CIST1601- Exam 3 Chapters 6, 7, and 8
20. Data stored in computer systems has a high value because there is a great deal of time and effort that goes into creating an analyzing it and ________________. A) Data often has intrinsic value. B) Data is an asset that appreciates. C) Data lasts forever. D) None of the above.
A) Data often has intrinsic value.
10. ___________ is the process to find out what is on a target system. A) Enumeration B) Phishing C) Mapping D) Scanning
A) Enumeration
6. The most popular port scanner in the hacking and security community is ________. A) Portscan B) Nmap C) Servport D) NetBIOS
B) Nmap
2. Some who performs a cyberattack without actually understanding it is a _______. A) Gray hat hacker B) White hat hacker C) Script kiddie D) None of the above
B) White hat hacker
43. _________ is a block cipher that uses a variable-length key ranging from 32 to 448 bits. A) 3DES B) AES C) Blowfish D) RC4
C) Blowfish
40. __________refers to encrypted text. A) Key B) Plain text C) Algorithm D) Cipher text
D) Cipher text
26. The single greatest security risk to any organization is _________. A) A disgruntled employee B) Lack of a disaster recovery plan C) Lack of antivirus software D) Out-of-date software
A) A disgruntled employee
37. Which of the following is an operation used on binary numbers not found in normal math? A) AND B) PLUS C) MINUS D) None of the above
A) AND
12. When an attacker injects client-side scripts into web pages viewed by other users so that those users interact with it, it is an example of _________. A) Cross-site scripting B) Phreaking C) Phishing D) None of the above
A) Cross-site scripting
15. To create a domain admin account, the user must be a member of the __________ group. A) Domain admins B) Domain users C) Backup operators D) Everyone
A) Domain admins
31. ______________ is the process to scramble a message or other information so that it cannot be easily read. A) Encryption B) Cryptography C) Keying D) Decryption
A) Encryption
45. Windows stores passwords using a method called __________. A) Hashing B) Authentication C) Kerberos D) None of the above
A) Hashing
16. ______________ is the use of spying techniques to find out key information that is of economic value. A) Industrial espionage B) Scanning C) Electronic monitoring D) None of the above
A) Industrial espionage
11. Passing structured query language commands to a web application and getting the website to execute it is called SQL script _________. A) Injection B) Processing C) Attacking D) Execution
A) Injection
38. A(n) ________ refers to the bits that are combined with the plain text to encrypt it. A) Key B) Plain C) Cipher text D) Algorithm
A) Key
30. Giving personnel access to only data that they absolutely need to perform their jobs is referred to as _________. A) Least privileges B) Job rotation C) Business continuation planning D) None of the above
A) Least privileges
1. Testing an organization's security is known as ________ testing. A) Penetration B) Location C) Virus D) None of the above
A) Penetration
5. There are 1,024 well-known ________ that are usually associated with specific services. A) Ports B) Processes C) Applications D) Programs
A) Ports
41. A(n) ___________is a mathematical process for doing something. A) Formula B) Algorithm C) Cipher D) None of the above
B) Algorithm
21. The process to list assets that you believe support your organization is called ________. A) Business planning B) Asset identification C) Making a balance sheet D) Organizational charting
B) Asset identification
35. Using the __________ cipher you choose some number by which to shift each letter of a text. A) DC4 B) Caesar C) Multi-alphabet substitution D) ASCII
B) Caesar
7. The most reliable Nmap scan is ____________ scan. A) ping B) Connect C) SYN D) FIN
B) Connect
32. __________ is the art to write in or decipher secret code. A) Encryption B) Cryptography C) Keying D) Decryption
B) Cryptography
9. Nmap enables you to set ________ such as -sP, -sS, and -oA. A) Parameters B) Flags C) Switches D) None of the above
B) Flags
34. With asymmetric cryptography a different ______ is used to encrypt the message and to decrypt the message. A) Code B) Key C) Lock D) Script
B) Key
4. Scanning bulletin boards, making phony phone calls, and visiting websites by a hacker are examples of _________. A) Active scanning B) Passive scanning C) Phreaking D) Scouring
B) Passive scanning
39. ________ refers to unencrypted text. A) Key B) Plain text C) Algorithm D) Cipher text
B) Plain text
44. With ______________ encryption, one key is used to encrypt a message, and another is used to decrypt the message. A) Private key B) Public key C) Cipher D) None of the above
B) Public key
29. Quick Stego and Invisible Secrets are two software tools that can be used for __________. A) Port scanning B) Steganography C) Key logging D) None of the above
B) Steganography
23. The company involved in an attack by Oleg Zezev from Kazahkstan, in which Zezev accessed computer data and copied personal information for purposes of blackmail was ______. A) General Motors B) Interactive Television Technologies, Inc. C) Bloomberg, Inc. D) None of the above
C) Bloomberg, Inc.
17. Which of the following is NOT an example of industrial espionage? A) Details on a competitor's new project B) A list of a competitor's clients C) Denial-of-service attack D) None of the above
C) Denial-of-service attack
33. Which of these is NOT one of the two basic types of cryptography? A) Asymmetric B) Symmetric C) Forward D) None of the above
C) Forward
36. Using the _________ cipher you select multiple numbers by which to shift letters. A) DC4 B) Caesar C) Multi-alphabet substitution D) ASCII
C) Multi-alphabet substitution
3. Hacking into phone systems is called ___________. A) Telnetting B) Dial hacking C) Phreaking D) None of the above
C) Phreaking
8. With a(n) _________ scan, if the port is closed, the response is an RST. If the port is open, the response is a SYN/ACK. A) FIN B) XMAS C) SYN D) ACK
C) SYN
14. The net command can be included in a ________ that will create a domain admin account. A) Port B) Scan C) Script D) None of the above
C) Script
27. The most obvious use of ________________involves talking to a targeted employee and getting him to reveal sensitive data. A) Phishing B) Key logging C) Social engineering D) None of the above
C) Social engineering
28. Sending an email that claims to come from a different sender, and asking for sensitive data is an example of ___________. A) Phishing B) Key logging C) Social engineering D) None of the above
C) Social engineering
25. Cookies and key loggers are examples of ____________. A) Viruses B) Worms C) Spyware D) None of the above
C) Spyware
42. Which of these is NOT a type of symmetric algorithm? A) Stream B) Block C) Transcription D) None of the above
C) Transcription
19. VI (value of information) = C (cost to produce) + ___________. A) MU (markup) B) GM (gross margin) C) VG (value gained) D) VL (value lost)
C) VG (value gained)
24. The chief executive officer of Oracle defends his practice to hire private investigators to sift through the garbage of which competitor? A) Red Hat B) McAfee C) Norton D) Microsoft
D) Microsoft.
22. The company whose chief executive officer was indicted for copyright infringement of allegedly stealing technology from D-Link, which was one of its own customers, was _________. A) General Motors B) Interactive Television Technologies, Inc. C) Bloomberg, Inc. D) None of the above
D) None of the above
13. _________ is a popular tool for cracking Windows passwords. A) Sid2User B) Cheops C) Netcat D) OphCrack
D) OphCrack
18. For security reasons, when an employee leaves a company, you should conduct a(n) ________ interview. A) Security B) Exit C) Employment D) Scanning
D) Scanning
