CIS 405 quiz 2
which of the following terms best describes a person with very little hacking skills a) hacker b) script kiddie c) cracker d) wannabe e) all of the above
script kiddie
Forensics and incident response are examples of __________ controls a) detective b) preventative c) corrective d) deterrent
c) corrective
purchasing an insurance policy is an example of A ________ risk response strategy a) reduce/mitigate b) accept c) transfer/share d) avoid
c) transfer/share
Which of the following is NOT a human trait social engineers take advantage of to entice people to reveal information they should keep confidential a) compassion b) sloth c) sex appeal d) authority
d) authority
What term describes the risk that exists after an organization has performed all planned countermeasures and controls a) total risk b) qualitative risk c) inherent risk d) residual risk
d) residual risk
What type of attack against a web application uses a newly discovered vulnerability that is not patchable a) Structured Query Language (SQL) injection b) cross-site scripting (XSS) c) Ransomware d) zero-day attack
d) zero-day attack
which of the following affect availability a) cross-site scripting (XSS) b) SQL injection c) packet sniffing d) denial e) none of the above
denial (DoS)
which type of attack results in a legitimate user not having access to a system source a) denial b) disclosure c) alteration d) spoofing
denial (DoS) (denial of service)
which of the following is an example of social engineering a) SQL injection b) XML injection c) security design d) impersonation e) all of the above
impersonation
a(n) _______________ is a software tool that is used to capture packets from a network
packet sniffer
which type of attack involves capturing data packets from a network and transmitting them later to produce an unauthorized affect a) man in the middle b) replay c) denial d) phishing e) SQL injection
replay
(true or false) a SYN flood attack floods target with invalid or half open TCP connection requests
true
(true or false) a qualitative risk assessment assigns a subjective risk rating to assess the risk
true
(true or false) the main goal of a hacker is to circumvent access controls and potentially steal data
true
(true or false) vulnerability assessment scanners look for software vulnerabilities in IP host devices
true
the list of known software vulnerabilities maintained by MITRE is called a) Common Vulnerabilities and Exposure (CVE) b) Software Vulnerabilities List (SVL) c) Zero-Day List (ZDL) d) National Vulnerability Database (NVD)
Common Vulnerabilities and Exposure (CVE)
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered? a) vulnerability b) threat c) risk d) impact
a) vulnerability
which of the following best describes intellectual property a) the items a business has copyrighted b) customer lists c) sales and marketing plans d)patents owned by a business e) all of the above
all of the above
which of the following is an example of an administrative security control a) antivirus/anti-malware protection b) data leakage prevention c) standardized workstation and laptop images d) security awareness training e) all of the above
all of the above
Which of the following is NOT an example of social engineering a) developing phony websites with names and URL addresses very similar to legitimate websites in order to obtain confidential engineering b) setting up a computer that allows the user to use a next door neighbors unsecured wireless network c) using e-mail to request others into revealing their user ID's and passwords d) obtaining another person's credit card number without consent through skimming
b) setting up a computer that allows the user to use a next door neighbors unsecured wireless network
Which term describes an action that can damage or compromise an asset a) risk b) threat c) vulnerability d) countermeasure/controls
b) threat