CIST 2613 Final review
What port does the Trivial File Transfer Protocol, or TFTP service use?
.port 69
In HTML, each tag has a matching closing tag that is written with which of the following characters?
/
What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?
443
What type of encryption is currently used to secure WPA2?
AES
UNIX was first written in assembly language. However, it was soon rewritten in what programming language?
C
What professional level security certification requires five years of experience and is designed to focus on an applicant's security-related managerial skills?
CISSP
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?
Consult their lawyer
Which of the following describes a flexible program that automates a task that takes too much time to perform manually?
Custom Script
The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of which OSI model layer?
Data Link layer
What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?
Domain controller
What term best describes a person who hacks computer systems for political or social reasons?
Hactivist
Which type of device monitors a network's hardware so that security administrators can identify attacks in progress and stop them?
IDS
Which of the following is a common Linux rootkit?
Linux Rootkit 5 not
A device that performs more than one function, such as printing, and faxing is called which of the following?
MFD
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
Microsoft Security Bulletin
What is the current file system that Windows utilizes that has strong security features?
NTFS
Which of the following is a Windows programming interface that allows computers to communicate across a local area network (LAN)?
NetBios
Which of the following is considered to be the most critical SQL vulnerability?
Null SA Password
What port does the Simple Mail Transfer Protocol, or SMTP service use?
Port 25
What port does the Hypertext Transfer Protocol, or HTTP service use?
Port 80
What organization disseminates research documents on the computer and network security worldwide at no cost?
SANS Institute
Which on of the following is an older network management service that is useful for network administrators that want to view system statistics, version numbers, and other detailed host information remotely?
SNMP
What type of network attack relies on guessing a TCP header's initial sequence number, or ISN?
Session hijacking
What type of packet filtering records session-specific information about a network connection, including the ports a client uses?
Stateful Packet inspection
Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks. Which of the following attacks are more difficult to detect?
Stealth
What protocol is the most widely used and allows all computers on a network to communicate and function correctly?
TCP/IP
What version of Windows Server has completely eliminated the option for telnet server?
Windows Server 2016
When hackers drive around or investigate an area with an antenna, they are usually looking for which component of a wireless network?
access point
Which type of program can mitigate some risks associated with malware?
antivirus
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters?
brute force
Carelessly reviewing your program's code might result in having which of the following in your program code?
bug
What type of system converts between plaintext and ciphertext?
crypyosystem
When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing?
dictionary
Which of the following sits between the Internet and the internal network and is sometimes referred to as a perimeter network?
dmz
Which of the following is a computer placed on the network perimeter with the main goal of distracting hackers from attacking legitimate network resources?
honeypot
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
input validation
Which of the following commands is a powerful enumeration tool included with Windows?
nbtstat
Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?
network security
To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?
ping sweep
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?
reflected
Which of the following is a backdoor initiated from inside the target's network that makes it possible to take control of the target even when it's behind a firewall?
reverse shell
Which of the following describes a text file containing multiple commands that would usually be entered manually at the command prompt?
script
If an organization does not want to rely on a wireless device to authenticate users, which of the following is a secure alternative?
server
Which type of attack is being carried out when an attacker joins a TCP session and makes both parties think he or she is the other party?
session hijacking
Which of the following is a backdoor initiated from inside the target's network that makes it possible to take control of the target even when it's behind a firewall?
stateful
What type of cryptography is demonstrated by reversing the alphabet, so A becomes Z, B becomes Y, and so on?
substitution cipher
Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack?
web server
Which type of virus is written as a list of commands that can be set automatically to run as soon as a computer user opens the file?
worm
