Professional Documents
Culture Documents
Hands On Ethical Hacking and Network Defense
Hands On Ethical Hacking and Network Defense
d. OLE DB
15. List an organization with online resources for learning more about Web
application vulnerabilities.
Open Web Application Security Project (OWASP)
16. What tags identify ColdFusion as the scripting language?
c. the letters CF
17. What tags identify PHP as the scripting language?
c. <? ?>
18. An HTML Web page containing ASP code must be compiled before running. True or
False?
False
19. Which of the following can be used to detect a new application vulnerability
on a Web site?
c. Wapiti
20. IIS is used on more than twice as many Web servers as Apache Web Server. True
or False?
False
Chapter 11 Solutions - REVIEW QUESTIONS
1. Which IEEE standard defines authentication and authorization in wireless
networks?
d. 802.1X
2. Which EAP method requires installing digital certificates on both the server
and client?
a. EAP-TLS
3. Which wireless encryption standard offers the best security?
a. WPA2
4. Name a tool that can help reduce the risk of a wardriver attacking your WLAN.
Black Alchemy Fake AP, honeypots
5. What protocol was added to 802.11i to address WEP’s encryption vulnerability?
b. TKIP
6. What IEEE standard defines wireless technology?
c. 802.11
7. What information can be gathered by wardriving? (Choose all that apply.)
a. SSIDs of wireless networks
b. Whether encryption is enabled
d. Signal strength
8. Disabling SSID broadcasts must be configured on the computer and the AP. True
or False?
False
9. What TKIP enhancement addressed the WEP vulnerability of forging packets?
d. Message Integrity Check (MIC)
10. Wi-Fi Protected Access (WPA) was introduced in which IEEE 802 standard?
c. 802.11i
11. Wardriving requires expensive hardware and software. True or False?
False
Hands-On Ethical Hacking and Network Defense, 2e, 1435486099
False
9. Write the equation to calculate how many keys are needed to have 20 people
communicate with symmetric keys.
n(n - 1) / 2 = number of symmetric keys, or 20(20 - 1) / 2 = 190 keys
10. Why did the NSA decide to drop support for DES?
c. The processing power of computers had increased.
11. Symmetric algorithms can be block ciphers or stream ciphers. True or False?
True
12. Which of the following describes a chosen-plaintext attack?
c. The attacker has plaintext, can choose what part of the text gets encrypted, and
has access to the ciphertext.
13. Two different messages producing the same hash value results in which of the
following?
c. Collision
14. Which of the following is a program for extracting Windows password hash
values?
b. Fgdump
15. Advanced Encryption Standard (AES) replaced DES with which algorithm?
a. Rijndael
16. What cryptographic devices were used during World War II? (Choose all that
apply.)
a. Enigma machine
c. Purple Machine
d. Bombe
17. Asymmetric cryptography systems are which of the following?
b. Slower than symmetric cryptography systems
18. Diffie-Hellman is used to encrypt e-mail messages. True or False?
False
19. Hiding data in a photograph is an example of which of the following?
a. Steganography
20. Which of the following is an asymmetric algorithm?
c. RSA
Chapter 13 Solutions - REVIEW QUESTIONS
1. Which type of routing protocol broadcasts the entire routing table when a new
path is discovered?
a. Link-state routing protocol
2. A router using a distance-vector routing protocol sends only new information to
other routers on the network. True
or False?
False
3. Which of the following Cisco components stores a router’s running
configuration, routing tables, and buffers?
b. RAM
4. If a Cisco router’s flash memory becomes corrupted, the router can boot from
which of the following components?
a. ROM
5. Which prompt is displayed if a user logs on to a Cisco router in privileged
mode?
c. Router#
Hands-On Ethical Hacking and Network Defense, 2e, 1435486099