as non-executable, though it only works on 64-bit processors

how does NAC client software work for network admission? - ANSWER-client will not
allow traffic to flow until being admitted by the policy server

how does PKI secure email? - ANSWER-1. digitally sign messages to prevent
tampering and verifies sender identity

,2. encrypt the messages to prevent anyone other than the intended recipient from
reading them

how does PKI secure IPsec? - ANSWER-1. it encrypts all data contained in the IP
packet
2. positively identifies the source and destination

how does PKI secure websites/web transactions? - ANSWER-1. it authenticates the
website
2. provides encryption for transactions between the browser and web server
3. can require clients to have digital certificates to authenticate themselves to the web
server

how does SNAT increase latency? - ANSWER-the src/dst L3 addresses must re-written
in both directions

how does standard routing increase latency? - ANSWER-barely affects latency as
minimal additional processing is required

how does the firewall keep track of connections when using DNAT? - ANSWER-the
firewall builds a state table comprised of L3 addresses, L4 ports, and L5 session info to
track which connection belongs to which internal device

how is a port mirror used for in a network based IDS? - ANSWER-the port on the
boundary router or firewall get mirrored so it can be inspects, though its only good for
short term use as a hogs an interface and still has some performance impact

how is RADIUS configured? - ANSWER-1. a shared secret is created between the
RADIUS client (NAS) and the server
2. the server IP and port is entered on the NAS
3. the client is authorized on the server via the IP address
4. access profiles are created on the server

how is RSA used for digital signatures? - ANSWER-1. hash the content
2. encrypt the hash with the private key
3. publish the content along with the encrypted hash
4. decrypt with the public key

how is the CA hierarchy structured? - ANSWER-1. always one root CA, which issues its
own certificate
2. root CA issues a special certificate to subordinate CAs that allows them to hand out
certificates
3. results in a "trust path" where any certificate handed out by any CAin the hierarchy is
considered part of the trust path

, how many hops does a tunnel appear as to a client? - ANSWER-only a single hop,
regardless of the number of routers/hops as it crosses the internet

how many SAs are needed for duplex communication? - ANSWER-two SAs are
required for duplex communication

is a ping of death still a problem? - ANSWER-"The original Ping of Death attack has
mostly gone the way of the dinosaurs" - Cloudflare

T/F a firewall always includes a packet filter, but not all packet filters are firewalls -
ANSWER-true

T/F admission control and access control are the same thing? - ANSWER-false

T/F AES is the best choice for symmetric encryption for most applications day -
ANSWER-true

T/F an IDS can suffer from false positives and false negatives - ANSWER-true

T/F both ends do not need to match on all parameters for IPsec configuration? -
ANSWER-false, all parameters need to match on both ends for IPsec to work

T/F buffer overflows are not the most commonly used attack vector? - ANSWER-false,
they are the most commonly used attack vector

T/F CBC is not the most commonly used approach for block cipher modes - ANSWER-
false, it is the most commonly used approach

T/F client access VPNs should be on the same internal network as on-premise clients? -
ANSWER-false, ideally VPN clients will be on a separate address space to allow for
firewall rules

T/F collisions are not possible with hashes - ANSWER-false, collisions are always
possible, but good hash functions minimize collisions so that its impractical to try to find
one

T/F data endpoints and encapsulation endpoints are the same for a client access VPN?
- ANSWER-true, the VPN server deencapsulates the data from the client and passes it
to the private network

T/F data endpoints and encapsulation endpoints are the same for a site to site VPN -
ANSWER-false, the endpoints for data and enapsulation are different

T/F DES is strong enough for today's computers? - ANSWER-false, too weak due to
small keys and small block sizes, don't use unless you have too

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller CLOUND. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75632 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.99
  • (0)
  Add to cart