Computer info quiz compiled with answers 12-21 23,25
T or F: A computer system is attacked for one of two general reasons: it is specifically targeted by the attacker or it is a target of opportunity.
True
Which document outlines what the loss of any critical functions will mean to the organization?
business impact analysis (BIA)
What is malware?
refers to software that has been designed for some nefarious purpose
Which term refers to characteristics of resources that can be exploited by a threat to cause harm?
vulnerabilities
Which protection ring has the highest privilege level and acts directly with the physical hardware?
0
WiFi uses which frequency spectrum?
2.4 Ghz and 5 Ghz
WiFi series refers to:
802.11 standard
BIOS stands for:
Basic input output system
What is operating system?
Basic software that handles things such as input, output, display, memory management, and all the other highly detailed tasks
The _______________ is a list of known vulnerabilities in software systems.
Common Vulnerabilities and Exposures (CVE) enumeration
What is Point-to-point (P2P) connection?
Communications with one endpoint on each end
T or F: Application blacklisting is essentially noting which applications should be allowed to run on the machine.
False
T or F: Cryptography is the universal solution to all security problems.
False
T or F: During penetration testing, zero-day vulnerabilities will be established.
False
T or F: If you test something and it comes back negative, but it was in fact positive, then the result is a false positive.
False
T or F: Service pack is the term for a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks.
False
T or F: Tail is a utility designed to return the first lines of a file.
False
TPM is:
Hardware security solution on the motherboard
Which action is an example of transferring risk?
Management purchases insurance for the occurrence of an attack.
SSID (service set identifier )is:
Name of the wireless network
Which term refers to the possibility of suffering harm or loss?
Risk
Which type of attack can be used to execute arbitrary commands in a database?
SQL injection
The _______________ is a set of tools that can be used to target attacks at the people using systems; it has applets that can be used to create phishing e-mails, Java attack code, and other social engineering-type attacks.
Social-Engineering Toolkit
Which cloud computing service model involves the offering of software to end users from within the cloud?
Software as a Service (SaaS)
Rainbow tables include precomputed tables or hash values associated with passwords
True
T or F WEP stands for Wired Equivalent Privacy
True
T or F: A qualitative risk assessment relies on judgment and experience.
True
T or F: All input validation that is essential for business reasons or for security should be performed on the server side of the client-server relationship, where it is free from outside influence and change.
True
T or F: Both ipconfig and ifconfig are command-line tools to manipulate the network interfaces on a system.
True
T or F: The goal of the delta backup is to back up as little information as possible each time you perform a backup.
True
T or F: The presence of risks in a system is an absolute—they cannot be removed or eliminated.
True
Which testing technique requires that the testers have no knowledge of the internal workings of the software being tested?
black box testing
Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure?
change management
Which cloud system is defined as one where several organizations with a common interest share a cloud environment for the specific purposes of the shared endeavor?
community
Which process involves implementing security tools and policies to ensure your container is running as intended?
container security
SYN flooding is an example of a __________.
denial-of-service attack
Which type of computing brings processing closer to the edge of the network, which optimizes web applications and IoT devices?
edge
The movement to an account that enables root or higher-level privilege is known as:
escalation of privilege
Which backup technique requires a large amount of space and is considered to have a simple restoration process?
full
A(n) _______________ is a low-level program that allows multiple operating systems to run concurrently on a single host computer.
hypervisor
Which term is used to describe the target time that is set for resuming operations after an incident?
recovery time objective (RTO)
Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on?
white box testing
Which term is used to define vulnerabilities that are newly discovered and not yet addressed by a patch?
zero day
T or F: Backups can prevent a security event from occurring.
False
T or F: Least privilege refers to removing all controls from a system.
False
