• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/275

Click to flip

275 Cards in this Set

  • Front
  • Back
Approximately two out of three malicious web attacks have beendeveloped using one of four attack toolkits
False
Attack toolkits range inprice fromonly $400 to as much as $8,000.
False
Like a virus a worm needs the user to perform an action such as starting a program or opening an attachment to start the infection
False
Removing a rootkit from an infected computer is extremely difficult
True
Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.
True
The most popular attack toolkit which has almost half of the attacker toolkit market is
a. spyeye
b Neospoloit
c Zeus
d MPack
D
_____ is when an attacker tricks users into giving out information or performing a compromising action.
a Phreaking
b Hacking
c Social engineering
d reverse engineering
C
The two types of malware that have the primary objective of spreading are_____.
a viruses and worms
b rootkits and worms
c Tojans and worms
d rootkits and Trojans
A
A computer _____ is malicious computer code that reproduces itself on the same computer.
a virus
b worm
c adware
d spyware
A
In a(n)_____infection, a virus injects itself into the program's executable code instead of at the end of the file.
a stealth
b appender
c swiss cheese
d split
C
Unlike other malware, a _____ is heavily dependent upon the user for its survival.
a Trojan
b worm
c rootkit
d virus
D
A _____virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.
a companion
b file infector
c resident
d boot
C
A_____virus infects the master boot record of a hard disk drive.
a file infector
b companion
c resident
d boot
D
A_____virus infects program executable files.
a macro
b program
c companion
d boot sector
B
There are almost _____ different Microsoft Windows file extensions that could contain a virus.
a 50
b 60
c 70
d 80
C
A_____ is a seris of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks.
a.rootkit
b macro
c program
d process
B
A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program
a macro
b metamorphic
c boot
d companion
D
Viruses and worms are said to be self-____.
a duplicating
b updating
c copying
d replicating
D
A_____ is a seris of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks.
a.rootkit
b macro
c program
d process
B
A ____ is a program advertised as performing one activity but actually does something else.
a script
b virus
c trojan
d worm
C
A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program
a macro
b metamorphic
c boot
d companion
D
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms
a rootkit
b backdoor
c wrapper
d shield
A
Viruses and worms are said to be self-____.
a duplicating
b updating
c copying
d replicating
D
A ____ is a program advertised as performing one activity but actually does something else.
a script
b virus
c trojan
d worm
C
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms
a rootkit
b backdoor
c wrapper
d shield
A
A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event
a Trojan
b logic bomb
c macro virus
d metamorphic virus
B
A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks
a Trojan horse
b virus
c bug
d Easter egg
D
____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
a adware
b keylogger
c spam
d trojan
A
A 25.
B 26.
Points: Reference: 63
1 / 1
1 / 1
Points: Reference: 55 ____ is an image spam that is divided into multiple images.
a word splitting
b geometric variance
c layer variance
d GIF layering
D
____ involves horizontally separating words, although it is still readable by the human eye.
a Word splitting
b GIF layering
c Geometric variance
d Layer variance
A
____ uses “speckling” and different colors so that no two spam e-mails appear to be the same.
a GIF layering
b geometric variance
c word splitting
d layer variance
B
The “omnipresence” of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today
True
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks
True
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small
False
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.
False
Because of the minor role it plays, DNS is never the focus of attacks
False
____ is a language used to view and manipulate data that is stored in a relational database
a C
b DQL
c SQL
d ISL
C
The SQL injection statement ____ determines the names of different fields in a database.
a.whatever AND email IS NULL; --
b whatever; AND email IS NULL; --
c whatever” AND email IS NULL; --
dwhatever’ AND email IS NULL; --
D
The SQL injection statement ____ discovers the name of a table.
a.whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --
b.whatever’ AND 1=(SELECT COUNT(*) FROM tabname); --

c.whatever; AND 1=(SELECT COUNT(*) FROM tabname); --

d.whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --
B
The SQL injection statement ____ finds specific users. a.whatever’ OR full_name = ‘%Mia%’
b.whatever’ OR full_name IS ‘%Mia%’
c.whatever’ OR full_name LIKE ‘%Mia%’
d.whatever’ OR full_name equals ‘%Mia%’
C
HTML is a markup language that uses specific ____ embedded in brackets
a blocks
b marks
c taps
d tags
D
____ is designed to display data, with the primary focus on how the data looks
a XML
b HtML
c SGML
d ISL
B
____ is for the transport and storage of data, with the focus on what the data is
a XML
b HTML
c SGML
d SML
A
Users who access a Web server are usually restricted to the ____ directory
a top
b base
c root
d tap
C
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.
a /var/www
b C:\Inetpub\wwwroot
c /var/html
d /etc/var/www
B
For a Web server’s Linux system, the default root directory is typically ____
a /var/www
b C:\inetpub\wwwroot
c /var/root
d /home/root
A
The expression ____ up one directory level.
a ;/traverses
b ./traverses
c %20/traverses
d ../ traverses
D
Web application attacks are considered_____ attacks.
a client-side
b hybrid
c server-side
d relationship
C
A client-side attack that results in a user’s computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.
a bufefr overflow
b drive by download
c denial of service
d stack underflow
B
The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.
a HTTP header
b HTML header
c XML header
d SSL header
A
____ is an attack in which an attacker attempts to impersonate the user by using his session token.
a session replay
b session spoofing
c session hijacking
d session blocking
C
A ____ attack is similar to a passive man-in-the-middle attack.
a replay
b hijacking
c denial
d buffer overflow
A
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.
a HTTP
b NSDB
c URNS
d DNS
D
____ substitutes DNS addresses so that the computer is automatically redirected to another device
a DNS poisoning
b Phishing
c DNS marking
d DNS overloading
A
When DNS servers exchange information among themselves it is known as a ____
a resource request
b zone disarticulation
c zone transfer
d zone removal
C
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.
a DNS spooking
b DNS poisoning
c DNS bonding
d DNS blacklisting
B
All Web traffic is based on the ____________________ protocol
HTTP
A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself
Markup language
The ____________________ directory is a specific directory on a Web server’s file system
root
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site
session
The predecessor to today’s Internet was a network known as ____________________.
ARPAnet
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks
Zero day attack
Injects scripts into a Web application server that will then direct attacks at clients
cross -sit scripting (XSS) attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
directory traversal attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
command injection
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
client-side attack
Created from the Web site that a user is currently viewing
First-party cookie
Privileges that are granted to users to access hardware and software resources
Access rights
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Privilege escalation
The first step in a vulnerability assessment is to determine the assets that need to be protected.
True
If port 20 is available, then an attacker can assume that FTP is being used
True
Vulnerability scans are usually performed from outside the security perimeter.
False
In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested
False
A healthy security posture results from a sound and workable strategy toward managing risks
True
Securing the host involves protecting the physical device itself, securing the operating system software on the system, using security-based software applications, and monitoring logs
True
Keyed entry locks are much more difficult to defeat than deadbolt locks.
False
Cipher locks are the same as combination padlocks
False
Data, once restricted to papers in the office filing cabinet, now flows freely both in and out of organizations, among employees, customers, contractors, and business partners.
True
When a policy violation is detected by the DLP agent, it is reported back to the DLP server
True
A ____ in effect takes a snapshot of the current security of the organization.
a threat analysis
b vulnerability appraisal
c risk assessment
d threat assessment
B
The ____ is the expected monetary loss every time a risk occurs
a SLE
b ARO
c ALE
d SRE
A
____ is the probability that a risk will occur in a particular year
a SLE
b ALE
c ARO
d EF
C
____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks
a Insourcing
b Outsourcing
c Outcasting
d Inhousing
b
A ____ outlines the major security considerations for a system and becomes the starting point for solid security
a profile
b threat
c control
d baseline
D
____ is a comparison of the present state of a system compared to its baseline
a baseline reporting
b compliance reporting
c baseline assessment
d compliance review
A
While the code for a program is being written, it is being analyzed by a ____.
a black box
b code review
c white box
d scanner
B
When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities
a threat scanner
b vulnerability profiler
c port scanner
d application profiler
C
A(n) ____ means that the application or service assigned to that port is listening for any instructions.
a open port
b empty port
c closed port
d interruptible system
A
A ____ is a network set up with intentional vulnerabilities
a honeynet
b honeypot
c honeycomb
d honey hole
A
A security weakness is known as a(n) ____.
a threat
b vulnerability
c risk
d opportunity
B
The end product of a penetration test is the penetration ____
a test prfile
b test report
c test system
d test review
B
A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications
a white box
b black box
c replay
d system
A
Released in 1995, one of the first tools that was widely used for penetration testing was ____.
a GOPHER
b SAINT
c SATAN
d NESSUS
C
____ are combination locks that use buttons which must be pushed in the proper sequence to open the door.
a Biometric locks
b Cipher locks
c multifactor locks
d reaction locks
b
____ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated
a lockout sensors
b engineering sensors
c tailgate sensors
d proximity sensors
C
Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself
a logical token
b physical sensor
c physical token
d hybrid sensor
C
ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags
a wave
b pulse
c AFID
d RFID
d
A ____ is designed to separate a nonsecured area from a secured area
a lockout
b mantrap
c closet
d pit
b
Using video cameras to transmit a signal to a specific and limited set of receivers is called ____.
a CCTV
b ICTV
c IPtV
d ITV
A
Securing a restricted area by erecting a barrier is called ____
a blocking
b boundary placement
c fencing
d moating
C
An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing
a flat collar
b spiked collar
c slippery collar
d sharp collar
B
A ____ is an independently rotating large cups affixed to the top of a fence prevent the hands of intruders from gripping the top of a fence to climb over it
a bollard
b fence
c roller barrier
d top hat
C
A ____ outlines the major security considerations for a system and becomes the starting point for solid security
a reference
b baseline
c profile
d minimum
B
In Microsoft Windows, a ____ is a collection of security configuration settings
a security baseline
b security reference
c security summary
d security template
D
A ____ is software that is a cumulative package of all security updates plus additional features.
a feature pack
b roll-up
c service pack
d patch
C
In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer
a heuristic detection
b pattern detection
c hybrid detection
d combination detection
A
A(n) ____ is hardware or software that is designed to prevent malicious packets from entering or leaving computers
a IPS
b scanner
c firewall
d honeypot
C
____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected
a IDS
b ADP
c LLP
d DLP
D
____ is defined as a security analysis of the transaction within its approved context
a content aggregation
b content inspection
c content delivery
d content management
B
Each of the following is a reason why it is difficult to defend against today’s attackers except ______________.
a complexity of attack tools
b weak patch distribution
c greater sophistiction of attacks
d delays inpatching hard work software products
A
In a general sense “security” is _____________________.
a protection from only direct actions
b using reverse attack vectors (RAV) for protection
c only available on hardened computers and systems
d the necessary steps to prtect a person or property from harm
D
_____________ ensures that only authorized parties can view the information
a confidentiality
b availability
c integrity
d authorization
A
Each of the following is a successive layer in which information security is achieved except _______________.
a products
b purposes
c procedures
d people
B
By definition a(n) ___________ is a persion or thing that has teh power to carry out a threat
a vulnerability
b exploit
c threat agent
d risk
C
_____________ ensures that the individual is who they claim to be.
a authentication
b accounting
c access control
d certification
A
Each of the following is a goal of information security except ____________.
a foil cyberterrorism
b avoid legal consequences
c decrease user productivity
d prevent data theft
c
The ____________ requires that enterprises nust guard protected health information and implement policies and procedures to safeguard it.
a HPIAA
b sarbanes-oxley
c Gramm-Leach-Biley act
d HIPAA
D
Utility companies, telecommunications, and financial services are considered prime targets of ___________ because attackers can significantly disrupt business and personal activities by destroying a feww targets.
a white hat hackers
b script kiddies
c computer spies
d cyberterrorists
D
After an attacker probed a network for information the next step is to _________________.
a penetrate any defenses
b paralyze networks and devices
c circulate to other systems
d modify security settings
A
An organization that purchased security products from different vendors is demonstrating which security principle
a obscurity
b diversity
c limiting
d layering
B
Each of the following can be classified as an “insider” except _____________.
a business partners
b contractors
c cybercriminals
d employees
C
__________ are a network of attackers, identity thieves, and financial fraudsters
a script kiddies
b hackers
c cybercriminals
d spies
C
Each of the following is a characteristic of cybercriminals except ____________.
a better funded
b less risk-averse
c low motivation
d more tenacious
C
Each of the following is a characteristic of cybercrime excep
a targeted attacks against financial networks
b exclusive use of worms and viruses
c unauthorized access to information
d theft of personal information
B
An example of a(n) ____________ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password.
a threat agent
b threat
c vulnerability
d asset exploit (AE)
C
____________ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper containing personally identifiable financial information
a California Savings and Loan security Act
b Gramm-Leach-biley act
c USA Patriot Act
d Sarbanes-Oxley act
B
The term ___________ is sometimes used to identify anyone who illegally breaks into a computer system.
a hacker
b cyberterrorist
c Internet exploiter
d cyberrogue
A
An example of ___________ is not revealing the type of computer, operating system, software, and network connection a computer uses.
a obscurity
b limiting
c diversity
d layering
A
The ___________ is primarily responsible for assessment, management, and implementing of security. a.security manager
b. security administrator
c Chief Information security Officer
d. security technician
C
A(n) ________ requires a user to transport it from one computer to another
a worm
b rootkit
c virus
d trojan
c
Each of the following is an action that a virus can take except ___________.
a transport itself through the network to another device
b cause a computer to crash
c erase files from a hard drive
d make multiple copies of itself and consumed all of th free spacein a hard drive
a
Each of the following is a different type of computer virus except __________
a program virus
b macro virus
c remote virus
d boot virus
C
Li downloads a program that prints out coupons but in the background it silently collects her passwords. Li has actually downloaded a(n) _____________________
a virus
b worm
c trojan
d logic bomb
C
A(n) ________ requires a user to transport it from one computer to another
a worm
b rootkit
c virus
d trojan
c
A(n) ________ requires a user to transport it from one computer to another
a worm
b rootkit
c virus
d trojan
c
To completely remove a rootkit from a computer you should ____________
a flash the RoM BIOS
b erase all reinstall all files in th windows folder.
c expand th master boot record
d reformat the hard drive an reinstall th operating system.
D
Each of the following is an action that a virus can take except ___________.
a transport itself through the network to another device
b cause a computer to crash
c erase files from a hard drive
d make multiple copies of itself and consumed all of th free spacein a hard drive
a
Each of the following is a different type of computer virus except __________
a program virus
b macro virus
c remote virus
d boot virus
C
Each of the following is an action that a virus can take except ___________.
a transport itself through the network to another device
b cause a computer to crash
c erase files from a hard drive
d make multiple copies of itself and consumed all of th free spacein a hard drive
a
Each of the following could be a logic bomb except _____________.
a Erase all data if John smith's name is removed from the list of employees
b reformat the hard drive three months after susan jones left the company
c send spam e-mail to all users
d if the company's stock price drops below ten dollars, then credit jeff brown with ten additional years of retirement credit.
C
Li downloads a program that prints out coupons but in the background it silently collects her passwords. Li has actually downloaded a(n) _____________________
a virus
b worm
c trojan
d logic bomb
C
Each of the following is a different type of computer virus except __________
a program virus
b macro virus
c remote virus
d boot virus
C
__________ is an image spam that is divided into multiple images and each piece of the message is divided and then layered to create a complete and legible message.
a Word splitting
b geometric variance
c GIF layering
d split painting
C
To completely remove a rootkit from a computer you should ____________
a flash the RoM BIOS
b erase all reinstall all files in th windows folder.
c expand th master boot record
d reformat the hard drive an reinstall th operating system.
D
Li downloads a program that prints out coupons but in the background it silently collects her passwords. Li has actually downloaded a(n) _____________________
a virus
b worm
c trojan
d logic bomb
C
________ is a general term used for describing software that gathers information without the user’s consent.
a Adware
b Scrapeware
c pullware
d spyware
D
Each of the following could be a logic bomb except _____________.
a Erase all data if John smith's name is removed from the list of employees
b reformat the hard drive three months after susan jones left the company
c send spam e-mail to all users
d if the company's stock price drops below ten dollars, then credit jeff brown with ten additional years of retirement credit.
C
To completely remove a rootkit from a computer you should ____________
a flash the RoM BIOS
b erase all reinstall all files in th windows folder.
c expand th master boot record
d reformat the hard drive an reinstall th operating system.
D
Each of the following is true regarding a keylogger except _____________
a Hardware keyloggers are installed between the keyboard connector and the computer keyboard or usb port.
b software keyloggers are easy to detect
c keyloggers can be used to captur paswords, credit card numbers or personal information
d software keyloggers can be designed to automatically send captured information back to the attacker through the internet
B
The preferred method today of bot herders for command and control of zombies is to use __________.
a IRC
b e-mail
c Hypertext Transport Protocol HTTP
d spam
C
__________ is an image spam that is divided into multiple images and each piece of the message is divided and then layered to create a complete and legible message.
a Word splitting
b geometric variance
c GIF layering
d split painting
C
Each of the following could be a logic bomb except _____________.
a Erase all data if John smith's name is removed from the list of employees
b reformat the hard drive three months after susan jones left the company
c send spam e-mail to all users
d if the company's stock price drops below ten dollars, then credit jeff brown with ten additional years of retirement credit.
C
__________ is an image spam that is divided into multiple images and each piece of the message is divided and then layered to create a complete and legible message.
a Word splitting
b geometric variance
c GIF layering
d split painting
C
________ is a general term used for describing software that gathers information without the user’s consent.
a Adware
b Scrapeware
c pullware
d spyware
D
________ is a general term used for describing software that gathers information without the user’s consent.
a Adware
b Scrapeware
c pullware
d spyware
D
Each of the following is true regarding a keylogger except _____________
a Hardware keyloggers are installed between the keyboard connector and the computer keyboard or usb port.
b software keyloggers are easy to detect
c keyloggers can be used to captur paswords, credit card numbers or personal information
d software keyloggers can be designed to automatically send captured information back to the attacker through the internet
B
Each of the following is true regarding a keylogger except _____________
a Hardware keyloggers are installed between the keyboard connector and the computer keyboard or usb port.
b software keyloggers are easy to detect
c keyloggers can be used to captur paswords, credit card numbers or personal information
d software keyloggers can be designed to automatically send captured information back to the attacker through the internet
B
The preferred method today of bot herders for command and control of zombies is to use __________.
a IRC
b e-mail
c Hypertext Transport Protocol HTTP
d spam
C
The preferred method today of bot herders for command and control of zombies is to use __________.
a IRC
b e-mail
c Hypertext Transport Protocol HTTP
d spam
C
Which of the following is a social engineering technique that uses flattery on a victim?
a conformity
b friendliness
b fear
d ingratiation
D
__________ sends phishing messages only to wealthy individuals.
a spear phishsing
b target phishing
c microing
d whaling
D
________ is unsolicited instant messaging
a spam
b vishing
c SMS Phishing
d Spim
D
Erin pretends to be a manager from another city and calls Nick to trick him into giving to her his password. What social engineering attack has Erin performed
a Aliasing
b Luring
C Impersonation
D Duplicity
C
How can an attacker use a hoax?
a a hoax could convice a user that a bad trojan is circulating and that he should change his security settings
b by sending out a hoax an attacker cn convince a user to read hs email more often
c a user who recieves multile hoaxes could contact his supervisor for help
d hoaxes are not used by attackers today.
A
Which of the following is not an item that could be retrieved through dumpster diving that would provide useful information?
a calendars
b memos
c organizational charts
d books
D
________ is following an authorized person through a secure door
a tagging
b tailgating
c social engineering following
d backpacking
B
Each of the following is the reason why adware is scorned except ____________
a it displays the attackers programming skills
b it displays objectionable content
c it cn cause a computer to crash or slow down
d it can interfere with a user's productivity
A
An attacker who controls multiple zombies in a botnet is known as a(n) ___________.
a Zombie shepherd
b rouge irc
c bot herder
d cyber robot
C
Observing from a distance a user who enters a keypad code is known as ___________.
a shoulder surfing
b piggybacking
c spoofing
d watching
A
Why can traditional networking security devices NOT be used to block Web application attacks?
a Traditional network securit devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
b web application attacks use web browsers that cannot be controlled on a local computer.
c network security devices cannot prevent attacks from web resources
d the complex nature of tCP/IP allows for too many ping sweeps to be blocked.
A
Attackers use buffer overflows to ___________.
a corrupt the kernel so the computer cannot reboot
b pointo to another area in data memeory that contains the attacker's malware code.
c place a virus into the kernel.
d erase buffer overlfow signature files.
B
What is unique about a cross site scripting (XSS) attack compared to other injection attacks?
a SQL code is used in an XSS attack
b XSS requires the use of a browser
c XSS does not attack the web application server to steal or corrupt its information.
d XSS attacks are rarely used anymore compared to other injection attacks
C
Each of the following can be used in an XSS attack except ______________.
a HTML
b Javascript
c Adobe flash
d. ICMP
D
A cookie that was not created by the Web site being viewed is called a ____________
a first party cookie
b second party cookie
c third party cookie
d fourth party cookie
C
The basis of a SQL injection attack is ___________________
a to inject sQL statements through unfiltered user input
b to have the sQL server attack client web browsers
c to link sql servers in a botnet
d to expose sql code so that it can be examined.
A
Which of the following cannot be performed through a successful SQL injection attack?
a display alist of customer telepone numbers
b discover the names of different fields in a table
c erase a database table
d reformat the web application server's hard drive
D
A markup language that is designed to carry data is _______________.
a ICMP
b HTTP
d HTML
d XML
D
When an attacker can access files in directories other than the root directory this is known as a(n) _____________ attack
a command injection
b directory traversal
c sql injection
d xml injection
B
A(n) ___________ attack modifies the fields that contain the different characteristics of the data that is being transmitted.
a HtML packet
b SQL injection
C xml manipulation
d HTTP header
D
Which of the following cookies only lasts for the duration of visiting the Web site?
a session
b persistent
c temporary
d RAM
A
What is a session token?
a a random string assigned by a web server
b the same as a third party cookie
c a unique identifier that includes the user's email address
d xml code used in an xml injection attack
A
Which of the following is not a security concern of the ActiveX add-on?
a the person who signed the control may not have properly assesed the control's safety
b a malicious activx control can affect all users of that computer
c activex can be integrated with javascript
d activex does not have sfeguards and has full access to the windows operating system
C
Which of the following is not a DoS attack
a ping flood
b syn flood
c push flood
d smurf
C
What type of attack intercepts legitimate communication and forges a fictitious response to the sender?
a man in the middle
b interceptor
c sql intrusion
d sids
A
A replay attack ______________.
a makes a copy of the transmission for use at a later time
b replays the attack over and over to flood the server.
c can be prevented by patching the web browser
d is considered to be a type of DoS attack
A
__________ is used to discover the MAC address of a client based on its IP address
a ping
b ICMP
c DNS
d ARP
D
DNS poisoning ____________.
a is rarely found today due to the use of host tables
b can attack an external DNS server.
c is the same as ARP poisoning
D floods a dNS server with requests until it can no longer respond
B
___________ involves using a third party to gain access rights.
a transitive access
b privilege escalatin
b active rights scaling
d directory traversal
A
A ___________ is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm
a penetration test
b vulnerability scan
c vulnerability assesment
d risk appraisal
C
Each of the following can be classified as an aset except
a business partners
b buildings
c employee databases
d accounts payable
D
Each of the following is a step in risk management except ____________.
a attack assessment
b vulnerability appraisal
c threat evaluation
d risk mitigation
A
Which of the following is true regarding vulnerability appraisal?
a vulnerability appraisal is always the easiest and quickest step
b every asset must be viewed in light of each theat
c each threat could reveal multiple vulnerabilities
d each vulnerability should be cataloged
A
A threat agent __________.
a is limited to attacks using viruses and worms
b does not include natural disasters
c is something that cannot be determiend in advance
d is a person or entity with the power to carry out a threat against an aset
D
_________ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what typees of attacks may occur
a vulnerability prototyping
b risk assessment
c attack assessment
d threat modeling
d
What is a current snapshot of the security of an organization?
a vulnerability appraisal
b risk evaluation
c threat mitigation
d liability reporting
A
The _______ is the proportion of an asset’s value that is likely to be destroyed by a particula risk
a Exposure factor (EF)
b Single Loss expectancy (SLE)
b Annualized rate of occurence (ARO)
c Annualized loss expectancey (ALE)
A
Which of the following is NOT an option for dealing with risk
a eliminate the risk
b accept the risk
c diminish the risk
d transfer the risk
A
_________ is a comparison of the present security state of a system compared to a standard established by the organization
a risk mitigation
b baseline reporting
c comparitive resource apprasial
d horizontal comparables
B
Each of the following is a state of a port that can be returned by a port scanner except ____________
a open
b busy
c blocked
d closed
B
Each of the following is true regarding TCP SYN port scanning except ___________.
a.it used FIN messages that can pass through firewalls and avoid detection
b instead of using the operating system’s network functions, the port scanner generates IP packets itself and monitors for responses
c.the scanner hosst closes the connection before the handshake is completed
d.this scan type is also known as “half-open scanning” because it never actually opens a full TCP connection
A
The protocol File Transfer Protocol (FTP) uses which two ports?
a 19 and 20
b 20 and 21
c 21 and 22
d 22 and 23
B
A protocol analyzer places the computer’s network interface card (NIC) adapter into _____ mode
a promisicuous
b full
c view
d real
A
Each of the following is a function of a vulnerability scanner except _______________.
a detect which ports are served and which ports are browsed for each individual system
b alert users when a new patch cannot be found
c maintain a log of all interactive network sessions
d detect when an application is compromised
B
Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)?
a it only functions on linux based computers
it attempts to standardize vulnerability assessments
c it has been replaced by xml.
d it is a european standard and is not used in the Americas
B
Which of the following is not true regarding a honeypot?
a it is typically located in an area with limited security
b it contains real data files because attackers can easily identify fake files
c it cannot be a part of a honeynet
d it can direct an attacker's attention away from legitimate servers
C
Which of the following is true of vulnerability scanning?
a it uses automated software to scan for vulnerabilities
b the testersare always outside of the security perimeter.
c it may disrupt the oepration fo the network or systems
d it produces a short report of the attack methods and value of the exploited data
a
If a tester is given the IP addresses, network diagrams, and source code of customer applications, then she is using which technique
a black box
b white box
c gray box
d blue box
B
If a software application aborts and leaves the program open, which control structure is it using
a fail safe
b fail secure
c fail open
d fail right
c
The residential lock most often used for keeping out intruders is the ______________.
a privacy lock
b passage lock
c keyed entry lock
dl encrypted key lock
C
A lock that extends a solid metal bar into the door frame for extra security is the _____________.
a deadnan's lock
b full bar lock
c deadbolt lock
d triple bar lock
C
Which of the following cannot be used along with fencing as a security perimeter?
a vapor barrier
b rotating spikes
c roller barrier
d anti climb paint
A
A __________ can be used to secure a mobile device
a cable lock
b mobile chain
c security tab
d mobile connector
A
Which of the following is not used to secure a desktop computer?
a data encryption
b screen locking
c remote wipe/sanitation
d strong passwords
C
Which is the first step in securing an operating system?
a implement patch management
b configure operating system security and settings
c perform host software baselining
d develop the security policy
D
A typical configuration baseline would include each of the following except __________
a changing any default settings that are insecure
b eliminating any unnecessary software
c enablling operating system security features
d performing a security risk assessment
d
Which of the following is NOT a Microsoft Windows setting that can be configured through a security template?
a account policies
b user rights
c keyboard mapping
d system services
c
_____________ allows for a single configuration to be set and then deployed to many or all users
a group policy
b active directory
c snap in replication
d command configuration
A
A ___________ addresses a specific customer situation and often may not be distributed outside that customer’s organization
a rollup
b service pack
c patch
d hotfix
D
Which of the following is NOT an advantage to an automated patch update service?
a administrators can approve or decline updates for client systems force updates to install by a specific date and obtain reports on what updates each computer needs
b downloading patches from a local server instead of using the vendor's online update service can seve bandwidth time because each computer does not have to connect to an external server.
C Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
d specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.
C
Each of the following is a type of matching used by anti-virus software except ____________
a string scanning
b wildcard scanning
c match scanning
d mismatch scanning
C
How does heuristic detection detect a virus?
a a virtualized environment is created and the code is executed in it.
b a string of byes from the virus is compared against the suspec file.
c the bytes of a virus are placed in different "piles" and then used to create a profile
d the virus signature file is placed in a suspended chamber before steaming to the CPU.
A
A cross-site request forgery (XSRF) ______________.
a is used to inherit the identity and priveleges of the victim
b is identical to cross site scripting
c cannot be blocked
d can only be used with a web based email client
A
Which of the following is a list of approved e-mail sender?
a whitelist
b blacklist
c greylist
d greenlist
A
A(n) ____________ can provide details regarding requests for specific files on a system.
a audit log
b access log
c report log
d file log
B
Errors that occur while an application is running are called ____________.
a exceptions
b faults
c liabilities
d conventions
A
Which is the preferred means of trapping user input for errors?
a input validation
b on trap input
c escaping
d fuzz testing
C
Each of the following is true about data loss prevention (DLP) except _________________.
a it can only protect data in use
b it can scan data on a DVD
c it can read inside compressed files
d a policy violation can generate a report of block the data.
A
provides services for user applications
application layer
top layer, provides the user interface to allow network services
application layer
osi layer used for translation, compression and encryption
presentation layer
layer concerned with how data is represented and formated for the user
presentation layer
layer has the responsibility of permitting the two parties on the network to hold ongling communications across the network
session layer
this layer allows devices to establish and manage sessions
session layer
this layer is responsible for ensuring that error free data is given to the user
transport layer
this layer provides connection establishment, management and terminationas well as acknoledgments and retransmissions
transport layer
this layer picks the route the packet is to take and handles the addressing of the packets for delivery
network layer
this layer makes logical addressing, routing, fragmentation and reassembly available
network layer
this layer divides data into packets, also error detection and correction
data link layer
performs physical addressing, data framing, error detection and handling
data link layer
this layer sends the signal to network or recieves the signal from the network
physical layer
Insoluble compounds that resist decolorization with ether-acetone are noted on microscopic evaluation of a control section stained with the Brown-Hopps stain. The presence of these compounds is probably due to:
sections being allowed to dry during staining(page 189 Note#4)
which layer of the osi do hubs work at
layer 1
this device does not read any of the data passing through it and is ignorant of the source destination of the frames
hub
which layer of the osi do switches work at
layer 2
a______can learn which device is connected to each of its ports, and forward only frames intended for that specific device of frames sent to all devices
switch
a managed switch on an ethernet network that supports __________allows the administrator to configure the switch to redirect traffic that occurs on some or all of the ports.
port mirroring
tap stands for
test access point
a second method for monitoring traffic is to install a _______ ______which is a seperate device that can be installed between two network devices
network tap
an attacker can overflow the switch's address table with fake MAC addresses
MAC flooding
if two devices have the same MAC address, a switch may send frames to each device, an attacker can change the MAC address on their device to match the target device's MAC address
MAC address impersonation
an attacker connects his device to the switch's mirror port
port mirroring
what layer do routers work at
network layer (layer 3)
a hardware load balancer is sometimes called a
layer 4-7 router
Where are hardware firewalls usually located
outside the network security perimeter.
what are the actions a firewall can take
allow, block, prompt
a __________firewall uses a set of individual instructions to control the actions
rule based
a__________firewall allows the administrator to create sets of related parameters that together define one aspect of the devices operation
settings based
a_________is a special type of firewalll that looks more deeply into packets that carry HTTP traffic
web application firewall
a_______is a computer of application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user
proxy server
a________routes incoming requests to the correct server
reverse proxy
a _________uses an unsecured public network, such as the internet, as if it were a secure private networkd
VPN
the end of a tunnel between VPN devices
endpoint
aggregates hundreds or thousands of VPN connections
VPN concentrator
a_______can block malicious content in "real time" as it appears.
web security gateway
____________monitoring is designed for detecting statistical anomolies
anomaly-based
_________monitoring __________monitoring examines network traffic, activity, transactions or behavior and looks for well known patterns
signature based
___________monitoring uses the normal processes and actions as the standard
behavior based
___________monitoring uses an algorithm to determine if a threat exists
heuristic
__________examines the current state of a system or network device before it is allowed to connect to the network
network access control (NAC)
a VLAN allows devices to be grouped
a based on subnets
b logically
c directly to hubs
d only around core switches
B
which of the following is not an attack against a switch?
a MAC flooding
b ARP address impersonation
c ARP poisoning
d MAC address impersonation
B
which is the preferred location for a spam filter?
a install the spam filter with the SMTP server.
b install the spam filter on the POP3 server
c install the spam filter on the proxy server
d install the spam filter on the locl host client
A
each of the following can be used to hide information about the internal network except
a a protocol analyzer
b a proxy server
c network address translation
d subnetting
A
if a device is determined to have an out of date virus signature file, then Network Access Control can redirect that device to a network by_____
a a trojan horse
b TCP/IP hijacking
c ARP poisoning
d DHCP man in the middle
C
a firewall using _______is the most secure type of firewall
a stateful packet filtering
b network intrusion detection system replay
c stateless packet filtering
d reverse proxy analysis
A