ITSY test 3 review
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?
800
Which Intstitute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs?
802.11
-Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alice public key
When malware close performance, which of the following tenets of information system security is impacted?
Availability
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a web page when they connect to the network. What technology should she deploy?
Captive portal
Which information security objective allows trusted entities to endorse information?
Certification
Why do hackers often send zipped and encrypted files and attachments?
They cannot be opened by antivirus software and so they will often reach the recipient.
A ______________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door", allowing additional hack tools and access to the system.
Trojan
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?
Trojan Horse
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
True
When the key is successfully created, which of the following options lets you store your certificate on a public Internet server?
Upload to certificate
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?
VPN concentrator
The ___________ is a quarantine area where all removed files, virus infected or suspicious files are stored until you take action on them.
Virus Vault
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
Vlan- virtual LAN
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?
Whitelisting
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois
The __________ is a personal firewall that filters incoming and outgoing traffic by blocking unauthorized traffic to the local computer.
Windows Firewall with Advanced Security
Each time a key pair is created, Kleopatra generates:
back up
Some of the more important _________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management.
host-based security measures
In a ___________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen.
non-persistent cross-site scripting
Database developers and administrators are responsible for:
nsuring regular backups of the database are performed.
No production web application, whether it resides inside or outside the firewall, should be implemented without:
penetration testing and security hardening.
In a _____________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server.
persistent cross-site scripting
Users often complain that _____________ make their systems "slow" and hard to use.
security measures
What protocol is responsible for assigning IP addresses to hosts on most networks?
DHCP- dynamic host configuration
The main principle of ____________ is to build layers of redundant and complementary security tools, policies, controls and practices around the organization's information and assets.
Defense in depth
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?
Hash
Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out?
IEEE 802.3
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?
ISO 27002
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
Integrity
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?
International Organization for Standardization (ISO)
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?
Internet Control Message Protocol (ICMP)
What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?"
National Institute of Standard and Technology (NIST)
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?
Nmap
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?
Non repudiation
Web application firewalls, security information and event management systems, access controls, network security monitoring and change controls help to keep the "soft center" from becoming an easy target when the ________ fails.
Perimeter
Which approach to cryptography provides the strongest theoretical protection?
Quantum cryptography
What type of malicious software allows an attacker to remotely control a compromised computer?
RAT - remote access tool
What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?
Request for Comment (RFC)
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?
SQL Injection
Which of the following allows valid SQL commands to run within a web form?
SQL Injection
Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Session hijacking
--The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack too place?
Spear phising
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?
Switch
Which type of virus targets computer hardware and software startup functions?
System infector
Web application developers and software developers are responsible for:
The secure coding and testing of their application
Which type of cipher works by rearranging the characters in a message?
transposition
A salt value is a set of random characters you can combine with an actual input key to create the encryption key.
true
Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input?
Cross-site scripting (XSS)
Which element is NOT a core component of the ISO 27002 standard?
Cryptography
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Cross-site scripting (XSS)