Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
64 Cards in this Set
- Front
- Back
|
Of the following answers, which is BEST described by:- Standardized lookup protocol that allows queries to be made of directories- Is an application protocol for accessing and maintaining distributed directory information services over an IP network- It is based on the X.500 standard- Runs on Port 389 TCP and UDP- Uses port 636 over SSL |
LDAP - Lightweight Directory Access Protocol |
|
|
In regards to testing of Software, which of the following is an advantage in using a bottom-up versus a top-down approach to software testing? |
Errors in critical modules are detected earlier. |
|
|
What is the condition called where users are allowed to enter any information of unlimited amount into a web application? |
Unvalidated Input |
|
|
A security kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy. To be secure, the kernel must meet three basic conditions, what are they? |
Completeness, Isolation, and Verifiability |
|
|
_________ are automated tools that are designed to hide the presence of the attacker by changing valid binaries, hiding within a system, and often time embedding itself within the kernel as a module. |
Rootkit |
|
|
What is the BEST definition of SQL injection? |
SQL injection is an input validation problem. |
|
|
Which of the following answers best describes the types of viruses which completely rewrite themselves as they move from host to host so as to evade antivirus scanners? |
Polymorphic Code |
|
|
The sort of virus that surrounds the host program's code is called which of the following answers? |
Shell Virus |
|
|
Which of the following best describes the type of DOS attack that floods traffic to a high-speed internet backbone router with the source address of the target thus eliciting massive responses to the intended target? |
Reflective DDoS Attack |
|
|
Which web application attack sends unexpected database commands to the application in an attempt to divulge otherwise protected information? |
SQL Injection Attack |
|
|
What might be one of the biggest barriers to detecting buffer overflow attacks as they occur on your network? |
Encryption |
|
|
Suppose you are a network IT Manager for a medium-sized business and as part of an upgrade process you wish to replace the time sheet management suite employees use to log the hours for which they get paid.You want to be sure there are ZERO problems with this rollout by training users, validating the time sheet server software and monitoring the deployment to react to any unforeseen problems.What is this process called? |
Change Management |
|
|
In a Botnet, what is the term used to describe one of the individual computers part of the botnet? |
A Zombie |
|
|
random data is fed into programs or protocols to see if they will crash or fail into a vulnerable state causing a security vulnerability or revealing useful information for hackers? |
Fuzzing |
|
|
Kerberos depends upon what encryption method? |
Secret Key cryptography. |
|
|
Which of the following encryption methods is known to be unbreakable? |
One-time pads. |
|
|
Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ? |
Data or Information Owner |
|
|
PGP uses which of the following to encrypt data? |
A symmetric encryption algorithm |
|
|
The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? |
clipping level |
|
|
In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered: |
Authentication |
|
|
Which of the following would be best suited to oversee the development of an information security policy? |
Security Officers |
|
|
What is the main difference between a Smurf and a Fraggle attack? |
A Smurf attack is ICMP-based and a Fraggle attack is UDP-based. |
|
|
Which of the following is NOT a common database model ? |
NOT Sequential Hierarchical, Relational, Network |
|
|
Why are coaxial cables called "coaxial"? |
it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis |
|
|
Which of the following is NOT a characteristic of a host-based intrusion detection system? |
A HIDS does not consume large amounts of system resources |
|
|
The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram? |
Authentication Header |
|
|
What would BEST define a covert channel? |
A communication channel that allows transfer of information in a manner that violates the system's security policy. |
|
|
What do the ILOVEYOU and Melissa virus attacks have in common? |
They are both masquerading attacks. |
|
|
Which of the following statements pertaining to quantitative risk analysis is FALSE? |
It requires little experience to apply |
|
|
A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed: |
at both ends of the connection. |
|
|
Which of the following statements pertaining to biometrics is false? |
Biometrics are based on the Type 2 authentication mechanism. type 1 is something you know, type 2 is something you have type 3 is something you are Biometrics are based on the Type 3 authentication mechanism. |
|
|
What protocol is used to match an IP address to the appropriate hardware address of the packet's destination so it can be sent? |
Address resolution protocol (ARP) |
|
|
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? |
Key clustering |
|
|
What is the main objective of proper separation of duties? |
To ensure that no single individual can compromise a system |
|
|
What assesses potential loss that could be caused by a disaster? |
The Business Impact Analysis (BIA) |
|
|
Which of the following biometric devices has the lowest user acceptance level? |
Retina Scan |
|
|
When should a post-mortem review meeting be held after an intrusion has been properly taken care of? |
Within the first week of completing the investigation of the intrusion |
|
|
Which of the following ISO/OSI layers performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption? |
Presentation layer |
|
|
What can best be defined as a strongly protected computer serving as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts?` |
Bastion Host |
|
|
Which of the following is a peer entity authentication method for PPP that uses a randomly-generated challenge and requires a matching response that depends on a cryptographic hash of the challenge and a secret key? |
Challenge Handshake Authentication Protocol |
|
|
A Business Impact Analysis is one element in business continuity planning. What are the three primary goals of a BIA? |
Criticality prioritization, downtime estimation, and resource requirements. |
|
|
At which layer of ISO/OSI does the fiber optics work? |
Layer 1 - Physical |
|
|
What is the MOST important step in business continuity planning? |
Business Impact Analysis (BIA) |
|
|
If your network is under attack from an ICMP Flood attack what value of the incoming packets would need to be faked making it nearly impossible to determine from where the attack was originating? |
Source IP Address |
|
|
Which of the following is most appropriate to notify an internal user that session monitoring is being conducted? |
Written agreement |
|
|
Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer? |
LLC and MAC; IEEE 802.2 and 802.3 |
|
|
CobiT was developed from the COSO framework. Which of the choices below best describe the COSO's main objectives and purpose? |
›COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization |
|
|
Which attack would you be seeing if you saw a SYN packet with the source and the destination as the same address? |
LAND attack |
|
|
What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores into an array, the attacker sends a spoofed ICMP ECHO request to each of those addresses in series and starts again. The spoofed IP address used by the attacker as the source of the packets is the target/victim IP address. |
Smurf Attack |
|
|
Which of the following answers BEST describes the process of reporting on unauthorized activities on your database servers? |
DAM - Database Activity Monitoring |
|
|
Which form of password cracking relies on lists of pre-computed password hashes to speed up the time it takes to correctly guess a password? |
Rainbow Tables |
|
|
Which of the following comparisons are used for identification and authentication in a biometric system? |
One-to-many for identification and one-to-one for authentication |
|
|
Which of the following statement correctly describes the difference between black box testing and white box testing? |
lack box testing focuses on functional operative effectiveness where as white box assesses the effectiveness of software program logic |
|
|
Which of the following ACID property in DBMS requires that each transaction is "all or nothing"? |
Atomicity |
|
|
Which layer in the OSI model is responsible for routing and forwarding of network packets? |
Network Layer |
|
|
Which of the following statements INCORRECTLY describes circuit switching technique? |
Packet uses many different dynamic paths to get the same destination Circuit SwitchingCircuit switching is a methodology of implementing a telecommunications network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate. |
|
|
This standard provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. |
ISO/IEC 31000 |
|
|
Clipping Level |
Establishes a baseline for violation activities that may be normal user errors. Only after this baseline is exceeded is a violation record produced. This solution is particularly effective for small- to medium-sized installations. Organizations with large-scale computing facilities often track all violations and use statistical routines to cull out the minor infractions (e.g., forgetting a password or mistyping it several times). |
|
|
Management Controls |
Management controls focus on the management of the IT security system and the management of risk for a system. |
|
|
Network Level hijack |
Network-level hijacks involve deriving HTTP sessions via network sniffing of HTTP packets between victim and server. |
|
|
Application Level Hijacks |
Application-level hijacks by either brute force guessing HTTP session IDs or some other method of determining session IDs. Weak session IDs can be guessed by flooding attempts at the server. |
|
|
Smurf Attack |
The Smurf Attack is a denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address. |
|
|
In which of the following WAN message transmission technique does two network nodes establish a dedicated communications channel through the network before the nodes may communicate? |
Circuit Switching |
|
|
Methodology of implementing a telecommunications network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate. |
Circuit switching |
