INFO SEC CHAPTER 10 - 15

¡Supera tus tareas y exámenes ahora con Quizwiz!

False

A packet-filtering firewall is a type of firewall that functions as a gateway for requests arriving from clients.

True

A password manager uses a single password to access all other passwords.

True

A persuasion/coercion attack is considered psychological.

True

Barriers, guards, cameras, and locks are examples of physical controls.

True

Because the operating system of a live Linux distribution is run from physical memory, performance is slower than if it were installed on the hard drive.

True

Biometrics is a type of access control mechanism.

False

Adware is a type of virus.

persuasion/coercion

An attacker using friendliness, trust, impersonation, and empathy to get a victim to do what they want him or her to do is participating in ________.

True

Attacks that involve social networks have been made easier by the fact that their users often willingly share information.

False

Using the telephone is a common way for a social engineer to gather information.

cp

Which of the following Linux commands copies files from location to location?

False

Many attackers gain access to a target system through something known as a window.

True

No evidence, regardless of type, is necessarily admissible in court.

True

One of the main characteristics of worms is that they do not need a host program to function.

Signature analysis

Which of the following refers to an intrusion detection system (IDS) that is programmed to identify known attacks occurring in an information system or network by comparing sniffed traffic or other activity with that stored in a database?

A policy is unnecessary if the firewall is configured properly.

Which of the following statements is NOT true about firewall policy?

A firewall does not provide the ability to segment a network internally or within the organization itself.

Which of the following statements is NOT true about firewalls?

False

Pop-up blockers clutter up a web browser and make it weaker.

False

Private information on Facebook is truly private.

Company policies may discuss proper usage of social media and networking sites at work.

Which of the following statements is true regarding social networking in a corporate setting?

True

Wireshark, tcpdump, WinDump, and Omnipeek are popular sniffing tools.

True

With stateful packet inspection (SPI) in a firewall, the attributes of each connection describe the state of the connection.

False

Worms require user intervention for their infection to take place; viruses do not.

True

Wrappers can be used to merge an attacker's intended payload with a harmless executable to create a single executable from the two.

DAC

Xavier is developing a file system in which users will have the ability to grant editing permissions to their colleagues. What type of access control model is this approach using?

True

You can run Kali Linux in a virtual machine.

True

Promiscuous mode is a special mode that a network card can be switched to that will allow the card to observe all traffic that passes by on the network.

False

Replacing a Windows computer with an Apple computer is the only way to stay safe online.

False

Role-based access control (RBAC) uses labels to determine the type and extent of access to a resource and the permission, or security, level granted to each user.

Kali

Ron is building a system that he will use in a penetration test and would like to choose a Linux distribution well-suited to that purpose. Which of the following Linux distributions would be his best choice?

False

Safe browsing practices have little to do with whether individuals become victims online.

False

Scareware is software specifically designed to display advertisements on a system in the form of pop-ups or nag screens.

True

Security tokens are devices used to authenticate a user to a system or application.

password manager

Software that helps organize and track various usernames and passwords is called a ________.

True

Some commands provide the ability to specify a series of arguments; in these situations, each argument should be separated with a space or tab.

True

Special-purpose Live CDs/DVDs include firewall applications and rescue disks.

websites that contain personal information about people

Spokeo and Intellius are ________.

False

The Linux cd command displays all the files and subdirectories in a given location.

the command console and the network sensor

The primary components of a network-based intrusion detection system (NIDS) are ________.

social engineering

Tricking or coercing people into revealing information or violating normal security practices is referred to as ________.

replicating

Trojans perform the following operations except ________.

True

Content addressable memory (CAM) is the memory present on a switch, which is used to build a lookup table.

Security incident

Darcy is investigating the hacking of a system that contained customer records. She discovers the attacker stole some of those records. What term best describes this situation?

netstat

Dean believes that a Trojan may have affected his system. Which command can he use to query for open connections and help to determine if a Trojan is using a specific port?

False

Documentation about chain of custody does not need to include how the evidence was collected.

True

Firewalls separate networks and organizations into different zones of trust.

Signature analysis

Frances recently installed a system that analyzes the content of network packets for signs of malicious activity. What type of technology is this system using?

Tweet rage

Greg is educating users about social media concerns in the corporate setting. Which of the following risks is most likely associated with an employee who has recently been terminated?

False

Guidelines on how to use equipment safely fall under the banner of due diligence.

cp

Hajar needs to copy files on a Linux system. What command can she use to create a new copy of a file in a different location while preserving the original file?

Tcpdump

Helen would like to sniff network traffic for troubleshooting purposes and is looking for a command-line utility that will allow her to analyze network traffic. Which one of the following tools best meets her need?

True

Hoax viruses are those designed to make the user take action even though no infection or threat exists.

False

Honeypots are illegal.

True

If a computer must be removed from a crime scene, chain-of-custody requirements come into play.

True

If any part of a multipartite virus is not eradicated from the infected system, it can re-infect the system.

True

In Linux, a Live CD or DVD contains a fully featured, fully functional operating system.

True

In some cases, spyware creators have stated their intentions outright by presenting End-User License Agreements (EULAs) to the victim.

False

In the context of a network, misuse is always malicious in nature.

True

Intrusion detection is the process of detecting potential misuse or attacks and the ability to respond based on the alert that is provided.

False

Like Windows, Linux refers to drives and partitions by letters of the alphabet.

False

A distributed denial of service (DDoS) attack can be performed using only a software component; no hardware component is necessary.

Trojan construction kit

A software development kit specifically designed to facilitate the design and development of Trojans is called a ________.

employing operating systems that create predictable sets of sequence numbers

All of the following actions can be helpful in thwarting session hijacking attacks except ________.

True

Antivirus programs can use the suspicious behavior method to monitor the behavior of applications on a system.

True

In the first wave of a distributed denial of service (DDoS) attack, the targets that will be the "foot soldiers" are infected with the implements that will be used to attack the ultimate victim.

False

Modern antivirus software is not equipped to deal with the problems polymorphic viruses pose.

False

The drawback of planting a backdoor on a system is that an attacker will likely trigger a defense mechanism when trying to access the system in the future.

False

The netstat command-line tool is effective in detecting viruses and worms.

The attack is easily tracked back to its true source.

Which of the following statements is NOT true regarding distributed denial of service (DDoS) attacks?

In passive session hijacking, the attacker assumes the role of the party he has displaced.

Which of the following statements is NOT true regarding passive session hijacking?

Passive sniffing works only when the traffic you wish to observe and the station that will do the sniffing are in different collision domains.

Which of the following statements is NOT true regarding passive sniffing?

Linux runs on a limited range of hardware.

Which of the following statements is true of Linux?

Social engineering

Yolanda discovered that a botnet infected several systems on her network. Which of the following activities is not a likely use of the botnet?

is launched from large numbers of hosts that have been compromised

Denial of service (DoS) and distributed denial of service (DDoS) attacks have the same effect. However, a DDoS attack ________.

False

Accumulating as many connections as possible on social media (seeking quantity over quality) makes it less likely you will link or "friend" a scam artist or an identity thief.

False

Action session hijacking is functionally no different from sniffing.

True

Active sniffing introduces traffic onto a network, which means the sniffer's presence is detectable on the network.

False

All Linux distributions are free.

False

All evidence, no matter the type, is admissible in court.

/bin

All executables in the Linux ________ directory are accessible and usable by all system users.

Application proxying, stateful inspection, honeypot

Dave would like to use a firewall that is able to intercept user connection requests and perform those connections on behalf of end users. What type of firewall does he want?

True

The language and images you share with friends and family on social media may be inappropriate on the professional side of your life.

Cloud services

Ursula would like to ensure that her local servers are protected against the failure of a single disk. What technology best provides this type of fault tolerance?

3

Caitlyn would like to use a single, multi-homed firewall to create a traditional demilitarized zone (DMZ) network. How many network interfaces does this firewall need?

True

Education is key to stopping both worms and viruses.

False

A single computer configured to attract attackers to it and act as a decoy is a honeynet.

False

Over the past few years, the use of denial of service (DoS) attacks to commit crimes such as extortion has decreased.

False

Over the past several years, social networking sites have become less of a target for cybercriminals.

An intrusion prevention system

Which of the following is an intrusion detection system with additional abilities that make it possible to protect systems from attack by using different methods of access control?

Signature recognition

Which of the following is commonly known as misuse detection because it attempts to detect activities that may be indicative of misuse or intrusions?

Passwords should have at least one number and one special character.

Which of the following is true regarding account passwords?

Intrusion detection system (IDS)

Which of the following provides the ability to monitor a network, host, or application, and report back when suspicious activity is detected?

Oversharing of company activities typically is conducted by disgruntled employees who are intentionally trying to harm their company.

Which of the following statements is NOT true regarding oversharing of company activities?

Social engineering has different goals and objectives than other types of hacking.

Which of the following statements is NOT true regarding social engineering?

Direct

Which of the following types of evidence is received as the result of testimony or interview of an individual regarding something he or she directly experienced?

Network traffic

Which of the following is a firewall best able to control?

business continuity plan

A ________ defines how an organization will maintain what is accepted as normal day-to-day business in the event of a security incident or other events disruptive to the business.

True

A business that is part of the health care industry should expect regulations to come into play that dictate data protection needs and other requirements.

True

A denial of service (DoS) attack is designed to deny legitimate users the use of a system or service through the systematic overloading of its resources.

honeynet

A group of computers or a network configured to attract attackers is called a ________.

False

A host-based intrusion detection system (HIDS) monitors activity on a network.

True

A lookup table is used to track which Media Access Control (MAC) addresses are present on which ports on a switch.

port redirection

A process where communications are redirected to different ports than they would normally be destined for is called ________.

False

A safe computing practice is to use one password for all online accounts.

True

An alternate site is where all operations will be moved if the primary or normal site is no longer able to provide those services.

reverse social engineering

An attacker who sets up a realistic persona from which the victim seeks assistance is participating in ________.

True

An important component of damage assessment is to determine whether the attack is over or ongoing.

Reuse of passwords leads to tweet rage; Passwords that are compromised on one site may be reused on other sites; Reuse of passwords is against the law.

Camila is educating users about social media risks. What is the primary risk of using the same password for more than one account?

Hypertext Transfer Protocol (HTTP)

Chris is concerned that attackers might engage in sniffing attacks against traffic on his network. Which of the following protocols is most susceptible to sniffing attacks?

True

Click fraud is a type of botnet attack in which infected systems are used to click on ads, generating revenue for the attacker.

True

Hardware-based keystroke loggers can be plugged into a universal serial bus (USB) port on a system and monitor the passing signals for keystrokes.

True

In Linux, the /boot directory contains all the files required to start up and boot a Linux operating system.

True

In Linux, the command line is the only way to do more advanced operations.

True

It is worthwhile to conduct an Internet search on yourself in order to see what personal information is available about you online.

Containment

Jake just determined that an attacker controls a system on his network. What stage of the incident response process should he move to next?

Logic bomb

Jane's organization recently experienced a security incident that occurred when malware set to trigger on the chief executive officer's (CEO's) birthday deleted all of the company's customer records. What type of malware was used in this attack?

True

Many social networking sites have grown so large so fast that they have not taken appropriate security measures to secure the information they are entrusted with.

methods of bypassing a switch to perform sniffing

Media Access Control (MAC) flooding and Address Resolution Protocol (ARP) poisoning are ________.

True

Most intrusion detection systems (IDSs) are based on signature analysis.

False

Sniffers are fundamentally dangerous because they are used to steal information.

True

Social engineering is a type of information security attack that depends primarily on human weakness.

True

The Linux kernel, unlike that of Windows, can be configured by anyone with the time and knowledge required.

fault tolerance

The capacity of a system to keep functioning in the face of hardware or software failure is called ________.

kernel

The core component of the Linux operating system, which has control over all low-level system functions such as resource management, input and output operations, and central processing unit (CPU), is called the ________.

Disable all options and enable them one by one.

What is the best way to ensure that Facebook privacy settings are well-managed?

False

Whenever possible, security practitioners should encourage people to use their social network for both their professional activities and their personal activities.

Show "limited friends" a cutdown version of your profile.

Which Facebook protection practice enables you to "friend" work associates with whom you feel uncomfortable sharing personal information?

Full interruption

Which disaster recovery plan test closely simulates a disaster, including interrupting services and the organization itself?

Structured walkthrough

Which disaster recovery plan test involves members of the disaster recovery team reading through the plan together to uncover potential gaps and bottlenecks in the response?

Simulation

Which disaster recovery plan test involves practicing backup and restore operations, incident response, communication and coordination of efforts, and alternative site usage in such a way that normal business operations are not adversely affected?

Investigation

Which incident response phase involves collecting evidence?

False

A business continuity plan (BCP) dictates how the entire business will be brought back to an operational state.

False

A denial of service (DoS) attack is typically the first action an advanced hacker will take in an attempt to access a system.

incident response plan

A detailed plan that describes how to deal with a security incident when it occurs is called a(n) ________.

switch

A device used to break a network into multiple logical network segments known as collision domains is called a ________.

True

A hot alternate site typically has a high degree of synchronization with the primary site up to the point of completely duplicating it.

True

A multi-homed device has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces.

True

A screened host is a setup where the network is protected by a device that combines the features of proxy servers with packet filtering.

True

A security control is a technical or nontechnical mechanism that enforces an organization's security policy.

True

A security incident is an event that results in a violation of or poses an imminent threat to the security policy.

True

A security incident report should include a risk assessment of the state of the system before and after the security incident occurred.

True

A security incident that is investigated improperly can result in substantial legal problems for a company.

True

A security information and event management (SIEM) monitors log files for security events.

True

A service level agreement (SLA) is a legal contract that lays out what a service provider will provide and at what performance level.

True

A web browser is safer if it is the latest version and it is kept up to date.

True

An attacker can use a keystroke logger to monitor activity on a system and have it reported back to the attacker.

True

An intrusion detection system (IDS) captures traffic and compares the intercepted traffic to known good or bad behavior.

False

An intrusion detection system (IDS) is a single piece of software, as opposed to a series of components.

False

An intrusion detection system (IDS) prevents attacks from occurring.

False

An intrusion detection system (IDS) provides a way of both detecting an attack and dealing with it.

False

As soon as a security incident is discovered, it is important to disconnect any devices, wires, and peripherals, and shut down the system.

shoulder surfing

Attackers observing victims as they enter codes at a bank cash machine or a gas pump are participating in ________.

Session hijacking

Barry is investigating the unauthorized access to his chief executive officer's (CEO's) email account. Barry discovers the tools Ettercap and Hunt on a nearby workstation. Which of the following attacks is the most likely cause of the breach?

True

Both denial of service (DoS) and distributed denial of service (DDoS) attacks seek to overwhelm a victim with requests designed to lock up, slow down, or crash a system.

passive session hijacking

Botnets are used to perform all of the following attacks except ________.

Shoulder surfing, impersonation, dumpster diving

Brynn discovered that her company's accounts receivable department is discarding customer payment checks without shredding them. What is the primary social engineering risk associated with this activity?

Disaster recovery plan

Carla's business recently suffered an attack that shut down operations. What planning document describes how her business should recover from this disruption?

True positive

Christine investigated an alert generated by her intrusion detection system (IDS) and determined that the reported activity did actually take place. How should she classify this alert?

denial of service (DoS) attacks

Consumption of bandwidth, consumption of resources, and exploitation of programming defects are the three broad categories of ________.

False

Corroborative evidence is considered so strong that it directly overrides all other evidence types by its existence.

Media Access Control (MAC) flooding

Countermeasures that can be used to defeat sniffing include all of the following except ________.

True

Even if a disaster recovery plan (DRP) is properly evaluated and tested, it must be reviewed regularly because times change and the plan must adapt.

social networking sites

Facebook, Twitter, and LinkedIn are examples of ________.

True

For many businesses, a social media presence is a key part of the corporate communications strategy.

/var

Gary is investigating an attack against his web server and would like to inspect the HTTP logs. Which top-level directory would contain these logs?

MAC flooding

Harold is performing a penetration test and would like to force a switch to fall back to forwarding mode. Which of the following attacks would be most helpful to Harold in meeting his goal?

False

In Linux, the files that dictate access between hardware and the operating system reside in /home.

False

In Linux, the name of a command generally consists of uppercase letters.

True

In Windows, directories are referenced with the familiar "\", but in Linux, the directories are referenced with "/."

Active session hijacking

In what type of attack does the attacker take over an established session between two parties and then interacts with the remaining party as if the attacker were the party that has been disconnected?

Incident identification

In which incident response phase do team members determine how seriously the incident has affected critical systems or data?

False

It is easy for a session hijacker to predict the sequence numbers of packets in order to hijack a session successfully.

False

It is possible to eliminate the chance of a security incident.

They require user action to spread.

Joon believes that a worm infected several systems on his network. Which of the following statements is NOT true about worms?

/dev

Kaiden would like to find the list of physical disk drives that are connected to a Linux system. Which directory contains a subdirectory for each drive?

False

Kali Linux is designed to be used as a desktop replacement operating system.

False

Linux can be operated only from the command line.

True

MAC flooding involves overwhelming or flooding a switch with a high volume of requests.

True

Malware can be used to turn a system into a server hosting any type of content, such as illegal music or movies, pirated software, pornography, and financial data.

True

Malware can steal passwords and personal information from an unsuspecting user.

RAT

Maria recently discovered that an attacker placed malware on a system used by her company's chief financial officer (CFO) that allowed the attacker to remotely control the system. What type of malware was used in this case?

True

Most Internet of Things (IoT) devices have little or no security controls configured.

False

Most networks and protocols are inherently secure, making them difficult to sniff.

False

Regarding Linux, the terms "free" and "open source" are interchangeable.

False

Session hijacking is the process of assisting two parties in establishing a new session.

True

Social engineering relies on most people's ignorance of the value of their personal information or authority.

True

The Payment Card Industry Data Security Standard (PCI DSS) has specific requirements for organizations' incident response plans.

True

The majority of Linux commands are case sensitive.

least privilege

The principle that individuals will be given only the level of access that is appropriate for their specific job role or function is called ________.

due diligence

The process of investigating any and all security incidents and related issues pertaining to a particular situation is called ________.

False

The rise of services such as Facebook, LinkedIn, and Twitter has made the loss of personal information or loss of control of that information through social media less of a concern.

intrusion

The term ________ is defined as an unauthorized use or access of a system by an individual, a party, or a service.

misuse

The term ________ is defined as the improper use of privileges or resources within an organization.

True

There is typically only one version of a Linux kernel for a specific Linux operating system.

Secondary evidence

Tom is preparing to testify in court in a criminal case. He plans to bring with him an image of a drive involved in the criminal activity. What term best describes this type of evidence?

False

Typically, a computer system can see all communications, whether they are addressed to the listening station or not.

Trigger finger

Vic is analyzing the LinkedIn profiles of his company's employees. He discovers that one of them is labeled with the keyword LION. What risk does this pose?

nc

Wendy is an attacker who recently gained access to a vulnerable web server running Microsoft Windows. What command can she use to create a command prompt and redirect it to her local computer?

Active sniffing

What type of sniffing takes place on networks that have connectivity hardware that is "smarter" or more advanced, such as those with a switch?

True

When a covert channel is in use, information is typically transferred in the open, but hidden within that information is the information the sender and receiver wish to keep confidential.

mv

Which Linux command moves files from one location to a new location?

/sbin

Which Linux directory contains executables used by the operating system and administrators but not typically by ordinary users?

mkdir

Which command creates new directories in Linux?

pwd

Which command displays the current location of the user within the Linux directory structure?

rmdir

Which command removes or deletes empty directories from the Linux filesystem?

/proc

Which directory contains vital information about processes running on the Linux system?

Lessons learned

Which incident response phase has the goal of determining what was done right, what was done wrong, and how to improve?

Administrative

Which of the following controls fit in the area of policy and procedure?

Business impact analysis

Which of the following covers the potential risks uncovered following an incident and their potential impact on the organization?

Disaster recovery plan

Which of the following documents states how personnel and assets will be safeguarded in the event of a disaster?

Increasing random access memory (RAM) on a system

Which of the following is NOT a common use of live Linux distributions?

Have shopping websites save your address and credit card information so you don't have to reenter it each time.

Which of the following is NOT considered a safe computing practice?

Set up an email account that uses your real name.

Which of the following is NOT considered a sensible guideline to follow when using social networking sites?

Cinnamon

Which of the following is NOT one of the more common distributions of Linux?

Anomaly detection

Which of the following is a detection method that uses a known model of activity in an environment and reports deviations from established normal behavior?

Demilitarized zone (DMZ)

Which of the following is a region of a network or zone that is located between two firewalls?

Cold site

Which of the following is a type of alternate site that does not include backed-up copies of data and configuration data from the primary location?

Trojan

Which of the following is malware that looks legitimate but hides a payload that does something unwanted?

Office productivity applications

Which of the following is not a common use of a live distribution of Linux?

Insert himself/herself between Party A and Party B.

Which of the following is the first step an attacker must perform to conduct a successful session hijacking?

The Computer Fraud and Abuse Act of 1986

Which of the following laws was originally passed to address federal computer-related offenses and the cracking of computer systems?

Argument

Which of the following specifies filenames or other targets that fine-tune the action of a Linux command?

This method can detect viruses that it knows about and those it does not know about.

Which of the following statements is NOT true about dictionary-based virus detection?

It cannot be used to tap Voice over IP (VoIP) phone calls.

Which of the following statements is NOT true regarding Address Resolution Protocol (ARP) poisoning?

Virus

Which of the following types of malware is a piece of code or software that spreads from system to system by attaching itself to other files, and is activated when the file is accessed?

Macro virus

Which of the following types of viruses infects and operates through the use of a macro language built into applications, such as Visual Basic for Applications (VBA) in Microsoft Office?

Multipartite virus

Which of the following types of viruses infects using multiple attack vectors, including the boot sector and executable files on a hard drive?

Logic bomb

Which of the following types of viruses is a piece of code or software designed to lie in wait on a system until a specified event occurs?

Polymorphic virus

Which of the following types of viruses is designed to change its code and "shape" to avoid detection by virus scanners?

The system will be just like it was before using the Live CD/DVD.

Which of the following will happen after using a Linux Live CD/DVD, ejecting the media, and rebooting the system from the hard drive?

Kali is designed to be used as a desktop replacement operating system.

Which statement is NOT true of Kali Linux?

True

You can run a live Linux distribution on a USB flash drive.

Tweet rage

________ is an immediate, angry response to something a person disagrees with online.

Chain of custody

________ is the process of tracking evidence from collection to trial and after, when it is returned to its owner or destroyed.

False

Logic bombs are relatively easy to detect.

Ping flood

Which of the following is a distributed denial of service (DDoS) attack in which the attacker sends a large number of ping packets with the intent of overwhelming a victim?

Malware

Which of the following is a general term for software that is inherently hostile, intrusive, or annoying in its operation?

Worm

Which of the following is a malware program designed to replicate without attaching to or infecting other files on a host system?

Back Orifice (BO2K)

Which of the following is a next-generation Trojan tool designed to accept customized, specially designed plug-ins?

Ransomware

Which of the following is a type of malware designed to hold your data hostage?


Conjuntos de estudio relacionados

Chapter 11 Packaging (True/False)

View Set

Chapter 10 - Access Control Methods and Models

View Set

MGMT 329 CH 6 RECRUITING 6.1-6.7

View Set

Organizational Behavior - Exam 1

View Set

Chapter 15 Pre-Lecture Questions

View Set

Preguntas de la semana 2.2 Spanish 1

View Set

Russian 225 Подготовка к контрольной работе (Урок 6)

View Set

Overview of the Nursing Process-Sherpath

View Set