‫جـامعـة الـزيتـونــــة األردنيــة‬ Al-Zaytoonah University of Jordan

Exam Question Form - Teaching & Exams Follow-up procedures/ Faculty of

QF01/2611-4.0E
Science and Information Technology
0125435 Course Code Network Security Course Name
2022/2023 Academic Year Summer Semester
Final Quiz/ Midterm/ Final 10-09-2023 Exam Date
9250 Exam Place 11:30 – 1:30 Exam Time
2 hours Exam duration 50 Maximum score

To be filled by the Student

Student Name University ID
Instructor Name Prof. Adnan Hnaif Section Number 1

:Dear student, please answer the following questions

:First Question: Choose the correct answer Grade 27
1- The least threats, vulnerabilities, and attacks between these types is

A. SSL B. Botnet C. Denial-of-Service D. Backdoor

2- ---------------- is an attack in which an attacker injects malicious executable scripts into the
code of a trusted application or website.

A. Buffer overflows B. Cross-site scripting

C. SQL injection D. Query string manipulation
3- ---------------- is the insertion of malicious data, which has not been validated, into an HTTP
response header.

A. Buffer overflows B. Cross-site scripting

C. SQL injection D. Query string manipulation
4- A ---------------- is a potential violation of security

A. Threat B. Vulnerability C. Attack D. Virus

5- ---------------- arise from individuals who are highly motivated and technically competent.

A. Internal threats B. External threats

C. Unstructured threats D. Structured threats
6- ---------------- arise from individuals who do not have direct access to the network.

A. Internal threats B. External threats

C. Unstructured threats D. Structured threats
7- ---------------- arising from insecure transmission of user account details over the network
such as usernames and passwords.

A. User account vulnerabilities B. System account vulnerabilities

C. Default password and settings D. Network device misconfiguration
8- ---------------- are software programs or malicious codes that are installed on a system
QF01/2611– page 1/4
 ‫جـامعـة الـزيتـونــــة األردنيــة‬ Al-Zaytoonah University of Jordan

Exam Question Form - Teaching & Exams Follow-up procedures/ Faculty of

QF01/2611-4.0E
Science and Information Technology

without the user’s knowledge.

A. Intruders B. Malware
C. Virus D. Trojan
9- Wireless networks use ---------------- to connect wireless-enabled devices in the network.

A. Wi-Fi B. NIC
C. Radio Frequency D. Bluetooth
10- ---------------- refers to a wireless system comprised of two components: tags and readers.

A. Wi-Fi B. NIC
C. RFID D. Bluetooth
11- ---------------- is a sequence of characters that uniquely names a Wi-Fi network.

A. SSID B. NIC
C. RFID D. Access point
12- ---------------- is an attacker traps people by using fake hotspots.

A. WAR driving B. Unauthorized association

C. Ad hoc connection attack D. Evil twin attack
13- The below Figure describes typical uses of wireless networks of ------------------.

A. Extension to a Wired Network B. Multiple Access Points

C. LAN-to-LAN Wireless Network D. 3G hotspot
14- What is the purpose of vulnerability scanning?

A. To detect known vulnerabilities in a system

B. To prevent all attacks on a system
C. To test the effectiveness of a system’s security controls
D. To simulate a real-world attack on a system

15- Which of the following is a common method for gaining unauthorized access to a network?

QF01/2611– page 2/4

 ‫جـامعـة الـزيتـونــــة األردنيــة‬ Al-Zaytoonah University of Jordan

Exam Question Form - Teaching & Exams Follow-up procedures/ Faculty of

QF01/2611-4.0E
Science and Information Technology

A. Phishing
B. Patching
C. Encryption
D. Authentication

16- Which of the following is an example of a denial-of-service (DoS) attack?

A. Installing malware on a user’s computer

B. Intercepting and stealing sensitive information
C. Flooding a network with traffic to disrupt service
D. Spoofing a user’s identity to gain access to a network

17- Which of the following firewalls are used to track the state of active connections and
determine the network packets allowed to enter through the firewall? Each correct answer
represents a complete solution. Choose all that apply.

A. Circuit-level gateway
B. Stateful
C. Proxy server
D. Dynamic packet-filtering

18- Which of the following tools is an open-source network intrusion prevention and detection
system that operates as a network sniffer and logs activities of the network that are
matched with the predefined signatures?

A. Dsniff B. KisMAC C. Snort D. Kismet

19- Which of the following devices allows wireless communication devices to connect to a
wireless network using Wi-Fi, Bluetooth, or related standards?

A. Express card
B. WAP
C. WNIC
D. Wireless repeater

20- Which of the following refers to the exploitation of a valid computer session to gain
unauthorized access to information or services in a computer system?

A. Spoofing
B. Smurf
C. Session hijacking
D. Phishing

QF01/2611– page 3/4

 ‫جـامعـة الـزيتـونــــة األردنيــة‬ Al-Zaytoonah University of Jordan

Exam Question Form - Teaching & Exams Follow-up procedures/ Faculty of

QF01/2611-4.0E
Science and Information Technology

Second Question: Answer the following Grade 30

1- What are the main types of Network Security Attacks? (See the below Figure) [6 marks]

2- What are the main types of network security attacks? [4 marks]

3- Rearrange the following steps to set up a firewall with a simple explanation of each step.[20 marks]

A. Configure access control lists

B. Architect your firewall zones and IP addresses

C. Test your firewall configuration

D. Secure your firewall

E. Configure your other firewall services and logging

F. Any other features that you deem necessary.

Wish you all the best

QF01/2611– page 4/4