Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
287 Cards in this Set
- Front
- Back
The _____ worm carried no malicious payload, but continuously infected individual computer systems until they could no longer run programs.
|
Morris
|
|
_____ _____ used stolen accounts at the University of Southern California to store proprietary software stolen from various companies.
|
Kevin Mitnick
|
|
The _____ virus attached itself to documents which contained programs with a limited macro programming capability.
|
Melissa
|
|
The _____ _____ worm spread via e-mail as VBScript program attachment(s).
|
Love Letter
|
|
The _____-_____ worm infected computer systems by taking advantage of a buffer-overflow condition in Microsoft’s IIS Web servers.
|
Code-Red
|
|
The _____ worm would, after infecting a machine, start randomly selecting targets and send packets to them, attempting infection at a rate of 25,000 per second.
|
Slammer
|
|
Information warfare falls into the category of _____ structured threats.
|
highly
|
|
When an attacker defaces an organization’s Web site with graffiti, the attack can be classified as a(n) _____ _____.
|
unstructured threat
|
|
An attacker often performs a _____ _____ to identify all open ports before attacking a computer system.
|
port scan
|
|
The activities of an attacker who protests against globalization and defaces the web site of a multinational corporation can be termed as a _____ attack.
|
hacktivist
|
|
The _____ virus attached itself to documents which contain programs with a limited macro programming capability.
|
Melissa
|
|
To eliminate the Code-Red worm, the user could simply _____ _____ the infected machine.
|
turn off
|
|
The Code-Red worm took advantage of a buffer-overflow condition in _____ _____ _____ servers.
|
Microsoft’s IIS Web
|
|
A Philippine student named _____ _____ _____ wrote and released the Love Letter Worm that spread via e-mail with the subject line “ILOVEYOU”.
|
Onel de Guzman
|
|
The Melissa virus was attached to _______________ documents, and clogged networks with the traffic it generated.
|
Microsoft Word 97 and Word 2000
|
|
The act of deliberately accessing computer systems and networks without authorization is called _____.
|
hacking
|
|
_____ _____ are programming experts capable of writing scripts to exploit known vulnerabilities.
|
Elite hackers
|
|
Information _____ falls into the highly structured threat category.
|
warfare
|
|
An attacker performs a _____ _____ to determine which machines are reachable.
|
ping sweep
|
|
An attacker may resort to a _____-_____ attack to hack a user’s password.
|
brute-force
|
|
_____ _____ broke into Citibank’s network by dialing into the company’s cash management system.
|
Vladimir Levin
|
|
Shortly after he was dismissed, _____ _____ of Omega Engineering designed a software time bomb that deleted all design and production programs of the company.
|
Timothy Lloyd
|
|
The March 1997 disruption at the Worcester airport that occurred as a series of commands sent by a teenage computer hacker called _____, allowed access to the local telephone company.
|
Jester
|
|
The _____ virus, which clogged networks with the traffic it generated and caused problems for e-mail servers worldwide, was attached to Microsoft Word documents.
|
Melissa
|
|
The Love Letter Worm is also known as “ILOVEYOU” and the _____ _____.
|
Love Bug
|
|
The Love Letter Worm spread via e-mail with the subject line _____.
|
I Love You
|
|
The Code-Red worm was _____ _____, so switching off an infected machine eliminated the worm.
|
memory resident
|
|
The Slammer worm exploited a buffer-overflow vulnerability in computers running _____ or _____.
|
Microsoft’s SQL Server
0r Microsoft SQL Server Desktop Engine |
|
The act of deliberately accessing computer systems and networks without authorization is called
_____. |
hacking
|
|
Attacks performed by an individual or even small groups of attackers fall into the category of _____ threats.
|
unstructured
|
|
Groups of individuals capable of discovering new vulnerabilities and writing scripts to exploit them are known as _____ _____.
|
elite hackers
|
|
Attacks by criminal organizations, characterized by a great deal of planning, a longer period of time, and with possible financial backing, fall into the _____ threat category.
|
structured
|
|
Warfare conducted against the information and the information-processing equipment used by an adversary is called _____ _____.
|
information warfare
|
|
Essential services such as water, oil and gas, and electricity fall into the category of _____ infrastructures.
|
critical
|
|
A hacker whose activities are motivated by a _____ or _____ is called a hacktivist.
|
cause or position
|
|
The method in which a hacker sends a series of “pings” to a range of target machine addresses is called a _____ _____.
|
ping sweep
|
|
The method that helps a hacker identify which ports are open, and gives an indication of which services are running on the target machine, is called a(n) _____ _____.
|
port scan
|
|
If an administrator has installed all appropriate patches so that known vulnerabilities have been addressed, the attacker may have to resort to a _____ _____ attack.
|
brute force
|
|
If an administrator has not installed the correct patch for _____, an attack could be successful.
|
vulnerabilities
|
|
Individuals who make use of ready-made automated tools, which allow novice attackers to exploit highly technical vulnerabilities, are called _____ _____.
|
script kiddies
|
|
_____ ensures that only authorized individuals are able to create or change information.
|
Integrity
|
|
_____ ensures that only authorized individuals are able to view a piece of information.
|
Confidentiality
|
|
_____ deals with the ability to verify that a message has been sent and received, and that the sender can be identified and verified.
|
Nonrepudiation
|
|
emphasizes controlling access to internal computers from external entities.
|
The network security principle
|
|
The network security principle is combined with _____ _____ to avoid introducing or overlooking vulnerabilities in a system
|
host security
|
|
_____ is an authentication tool that uses strong encryption so that a client can prove its identity to a server and vice versa.
|
Kerberos
|
|
The operational model of computer security implements the principle _____ = Prevention + (Detection + Response).
|
Protection
|
|
The _____ protocol is designed to provide authentication periodically using a challenge/response system.
|
Challenge-Handshake Authentication Protocol
(CHAP) |
|
The authentication_____ _____ involves verification of an individual’s identity.
|
security goal
|
|
_____ authentication uses more than one authentication mechanism at the same time.
|
Multifactor
|
|
The layered security principle recognizes that no _____ _____ is perfect, and hence, encourages the use of a variety of security mechanisms.
|
security mechanism
|
|
The _____ _____ process verifies the authenticity of parties on both sides of an electronic communication.
|
mutual authentication
|
|
The _____ _____ security principle allows users to access certain files on the file server, but not other data present within the database.
|
least privilege
|
|
The term _____ refers to the ability of a subject to interact with an object.
|
access
|
|
CHAP uses the _____ communication protocol to provide authentication across a point-to-point link.
|
point-to-point
PPP |
|
The field of authentication that uses technology such as retinal scans, fingerprints, and voice prints to verify an individual’s identity is _____ .
|
biometrics
|
|
Hand geometry, retinal scans, and voice prints are all types of _____ _____.
|
biometric authentication
|
|
The _____ authentication process might use biometrics in conjunction with a personal identification number to identify a user.
|
multifactor
|
|
The _____ principle states that a subject can write to an object only if its security classification is less than or equal to that of the object.
|
*-property
|
|
The _____ security model implements the Simple Security Rule and *-property principles.
|
Bell-LaPadula
|
|
_____ ensures that only authorized individuals are able to create or change information.
|
Integrity
|
|
If an organization fails to implement _____ security with _____ security, there is a high probability of introducing or overlooking vulnerabilities.
|
host/network
|
|
Network security emphasizes controlling access to _____ computers from _____ entities.
|
internal/external
|
|
According to ______ _____ _____, security is considered effective if the protection mechanisms are confusing or generally not known.
|
security through obscurity
|
|
_____ _____ refers to all security features used to prevent unauthorized access to a computer system or network.
|
Access control
|
|
The most common method of authentication is the use of a user ID and a password. _____ access controls are a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission on to any other subject.
|
Discretionary
|
|
_____ verifies an individual’s identity.
|
Authentication
|
|
Multifactor is a term used to describe the use of more than one _____ _____ at the same time.
|
authentication mechanism
|
|
A _____ is a hardware device that can be used in a challenge/response authentication process.
|
token
|
|
In the _____ Security Model, the integrity verification processes ensure that constrained data item (CDI) data meets integrity constraints.
|
Clark-Wilson
|
|
“Hacking” of systems used by a telephone company is also referred to as _____
|
phreaking
|
|
The protection of multiple computers and other devices that are connected is termed as _____ _____.
|
network security
|
|
The goal of availability is to ensure that the data or the system is available for use when the _____ _____ wants it.
|
authorized user
|
|
The purpose of _____ is to ensure that unauthorized individuals are not able to view data.
|
confidentiality
|
|
_____ _____ focuses on protecting each computer and device individually instead of addressing protection of the network as a whole.
|
Host security
|
|
Devices such as ______ are used in network security to control access to internal computers by external entities.
|
firewalls
|
|
The security principle in which a subject is given only the necessary rights needed to perform a task with no additional permissions is referred to as ______ _____.
|
least privilege
|
|
If encrypted data is encapsulated within SSL packets and sent through a firewall, the firewall will be unable to read the information in the individual packets. This is an example of _____ _____.
|
layered security
|
|
The _____ through _____ concept entails using environment and protection mechanisms that are confusing or not generally known to implement security.
|
security/obscurity
|
|
The _____-_____-_____ principle states that services not needed should be eliminated.
|
keep-it-simple
|
|
The most common method of authentication is the use of a _____ and a _____.
|
User ID / password
|
|
The security features used to prevent unauthorized access to a computer system or network are referred to as _____ _____.
|
access controls
|
|
An _____ _____ list is a list that contains the subjects that have access rights to a particular object.
|
access control
|
|
The access control mechanism in which the security apparatus controls access to all objects and in which individual subjects cannot change the access controls is called _____ _____ control.
|
mandatory access
|
|
The access control mechanism in which users will be granted permissions to objects in terms of the specific duties they must perform is called _____-_____ _____ control.
|
role-based access
|
|
The basis for authentication in a _____ environment is a ticket.
|
Kerberos
|
|
Tickets are granted by the _____ _____, which is an entity trusted by both the client and the server the client wishes to access.
|
authentication server
|
|
The hardware device that can be used in a challenge/response authentication process is called a _____.
|
token
|
|
The mechanism that uses more than one _____ _____ at the same time is called multifactor.
|
authentication mechanism
|
|
_____ are high-level, broad statements of what an organization wants to accomplish.
|
Policies
|
|
_____ are mandatory elements for the implementation of a policy.
|
Standards
|
|
Step-by-step instructions that describe how employees are expected to act in a given situation are called _____.
|
procedures
|
|
_____ is not a part of the operational process and policy life cycle.
|
Assimilation
|
|
A _____ _____ is a security approach that is not a physical access control mechanism.
|
digital certificate
|
|
Development of policies, procedures, and guidelines take place at the planning level of the _____ process.
|
operational
|
|
The use of _____ is a security method that is not a biometric approach.
|
locks
|
|
_____ _____ is an environmental issue that could affect the operation of computer systems.
|
Air conditioning
|
|
Retinal scanning is a _____ approach to computer security.
|
biometric
|
|
_____ _____ is a fire suppression system designed specifically to suppress the fire and also to protect the contents of the room.
|
Clean agent
|
|
Piggybacking is not an _____ issue that could pose a concern for computer systems.
|
environmental
|
|
A _____-_____ fire suppression system has been the most widely used tool to control structural fires.
|
water-based
|
|
_____ _____ fire extinguishers displace oxygen and also cool the fire zone.
|
Carbon dioxide
|
|
_____ fire extinguishers were designed to reduce the oxygen concentration in the fire zone to below 15 percent.
|
Inergen
|
|
_____-_____-_____ sensors activate when there is a sudden increase in the local temperature indicating the initial stages of a fire.
|
Rate-of-rise
|
|
_____-_____ fire suppression systems are commonly used in offices.
|
Hand-held
|
|
Carbon dioxide is appropriate for use in suppressing fires that involve _____ liquids.
|
combustible
|
|
______ is a type of fire detector that uses a small amount of radioactive material.
|
Ionization
|
|
A _____ fire detector sounds an alarm when the light beam it sends out is obstructed, assuming that the obstruction is smoke.
|
photoelectric
|
|
A “_____ _____” is considered an expensive method to address shielding.
|
Faraday cage
|
|
_____ and _____ technologies are dynamic in the sense that they acknowledge security is an ongoing process that needs constant monitoring.
|
Detection/response
|
|
_____ are recommendations relating to a policy.
|
Guidelines
|
|
_____ _____ is the process of convincing an individual to provide confidential information or access to an unauthorized individual.
|
Social engineering
|
|
_____ _____ is a procedure in which attackers position themselves in such a way as to be able to observe the authorized user entering the correct access code.
|
Shoulder surfing
|
|
An _____ period is the time when those who will be affected by the introduction of new documents will learn about their contents. This is part of the implementation of a policy.
|
instruction
|
|
Hand-held extinguishers are common in offices, but one should use them correctly to avoid _____.
|
disasters
|
|
Inergen suppresses fires by reducing the level of _____ to about 12.5 percent.
|
oxygen
|
|
Rate-of-increase temperature devices activate when there is a _____ _____ in the local temperature that may indicate the beginning stages of a fire.
|
sudden increase
|
|
An organization’s policies, procedures, standards, and guidelines detail what users and administrators should do to maintain _____ and _____ security
|
system/network
|
|
High-level, broad statements of what an organization wants to accomplish are called _____.
|
policies
|
|
Accepted specifications that provide details on how a policy is to be enforced are called _____.
|
standards
|
|
Recommendations related to a policy are called _____.
|
guidelines
|
|
Step-by-step instructions on how to implement policies in an organization are called _____.
|
procedures
|
|
An instruction period, a part of the _____ step of the operational process, is when those who will be affected by changes or introduction of company policies or procedures will learn about the contents of the new document.
|
implementation
|
|
Argon,inergen and carbon dioxide are examples of _____-_____ fire suppression systems.
|
clean-agent
|
|
The security mechanism that ensures physical access to computer systems and networks is restricted to authorized users is called _____ security.
|
physical
|
|
The technique of _____ involves following another person closely to avoid having to go through the access control procedures.
|
piggybacking
|
|
The process of convincing an authorized individual to provide confidential information or access to an unauthorized individual is called _____ _____.
|
social engineering
|
|
Organizations prefer _____-_____ fire suppression systems because they not only provide fire suppression capabilities, but also protect the contents of the room.
|
clean-agent
|
|
Class ___ fire extinguishers are designed to handle fires where magnesium or titanium is one of the combustible materials.
|
D
|
|
_____ _____ and _____ _____ devices go hand-in-hand in protecting computer systems from fires.
|
Fire suppression/fire detection
|
|
A photoelectric fire detector monitors an _____ beam of light.
|
internal
|
|
A ionization detector uses an ionization chamber and a small _____ source to detect fast-burning fires.
|
radioactive
|
|
An even more common physical security feature than locks is a _____ barrier.
|
physical
|
|
Fire detection devices activated by _____ are generally more expensive, but they detect a fire sooner.
|
flames
|
|
With the appropriate electromagnetic _____ equipment, the exact image displayed on monitors can be re-created some distance away by intercepting electronic emanations from the target.
|
eavesdropping
|
|
The U.S. Department of Defense defined _____ as a program in the military to control electronic emanations from electrical equipments.
|
TEMPEST
jokingly:( Tiny ElectroMagnetic Particles Emitting Secret Things ) No acronym meaning |
|
In physical security, location plays a significant role since some facilities are easier to protect than others due to their _____.
|
proximity
|
|
The tactic of following a person who has just used a PIN to gain access to a room or building is called _____.
|
piggybacking
|
|
The technique of observing authorized users entering the correct access code for them to gain access later is called _____ _____.
|
shoulder surfing
|
|
Most users have at least one _____ _____ number used for authentication or access control associated with things such as their automated teller machine or a security code to gain physical access to a room.
|
personal identification
|
|
The process in which attackers often find valuable clues about user passwords from information carelessly discarded by users is called _____ _____.
|
dumpster diving
|
|
A _____ can be used to access a network system by circumventing the normal security mechanisms.
|
backdoor
|
|
A backdoor is a potential hazard which forces administrators to restrict users from _____ and _____ software or installing hardware without permission.
|
downloading/installing
|
|
Due to the risk of _____ _____, it is not advisable to read online bank balance statements or credit card information in a crowded cyber cafe.
|
shoulder surfing
|
|
One of the best tools in defending against a social engineering attack is _____.
|
people
|
|
The technique in which an attacker convinces an authorized user to pass classified information is called _____ ______.
|
social engineering
|
|
The approach in which an attacker hopes to convince the target to initiate a contact in order to obtain sensitive or important information is called _____ _____ _____.
|
reverse social engineering
|
|
Being aware of who is around when discussing _____ _____ is considered a good security practice.
|
sensitive issues
|
|
Conducting _____ _____ training programs is the most effective method of countering potential social engineering attacks.
|
security awareness
|
|
Storing _____ in the user inbox is not considered a good practice for password security.
|
passwords
|
|
Discussing _____ _____ with family members or friends is not considered a good practice to adopt.
|
sensitive information
|
|
Convincing a target to _____ contact with the attacker is a reverse social engineering approach.
|
initiate
|
|
Contractors and consultants in an organization pose concerns for security administrators because they often have _____ _____ to the facility as well as network access.
|
physical access
|
|
When reading sensitive information, a responsible user should be wary of who is around to avoid _____ _____.
|
shoulder surfing
|
|
By not allowing oneself to be _____ by an outsider, a user would be resisting the attacker’s social engineering approach.
|
intimidated
|
|
Installing _____ software from the Internet introduces the possibility of a backdoor.
|
unlicensed
|
|
Shoulder-surfing techniques enable an attacker to gain access into a facility by learning the _____ _____.
|
access code
|
|
Often, users carelessly discard passwords or clues to passwords in their trash, which a lucky _____ _____ might just find and, therefore, gain access to the user’s system.
|
dumpster diver
|
|
Attackers set _____ into a network to circumvent normal security mechanisms.
|
backdoors
|
|
Social engineering is the technique of _____ the target to divulge sensitive information.
|
persuading
|
|
In keeping with physical access control mechanisms, many organizations require employees to _____ identification badges at work.
|
wear
|
|
Due to the risk of introducing a backdoor into the network, organizations discourage employees from _____ attachments that come with unsolicited e-mails.
|
downloading
|
|
In reverse social engineering, an _____ hopes to convince the target to initiate the contact.
|
attacker
|
|
Social engineering is successful because it exploits the human being’s nature of being _____.
|
helpful
|
|
_____ paper containing sensitive information before discarding it can help avoid loss due to dumpster diving.
|
Shredding
|
|
Social engineering attacks are often successful since they use the technique of intimidating the target, who would seek to avoid _____ and _____.
|
confrontation/trouble
|
|
_____-_____ attackers take advantage of the fact that users often pick passwords that are easy to remember.
|
Brute-force
|
|
The tactic of closely following a person who has used an access card to gain access to a building is called _____.
|
piggybacking
|
|
When attackers position themselves in a way that they are able to observe an authorized user entering their access code, the technique is called _____ _____.
|
shoulder surfing
|
|
The process of going through a target’s trash to obtain sensitive information is known as _____ _____.
|
dumpster diving
|
|
Avenues that can be used to access a system while circumventing the normal security mechanisms are called _____.
|
backdoors
|
|
It is not advisable to download games from the Internet since this might open a backdoor that allows attackers to _____ the system.
|
access
|
|
Many organizations require employees to wear _____ _____ when at work.
|
identification badges
|
|
The technique, in which an attacker convinces an authorized user to divulge information which the attacker is not privileged to, is called _____ _____.
|
social engineering
|
|
The technique in which an attacker convinces the target to initiate the contact in order to obtain sensitive or important information is called _____ _____ _____.
|
reverse social engineering
|
|
Shredding paper containing sensitive information reduces the risk of losing _____ _____ due to dumpster diving.
|
sensitive information
|
|
Social engineering _____ the basic human nature of being helpful.
|
exploits
|
|
In the reverse social engineering technique, the attacker’s chances of success are often _____, since the target initiates the contact.
|
higher
|
|
The most effective method of countering potential social engineering attacks is to conduct an active _____ _____ program.
|
security awareness
|
|
Regardless of how advanced security technology is, it will ultimately be deployed in an environment where the _____ element may be its greatest weakness.
|
human
|
|
Securing storage media containing sensitive information in a secure storage device is one of the integral _____ of a user.
|
responsibilities
|
|
An attacker calling for some information and claiming to be under some deadline from a supervisor is using _____ _____.
|
social engineering
|
|
In shoulder surfing, the attacker does not closely follow an authorized user into a building, but leans over to _____ at sensitive information.
|
peek
|
|
A dumpster diver would go through a user’s _____ _____ in the hope of obtaining any clues that might point to passwords or other sensitive information.
|
trash bin
|
|
Users may execute a _____ program that is part of an unsolicited e-mail, sent by an attacker, designed to install a backdoor to access the user’s system.
|
hostile
|
|
Bogus Web sites of seemingly legitimate “_____ _____” companies employ the reverse social engineering tactic to gain insider information.
|
tech support
|
|
The _____ cipher system allows 26 possible values for every letter in a message, making it more complex than a standard shift cipher.
|
substitution
|
|
The _____ cipher system is one letter of the alphabet shifted a set number of places in the alphabet for another letter.
|
shift
|
|
The _____ system uses polyalphabetic substitution.
|
Vigenère
|
|
The _____ encryption algorithms is a variant of DES that, depending on the specific variant, uses two or three keys instead of the single key DES.
|
Triple DES
(3DES) |
|
The _____ encryption algorithm can have key sizes of 128, 192, and 256 bits, with the key size affecting the number of rounds used in the algorithm.
|
Advanced Encryption Standard
(AES) |
|
In the byte sub step of _____, each byte is replaced by its S-box substitute.
|
AES
|
|
_____ multiplication, based upon the arranged rectangle, is performed in the mix column step of AES.
|
Matrix
|
|
In the add round key step of AES, the round’s _____ is cored in.
|
subkey
|
|
The _____ encryption algorithm, designed to be a DES replacement, is a variable-key-size block-mode cipher.
|
Rivest Cipher 2
(RC2) |
|
The Rivest Cipher 4 (RC4) algorithm is a _____ cipher.
|
stream
|
|
The _____ encryption algorithm is susceptible to a weak key made of all zeros.
|
International Data Encryption Algorithm
(IDEA) |
|
The RC2 algorithm puts input blocks through ___ rounds of either mix or mash operations.
|
18
|
|
The _____ asymmetric encryption algorithm is based upon the difficulty of calculating discrete logarithms in a finite field.
|
ElGamal
|
|
The _____ asymmetric encryption algorithm works on the basis of a simple function that is drawn as a gently looping curve on the X, Y plane.
|
Elliptic Curve Cryptography
(ECC) |
|
The _____ security principle ensures that the sender and the recipient of a message are informed that the message was not altered in transmission.
|
integrity
|
|
The process of confirming an individual’s identity is called _____.
|
authentication
|
|
The ECC encryption technique is an _____ encryption algorithm.
|
asymmetric
|
|
The Blowfish technique is a _____ encryption algorithm.
|
symmetric
|
|
The _____ cryptographic algorithm is a block-mode cipher that uses 64-bit blocks and a variable key length from 32 to 448 bits.
|
Blowfish
|
|
The Carlisle Adams and Stafford Tavares
(CAST) cryptographic algorithm is a _____ encryption method. |
symmetric
|
|
Digital signatures provide _____ and _____.
|
integrity / nonrepudiation
|
|
In the fall of 2000, the National Institute of Standards and Technology (NIST) selected _____ as the new Advanced Encryption Standard.
|
Rijndael
|
|
The encryption type that is most commonly used to ensure confidentiality of data is called _____ encryption.
|
symmetric
|
|
The system by which the private key is kept by the user and by the government is called _____ _____.
|
key escrow
|
|
Recursive computational procedures for solving problems in finite steps are called _____.
|
algorithms
|
|
The _____ cipher works on the principle of substituting a different letter for every letter.
|
substitution
|
|
The Vigenère cipher works as a _____ substitution cipher that depends on a password.
|
polyalphabetic
|
|
When an algorithm lists a certain number of bits as a key, it defines the _____.
|
keyspace
|
|
The DES uses a ___-bit key, allowing 72,000,000,000,000,000 possible values.
|
56
|
|
_____ _____ pad ciphers have a key equal to the length of the message, and use random data for the key.
|
One time
|
|
Strong algorithms and appropriate key lengths assure security with _____ encryption.
|
asymmetric
|
|
A _____ is a special mathematical function that performs one-way encryption.
|
hash
|
|
_____ creates a 128 bit hash of a message of any length.
|
Message-Digest algorithm 5
(MD5) |
|
In MD5, after padding is complete, four ___-bit variables, A, B, C, and D, are initialized.
|
32
|
|
All symmetric algorithms are based upon the _____ secret principle.
|
shared
|
|
DES is short for _____ _____ _____.
|
Data Encryption Standard
|
|
3DES spins through the DES algorithm _____ times using multiple encryption.
|
three
|
|
The _____ cipher of the RC series uses the 128-block size, separated into four words of 32 bits each.
|
Rivest Cypher 6
(RC6) |
|
The IDEA encryption algorithm is susceptible to a _____ key.
|
weak
|
|
In the electronic key _____ process, the public key, which is the slower protocol, is used to exchange the secret key, and then the communication uses the faster symmetric key protocol.
|
exchange
|
|
ECC works on the basis of _____ curves.
|
elliptic
|
|
In the _____ cipher, one letter of the alphabet is shifted a number of places in the alphabet for another letter.
|
shift
|
|
The Vigenère cipher works as a polyalphabetic substitution cipher that depends on a _____.
|
password
|
|
The two methods of cryptanalysis are _____ and _____ .
|
differential / linear
|
|
The modern implementation of DES, _____, uses two or three keys.
|
Triple Data Encryption Standard
(3DES) |
|
A hash algorithm runs the risk of a _____ attack, where an attacker finds two different messages that hash to the same value.
|
collision
|
|
RC2, RC4, RC5, and RC6 are working algorithms of the _____ series.
|
Rivest Cypher
(RC) |
|
_____ creates 160-bit long message digests that can be used by the Digital Signature Algorithm to compute the signature of a message.
|
Secure Hash Algorithm
(SHA) |
|
_____ algorithms are based upon the shared secret principle.
|
Symmetric
|
|
CAST uses the ___-bit block size for 64- and 128-bit key versions, and a 128-bit block size for the 256-bit key version.
|
64
|
|
RC4 is a ____ cipher
|
stream
|
|
Which of the following hackers accomplished illegal money transfers by breaking into Citibank's cash management system?
A) Kevin Mitnick B) Robert Morris C) Timothy Lloyd D) Vladimir Levin |
Vladimir Levin
|
|
Which virus, when run, would infect the current host and also send itself to the first 50 addresses in the individual's address book?
A) Code-Red B) Love Bug C) Melissa D) Slammer |
Melissa
|
|
The Slammer worm sent its single packet to UDP port ____.
A) 1434 B) 1524 C) 1645 D) 1718 |
1434
|
|
Which of the following malicious programs was memory resident and could be eliminated by simply turning off the infected machine?
A) Code-Red B) Love Bug C) Melissa D) Slammer |
Code-Red
|
|
Which of the following malicious programs generated 1TB of worm-related traffic every second at its peak?
A) Code-Red B) Love bug C) Melissa D) Slammer |
Slammer
|
|
Which worm ran as a VBScript attachment, and searched the infected system for files with specific extensions to replace them with copies of itself?
Need a Hint? A) Code-Red B) Love Bug C) Morris D) Slammer |
Love Bug
|
|
Individuals who are not technical experts, but know enough to download and run scripts that others have developed are called ____.
A) dumpster divers B) elite hackers C) script kiddies D) shoulder surfers |
script kiddies
|
|
Which of the following groups of individuals are considered to be the biggest potential threat to computer security?
A) Dumpster divers B) Insiders C) Script kiddies D) Shoulder surfers |
Insiders
|
|
Which of the following terms refers to an individual who has the capability to write scripts, and discover new vulnerabilities?
A) Dumpster diver B) Elite hacker C) Script kiddie D) Shoulder surfer |
Elite hacker
|
|
Which of the following assets will NOT be classified as one of the nation's critical infrastructures?
A) Retail Industry B) Banking and finance C) Oil and gas refineries D) Telecommunications |
Retail Industry
|
|
Which of the following security principles ensures that unauthorized individuals are restricted from viewing data to which they are not entitled?
A) Authentication B) Confidentiality C) Integrity D) Nonrepudiation |
Confidentiality
|
|
Which security principle commonly uses a user ID and password to verify the identity of an individual?
A) Authentication B) Availability C) Integrity D) Nonrepudiation |
Authentication
|
|
Which of the following is a hardware device used for authentication?
A) Certificate B) CHAP C) Kerberos D) Token |
Token
|
|
Which security approach takes a granular view of security by focusing on protecting each computer and device individually?
A) Host security B) Layered security C) Least privilege D) Network security |
Host security
|
|
Which security approach does the concept of diversity of defense complement the best?
A) Host security B) Layered security C) Least privilege D) Network security |
Layered security
|
|
Which security principle states that no subject could read information from an object with a security classification higher than that possessed by the subject itself?
A) Integrity Verification process B) Low-Water-Mark policy C) Simple Security rule D) Transformation process |
Simple Security rule
|
|
Which of the following security approaches uses more than one authentication mechanism simultaneously?
A) Certificate B) CHAP C) Kerberos D) Multifactor |
Multifactor
|
|
Which of the following security policies is implemented by the Bell-LaPadula security model?
A) Integrity Verification process B) Low-Water-Mark policy C) *-property D) Ring policy |
*-property
|
|
Which of the following security principles ensures the confidentiality of data?
A) Constrained Data Items B) Low-Water-Mark policy C) Simple Security Rule D) Unconstrained Data Items |
Simple Security Rule
|
|
Which of the following security principles is more concerned with confidentiality rather than Integrity?
A) Constrained Data Items B) *-property C) Ring Policy D) Unconstrained Data Items |
*-property
|
|
Mandatory elements, which may be externally driven or set by an organization for its own goals, are called ____.
A) guidelines B) policies C) procedures D) standards |
standards
|
|
The key term for ____ is recommendation, because they are not mandatory steps.
A) guidelines B) policies C) procedures D) standards |
guidelines
|
|
The biggest danger to any organization's computer systems comes from ____.
A) crackers B) insiders C) phreakers D) script kiddies |
insiders
|
|
Handwriting analysis, retinal scans, and hand geometry are examples of ____.
A) biometrics B) robotics C) shielding D) social engineering |
biometrics
|
|
Which of the following power sources must an organization use for a smooth transition between normal and backup power?
A) Electric generators B) Surge protectors C) Uninterruptible power supplies D) Voltage regulators |
Uninterruptible power supplies
|
|
Which of the following chemical agents is NOT a clean agent?
A) Argon B) Halon C) INERGEN D) Heptafluoropropane |
Halon
|
|
Which of the following fire suppression agents reduces the concentration of gasified fuel?
A) Argon B) Carbon dioxide C) Halon-based D) Water-based |
Carbon dioxide
|
|
Which of the following elements suppresses fire by raising the total heat capacity of the environment?
A) Argon B) Halon C) INERGEN D) Trifluoromethane |
Trifluoromethane
|
|
Which fire detector activates when the temperature in the area exceeds a predefined level?
A) Fixed-point B) Flame-activated C) Photoelectric D) Rate-of-rise |
Fixed-point
|
|
Which of the following terms is a low-cost wireless technology?
A) Biometrics B) Bluetooth C) TEMPEST D) HVAC |
Bluetooth
|
|
Which of the following tactics involves closely following a person who has just gained access to a building?
A) Brute-force attack B) Dumpster diving C) Piggy backing D) Social engineering |
Piggy backing
|
|
The tactic in which an attacker leans over to read another person's e-mail in a cyber café is called ____.
A) dumpster diving B) piggybacking C) reverse social engineering D) shoulder surfing |
shoulder surfing
|
|
Which of the following tactics is used by a dumpster diver to gain confidential information?
A) Convince a target to initiate a contact. B) Rummage a target's trash. C) Seek information on the basis of sympathy. D) Threaten a vulnerable target. |
Rummage a target's trash.
|
|
Avenues that can be used to access a system by circumventing security mechanisms in place are called ____.
A) backdoors B) dumpster divers C) Passwords D) Worms |
backdoors
|
|
Which of the following activities is considered a good practice that every user in an organization should adopt?
A) Discussing sensitive information only with family members. B) Downloading attachments from unsolicited e-mails. C) Shredding organizational information documents before discarding. D) Writing passwords and sticking them inside personal lockers. |
Shredding organizational information documents before discarding.
|
|
The goal of ____ is to convince the target to provide information or accomplish some act that they normally would not do.
A) dumpster diving B) reverse social engineering C) shoulder surfing D) social engineering |
social engineering
|
|
The technique in which an attacker convinces an authorized user to pass classified information to an unauthorized person is called ____.
A) dumpster diving B) reverse social engineering C) shoulder surfing D) social engineering |
social engineering
|
|
An approach in which the attacker hopes to convince the target to initiate contact to get them to voluntarily divulge sensitive or important information is called ____.
A) backdoor entry B) reverse social engineering C) shoulder surfing D) social engineering |
reverse social engineering
|
|
Which of the following activities is considered a good security practice?
A) Being aware of who is around when discussing sensitive issues. B) Discussing organizational information with family members and friends. C) Divulging sensitive information to other company employees. D) Leaving confidential organizational information unattended. |
Being aware of who is around when discussing sensitive issues.
|
|
Which of the following procedures is the single most effective method to counter potential social engineering attacks?
A) Changing user IDs and passwords on a regular basis. B) Conducting security awareness training programs. C) Establishing a layered security structure in the network environment. D) Implementing new policies, procedures, and standards. |
Conducting security awareness training programs.
|
|
In which of the following steps in a round of AES are the bytes arranged in a rectangle and shifted?
A) Add round key B) Byte sub C) Mix column D) Shift row |
Shift row
|
|
Which of the following cryptographic algorithms is a block-mode cipher that uses 64-bit blocks and a variable key length from 32 to 448 bits?
A) AES B) Blowfish C) CAST D) IDEA |
Blowfish
|
|
Which of the following encryption algorithms is NOT a block-mode cipher?
A) RC2 B) RC4 C) RC5 D) RC6 |
RC4
|
|
Which of the following cryptographic algorithms is a symmetric encryption method?
A) CAST B) Diffie-Hellman C) ElGamal D) RSA |
CAST
|
|
Which asymmetric encryption algorithm plays a role in the electronic key exchange method of the Secure Sockets Layer protocol?
A) Diffie-Hellman B) ECC C) ElGamal D) RSA |
Diffie-Hellman
|
|
Which encryption algorithm spins through the DES algorithm three times via multiple encryption?
A) AES B) 3DES C) IDEA D) RC2 |
3DES
|
|
The ability to maintain secrecy about some piece of data is called ____.
A) authentication B) confidentiality C) integrity D) nonrepudiation |
confidentiality
|
|
Which method of cryptanalysis puts the plaintext through a simplified cipher to deduce the likely key in the full version of the cipher?
A) Asymmetric cryptanalysis B) Differential cryptanalysis C) Linear cryptanalysis D) Symmetric cryptanalysis |
Linear cryptanalysis
|
|
Which asymmetric encryption algorithm uses the product of two large prime numbers and works on the principle of difficulty in factoring such numbers?
A) Diffie-Hellman B) ECC C) ElGamal D) RSA |
RSA
|
|
Which of the following security principles favors symmetric encryption due to its speed and because asymmetric encryption can increase the size of the object being encrypted?
A) Authentication B) Confidentiality C) Integrity D) Nonrepudiation |
Confidentiality
|