CIS 2337 FINAL
A computer system is attacked for one of two general reasons: it is specifically targeted by the attacker or it is a target of opportunity.
TRUE
A physical hard disk drive will persist data longer than a cache.
TRUE
A qualitative risk assessment relies on judgment and experience.
TRUE
Both ipconfig and if config are command-line tools to manipulate the network interfaces on a system.
TRUE
NIDSs are typically deployed so that they can monitor traffic in and out of an organization's major links.
TRUE
Which component of an HIDS must decide what activity is "okay" and what activity is "bad"?
analysis engine
Which document outlines what the loss of any critical functions will mean to the organization?
business impact analysis
WiFi series refers to:
referring to the 802.11 Wireless LAN standards certified by the Wi-Fi Alliance
Which cloud system is defined as one where several organizations with a common interest share a cloud environment for the specific purposes of the shared endeavor?
A public cloud system
What does a host-based IDS monitor?
A single system; intrusion detection system that monitors the computer infrastructure on which it is installed, analyzing traffic and logging malicious behavior
TPM is:
A system of maintenance covering the entire life of the equipment and the total human resource
Evidence that is both legally qualified and reliable is known as __________.
Admissible evidence
What is a method of establishing the authenticity of specific objects, such as an individual's public key or downloaded software?
Certificates
The _______________ is a list of known vulnerabilities in software systems.
Common Vulnerabilities and Exposures (CVE) enumeration
The _______________ is a list of known vulnerabilities in software systems.
Common Vulnerability Database
What is Point-to-point (P2P) connection?
Communications with one endpoint on each end
Which process involves implementing security tools and policies to ensure your container is running as intended?
Container Security
SYN flooding is an example of a __________.
Denial of service attack
SYN flooding is an example of a __________.
Denial-of-service
Business records, printouts, and manuals are which type of evidence?
Documentary Evidence
Backups can prevent a security event from occurring.
FALSE
Cryptography is the universal solution to all security problems.
FALSE
During penetration testing, zero-day vulnerabilities will be established.
FALSE
From a forensics perspective, Linux systems have the same artifacts as Windows systems.
FALSE
If you test something and it comes back negative, but it was in fact positive, then the result is a false positive.
FALSE
Lease privilege refers to removing all controls from a system.
FALSE
Service pack is the term for a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks.
FALSE
Tail is a utility designed to return the first lines of a file.
FALSE
What is an advantage of a host-based IDS?
HIDS can detect attacks that cannot be seen by a Network-Based IDS since they monitor events local to a host
What is an advantage of a network-based IDS?
It takes fewer systems to provide IDS coverage. Development, maintenance, and upgrade costs are usually lower. Visibility into all network traffic and can correlate attacks among multiple systems.
Which action is an example of transferring risk?
Management purchases insurance for the occurrence of an attack.
SSID (service set identifier )is:
Name of the wireless network Setting should limit access only to authorized users
Tangible objects that prove or disprove facts are what type of evidence?
Physical evidence
Which protection ring has the highest privilege level and acts directly with the physical hardware?
Ring 0
Which access control type allows a company to restrict employee logon hours?
Rule-based access control
Which type of attack can be used to execute arbitrary commands in a database?
SQL Injection
All input validation that is essential for business reasons or for security should be performed on the server side of the client-server relationship, where it is free from outside influence and change.
Server Side
The _______________ is a set of tools that can be used to target attacks at the people using systems; it has applets that can be used to create phishing e-mails, Java attack code, and other social engineering-type attacks.
Social-Engineering Toolkit
Which cloud computing service model involves the offering of software to end users from within the cloud?
Software as a service (SaaS)
If the root CA's private key were compromised, what would happen?
Subordinate CAs and end users would be affected.
Evidence that is convincing or measures up without question is known as __________.
Sufficient Evidence
Which statement describes the main difference between TCP and UDP?
TCP packets are connection oriented, whereas UPD packets are connectionless.
Permissions can be applied to specific users or groups to control that user's or group's ability to view, modify, access, use, or delete resources such as folders and files.
TRUE
Rainbow tables include precomputed tables or hash values associated with passwords
TRUE
Shimming attack is the process of putting a layer of code between the driver and the OS
TRUE
TCP is a connectionless protocol.
TRUE
The goal of the delta backup is to back up as little information as possible each time you perform a backup.
TRUE
The presence of risks in a system is an absolute—they cannot be removed or eliminated.
TRUE
Which term refers to a unique alphanumeric identifier for a user of a computer system?
Username
WEP stands for Wired Equivalent Privacy
Uses an RC4 stream cipher to encrypt the data as it is transmitted through the air
Which term refers to characteristics of resources that can be exploited by a threat to cause harm?
Vulnerabilities
When referring to the three steps in the establishment of proper privileges, what does AAA stand for?
authentication, authorization, and accounting.
BIOS stands for:
basic input/output system
Which testing technique requires that the testers have no knowledge of the internal workings of the software being tested?
black box testing
Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure?
change management
Which type of computing brings processing closer to the edge of the network, which optimizes web applications and IoT devices?
edge computing
The movement to an account that enables root or higher-level privilege is known as:
escalation of privilege
Clusters on a hard disk that are marked by the operating system as usable when needed are referred to as __________.
free space
Which backup technique requires a large amount of space and is considered to have a simple restoration process?
full
A(n) _______________ is a low-level program that allows multiple operating systems to run concurrently on a single host computer.
hypervisor
What is operating system?
is a program that manages a computer's hardware as well as providing an environment for applications programs to run on.
Which term is used to describe the target time that is set for resuming operations after an incident?
recovery time object
Which term is used to describe the target time that is set for resuming operations after an incident?
recovery time objective (RTO)
What is malware?
refers to software that has been designed for some nefarious purposes
Which term refers to the possibility of suffering harm or loss?
risk
WiFi uses which frequency spectrum?
systems exist on 2.4GHz and 5GHz frequency spectrums
Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution?
the Exclusionary Rule
Which component of an HIDS pulls in the information that the other components, such as the analysis engine, need to examine?
traffic collector
Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on?
white box testing
Which term is used to define vulnerabilities that are newly discovered and not yet addressed by a patch?
zero day
