Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
201 Cards in this Set
- Front
- Back
Users prove their identity by a process called _____.
|
authentication
|
|
The wireless network protocol, ___.___, operates in the 5 GHz spectrum and supports data rates of up to 54 Mbps.
|
802.11a
|
|
An attacker uses a _____ to intercept packets in a wireless network.
|
sniffer
|
|
_ _ _ _ is an authentication function provided by the 802.11b protocol.
|
SSID
|
|
IM programs attached to an internal IM server offer better _____.
|
security
|
|
24 bits of the overall WEP key length are for the _____ vector.
|
initialization
|
|
The 802.11 protocol uses _ _ _ to ensure both authentication and confidentiality.
|
Wired Equivalent Privacy (WEP)
|
|
The encryption protocol _ _ _ will be used by the 802.11i standard.
|
Advanced Encryption Standard (AES)
|
|
The chosen _____ attack works on the principle of predictable initialization vectors.
|
plaintext
|
|
____ is the security protocol for the WAP network.
|
Wireless Transport Layer Security (WTLS)
|
|
Confidentiality is best ensured through the use of _____.
|
encryption
|
|
_ _ _ is used to implement integrity in the WTLS protocol.
|
Message Authentication Code (MAC)
|
|
______ is accomplished by using digital certificates and tokens.
|
Authentication
|
|
The WTLS vulnerability ___ ___ involves confidentiality of information where two networks meet.
|
WAP GAP
|
|
___.___ uses the 2.4 GHz band for a greater range and the OFDM transmission method to achieve the 54 Mbps data rate.
|
802.11g
|
|
_____ is a widely used reception-based program that can listen to beacon frames emitted by other wireless devices.
|
Netstumbler
|
|
The _ _ _ - _ _ _ protocol is designed to work only with Microsoft’s Active Directory and Certificate Services.
|
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
|
|
The protocol ____ generates per-user per-session WEP keys.
|
The Lightweight Extensible Authentication Protocol (LEAP)
|
|
LEAP operates only on _____ equipment.
|
CISCO
|
|
_ _ _ uses a private-band, point-to-multipoint signal to deliver packet data to wireless devices.
|
Wireless Application Protocol (WAP)
|
|
To avoid broadcasting data over the airwaves, a lightweight encryption protocol called ____ was developed.
|
Wireless Transport Layer Security (WTLS)
|
|
The _____ principle ensures that only the sender and the intended receiver can read the packets.
|
confidentiality
|
|
Data plaintext is encrypted and sent over the airwaves as _____.
|
ciphertext
|
|
WTLS uses a modified version of the TLS protocol, formerly known as ___.
|
Secure Sockets Layer (SSL)
|
|
WTLS ensures integrity through the use of message _____ codes.
|
authentication
|
|
The security protocol for the WAP network is ____.
|
Wireless Transport Layer Security (WTLS)
|
|
The 802.11a protocol operates in the _ GHz spectrum.
|
5
|
|
The 802.11g protocol uses the _____ frequency division multiplexing transmission method.
|
orthogonal
|
|
The purpose of a _____ frame is to announce the presence and capabilities of the wireless network.
|
beacon
|
|
__ is short for initialization vector.
|
IV
|
|
Unlike other authentication methods such as PPPoE, the ___.__ standard does not use encapsulation.
|
802.1x
|
|
The ___.___ standard supports a longer WEP key, but this does not solve the problems with WEP.
|
802.11g
|
|
Programs that allow real time chatting are called _____ _____ programs.
|
instant messaging
|
|
The transmission of packetized data by means of a physical topology not using direct physical links is known as _____ networking.
|
wireless
|
|
The main security problem facing wireless devices is that there is no control over the _____ layer of the traffic.
|
physical
|
|
_____ keys issued by a trusted third party source are used to perform the security function of authentication.
|
Cryptographic
|
|
The algorithm used to encrypt the session and the method of key exchange is decided during the WTLS _____.
|
handshake
|
|
From the security perspective, the beacon frame is damaging because it contains the ____.
|
Service Set identifier (SSID)
|
|
____ supports the MD5 and SHA MAC algorithms.
|
Wireless Transport Layer Security (WTLS)
|
|
____ is based on the Transport Layer Security protocol designed for Internet-based computers.
|
Wireless Transport Layer Security (WTLS)
|
|
In an IDS, the component that consists of a collection of patterns and definitions of known suspicious or malicious activity is called a _____ database.
|
signature
|
|
In a network-based IDS, the traffic collector acts as a _____.
|
sniffer
|
|
The logical IDS component that is referred to as the “brains” of the IDS is the _____ engine.
|
analysis
|
|
The user interface and reporting component in an IDS enables interaction with the _____ element.
|
human
|
|
In an IDS, the analysis engine examines and compares the collected network traffic to known _____ of suspicious or malicious activity.
|
patterns
|
|
In a network-based IDS, the _____ database is a part of the sensor entity.
|
signature
|
|
Example of an activity pattern that matches a context-based signature pattern is: potential intruders _____ for open Web servers on a specific network.
|
scan
|
|
Example of a _____-based signature: matching the characters “/etc/passwd” in a telnet session.
|
content
|
|
One disadvantage of a network IDS: it is _____ when traffic is encrypted.
|
ineffective
|
|
A _____ is an artificial environment that involves containing and observing an attacker without risking real systems.
|
honeypot
|
|
A _____ negative is the term that indicates a hostile activity that does not match an IDS signature and, therefore, goes undetected.
|
false
|
|
An IDS analysis engine uses a _____ tree.
|
decision
|
|
The first commercial intrusion detection system (IDS) that was introduced in 1989 was known as _____.
|
Stalker
|
|
The first commercial _____-based IDS was known as NetRanger.
|
network
|
|
In an ___, the analysis engine component examines the collected network traffic and compares it to known patterns of suspicious or malicious activity.
|
intrusion detection system (IDS)
|
|
An IDS that examines log files, audit trails, or traffic that enter or exit a specific host is known as a _____ based IDS.
|
host
|
|
DS vendors build a decision tree into their _____ engines to accelerate the pattern matching activity.
|
analysis
|
|
A _____ IDS generates an alarm after it examines and analyzes the activity on a host system, but it does not interact with that activity.
|
passive
|
|
In network-based IDSs, the traffic _____ component is designed to extract traffic from the network.
|
collector
|
|
The traffic collection, analysis engine, and signature database components collectively form a single entity called “_____.”
|
sensor
|
|
A reconnaissance activity that enables an attacker to obtain system information is known as a _____ scan.
|
port
|
|
The set of patterns that the IDS uses to identify suspicious or malicious activity is known as a _____.
|
signature
|
|
An undetected hostile activity that does not match an IDS signature is known as a false _____.
|
negative
|
|
IDSs use the anomaly and misuse detection models to examine the _____ of host or network systems.
|
behavior
|
|
IDSs use the _____ detection model to inspect policy violation activities, and then react by generating an alarm.
|
misuse
|
|
A honeypot or honeynet artificial environment is also referred to as a _____ _____.
|
digital sandbox
|
|
An operating system crashes when a large ICMP echo request packet is sent to it, causing a(n) _____ __ _____ attack.
|
ping of death
|
|
Systems designed to identify malicious activity and stop it from having any impact on the network and information systems are called _____ IDSs.
|
preventative
|
|
An IDS activity that matches a pattern and generates an alarm for benign traffic is known as a false _____.
|
positive
|
|
A traditional IDS is limited by its _____ set and can match only those activities for which it has stored patterns.
|
signature
|
|
Hostile actions such as port scans or sweeps can be detected by a _____ IDS.
|
network
|
|
The two main signature groups are _____-based and _____-based signatures.
|
content/context
|
|
An open-source scanner that allows security administrators to examine vulnerable systems is _____.
|
Nessus
|
|
_____ makes data appear as if it came from a trusted source.
|
Spoofing
|
|
In a _____ attack, the attacker sends a spoofed packet to the broadcast address for a network.
|
Smurf
|
|
In a ___-__-___-______ attack, the attacker ensures that all communication going to or from the target host passes through the attacker’s host.
|
Man-in-the-middle
|
|
In a _____ attack, the attacker captures a portion of the communication between two parties, and transmits it at a later time.
|
Replay
|
|
_____ transforms plaintext into an unreadable form.
|
Encryption
|
|
A _____ exploitation attack takes advantage of bugs or weaknesses in software.
|
software
|
|
_____ describes an attacker’s attempts to discover unprotected modem connections to computer systems and networks.
|
Wardialing
|
|
In a _____ _____ attack, the attacker tricks an authorized user to divulge information.
|
social engineering
|
|
A _____ _____ virus infects the portion of the floppy or hard drive that loads the operating system.
|
boot sector
|
|
A _____ virus is a piece of malicious code that attaches itself to a document file.
|
macro
|
|
A _____ bomb is a piece of malicious code that executes at a specific date or time.
|
time
|
|
A _____ bomb is a piece of malicious code executes if the trigger is an event such as not finding a specific name in the personnel file.
|
logic
|
|
A _____ is a standalone piece of malicious code that penetrates networks and computer systems.
|
worm
|
|
_____-_____ is a piece of malicious code used to exploit a buffer overflow in Microsoft’s IIS Web servers.
|
Code-Red
|
|
_____ is a piece of malicious code used to exploit a buffer overflow in computers running Microsoft’s SQL Server.
|
Slammer
|
|
A segment of code sent from another host that is executed on the system is known as a _____ code.
|
mobile
|
|
A ___ attack aims at denying authorized users access to a computer system or network.
|
Denial-of-Service (DOS)
|
|
___ flooding is a type of attack that uses the TCP three-way handshake.
|
SYN
|
|
The Ping-of-death is an attack in which the attacker sends an ICMP packet larger than ____.
|
64KB
|
|
A _____ is a software or hardware device that is used by network administrators to monitor network performance.
|
sniffer
|
|
When a system receives a SYN packet, it responds with an SYN/ACK if it is able to _____ the request.
|
accept
|
|
In a _____-__-_____ attack, the attacker sends a ping packet exceeding 64 KB to the target system.
|
ping-of-death
|
|
When a packet is sent from one system to another in which the source IP address is modified to appear as if the packet originated from a different system, it is known as __ spoofing.
|
IP
|
|
The normal system response to an echo request is the echo _____.
|
reply
|
|
When an initial system receives the SYN/ACK packet from another system, it responds with an ___ packet.
|
ACK
|
|
A Denial-of-Service attack that employs multiple attacking systems is known as a _____ attack.
|
Distributed denial-of-service (DDoS)
|
|
In public key encryption, the public key is used to ______ the message.
|
encrypt
|
|
In public key encryption, the private key is used to _____ the message.
|
decrypt
|
|
In cryptographic algorithms, keys that can be easily decrypted are known as _____ keys.
|
weak
|
|
In a _____ _____ attack, a password-cracking program tries all possible password combinations.
|
brute force
|
|
The _____ paradox states that in a group of 23 people, the chance that at least two individuals share the same birthday is greater than 50 percent.
|
birthday
|
|
Attackers install a special program on a system called a _____ to ensure continued access to a system.
|
trapdoor
|
|
The process of taking control of an already existing session between a client and a server is called _____ hijacking.
|
session
|
|
A _____ virus attaches itself to an executable file.
|
program
|
|
A _____ virus avoids detection by antivirus programs using a variety of techniques.
|
stealthy
|
|
A segment of code sent from one host to be executed on another is called _____ code.
|
mobile
|
|
Organizations conduct _____ tests to discover any holes that exist in their security.
|
penetration
|
|
A virus is a piece of malicious code that replicates by attaching itself to other pieces of _____ code.
|
executable
|
|
A boot sector virus infects the portion of the hard drive, which loads the _____ system.
|
operating
|
|
A _____ virus avoids detection by modifying itself to change its signature.
|
polymorphic
|
|
Competent is a standard for _____.
|
evidence
|
|
Evidence that is material to the case and has a bearing on the matter at hand is said to be _____.
|
relevant
|
|
Associative or physical evidence is also called _____ evidence.
|
real
|
|
An eyewitness statement qualifies as _____ evidence.
|
direct
|
|
Real evidence is _____ evidence that links a suspect to the scene of a crime
|
physical
|
|
Evidence not gathered from the personal knowledge of the witness falls under the _____ rule.
|
hearsay
|
|
Removing or imaging only one component at a time is the first step of the _____ backup process.
|
image
|
|
The _____ __ ______ accounts for the person(s) who handled or had access to the evidence.
|
chain of custody
|
|
Internet Explorer browsers store _____ in the Temporary Internet Files folder.
|
cookies
|
|
Illegal network traffic sniffing could be a violation of the Electronic Communications Privacy Act (ECPA) under the _____ rule.
|
Exclusionary
|
|
Evidence that is in the form of business records, prints, and manuals describes ______ evidence.
|
documentary
|
|
Computer-generated evidence is considered _____ evidence.
|
hearsay
|
|
Computer _____ involves preservation, documentation, and interpretation of computer data.
|
forensics
|
|
Netscape for Mac stores cookies in the preferences/privacy & security/cookies folder. Internet Explorer stores cookies in the Temporary Internet Files folder.
|
Netscape for Mac stores cookies in the preferences/privacy & security/cookies folder. Internet Explorer stores cookies in the Temporary Internet Files folder.
|
|
When conducting an investigation, the original system should _____ be analyzed; always use a copy of the original.
|
never
|
|
Evidence should be stored in a room that has _____ logging capabilities and camera monitoring.
|
entry
|
|
Oral testimony that proves a specific fact is considered _____ evidence.
|
direct
|
|
Any evidence collected through illegal search and seizure is considered to be a violation of the ______ rule.
|
Exclusionary
|
|
Tangible objects that prove or disprove a fact constitute _____ evidence.
|
real
|
|
A model, chart or other aid is considered _____ evidence.
|
demonstrative
|
|
The _____ backup process involves removing or imaging all the components one at a time
|
image
|
|
Space left over in an allocated sector even after data is stored in it is known as _____ space.
|
slack
|
|
Investigating computer systems that have been remotely attacked is referred to as _____ response.
|
incident
|
|
The documents, verbal statements, and material objects admissible in a court of law constitute _____.
|
evidence
|
|
Evidence in the form of business records, print, or manuals constitutes _____ evidence.
|
documentary
|
|
According to the _____ evidence rule, courts prefer original evidence rather than a copy to ensure no modification of evidence has occurred.
|
best
|
|
The evidence that is used to aid the jury and prove that an event occurred is _____ evidence.
|
demonstrative
|
|
Any evidence collected in violation of the Fourth Amendment of the U.S. Constitution is _____ acceptable under the exclusionary rule.
|
NOT
|
|
When a user deletes a file, a _____ in the file allocation table is deleted.
|
pointer
|
|
The space in a sector composed of the fragment of a deleted file is referred to as _____ space.
|
free
|
|
When a file is saved onto a storage media, such as a hard drive, the operating system allocates space in blocks of a predefined size, called _____.
|
sectors
|
|
Space left over in an allocated sector is called _____ space.
|
slack
|
|
A _____ algorithm applies mathematical operations to a data stream to calculate a unique number.
|
hashing
|
|
Netscape 7.0 for Windows stores cookies in a file called _____.___.
|
cookies.txt
|
|
The application of scientific knowledge to legal problems is known as _____.
|
forensics
|
|
Oral testimony that proves a specific fact is considered _____ evidence.
|
direct
|
|
_____ evidence is also known as associative or physical evidence.
|
Real
|
|
The unused space in a sector available when a file is smaller than the allocated unit of storage is called _____ space.
|
slack
|
|
The most rigorous way to perform forensic analysis on a system is to use a dedicated forensic _____.
|
workstation
|
|
The preservation, identification, documentation, and interpretation of computer data to be used in legal proceedings is called computer _____.
|
forensics
|
|
A message ______ or hashing algorithm is used to show that files used as evidence have not been altered.
|
digest
|
|
Deleting a file removes the pointer and marks the sector holding the file as _____ for the operating system.
|
available
|
|
The E-Sign Law implements a principle, which states that a signature, contract, or any other record _____ be denied legal effect solely on the basis that it is in an electronic form.
|
CANNOT
|
|
The _____ Act permits federal law enforcement personnel to investigate computer trespass and enacts civil penalties for trespassers.
|
Patriot
|
|
Export control rules for encryption technologies fall under the _____ Arrangement.
|
Wassenaar
|
|
Rules governing the export of encryption are found in the ___.
|
Export Administration Regulations (EAR)
|
|
The U.S. encryption _____ control policy is based on license review of certain exports of strong encryption, review of encryption products prior to sale, and streamlined post-export reporting.
|
export
|
|
Software employing a key length greater than __ bits for the symmetric algorithm must be reviewed in accordance with the BIS regulations.
|
64
|
|
Identity privacy and the establishment of identity theft crimes are governed by the _____ _____ and _____ _____ Act.
|
Identity Theft and Assumption Deterrence
|
|
The Fair and Accurate Credit Transactions Act requires merchants to leave the last _____ digits of a credit card number off of store receipts.
|
five
|
|
_____ is an eavesdropping program for the Internet developed by the Justice Department of the USA.
|
Carnivore
|
|
_____ Harbor is a mechanism for self-regulation that can be enforced thorough trade practice law via the Federal Trade Commission.
|
Safe
|
|
____ protects the recording industry from digital piracy.
|
Digital Millennium Copyright Act (DMCA)
|
|
_ _ _ is enacted through a series of rules, governed by state, federal, and securities laws, that cover a wide range of financial institutions.
|
The Gramm-Leach-Bliley Act (GLB)
|
|
_ _ _ _ _ _ was designed to help users fight identity theft though early notification of the loss of control over personal information stored on computer systems.
|
The California Senate Bill 1386 (SB1386)
|
|
The _____-_____ Act was targeted at stemming a series of financial reporting irregularities at the highest levels of corporate leadership.
|
Sarbanes-Oxley
|
|
The _____ Act mandates a uniform level of protection regarding all health information for an individual.
|
Health Insurance Portability & Accountability (HIPPA)
|
|
The Bureau of _____ and _____ extends export controls on commercial encryption products.
|
Industry and Security
|
|
The _____ Act allows the Justice Department of the USA to use the Carnivore program.
|
Patriot
|
|
Safe Harbor is a mechanism for self-regulation that can be enforced through trade practice law via the _ _ _.
|
Federal Trade Commission
(FTC) |
|
The _____ Act extended the tap and trace provisions of existing wiretap statutes to the Internet.
|
Patriot
|
|
The _____ Arrangement is an international agreement on export controls for conventional arms and dual-use goods and technologies.
|
Wassenaar
|
|
The unauthorized entry into a computer system via any means, including remote network connections, is called computer
_____. |
trespass
|
|
The _____-_____ Act was targeted at stemming a series of financial reporting irregularities at the highest level of corporate leadership.
|
Sarbanes-Oxley
|
|
The _ _ _ Act enacted an opt-out method for individuals to maintain some control over the use of the information provided in a business transaction with a member of the financial community.
|
Gramm-Leach-Bliley (GLB)
|
|
The member nations of the _____ Arrangement have agreed to remove key length restrictions on encryption hardware and software that is subject to certain reasonable levels of encryption strength.
|
Wassenaar
|
|
Identity theft is a violation of the U.S. federal law under the _____ _____ and _____ _____ Act.
|
Identity Theft and Assumption Deterrence
|
|
Identity privacy and the establishment of identity theft crimes is governed by the Identity Theft and Assumption Deterrence Act, which makes it a violation of federal law to knowingly use another’s _____.
|
identity
|
|
The majority of the laws and restrictions dealing with the import/export encryption restrictions are centered on the use of _____.
|
cryptography
|
|
The _ _ _ _ _ maintains that it is a violation of the federal law to use another’s identity knowingly.
|
ITADA (Identity Theft and Assumption Deterrence Act)
|
|
Controlling import and export is a vital method of maintaining a level of control over _____ technology.
|
encryption
|
|
Export controls on commercial encryption products are administered by the _ _ _ in the U.S. Department of Commerce.
|
BIS (Bureau of Industry and Security)
|
|
Sections 740.13, 740.17, and 74215 of the ___ are the principal references for the export of encryption items.
|
EAR (Export Administration Regulations)
|
|
The _____ functionality of mass market products cannot be easily changed by users.
|
cryptographic
|
|
Software employing a key length greater than 64 bits for the symmetric algorithm must be reviewed in accordance with the ___ regulations.
|
BIS (Bureau of Industry and Security)
|
|
The _____ Arrangement is an international agreement on export controls for conventional arms and dual-use goods and technologies.
|
Wassenaar
|
|
The lobbying efforts of the _____ Arrangement member nations to implement less restrictive rules are based on e-commerce and privacy arguments.
|
Wassenaar
|
|
The _-_____ Law is the common name for the Electronic Signatures in Global and National Commerce Act.
|
E-Sign
|
|
____ stands for Uniform Electronic Transactions Act
|
UETA
|
|
Canada adopted the _____ _____ _____ Act for electronic signatures to promote e-commerce.
|
Uniform Electronic Commerce
|
|
President Ronald Reagan addressed legal privacy issues by passing the _ _ _ _ in 1986.
|
ECPA
(Electronic Communications Privacy Act) |
|
A common practice with respect to computer access today is the use of a warning _____.
|
banner
|
|
The Utah law, which has been used as a model for several other states, provides for public keys to be available in online databases called _____.
|
repositories
|
|
Identity privacy and the establishment of identity theft crimes are governed by the ITADA (_____ _____ and _____ _____).
|
(Identity Theft and Assumption Deterrence Act)
|
|
Student records have greater protection under the FERPA (_____ _____ _____ and ______ _____) of 1974 than under the ITADA.
|
(Family Education Records and Privacy Act)
|
|
The governments of Europe have developed a comprehensive concept of privacy administered via a set of statues known as _____ protection laws.
|
data
|
|
The unauthorized entry into a computer system via any means, including remote network connections is called _____ trespass.
|
computer
|
|
The _____ on Cybercrime is the first international treaty on crimes committed via the internet and other computer networks.
|
Convention
|