Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
250 Cards in this Set
- Front
- Back
|
In a virus, the code that does damage is called the ________.
a. exploit b. compromise c. payload d. vector |
c. payload
|
|
|
The fastest propagation occurs with some types of ________. a. viruses b. worms c. Trojan horses d. bots |
b. worms
|
|
|
Which of the following are types of countermeasures? a. Preventative b. Detective c. Corrective d. All of these |
d. All of these
|
|
|
Employees often have extensive knowledge of systems and can pose a greater risk than external attackers. True or False? |
True |
|
|
Cybercriminals avoid black market forums. True or False? |
False |
|
|
Misappropriation of assets is an example of employee financial theft. True or False? |
True |
|
|
Downloading pornography can lead to sexual harassment lawsuits. True or False? |
True |
|
|
Under current U.S. federal laws, if a company allows personal information to be stolen, it may be subject to government fines. True or False? |
True |
|
|
You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else's files. You spend just a few minutes looking around. This is hacking. True or False? |
True |
|
|
The definition of spam is "unsolicited commercial e-mail." True or False? |
True |
|
|
A(n) ________ attack requires a victim host to prepare for many connections, using up resources until the computer can no longer serve legitimate users. (Choose the most specific choice.) a. DoS b. directly-propagating worm c. distributed malware d. SYN Flooding |
d. SYN Flooding
|
|
|
Another name for safeguard is ________. a. countermeasure b. compromise c. both countermeasure and compromise d. neither countermeasure nor compromise |
a. countermeasure
|
|
|
In fraud, the attacker deceives the victim into doing something against the victim's financial self-interest. True or False? |
True |
|
|
If a company wishes to prosecute people or companies that steal its trade secrets, it must take ________ precautions to protect those trade secrets. a. at least some b. reasonable c. extensive d. no (Trade secret protection is automatic under the law.) |
b. reasonable
|
|
|
One of the two characterizations of expert hackers is ________. a. automated attack tools b. dogged persistence c. both automated attack tools and dogged persistence d. neither automated attack tools nor dogged persistence |
b. dogged persistence
|
|
|
Money mules transfer stolen money for criminals and take a small percentage for themselves. True or False? |
True |
|
|
The definition of hacking is "accessing a computer resource without authorization or in excess of authorization." True or False? |
False |
|
|
________ threaten to do at least temporary harm to the victim company's IT infrastructure unless the victim pays the attacker. a. Extortionists b. Fraudsters c. Bluffers d. DoSers |
a. Extortionists
|
|
|
Trade secret theft can occur through interception, hacking, and other traditional cybercrimes. True or False? |
True |
|
|
Attackers rarely use IP address spoofing to conceal their identities. True or False? |
False |
|
|
Most cookies are dangerous. True or False? |
False |
|
|
Compared to non-computer crime, computer crime is very small. True or False? |
False |
|
|
Countries would engage in cyberwar ________. a. before a physical attack b. after a physical attack c. both before a physical attack and after a physical attack d. neither before a physical attack nor after a physical attack |
c. Both before a physical attack and after a physical attack
|
|
|
Penalties for hacking are ________. a. limited only if a hacker stole $1000 b. limited only if a hacker stole over $1,000,000 c. irrelevant of the amount stolen d. None of these |
c. irrelevant of the amount stolen
|
|
|
In response to a chain of attack, victims can often trace the attack back to the final attack computer. True or False? |
True |
|
|
In FISMA, ________ is done internally by the organization. a. certification b. accreditation c. both certification and accreditation d. neither certification nor accreditation |
c. Both certification and accreditation
|
|
|
In benefits, costs and benefits are expressed on a per-year basis. True or False? |
True |
|
|
The goal of IT security is risk elimination. True or False? |
False |
|
|
Responding to risk through risk avoidance is likely to be acceptable to other units of the firm. True or False? |
False |
|
|
Which of the following is a way of responding to risk with active countermeasures? a. risk reduction b. risk acceptance c. risk avoidance d. all of these |
a. Risk reduction
|
|
|
The stage of the plan-protect response cycle that consumes the most time is ________. a. planning b. protection c. response d. each of these consumes about the same amount of time |
b. protection
|
|
|
Employees usually must rationalize bad behavior. True or False? |
True |
|
|
Using both a firewall and host hardening to protect a host is ________. a. defense in depth b. risk acceptance c. an anti-weakest link strategy d. adding berms |
a. defense in depth
|
|
|
________ are check lists of what should be done in a specific procedure. a. Baselines b. Guidelines c. Standards d. Procedures |
a. Baselines
|
|
|
________ are payments made by a supplier to a corporate buyer when a purchase is made. a. Bribes b. Kickbacks c. Both Bribes and Kickbacks d. Neither Bribes nor Kickbacks |
b. Kickbacks
|
|
|
The manager of the security department often is called ________. a. the chief security officer (CSO) b. the chief information security officer (CISO) c. either the chief security officer (CSO) and the chief information security officer (CISO) d. neither the chief security officer (CSO) nor the chief information security officer (CISO) |
c. Either the chief security officer (CSO) and the chief information security officer (CISO)
|
|
|
Hotlines for reporting improper behavior are required by law to be non-anonymous. True or False? |
False |
|
|
What security functions typically are outsourced? a. intrusion detection b. vulnerability testing c. both intrusion detection and vulnerability testing d. neither intrusion detection nor vulnerability testing |
c. Both Intrusion detection and Vulnerability testing
|
|
|
________ requires multiple countermeasures to be defeated for an attack to succeed. a. defense in depth b. weakest link analysis c. both defense in depth and weakest link analysis d. neither defense in depth nor weakest link analysis |
a. Defense in depth
|
|
|
Before doing a vulnerability test, a security employee must ensure that ________. a. doing a vulnerability test is in his or her job description b. no damage will be done c. he or she has a specific contract to do a specific test d. the test is a surprise to everyone, including the tester's superior, who may be engaged in illicit activities |
c. he or she has a specific contract to do a specific test
|
|
|
Companies create codes of ethics in order to make ethical decision making more predictable. True or False? |
True |
|
|
Electronic employee monitoring is rare. True or False? |
False |
|
|
What security functions typically are outsourced? a. policy b. vulnerability testing c. both policy and vulnerability testing d. neither policy nor vulnerability testing |
b. Vulnerability testing
|
|
|
Border management ________. a. is no longer important because there are so many ways to bypass borders b. is close to a complete solution to access control c. both a and b d. neither a nor b |
d. Neither is no longer important because there are so many ways to bypass borders nor is close to a complete solution to access control |
|
|
In COSO, a company's overall control culture is called its ________. a. control culture b. tone at the top c. control environment d. security culture |
c. control environment
|
|
|
________ examines IT processes for efficiency, effectiveness, and adequate controls. a. internal auditing b. financial auditing c. IT auditing d. none of these |
c. IT auditing
|
|
|
________ specifically addresses data protection requirements at financial institutions. a. GLBA b. HIPAA c. The Revised SEC Act d. Sarbanes-Oxley |
a. GLBA
|
|
|
The owner can delegate ________ to the trustee. a. the work of implementation of a resource or control b. accountability for a resource or control c. both a and b d. neither a nor b |
a. the work of implementation of a resource or control
|
|
|
The party that is ultimately held accountable for a resource or control is ________. a. the owner b. the trustee c. the accredited security officer d. the certified security officer |
a. the owner
|
|
|
________ means responding to risk by taking out insurance. a. risk reduction b. risk acceptance c. risk avoidance d. risk transference |
d. Risk transference
|
|
|
Quantum key distribution ________. a. is a way to deliver enormously long keys to communication partners b. creates a major threat to many traditional cryptographic methods c. both a and b d. neither a nor b |
a. is a way to deliver enormously long keys to communication partners
|
|
|
In order to be considered strong today, a symmetric encryption key must be at least ________ bits long. a. 6 b. 8 c. 100 d. 1,000 |
c.100
|
|
|
To be strong, ________ keys need to be longer than ________ keys. a. public, symmetric b. symmetric, public c. public and symmetric keys of about the same length have about equal strength d. none of these |
a. public, symmetric
|
|
|
Which of the following fields are contained on a digital certificate? a. public key b. digital signature c. serial number d. all of these |
d. All of these |
|
|
A remote access VPN typically gives users access to multiple resources within a site. True or False? |
True |
|
|
The 56-bit key size ________. a. is sufficient for major business transactions b. is sufficient for most residential consumer applications d. is considered a strong length d. all of these |
b. is sufficient for most residential consumer applications |
|
|
Signing a message digest means encrypting it with the sender's public key. True or False? |
False |
|
|
To check a certificate's revocation status, the verifier can ________. a. download the CRL from the CA b. send an OCSP message to the CA c. both a and b d. neither a nor b |
b. send an OCSP message to the CA
|
|
|
Public key encryption is ________. a. complex b. slow c. expensive d. all of these |
d. All of these |
|
|
SSL/TLS protection is transparent to applications. True or False? |
False |
|
|
A DES key is ________ bits long. a. 40 b. 56 c. 100 d. 128 |
b. 56
|
|
|
Replay attacks can be thwarted by using ________. a. time stamps b. sequence numbers c. nonces d. all of these. |
d. All of these. |
|
|
When Carol sends a message to Bob, Bob will use ________ to decrypt the message. a. the private key b. Carol's private key c. Bob's private key d. Carol's public key |
c. Bob's private key
|
|
|
SSL/TLS was developed for remote access VPNs. True or False? |
False |
|
|
Most message-by-message authentication methods provide message integrity as a by-products. True or False? |
True |
|
|
________ is efficient enough in processing power and RAM requirements to be used on small devices, such as PDAs and cell phones. a. 3DES b. AES c. both a and b d. neither a nor b |
b. AES
|
|
|
Using new and proprietary encryption ciphers is a good idea because cryptanalysts will not know them. True or False? |
False |
|
|
The most popular public key encryption cipher is ________. a. AES b. DES c. RSA d. ECC |
c. RSA
|
|
|
SSL/TLS was developed for ________ VPNs. a. host-to-host b. site-to-site c. both a and b d. neither a nor b |
a. host-to-host
|
|
|
MS-CHAP provides mutual authentication. True or False? |
False |
|
|
In authentication, the party trying to provide its identity to the other party is called the applicant. True or False? |
False |
|
|
What is the hash size of SHA-256? a. 112 bits b. 128 bits c. 160 bits d. 256 bits |
d. 256 bits
|
|
|
IPsec tunnel mode ________. a. provides host-to-host protection b. is firewall-friendly c. both a and b d. neither a nor b |
b. is firewall-friendly
|
|
|
In public key encryption for authentication, the verifier decrypts the ciphertext with the supplicant's public key. True or False? |
False |
|
|
Which of the following can be used as a keying method? a. public key encryption for confidentiality b. MS-CHAP c. both a and b d. neither a nor b |
a. Public key encryption for confidentiality
|
|
|
Wireless attacks avoid the access points to limit detection. True or False? |
False |
|
|
SYN-ACK can be best described as the second part of a three-way TCP handshake sent in response to a SYN. True or False? |
True |
|
|
An unauthorized access point set up by individuals or departments is called a(n) ________ access point. a. rogue b. evil twin c. both a and b d. neither a nor b |
a. rogue
|
|
|
Most central authentication servers are governed by the ________ standard. a. EAP b. RADIUS c. IPsec d. 802.1X |
b. RADIUS
|
|
|
An EAP message begins with an ________ message. a. EAP request b. EAP accept c. EAP start d. EAP response |
c. EAP start
|
|
|
A direct attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer. True or False? |
True |
|
|
Rogue access points are unauthorized access points set up by individuals or departments. True or False? |
True |
|
|
The 802.11 standards were developed by the IEEE 802.11 Working Group. True or False? |
True |
|
|
A ________ attack is when a webserver is flooded with application layer web requests. a. SYN flood b. Ping flood c. HTTP flood d. none of these |
c. HTTP flood
|
|
|
Ensuring appropriate network ________ means preventing attackers from altering the capabilities or operation of the network. a. confidentiality b. integrity c. availability d. functionality |
d. functionality
|
|
|
________ is called Port-Based Access Control. a. 802.11i b. 802.1X c. both a and b d. neither a nor b |
b. 802.1X
|
|
|
ICMP can be best described as the second part of a three-way TCP handshake sent in response to a SYN. True or False? |
False |
|
|
What standard did the 802.11 Working Group create to extend 802.1X operation to WLANs with security for EAP? a. 802.11i b. 802.1i c. 802.1Xi d. none of these |
a. 802.11i
|
|
|
EAP uses RADIUS for authentication. True or False? |
False |
|
|
The authenticator is the ________. a. workgroup switch b. central authentication server c. client d. none of these |
a. workgroup switch
|
|
|
Similar to a direct attack, an indirect attack occurs when an attacker spoofs his/her IP address. True or False? |
True |
|
|
In a reflected DoS attack, attackers send spoofed requests to legitimate servers. The servers then send all responses to the victim. True or False? |
True |
|
|
Attackers can exploit WEPs weaknesses by ________. a. using WEP cracking software b. reading two messaged encrypted with the same key c. both a and b d. neither a nor b |
c. Both using WEP cracking software and reading two messages encrypted with the same key
|
|
|
An EAP failure message is sent to the ________. a. authentication server b. authenticator c. client d. any of these |
b. authenticator
|
|
|
802.11i offers strong security. True or False? |
True |
|
|
The ultimate goal of a DoS attack is to ________. a. cause harm b. frustrate users c. practice hacking d. none of these |
a. cause harm
|
|
|
The main access threat to 802.11 wireless LANs is an attacker plugging into a wall jack. True or False? |
False |
|
|
What was the first core wireless security standard? a. 802.11i b. WPA c. WEP d. none of these |
c. WEP
|
|
|
Secure wireless networks can be legally accessed by anyone and are frequently posted as such. True or False? |
False |
|
|
In a P2P attack, there is a change in traffic pattern but the overall volume of traffic is the same. True or False? |
True |
|
|
Identification is the process where the verifier determines whether the supplicant is a particular person that the supplicant claims who he or she is. True or False? |
False |
|
|
Iris scanning usually is done surreptitiously. True or False? |
False |
|
|
A ________ is a small device with a display that has a number that changes frequently. a. one-time-password token b. USB token c. magnetic stripe card d. none of these |
a. one-time-password token
|
|
|
________ allows a user to authenticate him or herself to the identity management server once; thereafter, whenever the user asks for access to another server, no additional logins are required. a. RSO b. SSO c. TSO d. none of these |
b. SSO
|
|
|
In the context of PKI, ________ is the process of accepting public keys and providing new digital certificates to the users. a. provisioning b. reflection c. coordination d. certification |
a. provisioning
|
|
|
Directory servers can hold information about ________. a. people b. computers c. both a and b d. neither a nor b |
c. Both people and computers
|
|
|
Which of the following is true? a. human password resets are dangerous b. automated password resets are dangerous c. both a and b d. neither a nor b |
b. Automated password resets are dangerous.
|
|
|
Fingerprint recognition is easily deceived. True or False? |
True |
|
|
________ can be used to supply power during long power outages. a. uninterruptible power supplies b. electrical generators c. both a and b d. neither a nor b |
b. Electrical generators
|
|
|
When assigning initial permissions, it is good to add more permissions than strictly necessary and then remove permissions if appropriate. True or False? |
False |
|
|
Self-service identity management should be used to change a ________ in the identity database. a. password b. telephone number c. both a and b d. neither a nor b |
b. telephone number
|
|
|
CAs distribute public keys ________. a. in digital certificates b. only in ways using encryption for confidentiality c. both a and b d. neither a nor b |
a. in digital certificates
|
|
|
The ________ gives the verifier a symmetric session key. a. ticket-granting ticket b. service ticket c. both a and b d. neither a nor b |
b. service ticket
|
|
|
The book recommends that passwords be at least ________ characters long. a. 6 b. 8 c. 20 d. 10 |
b. 8
|
|
|
In military security, the term multilevel security means multifactor security. True or False? |
False |
|
|
LDAP can be used ________. a. to update information in the directory server b. to retrieve data from the directory server c. both a and b d. neither a nor b |
c. Both to update information in the directory server and to retrieve data from the directory server
|
|
|
It is very important for testers to get permission before running a password cracking program on their company's computers to check for weak passwords even if such testing is in their job definitions. True or False? |
True |
|
|
In the military, departments do not have the ability to alter access control rules set by higher authorities in ________. a. policy-based access control b. mandatory access control c. discretionary access control d. multilevel access control |
b. mandatory access control
|
|
|
Which is more likely to generate a false acceptance? a. verification b. identification c. both a and b d. neither a nor b |
b. Identification
|
|
|
A(n) ________ is a statement from Firm A that Firm B should accept as true if Firm B trusts Firm A. a. certification b. assertion c. certificate d. attribute |
b. assertion
|
|
|
Long passwords that use several types of keyboard characters are called ________ passwords. a. complex b. reusable c. dictionary d. one-time |
a. complex
|
|
|
Users should select very long and complex passwords and use the same password at all sites for auditability. True or False? |
False |
|
|
Passwords should be changed frequently. True or False? |
True |
|
|
It is illegal to go through a company's trash bins even if the trash bins are outside the corporation. True or False? |
False |
|
|
The template is based on ________ generated during the enrollment scan. a. scan data b. key features c. both a and b d. neither a nor b |
b. key features
|
|
|
A state is a distinct phase in a connection between two applications. True or False? |
True |
|
|
A ________ firewall handling all traditional firewall functions (SPI, ACLs, etc.) as well as additional security functions such as antivirus filtering, spam filtering, application proxy filtering, and so forth. a. unified threat management b. stateful packet inspection c. static packet inspection d. none of these |
a. unified threat management |
|
|
Nearly all applications can be proxied effectively. True or False? |
False |
|
|
Stateful packet inspection firewalls use relay operation with two connections per client/server pair. True or False? |
False |
|
|
Why is creating firewall policies desirable compared to just creating a list of ACL rules? a. policies are more specific b. policies are easier to understand c. both a and b d. neither a nor b |
b. Policies are easier to understand.
|
|
|
If you will proxy 8 different applications, you will need ________ proxy programs. a. 2 b. 4 c. 6 d. 8 |
d. 8
|
|
|
A ________ attack is an attack that is made before attack signatures for the threat are defined. a. zero-day b. vulnerability based c. stealth d. anomaly based |
a. zero-day
|
|
|
It is better to have an ACL that permits access to a single internal webserver than one that allows access to all internal webservers. True or False? |
True |
|
|
What type of host may be placed in the DMZ? a. public webservers b. external DNS server c. both a and b d. neither a nor b |
c. Both Public webservers and Eternal DNS servers
|
|
|
There is(are) ________ NAT traversal method(s). a. 1 b. 2 c. 7 d. several |
d. several
|
|
|
An internal firewall sits at the boundary between the corporate site and the Internet. True or False? |
False |
|
|
A border firewall sits at the boundary between the corporate site and the external Internet. True or False? |
True |
|
|
Stateful packet inspection firewalls ________. a. always do application content filtering b. have the slow speed of relay operation c. both a and b d. neither a nor b |
d. Neither always do application content filtering nor have the slow speed of relay operation
|
|
|
Most packets are part of the ________ state. a. connection opening b. connection closing c. both a and b d. neither a nor b |
d. Neither connection opening nor connection closing
|
|
|
The NAT firewall places only the internal socket in the translation table. True or False? |
False |
|
|
________ firewalls always examine application messages in depth. a. static packet filtering b. SPI c. application proxy d. all of these |
c. Application proxy
|
|
|
IDSs drop packets that are merely suspicious. True or False? |
False |
|
|
Firewalls do not stop provable attack packets True or False? |
False |
|
|
Bandwidth limitation for certain types of traffic is less risky than dropping packets. True or False? |
True |
|
|
In ingress filtering, the firewall examines packets entering the network from the outside, typically from the Internet. True or False? |
True |
|
|
The last egress ACL rule in a border firewall is DENY ALL. True or False? |
False |
|
|
Static packet filtering firewalls are limited to ________. a. inspecting packets for which there are good application proxy filtering rules b. inspecting packets in isolation from their context c. both a and b d. neither a nor b |
b. inspecting packets in isolation from their context
|
|
|
If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________. a. good because it will prevent possible attack packets from entering the network b. bad because valid, non-attack packets will be dropped and this will effectively created a self-generated DOS attack c. both a and b d. neither a nor b |
c. Both good because it will prevent possible attack packets from entering the network and bad because valid, non-attack packets will be dropped and this will effectively created a self-generated DOS attack
|
|
|
Firewall policies should govern ________. a. configuration b. testing c. both a and b d. neither a nor b |
c. Both configuration and testing
|
|
|
Firewalls will drop ________. a. suspicious packets b. provable attack packets c. both a and b d. neither a nor b |
b. provable attack packets
|
|
|
Computer recover software reports its ________ to a recovery company that works with local police to recover the notebook. a. physical location b. logical location c. IP address d. none of these |
c. IP address
|
|
|
UNIX offers more directory and file permissions than Windows. True or False? |
False |
|
|
In MMCs, the tree pane lists ________. a. objects on which actions can be taken b. actions that can be taken on the selected object c. both a and b d. neither a nor b |
a. objects on which actions can be taken
|
|
|
________ is a password-cracking method wherein the attacker tries all possible passwords, starting with single-character passwords. a. a dictionary attack b. a hybrid dictionary attack c. a combinatorial attack d. brute-force guessing |
d. Brute-force guessing
|
|
|
When you use your mobile firm to surf the Internet, it is a host. True or False? |
True |
|
|
Since Windows Server 2003, servers can be programmed to check for updates automatically. True or False? |
True |
|
|
Any device with an IP address is a host. True or False? |
True |
|
|
Software vendors typically release ________ patches per product in a typical year. a. many b. a few c. no |
a. many
|
|
|
The super user account has ________ control over the computer. a. total or nearly total b. substantial but not nearly total c. little d. no |
a. total or nearly total
|
|
|
A systems administrator may manage ________. a. an individual host b. a group of hosts c. both a and b d. neither a nor b |
c. Both an individual host and a group of hosts
|
|
|
________ is a family of operating systems that share interoperability at the kernel level. a. UNIX b. LINUX c. both a and b d. neither a nor b |
a. UNIX
|
|
|
Which of the following are elements of host hardening? a. encrypting data on the host b. read operating system log files c. both a and b d. neither a nor b |
c. Both Encrypting data on the host and Read operating system log files
|
|
|
The cost of ________ LINUX is definitely far less than the cost of commercial operating systems such as Windows. a. purchasing b. using c. both a and b d. neither a nor b |
a. purchasing
|
|
|
The Local Users and Groups snap-in is available on the ________ MMC. a. computer management b. security c. permissions d. local permissions |
a. Computer Management
|
|
|
________ allows many different groups to be assigned different permissions. a. Windows b. UNIX c. both a and b d. neither a nor b |
a. Windows
|
|
|
A Windows systems administrator should use the Administrator account ________. a. as little as possible, and only when needed b. as his or her main account, for auditability c. his or her main account for the permissions it provides d. none of these. The Windows systems administrator should never use the Administrator account |
a. as little as possible, and only when needed
|
|
|
In UNIX, the ________ permission allows the user to make changes. a. execute b. write c. read d. modify |
b. write
|
|
|
The super user account in UNIX is called ________. a. root b. administrator c. MMC d. kernel |
a. root
|
|
|
Windows GPOs can restrict PCs from changing standard configurations. True or False? |
True |
|
|
Systems administrators generally do not manage the network. True or False? |
True |
|
|
To how many accounts and groups can different permissions be applied in Windows? a. 3 b .6 c. 100 d. almost an unlimited number |
d. almost an unlimited number
|
|
|
Long passwords that use several types of keyboard characters are called ________ passwords. a. complex b. reusable c. dictionary d. one-time |
a. complex
|
|
|
After access is granted to a network, many NACs continue to monitor network PCs. True or False? |
True |
|
|
The core part of the LINUX operating system is called ________. a. the foundation b. UNIX c. GNU d. the kernel |
d. the kernel
|
|
|
Which of the following is a danger created by notebook computer loss or theft? a. loss of capital investment b. loss of sensitive data c. both a and b d. neither a nor b |
c. Both Loss of capital investment and Loss of sensitive data
|
|
|
In IM, ________ servers allow two users to locate each other. a. index b. relay c. presence d. all of these |
c. presence
|
|
|
Which of the following uses a PKI? a. S/MIME b. PGP c. both a and b d. neither a nor b |
a. S/MIME
|
|
|
________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers. a. Skype b. SIP c. SPIT d. IM |
a. Skype
|
|
|
Users usually must click on malicious links in order to execute them. True or False? |
True |
|
|
Under what Internet Options tabs are general security settings for websites controlled? a. privacy b. security c. protection d. advanced |
b. Security
|
|
|
In a(n) ________ attack, the user enters part of a database query instead of giving the expected input. a. login screen bypass b. buffer overflow c. XSS d. SQL injection attack |
d. SQL injection attack
|
|
|
Accepting cookies is necessary to use many websites. True or False? |
True |
|
|
Which version of SNMP allows the manager to have a different shared secret with each agent? a. Version 1 b. Version 2 c. Version 3 d. All of these |
c. Version 3
|
|
|
H.323 uses Ports 1719 and 1720 True or False? |
True |
|
|
A down side of spam filtering is the deletion of some legitimate messages. True or False? |
True |
|
|
RTP adds ________ to UDP. a. security b. sequence numbers c. both a and b d. neither a nor b |
b. sequence numbers
|
|
|
Signaling does not consist of communication to manage the network. True or False? |
False |
|
|
VoIP traffic and data traffic tend to be segregated from each other on a network for added security. True or False? |
True |
|
|
________ offers no security at all. a. SNMP V1 b. SNMP V2 c. SNMP V3 d. All of these offer security |
a. SNMP V1
|
|
|
Programmers can trust user input if the person is strongly authenticated. True or False? |
False |
|
|
RTP stands for ________. a. Real Transfer Protocol b. Real Time Protocol c. Real Transport Protocol d. none of these |
b. Real Time Protocol
|
|
|
Spammers are one reason that some companies have outsourced e-mail filtering. True or False? |
True |
|
|
Spammers use sticky spam, which presents their message as a graphical image. True or False? |
False |
|
|
Generally speaking, vendors use similar mechanisms for downloading and installing patches. True or False? |
False |
|
|
If NAT changes the Layer 3 IP destination addresses, the protocol will still work properly. True or False? |
False |
|
|
In a(n) ________ attack, information that a user enters is sent back to the user in a webpage. a. login screen bypass b. buffer overflow c. XSS d. SQL injection attack |
c. XSS
|
|
|
SSL/TLS provides security ________. a. between the sender and his or her e-mail server b. all the way between the sender and receiver c. both a and b d. neither a nor b |
a. between the sender and his or her e-mail server
|
|
|
Skype's file transfer generally does not work with antivirus programs. True or False? |
True |
|
|
With Active-X controls, active scripting is enabled by default. True or False? |
True |
|
|
Skype's security protocols have been publicly studied and approved. True or False? |
False |
|
|
Data is the principal element of any information system. True or False? |
True |
|
|
Restrictions on removable media should be enforced by relying on user behavior, rather than technological restrictions. True or False? |
False |
|
|
Wiped data can be read. True or False? |
False |
|
|
DLL triggers are used to ________. a. maliciously attack databases b. produce automatic responses if the data of the database has been altered c. both a and b d. neither a nor b |
d. Neither maliciously attack databases nor produce automatic responses if the data of the database has been altered
|
|
|
Another name for RAID 0 is ________. a. mirroring b. distributed parity c. striping d. none of these |
c. Striping
|
|
|
Validation can protect against SQL injection attacks. True or False? |
True |
|
|
With basic file deletion, data is ________. a. recoverable b. reusable c. both a and b d. neither a nor b |
c. Both recoverable and reusable
|
|
|
Losing an encryption key is not a serious danger. True or False? |
False |
|
|
Using a secure cryptographic system can prevent attacks while data is being transmitted. True or False? |
True |
|
|
DML triggers are used to ________. a. maliciously attack databases b. produce automatic responses if the data of the database has been altered c. both a and b d. neither a nor b |
b. produce automatic responses if the data of the database has been altered
|
|
|
Retaining data can be ________. a. expensive b. susceptible to discovery of damaging information c. A only d. both a and b |
d. Both expensive and susceptible to discovery of damaging information
|
|
|
After wiping/clearing, data is ________. a. recoverable b. reusable c. both a and b d. neither a nor b |
b. reusable
|
|
|
Changing the default listening port is an effective way of discouraging attackers from accessing the database. True or False? |
True |
|
|
Two computer systems each back up the other in real time in ________. a. CDP b. full duplex backup c. full backup d. all of these |
a. CDP
|
|
|
Spreadsheets are rarely the subject of compliance regulations. True or False? |
False |
|
|
A system using an array of drives increases reliability. True or False? |
True |
|
|
Image backup is attractive because ________. a. it requires minimal additional work to restore a fully functioning PC b. it is faster than file/directory backup c. it takes up less storage space than file/directory backup d. both a and c |
a. it requires minimal additional work to restore a fully functioning PC
|
|
|
Typically, having enough shadow backup space for a few days is sufficient. True or False? |
True |
|
|
Backed-up data must be physically stored on something. True or False? |
True |
|
|
Incremental and full backups may be restored out of order in which they were created. True or False? |
False |
|
|
CDP requires expensive high-speed transmission link between the sites. True or False? |
True |
|
|
Image backup is a fast form of backups. True or False? |
False |
|
|
With RAID 1, the following is achieved ________. a. redundancy b. striping c. both a and b d. neither a nor b |
a. Redundancy
|
|
|
To find out who is sending trade secrets out of the firm, you can use ________. a. DRM b. data extrusion management c. watermarking d. none of these |
c. watermarking
|
|
|
________ backups only back up data that has changed since the most recent full backup. a. differential b. incremental c. delta d. none of these |
b. Incremental
|
|
|
Dropping all future packets from a particular IP address is called ________. a. black holing b. disconnection c. IP address spoofing d. damaging |
a. black holing
|
|
|
18 U.S.C. § 1030 prohibits hacking. True or False? |
True |
|
|
A(n) ________ is a professional who is trained to collect and evaluate computer evidence in ways that are likely to be admissible in court. a. expert witness b. computer forensics expert c. both a and b d. neither a nor b |
b. computer forensics expert
|
|
|
Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests may miss. True or False? |
False |
|
|
Prosecutors initiate legal proceedings in ________ cases. a. civil b. criminal c. both a and b d. neither a nor b |
b. criminal
|
|
|
18 U.S.C. § 1030 protects ________. a. all computers b. "protected computers" such as government computers c. both a and b d. neither a nor b |
b. "protected computers" such as government computers
|
|
|
Courts will often admit unreliable evidence if judges believe that juries can be trusted to evaluate it properly. True or False? |
False |
|
|
International laws about cybercrime are fairly uniform. True or False? |
False |
|
|
The analysis of multi-event patterns is called ________. a. event correlation b. aggregation c. filtering d. all of these |
a. event correlation
|
|
|
The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial. a. reasonable doubt b. mens rea c. both a and b d. neither a nor b |
b. mens rea
|
|
|
Which of the following should the CSIRT include? a. senior manager b. PR director c. firm's legal counsel d. all of these |
d. All of these
|
|
|
Repair during ongoing server operation is ________. a. desirable b. dangerous c. both a and b d. neither a nor b |
c. Both desirable and dangerous
|
|
|
Disconnection ________. a. is the mot decisive way to do termination b. harms legitimate users c. both a and b d. neither a nor b |
b. harms legitimate users
|
|
|
Host operating system monitors look at ________. a. multiple failed logins b. creating new accounts c. both a and b d. neither a nor b |
c. Both multiple failed logins and creating new accounts
|
|
|
It is easier to punish employees than to prosecute outside attackers. True or False? |
True |
|
|
In an IDS, ________ means that the IDS should report all attacks events and report as few false alarms as possible. a. precision b. event correlation c. both a and b d. neither a nor b |
a. precision
|
|
|
If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial. True or False? |
False |
|
|
If an IDS cannot process all of the packets it receives, it will ________ packets it cannot process. a. drop b. pass c. quarantine d. none of these |
a. drop
|
|
|
A walkthrough is also called a ________. a. table-top exercise b. live test c. both a and b d. neither a nor b |
a. table-top exercise
|
|
|
________ is concerned with the restarting of the day-to-day revenue generating operations of the firm. a. business continuity planning b. IT disaster recover c. both a and b d. neither a nor b |
a. Business continuity planning
|
|
|
Walkthroughs are ________ table-top exercises. a. better than b. just as good as c. worse than d. the same thing as |
d. the same thing as
|
|
|
The only person who should speak on behalf of a firm should be ________. a. the public relations director b. the firm's legal counsel c. both a and b d. neither a nor b |
a. the public relations director
|
|
|
Black holing is an effective long-term containment solution. True or False? |
False |
|
|
________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery. a. detection b. analysis c. both a and b d. neither a nor b |
b. Analysis
|
|
|
With good planning and protection, a company can eliminate security incidents. True or False? |
False |
