S+ Midterm
What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?
$250,000
In information security, an example of a threat agent can be ____.
--a force of nature such as a tornado that could destroy computer equipment --virus that attacks a computer network
The expression ____ up one directory level.
../ traverses
For a Web server's Linux system, the default root directory is typically ____.
/var/www
A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts.
10 to 14
Passive tags have ranges from about 1/3 inch to ____ feet.
19
IP addresses are ____-bit addresses.
32
There are almost ____ different Microsoft Windows file extensions that could contain a virus.
70
Approximately ____ percent of households in the United States use the Internet for managing their finances.
80
____ is the probability that a risk will occur in a particular year.
ARO
____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
Adware
____ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter.
Authentication
____ is a comparison of the present state of a system compared to its baseline.
Baseline reporting
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.
C:\Inetpub\ wwwroot
Using video cameras to transmit a signal to a specific and limited set of receivers is called ____.
CCTV
____ are combination locks that use buttons which must be pushed in the proper sequence to open the door.
Cipher locks
____ ensures that only authorized parties can view information.
Confidentiality
____ is defined as a security analysis of the transaction within its approved context.
Content inspection
____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.
Cyberterrorists
____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.
DLP
Each host (desktop, wireless laptop, smartphone, gateway server) runs a local application called a ____, which is sent over the network to the devices and runs as an OS service.
DLP agent
In order to allow untrusted outside users access to resources such as Web servers, most networks employ a ____.
DMZ
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.
DNS
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.
DNS poisoning
____ substitutes DNS addresses so that the computer is automatically redirected to another device.
DNS poisoning
____ is the proportion of an asset's value that is likely to be destroyed by a particular risk.
EF
A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks.
Easter egg
____ attacks are responsible for half of all malware delivered by Web advertising.
Fake antivirus
____ is an image spam that is divided into multiple images.
GIF layering
____ uses "speckling" and different colors so that no two spam e-mails appear to be the same.
Geometric variance
The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
Gramm-Leach-Bliley
Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
HIPAA
____ is designed to display data, with the primary focus on how the data looks.
HTML
The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.
HTTP header
____ ensures that information is correct and that no unauthorized person or malicious software has altered that data.
Integrity
____ is a technology that can help to evenly distribute work across a network.
Load balancing
____ can be prewired for electrical power as well as wired network connections.
Locking cabinets
The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.
Love Bug
The most popular attack toolkit, which has almost half of the attacker toolkit market is ____.
MPack
____ is a technique that allows private IP addresses to be used on the public Internet.
NAT
Layer 3 of the OSI model is the ____ layer.
Network
____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.
Outsourcing
____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP).
PAT
____ IP addresses are IP addresses that are not assigned to any specific user or organization.
Private
ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags.
RFID
____ provides remote users with the same access and functionality as local users through a VPN or dial-up connection.
Remote access
Released in 1995, one of the first tools that was widely used for penetration testing was ____.
SATAN
The ____ is the expected monetary loss every time a risk occurs.
SLE
____ is a language used to view and manipulate data that is stored in a relational database.
SQL
Layer 5 of the OSI model is the ____ layer.
Session
____ is an attack in which an attacker attempts to impersonate the user by using his session token.
Session hijacking
____ is when an attacker tricks users into giving out information or performing a compromising action.
Social engineering
____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
Stateful packet filtering
In a(n) ____ infection, a virus injects itself into the program's executable code instead of at the end of the file.
Swiss cheese
____ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated.
Tailgate sensors
A ____ is a program advertised as performing one activity but actually does something else.
Trojan
A ____ allows scattered users to be logically grouped together even though they may be attached to different switches.
VLAN
A(n) ____ encrypts all data that is transmitted between the remote device and the network.
VPN
A(n) ____ can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site.
Web security gateway
____ involves horizontally separating words, although it is still readable by the human eye.
Word splitting
____ switches are connected directly to the devices on a network.
Workgroup
____ is for the transport and storage of data, with the focus on what the data is.
XML
In information security, a loss can be ____.
a. theft of information b. a delay in transmitting information that results in a financial penalty c. the loss of good will or a reputation
The ____ for software is the code that can be executed by unauthorized users.
attack surface
Users who access a Web server are usually restricted to the ____ directory.
base
A ____ outlines the major security considerations for a system and becomes the starting point for solid security.
baseline
A ____ virus infects the Master Boot Record of a hard disk drive.
boot
A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or immobile object.
cable lock
A(n) ____ indicates that no process is listening at this port.
closed port
While the code for a program is being written, it is being analyzed by a ____.
code review
A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program.
companion
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.
cybercrime
Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire.
data
In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network.
distributed
A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.
drive-by-download
A(n) ____ is the end of the tunnel between VPN devices.
endpoint
Securing a restricted area by erecting a barrier is called ____.
fencing
A(n) ____ is hardware or software that is designed to prevent malicious packets from entering or leaving computers.
firewall
In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer.
heuristic detection
A ____ is a network set up with intentional vulnerabilities.
honeynet
A ____ is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.
honeypot
A ____ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment.
hub
The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
information security
A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.
logic bomb
A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks.
macro
An information security ____ position focuses on the administration and management of plans, policies, and people.
manager
A ____ is designed to separate a nonsecured area from a secured area.
mantrap
A(n) ____ means that the application or service assigned to that port is listening for any instructions.
open port
Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself.
physical token
When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities.
port scanner
A ____ virus infects program executable files.
program
A(n) ____ is hardware or software that captures packets to decode and analyze its contents.
protocol analyzer
The signal from an ID badge is detected as the owner moves near a ____, which receives the signal.
proximity reade
A ____ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.
proxy server
A ____ attack is similar to a passive man-in-the-middle attack.
replay
Viruses and worms are said to be self-____.
replicating
A ____ virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.
resident
A(n) ____ does not serve clients, but instead routes incoming requests to the correct server.
reverse proxy
A ____ is an independently rotating large cups affixed to the top of a fence prevent the hands of intruders from gripping the top of a fence to climb over it.
roller barrier
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms.
rootkit
A ____ is a network device that can forward packets across computer networks.
router
The position of ____ is generally an entry-level position for a person who has the necessary technical skills.
security technician
In Microsoft Windows, a ____ is a collection of security configuration settings.
security template
Web application attacks are considered ____ attacks.
server-side
A ____ is software that is a cumulative package of all security updates plus additional features.
service pack
Examining network traffic, activity, transactions, or behavior and looking for well-known patterns is known as ____-based monitoring
signature
What is another name for unsolicited e-mail messages?
spam
An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing.
spiked collar
Each operation in a computing environment starts with a ____.
system call
HTML is a markup language that uses specific ____ embedded in brackets.
tags
The end product of a penetration test is the penetration ____.
test report
The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
threat modeling
A computer ____ is malicious computer code that reproduces itself on the same computer.
virus
Unlike other malware, a ____ is heavily dependent upon the user for its survival.
virus
The two types of malware that have the primary objective of spreading are ____.
viruses and worms
A security weakness is known as a(n) ____.
vulnerability
A ____ in effect takes a snapshot of the current security of the organization.
vulnerability appraisal
A(n) ____ examines the current security in a passive method.
vulnerability scan
The SQL injection statement ____ discovers the name of a table.
whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
The SQL injection statement ____ determines the names of different fields in a database.
whatever' AND email IS NULL; --
The SQL injection statement ____ finds specific users.
whatever' OR full_name LIKE '%Mia%'
The SQL injection statement ____ erases the database table.
whatever'; DROP TABLE members; -- Correct
A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.
white box
When DNS servers exchange information among themselves it is known as a ____.
zone transfer
