CIS 2337
What does a host-based IDS monitor? -activity a specific host -activity on the network itself -a honeynet -a digital sandbox
activity on a specific host
Which component of an HIDS must decide what activity is "okay" and what activity is "bad"? -traffic collector -analysis engine -signature database -examination collector
analysis engine
Which protection ring has the highest privilege level and acts directly with the physical hardware? -0 -1 -2 -3
0
WiFi uses which frequency spectrum? -10 Mhz -2.4 Mhz -2.4 Ghz and 5 Ghz -10 Ghz
2.4 Ghz and 5Ghz
If the root CA's private key were compromised, what would happen? -Entities within the hierarchical trust model and end users would be unaffected. -Entities within the hierarchical trust model would also be compromised, but users would be unaffected. -All entities within the hierarchical trust model would be drastically affected. -Only the root CA would be affected.
All entities within the hierarchical trust model would be drastically affected.
BIOS stands for: -Biological input output standard -Basic input output system -Basic integrated operating system -Basic information operating system
Basic input output system
The _______________ is a list of known vulnerabilities in software systems. -Authority Revocation List (ARL) -Common Vulnerabilities and Exposures (CVE) enumeration -Certificate Revocation List (CRL) -Filesystem Access Control List (FACL)
Common Vulnerabilities and Exposures (CVE) enumeration
What is Point-to-point (P2P) connection? -Communications with one endpoint on each end -Communications that have multiple receivers for a transmitted signal -Series of satellites that provide nearly global coverage -RFID tags
Communications with one endpoint on each end
Backups can prevent a security event from occurring. -True -False
False
During penetration testing, zero-day vulnerabilities will be established. -True -False
False
If you test something and it comes back negative, but it was in fact positive, then the result is a false positive. -True -False
False
Least privilege refers to removing all controls from a system. -True -False
False
Private keys are listed in the digital certificates. -True -False
False
Service pack is the term for a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks. -True -False
False
Tail is a utility designed to return the first lines of a file. -True -False
False
TPM is: -Hardware security solution on the motherboard -Hardening system -self-encrypting drives -full drive encryption
Hardware security solution on the motherboard
What is an advantage of a host-based IDS? -It can reduce false-positive rates. -Its signatures are broader. -It can examine data before it is decrypted. -It is inexpensive to maintain in the enterprise.
It can reduce false-positive rates.
Which action is an example of transferring risk? -Management purchases insurance for the occurrence of an attack. -Management applies controls that reduce the impact of an attack. -Management decides to accept responsibility for the risk if it does happen. -Management decides against deploying a module that increases risk.
Management purchases insurance for the occurrence of an attack.
SSID (service set identifier )is: -Name of the wireless network -Wireless signal strength -Which spectrum its operating -Why I am using the network
Name of the wireless network.
Which term refers to the possibility of suffering harm or loss? -Risk -Hazard -Threat vector -Threat actor
Risk
The _______________ is a set of tools that can be used to target attacks at the people using systems; it has applets that can be used to create phishing e-mails, Java attack code, and other social engineering-type attacks. -WireShark Toolkit -Metasploit Suite -Social-Engineering Toolkit -Burp Suite
Social-Engineering Toolkit
Which cloud computing service model involves the offering of software to end users from within the cloud? -Platform as a Service (PaaS) -Software as a Service (SaaS) -Infrastructure as a Service (IaaS) -Security as a Service (SaaS)
Software as a Service (SaaS)
What is an advantage of a network-based IDS? -This type of IDS can examine data after it has been decrypted. -This type of IDS coverage requires fewer systems. -This type of IDS can be very application specific. -This type of IDS can determine whether or not an alarm may impact a specific system.
This type of IDS coverage requires fewer systems
A computer system is attacked for one of two general reasons: it is specifically targeted by the attacker or it is a target of opportunity. -True -False
True
A qualitative risk assessment relies on judgment and experience. -True -False
True
Both ipconfig and ifconfig are command-line tools to manipulate the network interfaces on a system. -True -False
True
PKI can be used to establish a level of trust with individuals we do not know, allowing sensitive communication to take place. -True -False
True
Public keys are components of digital certificates. -True -False
True
Rainbow tables include precomputed tables or hash values associated with passwords -True -False
True
Shimming attack is the process of putting a layer of code between the driver and the OS -True -False
True
The X.509 standard outlines the necessary fields of a certificate and the possible values that can be inserted into the fields. -True -False
True
The presence of risks in a system is an absolute—they cannot be removed or eliminated. -True -False
True
WEP stands for Wired Equivalent Privacy -True -False
True
Which testing technique requires that the testers have no knowledge of the internal workings of the software being tested? -black box testing -gray box testing -white box testing -red box testing
black box testing
Which document outlines what the loss of any critical functions will mean to the organization? -business continuity plan (BCP) -disaster recovery plan (DRP) -business impact analysis (BIA) -succession plan
business impact analysis (BIA)
Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure? -qualitative risk assessment -quantitative risk assessment -configuration management -change management
change management
Which cloud system is defined as one where several organizations with a common interest share a cloud environment for the specific purposes of the shared endeavor? -private -hybrid -community -public
community
SYN flooding is an example of a __________. -viral attack -denial-of-service attack -logic bomb -trojan horse
denial-of-service-attack
Which type of computing brings processing closer to the edge of the network, which optimizes web applications and IoT devices? -implicit -edge -recovery -hybrid
edge
The movement to an account that enables root or higher-level privilege is known as: -escalation of privilege -encryption -layered tunneling -hashing
escalation of privilege
Which backup technique requires a large amount of space and is considered to have a simple restoration process? -delta -differential -incremental -full
full
A(n) _______________ is a low-level program that allows multiple operating systems to run concurrently on a single host computer. -cipher -hypervisor -subnet -escrow
hypervisor
Which term is used to describe the target time that is set for resuming operations after an incident? -business continuity plan (BCP) -recovery time objective (RTO) -disaster recovery plan (DRP) -recovery point objective (RPO)
recovery time objective (RTO)
What is malware? -Always being cautious about executing programs -Relies on lies and misrepresentation, which an attacker uses to trick an authorized user into providing information -A network sniffer -refers to software that has been designed for some nefarious purpose
refers to software that has been designed for some nefarious purpose
Which component of an HIDS pulls in the information that the other components, such as the analysis engine, need to examine? -traffic collector -signature database -expert knowledge database -user interface and reporting
traffic collector
Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on? -blacklisting -penetration testing -auditing -white box testing
white box testing
Which term is used to define vulnerabilities that are newly discovered and not yet addressed by a patch? -exposure factor -least privileged -intangible asset -zero day
zero day
WiFi series refers to: -802.11 standard -142.23 standard -Zigbee standard -BLE standard
802.11 standard
What is operating system? -Basic software that handles things such as input, output, display, memory management, and all the other highly detailed tasks -Process used to maintain systems in an up-to-date fashion -Prevents their use by unauthorized users, improves system throughput, and increases security -Configuring extra security measures
Basic software that handles things such as input, output, display, memory management, and all the other highly detailed tasks
