Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
100 Cards in this Set
- Front
- Back
|
A user receives an email that tells them they need to click this link to go to sybex.com. The link does not really go to sybex, however, and instead goes to a rogue server intended to collect usernames and passwords. What type of attack is this?
|
Phishing
|
|
|
What is the term used when a hole is found in a web browser or other software and miscreants begin exploiting it the very day it is discovered by the developer (bypassing the 1–2 day response time many software providers need to put out a patch once the hole has been found)?
|
Zero day exploit
|
|
|
When the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as:
|
XML injection attack
|
|
|
What feature included with some versions of Windows 7 offer full disk encryption that can encrypt an entire volume with 128-bit encryption?
|
BitLocker
|
|
|
In the most basic form of authentication only one set of values is checked. What is this known as?
|
Single-factor authentication (SFA)
|
|
|
What type of smart card is issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?
|
Common Access Card (CAC)
|
|
|
What is the technology of blocking websites (or sections of websites) based solely on the URL known as?
|
URL filtering
|
|
|
What is it known as when you combine phishing with Voice over IP (VoIP)?
|
Vishing
|
|
|
What type of rogue networking is common for sharing files such as movies and music and should be banned in the workplace?
|
P2P (Peer to Peer)
|
|
|
What is fuzzing?
|
The technique of providing unexpected values as input to an application to try to make it crash
|
|
|
What is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device?
|
Tailgating
|
|
|
What type of systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed?
|
DLP—Data Loss Prevention
|
|
|
Phishing or spear phishing, but for big users instead of lower-access individuals, is known as:
|
Whaling
|
|
|
What type of malware are software programs that have the ability to hide certain things from the operating system?
|
Rootkits
|
|
|
What type of social engineering attack involves going through the trash looking for notes on paper?
|
Dumpster diving
|
|
|
What type of attack is a form of redirection in which traffic intended for one host is sent to another?
|
Pharming
|
|
|
What type of virus attacks your system in multiple ways—such as attempting to infect your boot sector, infect all of your executable files, and destroy your application files—in the hope that you won't be able to correct all the problems and will allow the infestation to continue?
|
Multipartite virus
|
|
|
What type of attack is the ping of death?
|
Denial of service—either DoS, or DDoS, depending on the number of computers involved.
|
|
|
What is software running on zombie computers often known as?
|
Botnet
|
|
|
What type of attack exploits the troubleshooting and developer hooks (that often circumvented normal authentication) left in a system by those who created it?
|
Backdoor attack
|
|
|
What type of virus will change form in order to avoid detection?
|
Polymorphic
|
|
|
What two protocols does HTTP/S use for connection security, and what TCP port does it operate on by default?
|
HTTP/S uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) and port 443.
|
|
|
What type of attack uses IP spoofing and broadcasting to send a ping to a group of hosts in a network?
|
Smurf attack
|
|
|
What is the name of the text file that a browser maintains on the user's hard disk in order to provide a persistent, customized web experience for each visit?
|
Cookie
|
|
|
What do you call a computer that has been designated as a target for computer attacks?
|
Honeypot
|
|
|
Most network-monitoring software requires a network card (NIC) running in what mode?
|
Promiscuous mode
|
|
|
What component of an IDS collects data from the data source and passes it to the analyzer for analysis?
|
Sensor
|
|
|
What hardware device is used to create remote access VPNs?
|
VPN concentrator
|
|
|
What is the difference between enticement and entrapment?
|
Enticement is the process of luring someone into your plan or trap. Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. While enticement is legal, entrapment usually is not.
|
|
|
When telephone technology is married with information technology, the result is known as what?
|
Telephony
|
|
|
What is a VLAN?
|
A virtual local area network (VLAN) allows you to create groups of users and systems and segment them on the network
|
|
|
What allows a transport protocol to be sent across the network and utilized by the equivalent service or protocol at the receiving host?
|
Encapsulation
|
|
|
What are the four most common security zones you will likely encounter?
|
Internet, intranet, extranet, and DMZ (demilitarized zone)
|
|
|
What is load balancing?
|
Load balancing is shifting a load from one device to another. Most often the device in question is a server, but the term could be used for a hard drive, a CPU, or almost any device that you want to avoid overloading.
|
|
|
What technology allows you to take any single physical device and hide its characteristics from users—in essence allowing you to run multiple items on one device and make them appear as if they are standalone entities?
|
Virtualization
|
|
|
What is ARO?
|
Annualized rate of occurrence is the likelihood, often drawn from historical data, of an event occurring within a year.
|
|
|
What are five risk strategies?
|
Risk avoidance, risk transference, risk mitigation, risk deterrence, and risk acceptance.
|
|
|
What are events that aren't really incidents but trigger the same alarms known as?
|
False positives
|
|
|
What does SLE x ARO equal?
|
ALE. The single loss expectancy, when multiplied by the annual rate of occurrence, equals the annualized rate of occurrence.
|
|
|
What type of protection needs to apply to PII?
|
PII—personally identifiable information—exists within your databases for all users, customers, vendors, and contacts and includes such things as their phone number, address, credit card number, employee status, and so on. In general, any attribute of any person is considered PII and is thus subject to privacy protection issues.
|
|
|
What type of audit helps ensure that procedures and communications methods are working properly in the event of a problem or issue?
|
Escalation audit
|
|
|
What type of planning outlines those internal to the organization who have the ability to step into positions when they open?
|
Succession planning
|
|
|
What is an agreement between you (or your company) and a service provider (typically a technical support provider) known as?
|
Service-level agreement (SLA)
|
|
|
What is the name for the area of that application that is available to users—those who are authenticated and more importantly those who are not?
|
Attack surface
|
|
|
What is it known as when an application is designed to fail in a secure mode?
|
Failsafe
|
|
|
What tool is included with Windows-based operating systems for looking at Windows logs (such as security, application, and system)?
|
Event Viewer
|
|
|
What are partial or full backups that are kept at the computer center for immediate recovery purposes known as?
|
Working copies or shadow copies
|
|
|
What is the measurement of how long it takes to repair a system or component once a failure occurs?
|
MTTR (mean time to repair/restore)
|
|
|
What is code escrow?
|
Code escrow refers to the storage and conditions of release of source code provided by a vendor.
|
|
|
In what type of ethical hacking testing does the administrator acts as if they have no prior knowledge of the network?
|
Black box
|
|
|
What is blue jacking?
|
Blue jacking is the sending of unsolicited messages over the Bluetooth connection.
|
|
|
What is network bridging?
|
Network bridging means that a device has more than one network adapter card installed and the opportunity presents itself for a user on one of the networks to which the device is attached to jump to the other.
|
|
|
What type of testing involves trying to get access to your system from an attacker's perspective?
|
Penetration testing
|
|
|
Nessus is one of the better-known examples of what type of security tool?
|
Vulnerability scanner
|
|
|
What is the gaining of unauthorized access through a Bluetooth connection known as?
|
Bluesnarfing
|
|
|
In what type of ethical hacking testing does the administrator act as if they have inside knowledge of the network?
|
White box
|
|
|
What protocol was created by Cisco as an extension to EAP but is being phased out in favor of PEAP?
|
LEAP (Lightweight Extensible Authentication Protocol)
|
|
|
WPA mandates the use of TKIP, while WPA2 favors what?
|
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
|
|
|
What type of filtering is based on the physical ID of each workstation?
|
MAC filtering
|
|
|
What are the three types of cloud computing implementation?
|
Platform as a Service, Software as a Service, and Infrastructure as a Service
|
|
|
If the interconnection between the WAP server and the Internet isn't encrypted, packets between the devices may be intercepted. What is this vulnerability known as?
|
A gap in the WAP
|
|
|
IPv4, while widely used, has limitations. What is it being replaced with?
|
IPv6
|
|
|
What type of encryption does CCMP use?
|
CCMP uses 128-bit AES encryption with a 48-bit initialization vector.
|
|
|
What is unsolicited and unwanted email known as?
|
Spam
|
|
|
What is the IEEE standard for port-based access control?
|
802.1X
|
|
|
What feature is built into many firewalls to tweak the tolerance for unanswered login attacks and reduce the likelihood of a successful DoS/DDoS
|
Flood guard
|
|
|
What type of IDS system uses algorithms to analyze the traffic passing through the network?
|
A heuristic system
|
|
|
Which authentication protocol is associated with the key distribution center (KDC)?
|
Kerberos
|
|
|
What does CHAP stand for and what is it used for?
|
Challenge Handshake Authentication Protocol is used in a mutual authentication situation between a client and server.
|
|
|
What security is used to give an authenticated user rights and access privileges to network resources?
|
A token
|
|
|
What is multi-factor authentication?
|
An authentication method that uses two or more access methods
|
|
|
Retinal scans and thumbprint readers are examples of what type of authentication?
|
Biometric authentication
|
|
|
A user enters his username and password over a secure connection. He opens a file or application. Later, he is asked to reenter his username and password. What malicious code probably just executed?
|
A Trojan horse program that is spoofing system authentication
|
|
|
Ensuring that stock trades have been sent, successfully received, completed, and acknowledged so that they can't be disputed is an example of what type of security principle?
|
Nonrepudiation
|
|
|
A hacker disconnects a user from a session with a web-based or LAN-based server, takes over the session, and assumes all of the victim's privileges. What type of attack has occurred?
|
TCP/IP hijacking
|
|
|
On a Unix system, what is the name of the account that would give a hacker complete access?
|
The root account
|
|
|
In general terms, describe what has occurred when a modification is the result of an attack.
|
The original information, be it a message or file, has been altered by an unauthorized party.
|
|
|
What is the port number for Simple Mail Transport Protocol (SMTP)?
|
25
|
|
|
What is the port number for Trivial File Transfer Protocol (TFTP)?
|
69
|
|
|
What is the port number for Post Office Protocol 3 (POP3)?
|
110
|
|
|
What are the port numbers for FTP?
|
20 and 21
|
|
|
What is the port number for Telnet?
|
23
|
|
|
What two general security terms describe a TCP sequence number attack?
|
Man-in-the-middle attack and TCP/IP hijacking
|
|
|
When operating with 802.11's optional Wired Equivalent Privacy (WEP), all access points and client NICs on a particular wireless LAN must use which key?
|
The encryption key – also known as a shared encryption key.
|
|
|
Name four tunneling protocols.
|
PPTP, L2TP, SSH, and IPSec
|
|
|
What is the difference between the IPSec Tunneling mode and the Transport mode?
|
Tunneling encrypts the internal network's IP addressing information to prevent viewing of transmitted information over a public network; Transport encrypts only the data portion of the IP packet.
|
|
|
Public key cryptography is also known as what?
|
Asymmetric cryptography
|
|
|
Natively, does IM use encryption or digital certificates?
|
No
|
|
|
What port does PPTP use?
|
TCP 1723
|
|
|
What port does L2TP use?
|
UDP 1701
|
|
|
ActiveX uses Authenticode for security. What is Authenticode?
|
A digital certificate that Internet Explorer can verify, thereby ensuring that the ActiveX code is genuine
|
|
|
What does LDAP stand for?
|
Lightweight Directory Access Protocol is used in Microsoft's Active Directory.
|
|
|
If you want everyone to be able to access your FTP server but you want them to see only the directories/files you specifically designate, how should you configure your FTP server?
|
You would configure the FTP server so users have permissions only to certain files; they would therefore be unable to see or access those portions to which they don't have permissions.
|
|
|
What is S/FTP?
|
A secure form of FTP accomplished using the Secure Shell (SSH)
|
|
|
What protocol is an extension of TCP/IP that uses WML and UDP and is specifically designed to handle the requirements of transmitting data wirelessly?
|
Wireless Application Protocol (WAP)
|
|
|
What does the WAP gateway do?
|
Translates between HTTP and WAP
|
|
|
Which type of network firewall is typically the easiest to configure and the fastest in operation?
|
A packet filter network firewall
|
|
|
What network media is the most susceptible to RF interference and eavesdropping?
|
Wi-Fi
|
|
|
Why are removable media, such as flash drives and CDs, a security concern?
|
Removable media can be a source of data theft or a point of virus infection.
|
|
|
What common name is given to the following specific implementations: compact flash, memory sticks, and secure digital cards?
|
Flash cards
|
