CTC 362

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

________ is a suite of protocols designed to connect sites securely using IP networks. Answers: Dynamic Host Configuration Protocol (DHCP) Network access control (NAC) Point-to-Point Tunneling Protocol (PPTP) Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)

Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium? Answers: Data Link Layer Transport Layer Session Layer Physical Layer

Physical Layer

Which OSI Reference Model layer is responsible for the coding of data? Answers: Presentation Layer Session Layer Data Link Layer Transport Layer

Presentation Layer

Which of the following is the definition of white-box testing? Answers: An act carried out in secrecy. Software and devices that assist in collecting, storing, and analyzing the contents of log files. Security testing that is based on knowledge of the application's design and source code. Analysis of activity as it is happening.

Security testing that is based on knowledge of the application's design and source code.

_____________is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task. Answers: Accountability Decentralized access control User Datagram Protocol (UDP) Separation of duties

Separation of duties

The ___________ framework defines the scope and contents of three levels of audit reports. Answers: Service Organization Control (SOC) permission-level real-time monitoring zone transfer

Service Organization Control (SOC)

________ is the basis for unified communications and is the protocol used by real-time applications, such as IM chat, conferencing, and collaboration. Answers: Dense wavelength division multiplexing (DWDM) Direct inward system access (DISA) Multimodal communications Session Initiation Protocol (SIP)

Session Initiation Protocol (SIP)

What is a Security Information and Event Management (SIEM) system? Answers: An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. Security testing that is based on knowledge of the application's design and source code. Software and devices that assist in collecting, storing, and analyzing the contents of log files.

Software and devices that assist in collecting, storing, and analyzing the contents of log files.

Which of the following is the definition of network address translation (NAT)? Answers: A management protocol for IP networks. A protocol to implement a VPN connection between two computers. A method to restrict access to a network based on identity or other rules. A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

Which of the following is the definition of guideline? Answers: A method of developing software that is based on small project iterations, or sprints, instead of long project schedules. Recorded information from system events that describes security-related activity. A recommendation to purchase or how to use a product or system. A senior manager who reviews a certification report and makes the decision to approve the system for implementation.

A recommendation to purchase or how to use a product or system.

_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain. Answers: RC4 RC2 CAST Blowfish

Blowfish

Which of the following identifies what assets are required for the business to recover from an event and continue doing business? Disaster recovery plan Risk assessment Business continuity plan Business impact analysis

Business impact analysis

There are four basic forms of a cryptographic attack. In a ________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be. Answers: Chosen-ciphertext attack Chosen-plaintext attack Known-plaintext attack (KPA) Ciphertext-only attack (COA)

Ciphertext-only attack (COA)

Which part of the C-I-A triad refers to preventing the disclosure of secure information to unauthorized individuals or systems? Answers: Confidentiality Integrity Accessibility Availability

Confidentiality

____________ is exercised by frequently evaluating whether countermeasures are performing as expected. Answers: Corrective control Due diligence Detective control Preventive control

Due diligence

Another name for a border firewall is a DMZ firewall. Answers: True False

False

Quantitative analysis defines risk using a scenario that describes it. Answers: True False

False

________ is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them. Answers: Hijacking Malware Packet sniffer Spoofing

Hijacking

Which of the following is the definition of false negative? Answers: The process of gathering the wrong information. Incorrectly identifying abnormal activity as normal. Analysis of activity as it is happening. A method of security testing that isn't based directly on knowledge of a program's architecture.

Incorrectly identifying abnormal activity as normal.

In a ________, the cryptanalyst possesses certain pieces of information before and after encryption. Answers: Known-plaintext attack (KPA) Ciphertext-only attack (COA) Chosen-ciphertext attack Chosen-plaintext attack

Known-plaintext attack (KPA)

Which of the following allows analysts to view and analyze network packet traces? Answers: NetWitness Investigator OpenVAS Filezilla Promiscuous mode

NetWitness Investigator

During the vulnerability assessment, any known vulnerabilities or bugs will be flagged and identified by: Answers: footprinting. enumeration. a Ping scan. OpenVAS.

OpenVAS.

________ is an authentication credential that is generally longer and more complex than a password. Answers: Authorization Continuous authentication Passphrase Two-factor authentication (TFA)

Passphrase

What name is given to a protocol to implement a VPN connection between two computers? Answers: Dynamic Host Configuration Protocol (DHCP) Internet Control Message Protocol (ICMP) screened subnet Point-to-Point Tunneling Protocol (PPTP)

Point-to-Point Tunneling Protocol (PPTP)

________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical. Answers: Risk mitigation Risk assignment Risk acceptance Risk acceptance

Risk mitigation

________ is the difference between the security controls you have in place and the controls you need to have in place in order to address all vulnerabilities. Answers: Gap analysis Negative risk Quantitative risk analysis Security gap

Security gap

Which of the following is the definition of business drivers? Answers: A comparison of security controls in place and the controls that are needed to address all identified threats. The collection of components, including people, information, and conditions, that support business objectives. The process of identifying, assessing, prioritizing, and addressing risks. The estimated loss due to a specific realized threat.

The collection of components, including people, information, and conditions, that support business objectives.

Mandatory access control (MAC) is a means of restricting access to an object based on the object's classification and the user's security clearance. Answers: True False

True

Residual risk is the risk that remains after you have installed countermeasures and controls. Answers: True False

True

Sprint means one of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software. Answers: True False

True

Which of the following combines something you know (e.g. password) with something you are (e.g. fingerprint) or something you possess (e.g. USB stick) and can also employ a certificate system that adds a distinct third layer to the authentication process? Answers: Single-factor authentication Two-factor authentication Three-factor authentication Multi-factor authentication

Two-factor authentication

hat term is used to describe the current encryption standard for wireless networks? Answers: wireless access point (WAP) Wi-Fi Protected Access (WPA) screened subnet Wired Equivalent Privacy (WEP)

Wi-Fi Protected Access (WPA)

Which of the following is a protocol analyzer tool (sometimes called a "packet sniffer") that is used to capture IP traffic from a variety of sources? Answers: OpenVAS Zenmap NetWitness Investigator Wireshark

Wireshark

Which of the following is a graphical interface for Nmap that is typically used during the scanning phase of the ethical hacking process? Answers: Zenmap Greenbone Security Assistant SYN scan OpenVAS

Zenmap

Which of the following is a port scanning tool that can quickly identify hosts and detect what operating system and services are running on them? OpenVAS Ping scan Zenmap Greenbone Security Assistant

Zenmap

Which of the following is used to perform a scan of the network and create a network topology chart? Answers: Wireshark Zenmap OpenVAS NetWitness Investigator

Zenmap

Malicious software can be hidden in a ________. Answers: URL link PDF file ZIP file all of the above

all of the above

Prior to VoIP, attackers would use wardialers to ________. Answers: identify analog modem signals to gain access gain access to PBX phone systems to commit toll fraud identify the operating system running on a computer all of the above

all of the above

How often should an organization perform a risk management plan? Answers: every couple of years biannually annually when a risk is identified

annually

How your organization responds to risk reflects the value it puts on its ___________. Answers: environment assets technology vulnerability

assets

An attempt to exploit a vulnerability of a computer or network component is the definition of ________. Answers: phreaking attack spyware protocol analyzer

attack

Zenmap's Topology tab displays a __________ that shows the relative size and connection type of all discovered IP hosts. Answers: searchable database bar chart line graph bubble chart

bubble chart

The ________ is a simple review of a plan by managers and the business continuity team to make sure that contact numbers are current and that the plan reflects the company's priorities and structure. Answers: structured walk-through test checklist test parallel test review test

checklist test

Information security activities directly support several common business drivers, including ________ and efforts to protect intellectual property. Answers: confidentiality quantitative risk analysis regulations compliance

compliance

Cryptography accomplishes four security goals: nonrepudiation, integrity, authentication, and ________________. Answers: security confidentiality privacy reliability

confidentiality

Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures. Answers: applications mitigation activities configurations recommendations

configurations

Notification, response, recovery and follow-up, and documentation are all components of what process? Answers: control countermeasure business impact analysis Correct incident handling

control

Forensics and incident response are examples of ___________ controls. Answers: preventive technical corrective detective

corrective

What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system? Answers: denial of service (DoS) quality of service (QoS) toll calls Regional Bell Operating Company (RBOC)

denial of service (DoS)

An intrusion detection system (IDS) is an example of ___________ controls. Answers: preventive corrective administrative detective

detective

Based on your interpretation of the Zenmap Intense Scan, the purpose/results of the ARP Ping Scan was to: Answers: discover how many hosts are alive. discover the IP path to the remote system. look for fingerprints of known services by testing responses to certain types of packets. identify open TCP ports.

discover how many hosts are alive.

A(n) ________ is a measurable occurrence that has an impact on the business. Answers: corrective control event cost critical business function

event

A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network. Answers: hub firewall router switch

firewall

Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. Answers: security privacy nonrepudiation reliability

nonrepudiation

If knowing about an audit changes user behavior, an audit will ____________. Answers: not be accurate be more accurate skew results not be required

not be accurate

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________. Answers: stateful inspection firewall packet-filtering firewall application proxy firewall Point-to-Point Tunneling Protocol (PPTP)

packet-filtering firewall

What name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them? Answers: quantitative risk analysis qualitative risk analysis annual loss expectancy (ALE) gap analysis

qualitative risk analysis

The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks. Answers: qualitative risk analysis annual rate of occurrence (ARO) quantitative risk analysis risk register

quantitative risk analysis

Network ________ is gathering information about a network for use in a future attack. Answers: reconnaissance eavesdropping denial of service surveying

reconnaissance

What name is given to any risk that exists but has a defined response? Answers: qualitative risk analysis residual risk risk management risk register

residual risk

An organization knows that a risk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________. Answers: risk mitigation risk assignment risk acceptance risk acceptance

risk acceptance

The process of managing risks starts by identifying __________. A. risks B. business drivers C. exposure factor (EF) D. standards

risks

What term is used to describe something built in or used in a system to address gaps or weaknesses in the controls that could otherwise lead to an exploit? Answers: safeguard countermeasure technical control detective control

safeguard

An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________. Answers: private branch exchange (PBX) phone system divestiture network infrastructure security secure shell (SSH)

secure shell (SSH)

One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle. Answers: audit security benchmark monitoring

security

The primary task of an organization's __________ team is to control access to systems or resources. Answers: compliance liaison management software development security administration

security administration

Your organization's __________ sets the tone for how you approach related activities. Answers: assets security policy configuration guidelines

security policy

One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks. Answers: cloud computing the World Wide Web social engineering worms

social engineering

Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________. Answers: controls management standards plan

standards

An attacker or event that might exploit a vulnerability is a(n) ____________. Answers: incident threat source cost hacker

threat source

RTO identifies the maximum allowable ________ to recover the function. Answers: risk support data loss time

time

Which of these biometric authentication methods is not as accurate as the rest? Answers: iris scans voice pattern retina scan facial recognition

voice pattern

A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. Answers: threat impact risk vulnerability

vulnerability

A method of restricting resource access to specific periods of time is called ________. Answers: temporal isolation classification multi-tenancy separation of duties

temporal isolation

A(n) ________ is an intent and method to exploit a vulnerability. Answers: impact incident threat source safeguard

threat source

Which of the following best describes quantitative risk analysis? Answers: The process of identifying, assessing, prioritizing, and addressing risks. A risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them. A comparison of security controls in place and the controls that are needed to address all identified threats. A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.

A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.

Which of the following is known as stateful matching? Answers: Security testing that is based on limited knowledge of an application's design. A method of security testing that isn't based directly on knowledge of a program's architecture. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets. Using tools to determine the layout and services running on an organization's systems and networks.

A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.

What is meant by rootkit? Answers: An attack in which one user or computer pretends to be another user or computer. A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised. An attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination. Unwanted e-mail or instant messages.

A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.

What is the difference between a BCP and a DRP? Answers: A BCP does not specify how to recover from disasters, just interruptions. A DRP directs the actions necessary to recover resources after a disaster. A DRP is a part of a BCP. All of the above.

All of the above.

What is meant by pharming? Answers: The unique knowledge a business possesses that gives it a competitive advantage over similar companies in similar industries. An attack that seeks to obtain personal or private financial information through domain spoofing. A type of window that appears on top of the browser window. These generally contain ads, and although they are not strictly adware, many adware programs use them to interact with users. An application that captures traffic as it travels across a network.

An attack that seeks to obtain personal or private financial information through domain spoofing.

Which of the following is the definition of anomaly-based IDS? Answers: An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. Using tools to determine the layout and services running on an organization's systems and networks.

An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.

Which of the following is the definition of pattern-based IDS? Answers: The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. Software and devices that assist in collecting, storing, and analyzing the contents of log files. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

________ is an authorization method in which access to resources is decided by the user's formal status. Answers: Authority-level policy Knowledge Physically constrained user interface Decentralized access control

Authority-level policy

Which part of the C-I-A triad refers to making sure information is obtainable when needed? Answers: Confidentiality Integrity Accessibility Availability

Availability

Organizations currently use several symmetric algorithms, including ________, which is a substitution-permutation algorithm similar to DES. Unlike DES, its authors made its design criteria public. This 64-bit symmetric block cipher can use keys from 40 to 256 bits. Although it is patented (U.S. patent 5,511,123), its inventors, C.M. Adams and S.E. Tavares, made it available for free use. Answers: Blowfish CAST RC2 International Data Encryption Algorithm (IDEA)

CAST

________is a one-way calculation of information that yields a result usually much smaller than the original message. Answers: Caesar cipher Checksum Hash Symmetric key

Checksum

In a ________, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system. Answers: Known-plaintext attack (KPA) Ciphertext-only attack (COA) Chosen-ciphertext attack Chosen-plaintext attack

Chosen-ciphertext attack

Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)? Answers: Presentation Layer Session Layer Data Link Layer Transport Layer

Data Link Layer

Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address. Answers: Data Link Layer Presentation Layer Transport Layer Session Layer

Data Link Layer

Which of the following allows Wireshark to capture packets destined to any host on the same subnet or virtual LAN (VLAN)? Answers: NetWitness Investigator OpenVAS Filezilla Promiscuous mode

Promiscuous mode

What is meant by application convergence? Answers: A basic digital signaling rate that corresponds to one voice-frequency-equivalent channel. Although the true data rate for DS0 is 64 kbit/s, the effective data rate for a single voice channel when using DS0 is 56 kbit/s. The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail. An attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system. DDoS attacks initiate from more than one host device. A term used to describe streamlining processes with automation or simplified steps.

The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.

What is meant by promiscuous mode? Answers: The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer. An event that results in a violation of any of the C-I-A security tenets. A software program that enables a computer to monitor and capture network traffic, including passwords and data. An attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password.

The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.

Which of the following is an accurate description of cloud computing? Answers: The process of providing credentials to claim to be a specific person or entity. The process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task. The practice of using computing services that are delivered over a network. A database feature that allows different groups of users to access the database without being able to access each other's data.

The practice of using computing services that are delivered over a network.

Which of the following is not a type of authentication? Answers: knowledge ownership characteristics identification

identification

A ________ is an encryption key used to encrypt other keys before transmitting them. Answers: key directory key distribution key-encrypting key private (symmetric) key

key-encrypting key

The number of possible keys to a cipher is a ___________. Answers: checksum cryptosystem keyspace key directory

keyspace

The CVE listing is a database of: Answers: approved methods that can be used to identify hosts and detect what operating system and services are running on them. known software vulnerabilities and exposures as well as how to mitigate them with software patches and updates. graphical interfaces for Nmap that are typically used during the scanning and vulnerability phase of the ethical hacking process. license agreements that must be acknowledged in order to access the OpenVAS report that includes the details for each host.

known software vulnerabilities and exposures as well as how to mitigate them with software patches and updates.

What term is used to describe the probability that a potential vulnerability might be exercised within the construct of an associated threat environment? Answers: likelihood event detective control incident

likelihood

Loss of financial assets due to ________ is a worst-case scenario for all organizations. Answers: hijacking masquerade attacks phishing malicious attacks

malicious attacks

What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address? Answers: application proxy firewall network address translation (NAT) Internet Control Message Protocol (ICMP) network access control (NAC)

network address translation (NAT)


Kaugnay na mga set ng pag-aaral

Chapter 27; Fluids and Electrolyte Balance

View Set

10,11,12,24 chp test 3 business law

View Set

Wonderlic Sample Test (28 Questions)

View Set

Ethics chapter 1 Ethics and the Examined Life

View Set

BECOMING HUMAN: Cognitive development

View Set