Final Exam 5320

Which protocol enables the secure transfer of data from a remote PC to a server by creating a VPN across a TCP\IP network? Answers PPPP PPTP PTPN PPTN

PPTP

Which port is used by HTTPS? Answers TCP port 465 TCP port 443 TCP port 80 TCP port 21

TCP port 443

What is WAP? Answers A technique used by laptop computers for wireless communication A method of encryption for wired or wireless communications A piece of hardware that implements 802.11g A lightweight protocol designed for mobile devices

A lightweight protocol designed for mobile devices

How does an IPS differ from an IDS? Answers An IPS is passive and an IDS is active. An IPS uses heuristics and an IDS is signature-based. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert. An IDS will block, reject, or redirect unwanted traffic; an IPS will only send an alert.

An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert.

____________________ is a standardized schema for the communication of observed data from the operational domain.

Cyber Observable eXpression (CybOX)

Which attack uses a password-cracking program that employs a list of dictionary words to try to guess a password? Answers Dictionary attack Brute-force attack Hybrid attack Lister crack

Dictionary attack

In a(n) ____________________ backup, only the files that have changed since the last full backup was completed are backed up.

Differential

Which access control type would you use to allow a file or resource owner the ability to change the permissions on that file or resource? Answers Mandatory access control Discretionary access control Role-based access control Rule-based access control

Discretionary access control

What is the first rule of incident response investigation? Answers Know your audience. Do no harm. Trust your instincts. Document everything.

Do no harm.

____________________ consists of the documents, verbal statements, and material objects that are admissible in a court of law.

Evidence

Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection? Answers Telnet SSH SNMP FTP

FTP

___________________ is the posting of location information into a data stream, signifying where the device was when the stream was created.

Geo-tagging

Which protocol is used for the transfer of hyperlinked data over the Internet, from web servers to browsers? Answers SSMTP HTTP SPOP3 HSTS

HTTP

Which term describes a computer language invented by Sun Microsystems as an alternative to Microsoft's development languages? Answers JavaScript Java Applet Authenticode

Java

The cryptographic standard proposed for 3G networks is known as __________. Answers EVDO MISTY1 HSPA KASUMI

KASUMI

Which term is a mechanism where traffic is directed to identical servers based on availability? Answers Backout planning Load balancing Clustering Mutual aid agreement

Load balancing

What term refers to a piece of code that sits dormant for a period of time until some event invokes its malicious payload? Answers Trojan Logic bomb Trigger virus Logic worm

Logic bomb

Which access control type would you use to grant permissions based on the sensitivity of the information contained in the objects? Answers Mandatory access control Discretionary access control Role-based access control Rule-based access control

Mandatory access control

Which type of alternative site generally use trailers, often rely on generators for their power but also factor in the requirement for environmental controls immediately? Answers Shared alternate site Mobile backup site Incremental site Reciprocal site

Mobile backup site

Which term refers to the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions? Answers Aggregation Big data analytics Network security monitoring (NSM) Security information and event management (SIEM)

Network security monitoring (NSM)

Which term refers to a hardware device that can be placed inline on a network connection and that will copy traffic passing through the tap to a second set of interfaces on the tap? Answers Wireshark Port mirroring Network tap SPAN

Network tap

Which RAID configuration, known as dedicated parity drive, stripes data across several disks but in larger stripes than in RAID 3 and uses a single drive for parity-based error checking? Answers RAID 2 RAID 4 RAID 5 RAID 6

RAID 4

Which strategy has the goal of defining the requirements for business continuity? Answers Business continuity plan (BCP) Recovery time objective (RTO) Disaster recovery plan (DRP) Recovery point objective (RPO)

Recovery time objective (RTO)

Which term refers to the examination of machines to determine what operating systems, services, and vulnerabilities exist? Answers

Scanning Enumeration Footprinting Pilfering: Scanning

__________ systems are a combination of hardware and software designed to classify and analyze security data from numerous sources. Answers Port scanning Honeypot Network security monitoring (NSM) Security information and event management (SIEM)

Security information and event management (SIEM)

Which account is used to run processes that do not require human intervention to start\stop\administer? Answers Shared Guest Service Privileged

Service

Which term is the use of packet sniffing to steal a session cookie? Answers Side-jacking Cache poisoning Code signing Inlining

Side-jacking

Which term refers to a critical operation in the organization upon which many other operations rely and which itself relies on a single item that, if lost, would halt this critical operation? Answers High availability clustering Load balancing Infrastructure as a Service (IaaS) Single point of failure

Single point of failure

____________________ is a form of authentication that involves the transferring of credentials between systems.

Single sign-on (SSO)

What is wireless networking? Answers The transmission of packetized data by means of fiber optic cable The transmission of packetized data via the Internet The transmission of packetized data without direct physical links The transmission of packetized data by means of private bands

The transmission of packetized data without direct physical links

events for the intrusion detection system (IDS) to examine To collect information in a central place, in a common format, to facilitate analysis and decision making

To collect information in a central place, in a common format, to facilitate analysis and decision making

The term ____________________ is the targeting of specific steps of a multistep process to a cyber incident, with the expressed purpose of disrupting the attack.

cyber kill chain

A honeypot is sometimes called a(n) __________. Answers antivirus packet SPAN digital sandbox firewall

digital sandbox

Clusters that are marked by the operating system as usable when needed are referred to as __________. Answers free space slack space open space unused space

free space

A(n) ____________________ is a connection to a Windows interprocess communications share (IPC$).

null session

If the characteristics of an incident include a large number of packets destined for different services on a machine, a(n) ____________________ is occurring.

port scan

A(n) ____________________ is calculated by measuring system time with an external clock such as a Network Time Protocol (NTP) server.

record time offset

A(n) ____________________ is a 32-bit number established by the host that is incremented for each packet sent.

sequence number

Making data look like it has come from a different source is called __________. Answers sniffing a man-in-the-middle attack a replay attack spoofing

spoofing

Which term refers to a unique alphanumeric identifier for a user of a computer system? Answers Password Username Group policy object Token

Username

____________________ started with people using chalk on sidewalks to mark some of the wireless networks they found.

War-chalking

Which alternative site is designed to be operational within a few days? Answers Hot site Warm site Cold site Reciprocal site

Warm site

____________________ is the name given to a broad collection of application programming interfaces (APIs), protocols, and programs developed by Microsoft to download and execute code automatically over an Internet-based channel.

ActiveX

In the case of an FTP server, which account allows unlimited public access to the files and is commonly used when you want to have unlimited distribution? Answers Root Anonymous Administrator Public

Anonymous

Correct Which term refers to the ability to distribute the processing load over two or more systems? Answers High availability clustering Load balancing Infrastructure as a Service (IaaS) Single point of failure

Load balancing

__________ relies on lies and misrepresentation, which an attacker uses to trick an authorized user into providing information or access the attacker would not normally be entitled to. Answers Social engineering User exploitation War-driving Indirect attack

Social engineering

Question 7 ____________________ is the use of all resources to make determinations.

Strategic intelligence

Which term describes a proactive plan for personnel substitutions in the event that the primary person is not available to fulfill their assigned duties? Answers Risk assessment Succession planning Business continuity planning Business impact analysis

Succession planning

A(n) ____________________ has the ability to copy network traffic passing through one or more ports on a switch or one or more VLANs on a switch and forward that copied traffic to a port designated for traffic capture and analysis.

Switched Port Analyzer (SPAN)

events for the IDS to examine? Answers Traffic collector Signature database Expert knowledge database User interface and reporting

Traffic collector

Which term describes a collection of technologies that is designed to make Web sites more useful for users? Answers ActiveX Java Web 2.0 Common Gateway Interface (CGI)

Web 2.0

Which term refers to a specific technique of using an HTTP client to handle authentication on a wireless network? Answers Captive portal Walled-off Walled-on Public Wi-Fi

Captive portal

What is one security issue associated with WTLS? Answers The specifications do not allow connections without high security. WTLS cannot cope with small amounts of memory. WTLS cannot cope with limited processor capacity. Clients with low memory or CPU capabilities cannot support encryption.

Clients with low memory or CPU capabilities cannot support encryption.

____________________ was the original method for having a Web server execute a program outside the Web server process, yet on the same server.

Common Gateway Interface (CGI)

Which term implies the concept of "don't keep what you don't need"? Answers Hardening Least common mechanism Least privilege Data minimization

Data minimization

What type of evidence is used to aid a jury and may be in the form of a model, experiment, chart, and so on, to indicate that an event occurred? Answers Direct evidence Real evidence Documentary evidence Demonstrative evidence

Demonstrative evidence

0 out of 1.25 points Physical memory storage devices can be divided into a series of containers; each of these containers is called a(n) ____________________.

Partition

Which access control type allows a company to restrict employee logon hours? Answers Mandatory access control Discretionary access control Role-based access control Rule-based access control

Rule-based access control

____________________ is the use of terrestrial transmitters and receivers and satellites in orbit to transfer the signals.

SATCOM

Johnny receives a "new version" of the game Solitaire in an e-mail. After running the program, a backdoor is installed on his computer without his knowledge. What kind of an attack is this? Answers Logic bomb Hoax Trojan Worm

Trojan

Which ports are used by Remote Authentication Dial-In User Service (RADIUS) for authentication and accounting? Answers TCP port 1812 for authentication and TCP port 1813 for accounting TCP port 1812 for accounting and TCP port 1813 for authentication UDP port 1812 for authentication and UDP port 1813 for accounting UDP port 1812 for accounting and UDP port 1813 for authentication

UDP port 1812 for authentication and UDP port 1813 for accounting

Which port is used to establish the Layer 2 Tunneling Protocol (L2TP)? Answers UDP port 1701 TCP port 1701 TCP port 1107 TCP port 1217

UPD port 1701

How is quarantine accomplished? Answers With the erection of firewalls that restrict communication between machines By rebooting the infected machine as many times as needed By encrypting the infected data on the network's hard drive With periodic patches of the infected systems

With the erection of firewalls that restrict communication between machines

When analyzing computer storage components, a system specially designed for forensic examination, known as a forensic____________________, can be used.

Workstation

A(n) ____________________ is an 802.11 management frame for the network and contains several different fields, such as the time stamp and beacon interval, but most importantly the SSID.

beacon frame

____________________ is a system that uses digital signatures and allows Windows users to determine who produced a specific piece of code and whether or not the code has been altered.

Authenticode

The term ____________________ is used to refer to programs that attackers install after gaining unauthorized access to a system, ensuring that they can continue to have unrestricted access to the system, even if their initial access method is discovered and blocked.

Backdoor

Which attack technique uses Bluetooth to establish a serial connection to a device that allows access to the full AT command set? Answers Bluejacking Bluesnarfing Bluebugging Bluetooth DOS

Bluebugging

What is an advantage of detecting indicators of compromise (IOCs)? Answers Detecting IOCs is a quick way to jumpstart a response element. Detecting IOCs allows law enforcement to identify the adversary's exact location. Detecting IOCs allows an organization to safely identify the necessary patches to apply. Detecting IOCs is a quick way to perform a safe penetration test.

Detecting IOCs is a quick way to jumpstart a response element.

Which term refers to a key measure used to prioritize actions throughout the incident response process? Answers Information criticality Information scalability Footprinting Steganography

Information criticality

Which of the following has the least volatile data? Answers CPU storage RAM Hard disk Kernel table

Hard disk

Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, falls under which rule of evidence? Answers Best evidence rule Exclusionary rule Hearsay rule Relevant evidence rule

Hearsay rule

____________________ refers to the ability to maintain availability of data and operational processing (services) despite a disrupting event.

High availability

Which term defines a collection of two or more honeypots? Answers Antivirus software SPAN Protocol analyzer Honeynet

Honeynet

A(n) ____________________ is an artificial environment where attackers can be contained and observed, without putting real systems at risk.

Honeypot

What name is given to a logical storage unit that is subsequently used by an operating system? Answers Cluster Partition Register Segment

Partition

Bob gets an e-mail addressed from his bank, asking for his user ID and password. He then notices that the e-mail has poor grammar and incorrect spelling. He calls up his bank to ask if they sent the e-mail, and they promptly tell him they did not and would not ask for that kind of information. What is this type of attack called? Answers Phishing Pharming Spear pharming Spishing

Phishing

What should an incident response team do when they are notified of a potential incident? Answers The team should immediately escalate the problem to senior management. The team should shut down the infected system. The team should confirm the existence, scope, and magnitude of the event and then respond accordingly. The team should immediately backup the data on the infected system.

The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.

What is the primary vulnerability associated with many methods of remote access? Answers Weak encryption Too complicated for users to understand The passing of critical data in cleartext Incompatibility with firewalls

The passing of critical data in cleartext

The process of attempting to break a cryptographic system is called __________. Answers encrypting cipher texting cryptography cryptanalysis

cryptanalysis