Computer Security Principles and Practice 4th Edition By William Stallings – Test Bank

Original price was: $35.00.Current price is: $25.00.

Pay And Download

Complete Test Bank With Answers


Sample Questions Posted Below


Chapter 1 – Computer Systems Overview



T          F          1.  Threats are attacks carried out.

T          F          2.  Computer security is protection of the integrity, availability, and

confidentiality of information system resources.


T          F          3.  Data integrity assures that information and programs are changed only

in a specified and authorized manner.


T          F          4.  Availability assures that systems works promptly and service is not

denied to authorized users.


T          F          5.  The “A” in the CIA triad stands for “authenticity”.


T          F          6.  The more critical a component or service, the higher the level of

availability required.


T          F          7.  Computer security is essentially a battle of wits between a perpetrator

who tries to find holes and the administrator who tries to close them.


T          F          8.  Security mechanisms typically do not involve more than one particular

algorithm or protocol.


T          F          9.  Many security administrators view strong security as an impediment to

efficient and user-friendly operation of an information system.


T          F          10.  In the context of security our concern is with the vulnerabilities of

system resources.


T          F          11.  Hardware is the most vulnerable to attack and the least susceptible to

automated controls.


T          F          12.  Contingency planning is a functional area that primarily requires

computer security technical measures.


T          F          13.  X.800 architecture was developed as an international standard and

focuses on security in the context of networks and communications.


T          F          14.  The first step in devising security services and mechanisms is to

develop a security policy.


T          F          15.  Assurance is the process of examining a computer product or system

with respect to certain criteria.


  1. __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
  2. Availability B.  System Integrity
  3. Privacy D.  Data Integrity
  4. ________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
  5. System Integrity B.  Data Integrity
  6. Availability D.  Confidentiality
  7. A loss of _________ is the unauthorized disclosure of information.
  8. confidentiality B.  integrity
  9. authenticity D.  availability
  10. A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
  11. low B.  normal
  12. moderate D.  high
  13. A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n)  __________.
  14. countermeasure                             B. vulnerability
  15. adversary                                       D.  risk
  16. An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________.
  17. risk                                                B.  asset
  18. attack                                             D.  vulnerability



  1. A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.
  2. attack                                             B.  countermeasure
  3. adversary                                       D.  protocol
  4. A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.
  5. passive attack                                B. inside attack
  6. outside attack                                D.  active attack
  7. Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.
  8. unauthorized disclosure                B.  deception
  9. disruption                                      D.  usurpation
  10. A threat action in which sensitive data are directly released to an unauthorized entity is __________.
  11. corruption                                     B.  disruption
  12. intrusion                                        D.  exposure
  13. An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.
  14. masquerade                                   B.  interception
  15. repudiation                                    D.  inference
  16. The _________ prevents or inhibits the normal use or management of communications facilities.
  17. passive attack                                B.  traffic encryption
  18. denial of service                            D.  masquerade
  19. A __________ is any action that compromises the security of information owned by an organization.
  20. security mechanism                      B.  security attack
  21. security policy                               D.  security service
  22. The assurance that data received are exactly as sent by an authorized entity is __________.
  23. authentication B.  data confidentiality
  24. access control                                D.  data integrity
  25. __________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
  26. Traffic padding                             B.  Traffic routing
  27. Traffic control                               D.  Traffic integrity




  1. __________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.
  2. Confidentiality, Integrity, and Availability form what is often referred to as the _____.
  3. A loss of _________ is the disruption of access to or use of information or an information system.
  4. In the United States, student grade information is an asset whose confidentiality is regulated by the __________.
  5. A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.
  6. A(n) _________ is any means taken to deal with a security attack.
  7. Misappropriation and misuse are attacks that result in ________ threat consequences.
  8. The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________.
  9. Release of message contents and traffic analysis are two types of _________ attacks.
  10. Replay, masquerade, modification of messages, and denial of service are example of _________ attacks.
  11. Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.
  12. A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.
  13. The OSI security architecture focuses on security attacks, __________, and services.
  14. A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
  15. Security implementation involves four complementary courses of action: prevention, detection, response, and _________.


Chapter 3 – User Authentication




T          F          1.  User authentication is the fundamental building block and the primary

line of defense.


T          F          2.  Identification is the means of establishing the validity of a claimed

identity provided by a user.


T          F          3.  Depending on the details of the overall authentication

system, the registration authority issues some sort of electronic   credential to the subscriber.


T          F          4.  Many users choose a password that is too short or too easy to guess.


T          F          5.  User authentication is a procedure that allows communicating parties to

verify that the contents of a received message have not been altered and that the source is authentic.


T          F          6.  A good technique for choosing a password is to use the first letter of

each word of a phrase.


T          F          7.  User authentication is the basis for most types of access control and for

user accountability.


T          F          8.  Memory cards store and process data.


T          F          9.  Depending on the application, user authentication on a biometric

system involves either verification or identification.


T          F          10.  Enrollment creates an association between a user and the user’s

biometric characteristics.


T          F          11.  An individual’s signature is not unique enough to use in biometric



T          F          12.  Identifiers should be assigned carefully because authenticated

identities are the basis for other security services.


T          F          13.  A smart card contains an entire microprocessor.




T          F          14.  Keylogging is a form of host attack.


T          F          15.  In a biometric scheme some physical characteristic of the individual is

mapped into a digital representation.





  1. __________ defines user authentication as “the process of verifying an identity claimed by or for a system entity”.
  2. RFC 4949 B.  RFC 2298
  3. RFC 2493 D.  RFC 2328


  1. Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________.
  2. identification step B.  verification step
  3. authentication step D. corroboration step


  1. Recognition by fingerprint, retina, and face are examples of __________.
  2. face recognition B.  dynamic biometrics
  3. static biometrics D.  token authentication


  1. A __________ is a password guessing program.
  2. password hash                               B.  password cracker
  3. password biometric                       D.  password salt


  1. The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.
  2. reactive password checking          B.  proactive password checking
  3. computer-generated password      D.  user education
  4. A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.
  5. user education                               B.  proactive password checking
  6. reactive password checking          D.  computer-generated password


  1. The most common means of human-to-human identification are __________.
  2. facial characteristics         B.  signatures
  3. retinal patterns                  D.  fingerprints


  1. __________ systems identify features of the hand, including shape, and lengths and widths of fingers.
  2. Signature                           B.  Hand geometry
  3. Fingerprint                        D.  Palm print


  1. Each individual who is to be included in the database of authorized users must first be __________ in the system.
  2. verified                              B.  authenticated
  3. identified                           D.  enrolled


  1. To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.
  2. eavesdropping                                           B.  Trojan horse
  3. challenge-response                                    D.  denial-of-service


  1. A __________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path.


  1. client attack                                   B.  eavesdropping attack
  2. host attack                                     D.  Trojan horse attack
  3. A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored.
  4. eavesdropping attack                    B.  denial-of-service attack
  5. client attack                                   D.  host attack


  1. A __________ attack involves an adversary repeating a previously captured user response.
  2. client                                 B.  replay
  3. Trojan horse D.  eavesdropping


  1. An institution that issues debit cards to cardholders and is responsible for the cardholder’s account and authorizing transactions is the _________.
  2. cardholder                                     B.  auditor
  3. issuer                                 D. processor


  1. __________ allows an issuer to access regional and national networks that connect point of sale devices and bank teller machines worldwide.
  2. EFT                                   B.  POS
  3. BTM                                  D.  ATF





  1. An authentication process consists of the _________ step and the verification step.
  2. Voice pattern, handwriting characteristics, and typing rhythm are examples of __________ biometrics.
  3. A __________ is a separate file from the user IDs where hashed passwords are kept.
  4. With the __________ policy a user is allowed to select their own password, but the system checks to see if the password is allowable.
  5. The technique for developing an effective and efficient proactive password checker based on rejecting words on a list is based on the use of a __________ filter.
  6. Objects that a user possesses for the purpose of user authentication are called ______
  7. Authentication protocols used with smart tokens can be classified into three categories: static, dynamic password generator, and ___________.
  8. A __________ authentication system attempts to authenticate an individual based on his or her unique physical characteristics.
  9. The __________ is the pattern formed by veins beneath the retinal surface.
  10. A host generated random number is often called a __________.
  11. __________, in the context of passwords, refers to an adversary’s attempt to learn the password by observing the user, finding a written copy of the password, or some similar attack that involves the physical proximity of user and adversary.
  12. In a __________ attack, an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric.
  13. A __________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts.
  14. A __________ is an individual to whom a debit card is issued.
  15. The __________ step is presenting or generating authentication information that corroborates the binding between the entity and the identifier.



Chapter 7 – Denial-of-Service Attacks





T          F          1.  A denial-of-service attack is an attempt to compromise availability by

hindering or blocking completely the provision of some service.


T          F          2.  DoS attacks cause damage or destruction of IT infrastructures.

T          F          3.  A DoS attack targeting application resources typically aims to overload

or crash its network handling software.


T          F          4.  The SYN spoofing attack targets the table of TCP connections on the



T          F          5.  A cyberslam is an application attack that consumes significant

resources, limiting the server’s ability to respond to valid requests from

other users.


T          F          6.  The source of the attack is explicitly identified in the classic ping flood



T          F          7.  Given sufficiently privileged access to the network handling code on a

computer system, it is difficult to create packets with a forged source



T          F          8.  SYN-ACK and ACK packets are transported using IP, which is an

unreliable network protocol.


T          F          9.  The attacker needs access to a high-volume network connection for a

SYN spoof attack.


T          F          10.  Flooding attacks take a variety of forms based on which network

protocol is being used to implement the attack.


T          F          11.  The best defense against being an unwitting participant in a DDoS

attack is to prevent your systems from being compromised.


T          F          12.  A SIP flood attack exploits the fact that a single INVITE request

triggers considerable resource consumption.


T          F          13.  Slowloris is a form of ICMP flooding.


T          F          14.  Reflector and amplifier attacks use compromised systems running the

attacker’s programs.


T          F          15.  There is very little that can be done to prevent a flash crowd.





  1. ______ relates to the capacity of the network links connecting a server to the wider Internet.
  2. Application resource                  B.  Network bandwidth
  3. System payload                          D.  Directed broadcast


  1. A ______ triggers a bug in the system’s network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded.
  2.   echo                                 B.  reflection
  3.   poison packet                  D.  flash flood


  1. Using forged source addresses is known as _________.
  2. source address spoofing                B.  a three-way address
  3. random dropping                           D.  directed broadcast


  1. The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.


  1. DNS amplification attack             B.  SYN spoofing attack
  2. basic flooding attack                     D.  poison packet attack


  1. TCP uses the _______ to establish a connection.
  2. zombie                              B.  SYN cookie
  3. directed broadcast             D.  three-way handshake
  4. _______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server.
  5. Application-based             B.  System-based
  6. Random                             D.  Amplification
  7. _______ is a text-based protocol with a syntax similar to that of HTTP.
  8. RIP                                    B.  DIP
  9. SIP                                     D.  HIP
  10. Bots starting from a given HTTP link and then following all links on the provided Web site in a recursive way is called _______.
  11. trailing                               B.  spidering
  12. spoofing                            D.  crowding
  13. ______ attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete.
  14. HTTP                                B.  Reflection attacks
  15. SYN flooding                    D.  Slowloris
  16. A characteristic of reflection attacks is the lack of _______ traffic.
  17. backscatter                        B.  network
  18. three-way                          D.  botnet
  19. In both direct flooding attacks and ______ the use of spoofed source addresses results in response packets being scattered across the Internet and thus detectable.
  20. SYN spoofing attacks                   B.  indirect flooding attacks
  21. ICMP attacks                                D.  system address spoofing
  22. In a _______ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system.
  23. SYN flood                         B.  DNS amplification
  24. poison packet                    D.  UDP flood
  25. It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code.
  26. three-way handshake                    B.  UDP flood
  27. SYN spoofing attack                     D.  flash crowd
  28. Modifying the system’s TCP/IP network code to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows, allowing a new connection attempt to proceed is _______.
  29. poison packet                                B.  slashdot
  30. backscatter traffic                         D.  random drop
  31. When a DoS attack is detected, the first step is to _______.
  32. identify the attack                         B.  analyze the response
  33. design blocking filters                   D.  shut down the network



  1. The ICMP echo response packets generated in response to a ping flood using randomly spoofed source addresses is known as _______ traffic.


  1. _____ attacks flood the network link to the server with a torrent of malicious packets competing with valid traffic flowing to the server.


  1. The standard protocol used for call setup in VoIP is the ________ Protocol.


  1. Requests and _______ are the two different types of SIP messages.


  1. A _______ flood refers to an attack that bombards Web servers with HTTP requests.


  1. During a ______ attack, the attacker sends packets to a known service on the intermediary with a spoofed source address of the actual target system and when the intermediary responds, the response is sent to the target.


  1. In reflection attacks, the ______ address directs all the packets at the desired target and any responses to the intermediary.


  1. ______ attacks are a variant of reflector attacks and also involve sending a packet with a spoofed source address for the target system to intermediaries.


  1. The best defense against broadcast amplification attacks is to block the use of _______ broadcasts.


  1. The four lines of defense against DDoS attacks are: attack prevention and preemption, attack detection and filtering, attack source traceback and identification and _______.


  1. Since filtering needs to be done as close to the source as possible by routers or gateways knowing the valid address ranges of incoming packets, an _______ is best placed to ensure that valid source addresses are used in all packets from its customers.


  1. A ______ is a graphical puzzle used to attempt to identify legitimate human initiated interactions.


  1. To respond successfully to a DoS attack a good ______ plan is needed that includes details of how to contact technical personal for your ISP(s).


  1. If an organization is dependent on network services it should consider mirroring and ________ these servers over multiple sites with multiple network connections.


  1. A _____ is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units, memory, bandwidth, and disk space.


Chapter 8 – Intrusion Detection



T          F          1.  An intruder can also be referred to as a hacker or cracker.

T          F          2.  Activists are either individuals or members of an organized crime

group with a goal of financial reward.


T          F          3.  Running a packet sniffer on a workstation to capture usernames and                                   passwords is an example of intrusion.

T          F          4.  Those who hack into computers do so for the thrill of it or for status.

T          F          5.  Intruders typically use steps from a common attack methodology.


T          F          6.  The IDS component responsible for collecting data is the user interface.


T          F          7.  Intrusion detection is based on the assumption that the behavior of the

intruder differs from that of a legitimate user in ways that can be        quantified.


T          F          8.  The primary purpose of an IDS is to detect intrusions, log suspicious

events, and send alerts.


T          F          9.  Signature-based approaches attempt to define normal, or expected,

behavior, whereas anomaly approaches attempt to define proper       behavior.


T          F          10.  Anomaly detection is effective against misfeasors.


T          F          11.  To be of practical use an IDS should detect a substantial percentage of

intrusions while keeping the false alarm rate at an acceptable level.


T          F          12.  An inline sensor monitors a copy of network traffic; the actual traffic

does not pass through the device.


T          F          13.  A common location for a NIDS sensor is just inside the external



T          F          14.  Network-based intrusion detection makes use of signature detection

and anomaly detection.


T          F          15.  Snort can perform intrusion prevention but not intrusion detection.





  1. _________ are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes.
  2. State-sponsored organizations B.  Activists
  3. Cyber criminals D.  Others
  4. A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so.
  5. intrusion detection                        B. IDS
  6. criminal enterprise                        D.  security intrusion
  7. A _________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.
  8. host-based IDS                              B.  security intrusion
  9. network-based IDS                       D.  intrusion detection
  10. A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.
  11. host-based IDS                              B.  security intrusion
  12. network-based IDS                       D.  intrusion detection
  13. The ________ is responsible for determining if an intrusion has occurred.
  14. analyzer                                         B.  host
  15. user interface                                 D.  sensor
  16. __________ involves an attempt to define a set of rules or attack patterns that can be          used to decide if a given behavior is that of an intruder.
  17. Profile based detection                 B.  Signature detection
  18. Threshold detection                      D.  Anomaly detection
  19. _________ involves the collection of data relating to the behavior of legitimate users over a period of time.
  20. Profile based detection                 B.  Signature detection
  21. Threshold detection                      D.  Anomaly detection



  1. A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits.
  2. Master                                           B.  Apprentice
  3. Journeyman                                   D.  Activist
  4. The _________ module analyzes LAN traffic and reports the results to the central manager.
  5. LAN monitor agent                       B.  host agent
  6. central manager agent                   D.  architecture agent
  7. The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager.
  8. central manager agent                   B.  LAN monitor agent
  9. host agent                                      D.  architecture agent
  10. A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.
  11. passive sensor                               B.  analysis sensor
  12. LAN sensor                                   D.  inline sensor
  13. A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way.
  14. PEP                                               B.  DDI
  15. IDEP                                             D.  IDME
  16. _________ is a document that describes the application level protocol for exchanging data between intrusion detection entities.
  17. RFC 4767                                      B.  RFC 4766
  18. RFC 4765                                      D.  RFC 4764
  19. The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria.
  20. protocol                                         B.  direction
  21. action                                             D.  destination port


  1. The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.
  2. data source                                                B.  sensor
  3. operator                                         D.  analyzer




  1. The broad classes of intruders are: cyber criminals, state-sponsored organizations, _________ , and others.


  1. A ________ is a hacker with sufficient technical skills to modify and extend attack toolkits to use newly discovered vulnerabilities.
  2. The _________ to an IDS enables a user to view output from the system or control the behavior of the system.
  3. __________ is a security service that monitors and analyzes system events for the purpose of finding, and providing real-time warning of attempts to access system resources in an unauthorized manner.


  1. An IDS comprises three logical components: analyzers, user interface and _____.
  2. Copying a database containing credit card numbers, viewing sensitive data without authorization, and guessing and cracking passwords are examples of _________ .
  3. _________ anomaly detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations.
  4. ________ detection techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious.
  5. _________ simulate human brain operation with neurons and synapse between them that classify observed data
  6. A ________ IDS monitors traffic at selected points on a network or interconnected set of networks.
  7. The _________ (RFC 4766) document defines requirements for the Intrusion  Detection Message Exchange Format (IDMEF).
  8. The functional components of an _________ are:  data source, sensor, analyzer, administration, manager, and operator.
  9. The _________ is the predefined formally documented statement that defines what activities are allowed to take place on an organization’s network or on particular hosts to support the organization’s requirements.
  10. ________ are decoy systems that are designed to lure a potential attacker away from critical systems.
  11. The __________ is the human with overall responsibility for setting the security policy of the organization, and, thus, for decisions about deploying and configuring the IDS.




computer test bank,

There are no reviews yet.

Add a review

Be the first to review “Computer Security Principles and Practice 4th Edition By William Stallings – Test Bank”

Your email address will not be published. Required fields are marked *

  • No products in the cart.