CIS 405 quiz 2

¡Supera tus tareas y exámenes ahora con Quizwiz!

which of the following terms best describes a person with very little hacking skills a) hacker b) script kiddie c) cracker d) wannabe e) all of the above

script kiddie

Forensics and incident response are examples of __________ controls a) detective b) preventative c) corrective d) deterrent

c) corrective

purchasing an insurance policy is an example of A ________ risk response strategy a) reduce/mitigate b) accept c) transfer/share d) avoid

c) transfer/share

Which of the following is NOT a human trait social engineers take advantage of to entice people to reveal information they should keep confidential a) compassion b) sloth c) sex appeal d) authority

d) authority

What term describes the risk that exists after an organization has performed all planned countermeasures and controls a) total risk b) qualitative risk c) inherent risk d) residual risk

d) residual risk

What type of attack against a web application uses a newly discovered vulnerability that is not patchable a) Structured Query Language (SQL) injection b) cross-site scripting (XSS) c) Ransomware d) zero-day attack

d) zero-day attack

which of the following affect availability a) cross-site scripting (XSS) b) SQL injection c) packet sniffing d) denial e) none of the above

denial (DoS)

which type of attack results in a legitimate user not having access to a system source a) denial b) disclosure c) alteration d) spoofing

denial (DoS) (denial of service)

which of the following is an example of social engineering a) SQL injection b) XML injection c) security design d) impersonation e) all of the above

impersonation

a(n) _______________ is a software tool that is used to capture packets from a network

packet sniffer

which type of attack involves capturing data packets from a network and transmitting them later to produce an unauthorized affect a) man in the middle b) replay c) denial d) phishing e) SQL injection

replay

(true or false) a SYN flood attack floods target with invalid or half open TCP connection requests

true

(true or false) a qualitative risk assessment assigns a subjective risk rating to assess the risk

true

(true or false) the main goal of a hacker is to circumvent access controls and potentially steal data

true

(true or false) vulnerability assessment scanners look for software vulnerabilities in IP host devices

true

the list of known software vulnerabilities maintained by MITRE is called a) Common Vulnerabilities and Exposure (CVE) b) Software Vulnerabilities List (SVL) c) Zero-Day List (ZDL) d) National Vulnerability Database (NVD)

Common Vulnerabilities and Exposure (CVE)

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered? a) vulnerability b) threat c) risk d) impact

a) vulnerability

which of the following best describes intellectual property a) the items a business has copyrighted b) customer lists c) sales and marketing plans d)patents owned by a business e) all of the above

all of the above

which of the following is an example of an administrative security control a) antivirus/anti-malware protection b) data leakage prevention c) standardized workstation and laptop images d) security awareness training e) all of the above

all of the above

Which of the following is NOT an example of social engineering a) developing phony websites with names and URL addresses very similar to legitimate websites in order to obtain confidential engineering b) setting up a computer that allows the user to use a next door neighbors unsecured wireless network c) using e-mail to request others into revealing their user ID's and passwords d) obtaining another person's credit card number without consent through skimming

b) setting up a computer that allows the user to use a next door neighbors unsecured wireless network

Which term describes an action that can damage or compromise an asset a) risk b) threat c) vulnerability d) countermeasure/controls

b) threat


Conjuntos de estudio relacionados

Diseases and Conditions of the Skeletal System

View Set

The Narrative Life of Frederick Douglass Characters

View Set

Unit 2 The Prophets (Spring 2022)

View Set

Psychological needs as motivators

View Set

Adult Gerontology - Dermatology - Q & A

View Set