Reference no: EM132464399
Part 1: Question 1. Give examples of applications of IPsec.
Question 2. What services are provided by IPsec?
Question 3. What parameters identify an SA and what parameters characterize the nature of a particular SA?
Question 4. What is the difference between transport mode and tunnel mode?
Question 5. What is a replay attack?
Question 6. Why does ESP include a padding field?
Question 7. What are the basic approaches to bundling SAs?
Question 8. What are the roles of the Oakley key determination protocol and ISAKMP in IPsec?
Part 2: Question 1. What are three broad mechanisms that malware can use to propagate?
Question 2. What are four broad categories of payloads that malware may carry?
Question 3. What are typical phases of operation of a virus or worm?
Question 4. What mechanisms can a virus use to conceal itself?
Question 5. What is the difference between machine-executable and macro viruses?
Question 6. What means can a worm use to access remote systems to propagate?
Question 7. What is a "drive-by-download" and how does it differ from a worm?
Question 8. What is a "logic bomb"?
Question 9. Differentiate among the following: a backdoor, a bot, a keylogger, spyware, and a rootkit? Can they all be present in the same malware?
Question 10. List some of the different levels in a system that a rootkit may use.
Question 11. Describe some malware countermeasure elements.
Question 12. List three places malware mitigation mechanisms may be located.
Question 13. Briefly describe the four generations of antivirus software.
Question 14. How does behavior-blocking software work?
Question 15. What is a distributed denial-of-service system?
Part 3: Question 1. List and briefly define three classes of intruders.
Question 2. What are two common techniques used to protect a password file?
Question 3. What are three benefits that can be provided by an intrusion detection system?
Question 4. What is the difference between statistical anomaly detection and rule-based intrusion detection?
Question 5. What metrics are useful for profile-based intrusion detection?
Question 6. What is the difference between rule-based anomaly detection and rule-based penetration identification?
Question 7. What is a honeypot?
Question 8. What is a salt in the context of UNIX password management?
Question 9. List and briefly define four techniques used to avoid guessable passwords.
Part 4: Question 1. List three design goals for a firewall.
Question 2. List four techniques used by firewalls to control access and enforce a security policy.
Question 3. What information is used by a typical packet filtering firewall?
Question 4. What are some weaknesses of a packet filtering firewall?
Question 5. What is the difference between a packet filtering firewall and a stateful inspection firewall?
Question 6. What is an application-level gateway?
Question 7. What is a circuit-level gateway?
Question 8. What are the common characteristics of a bastion host?
Question 9. Why is it useful to have host-based firewalls?
Question 10. What is a DMZ network and what types of systems would you expect to find on such networks?
Question 11. What is the difference between an internal and an external firewall?