CISS 120 Final

In the Perl programming language, comment lines begin with the which of the following character(s)? Select one: a. % b. // c. # d. $

#

Which of the following is an alternative term used when referring to Application Security? Select one: a. SecAPP b. Apps c. AppSec d. SQLSec

AppSec

d. Perl and Python

C and C

What type of Windows Server is the most likely server to be targeted by a computer hacker? Select one: a. File Server b. DNS Server c. DHCP Server d. Domain Controller

Domain Controller

Technology is restricted to a single room or line of sight because this light spectrum cannot penetrate walls

Infrared (IR)

An embedded OS certified to run multiple levels of classification on the same CPU without leakage between levels

MILS

Which of the following EAP methods uses TLS to authenticate the server to the client, but not the client to the server? Select one: a. PPP b. EAP c. EAP-TLS d. PEAP

PEAP

A structure consisting of programs, protocols, and security policies for encrypting data and uses public key cryptography to protect data transmitted over the Internet

PKI

The name used to identify a WLAN

SSID

A cryptographic firmware boot-check processor installed on many new computer systems

Trusted Platform Module

What wireless hacking tool can perform scans for wireless access points and can set up fake APs to social-engineer users or confuse attackers using airbase-ng? Select one: a. WiFi Scan b. WiFi Pineapple c. Fake AP d. AP Pineapple

WiFi Pineapple

An independent WLAN without an AP

ad-hoc network

Ubuntu and Debian Linux use what command to update and manage their RPM packages? Select one: a. yum b. get c. dir d. apt-get

apt-get

Used to find the same hash value for two different inputs and reveal any mathematical weaknesses in a hashing algorithm

birthday attacks

In the C programming language, which of the following show where a block of code begins and ends? Select one: a. braces Correct b. parenthesis c. brackets d. dashes

braces

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers? Select one: a. security tools b. scan tools c. developer tools d. SQL tools

developer tools

A small program developed specifically for use with embedded systems

embedded operating system

Software residing on a chip

firmware

A sequence of random bits generated from a range of allowable values

key

In object-oriented programming, a function contained in a class is called which of the following? Select one: a. variable function b. label function c. test function d. member function

member function

What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system? Select one: a. no ACL support b. no SUS support c. no SMTP support d. no Linux support

no ACL support

Operate on plaintext one bit at a time

stream cipher

Which type of symmetric algorithm operates on plaintext one bit at a time? Select one: a. open ciphers b. plain ciphers c. stream ciphers d. block ciphers

stream ciphers

What standard specifically defines the process of authenticating and authorizing users on a network? Select one: a. 802.11 b. 802.1 c. 802.1X d. WEP

802.1X

A standard that addresses the issue of authentication

802.1x

Encryption algorithm used for the Data Encryption Standard

DEA

Data packets are spread simultaneously over multiple frequencies instead of hopping to other frequencies

DSSS

The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of which OSI model layer? Select one: a. Network Link layer b. Data Link layer c. transport layer d. session layer

Data Link layer

An enhancement to PPP, that was designed to allow a company to select its authentication method

EAP

What specific type of spread spectrum modulation allows data to hop to other frequencies to avoid interference that might occur over a frequency band? Select one: a. HSSS b. DSSS c. FHSS d. OFSS

FHSS

What configuration mode allows a Cisco administrator to configure router settings that affect the overall operations of the router? Select one: a. Security configuration mode b. Admin configuration mode c. Global configuration mode d. Interface configuration mode

Global configuration mode

Which of the following is a utility that is a wireless network detector, sniffer, and an intrusion detection system? Select one: a. Kismet b. Clonezilla c. Vistumbler d. Firefox

Kismet

What application is considered the original password-cracking program and is now used by many government agencies to test for password strength? Select one: a. John the Ripper b. Hydra (THC) c. Pwdump3v2 d. L0phtcrack

L0phtcrack

Which of the following is a common Linux rootkit? Select one: a. Back Orifice b. Kill Trojans c. Packet Storm Security d. Linux Rootkit 5

Linux Rootkit 5

A device that performs more than one function, such as printing and faxing is called which of the following? Select one: a. MILS b. ASA c. RTOS d. MFD

MFD

Visual Basic Script (VBScript) is a scripting language developed by which of the following companies? Select one: a. Sun Microsystems b. Symantec c. Macromedia d. Microsoft

Microsoft

Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities? Select one: a. CVE Web site b. CERT c. Microsoft Security Bulletin d. Macromedia security

Microsoft Security Bulletin

Which type of wireless technology uses microwave radio waves to transmit data? Select one: a. Wideband b. Narrowband c. Infrared d. Mediumband

Narrowband

What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce? Select one: a. ECC b. RSA c. DES d. AES

RSA

An open-source embedded OS used in space systems because it supports processors designed specifically to operate in space

RTEMS

What type of attack is being performed when an attacker intercepts the initial communications between a Web server and a Web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher? Select one: a. Cross Server attack b. SSL/TLS downgrade attack c. Hydra attack d. TCP/IP attack

SSL/TLS downgrade attack

Which type of Cisco access lists can restrict IP traffic entering or leaving a router's interface based only on the source IP address? Select one: a. Standard IP Correct b. Extended IP c. IP restrict d. ACL IP

Standard IP

What type of packet filtering records session-specific information about a network connection, including the ports a client uses? Select one: a. Stateful b. Stateless c. Static d. Dynamic

Stateful

What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does? Select one: a. DMZ firewall b. stateless firewall c. upper-layer firewall d. application-aware firewall Correct

application-aware firewall

Uses two keys: one to encrypt data and one to decrypt data

asymmetric algorithm

Any computer system that is not a general-purpose PC or server

embedded system

In HTML, each tag has a matching closing tag that is written with which of the following characters? Select one: a. forward slash (/) b. backward slash (\) c. bang (!) d. ampersand (&) Feedback

forward slash (/)

Defines how data is placed on a carrier signal

modulation

The use of random data alongside plaintext as an input to a hashing function so that the output is unique

salt

What type of encryption is currently used to secure WPA2? Select one: a. Radius b. TKIP c. WEP d. AES

AES

Which of the following protocols is an enhancement to PPP, and was designed to allow a company to select its authentication method? Select one: a. EAP b. WEP c. WPA d. 802.1X

EAP

Data hops to other frequencies to avoid interference that might occur over a frequency band

FHSS

Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers? Select one: a. ADSDSOOBJECT b. MySQLProv c. SQLOLEDB d. SNAOLEDB

SQLOLEDB

A digital document that verifies the two parties exchanging data over the Internet are really who they claim to be

certificate

Which of the following is a computer placed on the network perimeter with the main goal of distracting hackers from attacking legitimate network resources? Select one: a. IDS b. router c. honeypot d. firewall

honeypot

Which of the following is a range of allowable values that is used to generate an encryption key? Select one: a. algorithm area b. key range c. keyspace d. keyarea Feedback

keyspace

What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms? Select one: a. chosen-ciphertext b. chosen-plaintext c. known plaintext d. ciphertext-only

known plaintext

Devices on an organization's network performing more than one function, such as printers, scanners, and copiers

multifunction devices

A technology that uses microwave radio band frequencies to transmit data

narrowband

Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL? Select one: a. reflected b. injected c. unvalidated d. Stored

reflected

Data is spread across a large-frequency bandwidth instead of traveling across just one frequency band

spread spectrum

Uses a single key to encrypt and decrypt data

symmetric algorithm

Which frequency band is used by commercial AM radio stations? Select one: a. extremely low frequency (ELF) b. very low frequency (VLF) c. medium frequency (MF) d. high frequency (HF)

(MF)

In 802.11, which of the following is an addressable unit? Select one: a. host b. Data Terminal Equipment (DTE) c. station (STA) d. wireless NIC (WNIC)

(STA)

Which IDS system uses a baseline of normal activity and then sends an alert if the activity deviates significantly from this baseline? Select one: a. System-based IDS b. Anomaly-based IDS c. Host-based IDS d. Network-based IDS

Anomaly-based IDS

What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date? Select one: a. BIOS-based rootkit b. embedded browser c. unclassified kernel d. patch

BIOS-based rootkit

Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages? Select one: a. XML b. DHTML c. PHP d. CFML

CFML

An OS microkernel extension developed for Linux

RTLinux

A specialized embedded OS used in devices such as programmable thermostats, appliance controls, and even spacecraft

RTOS

Systems used for equipment monitoring in large industries, such as public works and utilities, power generators and dams

SCADA

What specific type of tools can assist teams by identifying attacks and indicators of compromise by collecting, aggregating, and correlating log and alert data from routers, firewalls, IDS/IPS, endpoint logs, Web filtering devices, and other security tools? Select one: a. IOS b. DMZ c. IDS d. SIEM

SIEM

Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available? Select one: a. Static Application Security Testing b. Fast Application Security Testing c. Dynamic Application Security Testing d. Executable Application Security Testing

Static Application Security Testing

Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application? Select one: a. reflected b. injected c. unvalidated d. Stored

Stored

A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate? Select one: a. NIST b. IEEE 802 c. PKI d. X.509

X.509

SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following? Select one: a. firewall b. air gap c. router d. Vlan

air gap

What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does? Select one: a. DMZ firewall b. stateless firewall c. upper-layer firewall d. application-aware firewall

application-aware firewall

Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal? Select one: a. error handling b. delay logic c. client flow d. business logic

business logic

What type of attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt? Select one: a. chosen-ciphertext b. chosen-plaintext c. known plaintext d. ciphertext-only

chosen-plaintext

Cryptography is the process of converting plaintext, which is readable text, into unreadable or encrypted text called which if the following? Select one: a. ciphertext b. cleartext c. maskedtext d. subtext

ciphertext

In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data? Select one: a. chosen-ciphertext b. chosen-plaintext c. known plaintext d. ciphertext-only

ciphertext-only

Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device? Select one: a. firmware b. testware c. middleware d. fireware

firmware

Used for verification, takes a variable-length input and converts it to a fixed-length output string

hashing algorithm

Red Hat and Fedora Linux use what command to update and manage their RPM packages? Select one: a. yum b. get c. dir d. apt-get

yum