MET CJ 620 Final Exam
__________ are used to redirect hackers' attention to them instead of the main server. __________ will have nearly all the functionality of main servers to be able to gather enough information regarding attack methods, techniques, etc.
Honeypots
Which of the following commands in Kali Linux is not correctly explained? A. su stands for switch user B. Ifconfig displays ipv4, ipv6, MAC address, subnet mask, etc. C. The command netstat -ano lists all open ports and active connections numerically. D. Iwconfig is dedicated to the mobile network interfaces.
Iwconfig is dedicated to the mobile network interfaces.
A cyber soldier named _________ was charged with executing high-profile cyber attacks such as the 2017 WannaCry ransomware attack and the 2014 hack of Sony Pictures.
Jin Hyok Pak
The risks associated with the nation's dependence on these networked technologies led to the development of __________, which sets forth principles governing the Federal Government's response to any cyber incident, whether involving government or private sector entities.
Presidential Policy Directive 41 (PPD-41): United States Cyber Incident Coordination
The________ campaign is a blackmail-based DDoS threat motivated by financial benefits that requires payment in Bitcoin currency to prevent DDoS attacks on the target network.
RDoS
Traditional cryptography uses a secret key for encrypting and decrypting a message. We call this method "_________." The flaw in this method is that if the _____ was discovered, any encrypted content can be decrypted.
Symmetric Keys: Private Key
__________ offers legal protection for ISPs that assist and cooperate with investigations.
The Cyber Security Enhancement Act of 2002
__________ is "the Nation's risk advisor, working with partners to defend against today's threats and collaborating to build more secure and resilient infrastructure for the future."
The Cybersecurity & Infrastructure Security Agency (CISA)
__________ represents the United States in all global diplomatic engagements across the full range of international policy imperatives, including cyber issues. As stated in the 2011 International Strategy for Cyberspace, diplomacy is a vital and necessary component to addressing cyber threats and responding to cyber incidents both domestically and internationally.
The Department of State (DOS)
In 2009, an economic espionage case was brought to trial for the first time. Under__________, the case involved a Chinese engineer (Dongfan "Greg" Chung) who stole Boeing's trade secrets related to the phased antenna array and the 16 million fueling mechanism for the delta booster rockets that were used for the United States space shuttle.
The Economic Espionage Act
Local File Inclusion (LFI) refers to an inclusion attack through which an attacker can trick the web application in including files on the web server by exploiting functionality that dynamically includes local files or scripts.
True
NT LAN Manager (NTLM) is a default authentication scheme that uses a challenge/response strategy to perform authentication. Microsoft has upgraded the default authentication protocol to Kerberos. This gives client/server applications a stronger authentication compared to NTLM.
True
Political espionage involves hiding sensitive information; collecting, transmitting or losing defensive information; photographing or mapping any defensive mechanism; and disclosing confidential information.
True
Presidential Policy Directive 41 (PPD-41) defines a significant cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.
True
Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources, that are normally protected from an application or user.
True
SSL (Secure Sockets Layer) provides data encryption, data integrity, and authentication.
True
Utilizing ingress filtering, egress filtering, and TCP intercepts can potentially assist in detecting and preventing DDoS attacks.
True
Vulnerability assessments and remediation should be booked on a regular basis. This should be done consistently and should be managed to create all levels of success. Remediation testing should be performed on a device instance prior to the implementation of it on a production system.
True
WHOIS databases can be queried by anyone.
True
__________ is the process of discovering active machines on a network segment.
User enumeration
Which of the following information is NOT provided in the DNS Zone data? A. DNS domain name B. Computer name C. IP addresses and network information D. Vulnerabilities in the domain
Vulnerabilities in the domain
_________ involve the process of identifying, quantifying, prioritizing, or classifying the vulnerabilities that exist within a network infrastructure or system(s).
Vulnerability assessments
The input signal can be expressed as the spectral components of the __________. The time of a particular frequency can be distinguished as the __________ deliver a picture of time and frequency simultaneously.
Wavelets
A level 4 emergency poses an imminent threat to the provision of wide-scale critical infrastructure services, national government security, or the lives of U.S. citizens.
False
What information is gathered during passive footprinting? A. Initial information about the organization is collated. Type of business, partners, people, etc. B. WHOIS database queried to get the network IP addresses C. Network and systems are scanned to collect information about networks and ports D. Use banner grabbing to know the services running E. A and B
A and B
According to Choi, Lee, and Cadigan's (2018) study, __________-affiliated cyberterrorists used YouTube videos as both individual sources and embedded sources through Facebook and Twitter, whereas __________ used Twitter accounts to show their successes and victories by disseminating messages and videos of beheadings and bombings.
Al-Qaeda, ISIS
What are the possible threats or losses of footprinting/reconnaissance? A. Loss of sensitive and critical organizational information B. System and network vulnerabilities are exposed C. Loss of privacy and security D. All of the above
All of the above
What do you do in passive footprinting? A. Query WHOIS database B. DNS lookups C. Google search D. Use social networks and social engineering techniques E. All of the above
All of the above
Which of the following is a major concern in the issue of cybersecurity vulnerabilities? A. The Internet of things (IoT) B. Cloud C. Social media platforms D. All of the above
All of the above
__________ services can define who the request is coming from; if it's a user, it will make the user certificate available. If it's a web server then the web server certificate will be made available.
Autoenrollment
If one subordinate _____ was compromised, the issue is contaminated only in the location of that sub _____; if a root _____ was compromised, all the organization is compromised. _____ helps manage the process of creating certificates and managing them.
CA (Certificate Authority)
During the time of COVID-19, DDos traffic, packets, and attack durations have decreased.
False
Rule 14 of __________holds that "[a] [s]tate bears international responsibility for a cyber-related act that is attributable to the State and that constitutes a breach of an international legal obligation."
Tallinn Manual 2.0
________ is a new or unknown attack that can be exploited because there is no patch available.
The Zero-day Attack
Which of the following is not part of three major cybersecurity strategies from the Comprehensive National Cybersecurity Initiative (CNCI)? A. To establish a front line of defense against today's immediate threats. B. To defend against the full spectrum of threats. C. To strengthen the future cybersecurity environment. D. To promote cyber solider programs for combating international cyberterrorists.
To promote cyber solider programs for combating international cyberterrorists.
A data-breach report written by Verizon indicated that 86% of data breaches have underlying financial or espionage goals.
True
In public key cryptography, every (1) _____ matches to only one (2) _____. Together, they are used to encrypt and decrypt messages. If you encode a message using a person's (1)_____, they can only decode it using their matching (2)_____.
(1) Public Key (2) Private Key
1) _____ is a connection-oriented protocol, whereas 2) ____ is a connectionless protocol.1) _____ is comparatively slower than 2)_____.
1) TCP 2) UDP
By merging intelligence and cyberwarfare units into a new strategic support force, also known as __________, it is alleged that China has over 100,000 cyberwarfare hackers as well as well-trained personnel who can focus more intensely on the integrated use of warfare between networks and satellites.
3PLA
Which of the following is not a good example of certificate usage to provide security for network communication? A. VPN uses certificates to provide proper and secure authentication and encryption. B. All your logins — Facebook, Hotmail, Gmail, etc. — are performed over SSL (Secure Sockets Layer). C. When a user selects the option to encrypt data on his computer, he or she is using a certificate for this operation. D. A user gains access to HTTP on the website for searching information.
A user gains access to HTTP on the website for searching information.
A digital attack is an attack in which hackers try to determine passwords using shoulder surfing, dumpster diving, or social engineering.
False
__________is identical to normal SQL injection except that when an attacker attempts to exploit an application rather than getting a useful error message they get a generic page specified by the developer instead.
Blind SQL injection
__________ is an attack that takes place against authenticated web applications by using the Cookies.
CRSF
What does the CIA Triad stand for?
Confidentiality, Integrity, and Availability
Witty, Hoeck, and Gregory (2019) suggest that there are, 'Three Phases for Best-Practice Implementation.' Which of the following is not part of the three phases? A. Planning for Pre-attack B. Responses and Recovery for Post-attack C. Stand Down for Post-attack D. Crackdown for Existing-attack
Crackdown for Existing-attack
The recent seizure of __________ from Al-Qaeda, ISIS, and the Al-Qassam Brigades (Hamas's military wing) by the U.S. Department of Justice (DOJ) also demonstrates how terrorist groups adopt the cyber age to finance their activities (DOJ, 2020).
Cryptocurrency
The Federal Government establishes three lead agencies to effectively respond to significant cyber incidents. Which of the following is not part of these three agencies? A. DHS is the lead agency for asset response during a significant cyber incident, acting through the NCCIC (National Cybersecurity and Communications Integration Center). B. DOJ is the lead agency for threat response during a significant cyber incident, acting through the FBI and the NCIJTF (National Cyber Investigative Joint Task Force). C. ODNI (Office of the Director of National Intelligence) is the lead coordinator for intelligence support during a significant cyber incident, acting through the CTIIC (Cyber Threat Intelligence Integration Center) D. Cyber UCG (Unified Coordination Group) is the lead facilitator for the incident management during a significant cyber incident.
Cyber UCG (Unified Coordination Group) is the lead facilitator for the incident management during a significant cyber incident.
Which of the following is NOT a major trend in actual cyber attacks? A. The increase in the number of highly skilled hackers (usually sponsored by the government) coincides with the advancement of more complex tools that may penetrate a wider area through the booming black market. B. Organizations are currently relying heavily on their systems and data. Manipulation of these assets may severely affect market value and put management, reputation, as well as sales and profits at risk. C. The primary impact was originally on consumers, but now the greatest impact is on global political or economic systems. D. Cyber attacks are only aiming to target important infrastructure industries such as power facilities, water remedy services, and health and emergency systems.
Cyber attacks are only aiming to target important infrastructure industries such as power facilities, water remedy services, and health and emergency systems.
Which of the following is not part of the three major types of technological facilitations to terrorist groups? A. New members are globally recruited via social media and social networking sites. B. Supporting functions (e.g., communication, propaganda, coordination, administration, etc.) are provided during terrorist attacks between individuals and organizations. C. Researching information, contacts, and backgrounds for terrorist activities and targeting analysis. D. DDos attack overloads target computer resources or ceases a network by exhausting the bandwidth of the network.
DDos attack overloads target computer resources or ceases a network by exhausting the bandwidth of the network.
__________ footprinting provides the opportunity to acquire information about _________ zone data such as: __________ domain names, computer names, IP addresses, and networks. __________ information is quite helpful for hackers as it can be used to identify key hosts on a network to which they can eventually utilize social engineering tactics to acquire more information.
DNS
Cybercriminals demand the victim to pay via _________, which increase their anonymity even more. Demanding _________ as a ransom payment method enables the transaction to occur over an anonymizing internet browser such as __________, which is a special network encryption browser for hiding all the origination and ending destination for the traffic.
Darknet; Bitcoin; TOR
During __________, scans of the IP packet headers leaving the network are performed to ensure they meet valid criteria. Packets that meet the criteria can be moved out of the network. You can delete many DDoS packets that have spoofed IP addresses. Thus, __________ prevents unauthorized and malicious traffic from leaving your home network.
Egress filtering
Which of the following is not a good password policy? A. Requesting a password change after a certain number of days, usually within 60 days. B. Establishing a minimum password length of 8 characters. C. Using complexity requirements—for example, requiring uppercase and lowercase letters as well as two numbers and two special characters. D. Banning the use of different types of passwords, such as words from dictionaries and the 25 most generally-used passwords, as well as prohibiting the use of personal information in the form of calendar dates and other kinds of common numbers found in the industry.
Establishing a minimum password length of 8 characters.
The cyber attacks on _________ in 2007 are arguably considered the first cyber-attacks "against a nation state," "Cyber War I."
Estonia
Confidentiality is seen as ensuring file security and data concealment (e.g., the use of unauthorized network tracking) by means of inhibiting unapproved release of information. It is closely related to vulnerability testing of a system that is not directly related to information.
False
In passive mode footprinting, you potentially do a network scan or port scan, fingerprinting the operating system, and banner grabbing the services.
False
Ingress filtering can prevent attacks that derive from valid prefixes or known IP addresses.
False
Microsoft released a security patch which protected user's systems after the WannaCry ransomware attack began. Unfortunately, many individuals and organizations were exposed to the attack.
False
Nikto is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. It does this by running over 1200 checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.
False
OpenVas is an open-source intelligence and forensic tool. It is widely used for gathering information from the Internet on any organization.
False
Public and private keys form the basis for public key cryptography, also known as symmetric cryptography.
False
Rootkit is a data-hiding technique that can hide text inside an image, mp3, etc.
False
Sony announced they would not release the film as planned December 25th, 2014. Sony did not allow a theatrical and online release of the movie at Christmas, which cost $15M, and it was downloaded more than two million times in its first few days.
False
The CVSS (Common Vulnerability Scoring System) is a framework that is used to evaluate the characteristics, level, and severity of common software, hardware, and firmware vulnerabilities. Rated from 0 (most vulnerable) to 10 (least vulnerable), the CVSS is not only a reliable mechanism for determining the severity of security vulnerabilities that translate into potential threats, but also for notifying cybersecurity professionals and managers on what to prioritize and when to repair.
False
The Digital Attack Map shows that DDos attacks are easily predictable.
False
The FireEye report (2020) predicts that the significant threats of ransomware from established cybercrime groups will be minimized because the advanced anti-ransomware software will fully detect the attacks in the future.
False
The National Vulnerability Database (NVD) is a standardized repository of vulnerability management data for the United Nations. This database facilitates automation of vulnerability management, security measurement, and compliance. In addition, the NVD contains a security checklist database related to security software errors, misconfigurations, product names, and gauge of impact.
False
The ability to draw legal boundaries for legal and illegal forms of cyber intervention is not a difficult issue as long as the United Nations facilitates.
False
Use of Bitcoin and other cryptocurrency by terrorist organizations and militant groups has not been identified.
False
When a significant cyber incident affects a private entity, the Federal Government will typically play a role in this line of effort.
False
While the motivations, skills, and priorities of different terrorist groups vary, each can be harmful globally; as resources decrease, these attacks can become more catastrophic.
False
Which of the following is not part of the three major groupings you can have in information gathering? A. Passive footprinting B. Active footprinting/Scanning C. Enumeration D. Footprinting
Footprinting
Though the foundation of __________is the law enforcement intelligence component, center leadership should evaluate their respective jurisdictions to determine what public safety and private sector entities should participate in the __________.
Fusion Center
The __________ malware-based network was made up of more than 1,295 infected computers in 103 China-controlled countries, and had the ability to control these infected computers in real time.
GhostNet
On November 24, 2014, Sony's computer system fell victim to hacking. Skulls appeared on employees' screens along with a threatening message to expose confidential Sony data. An unknown hacker group, '__________,' claimed to be the masterminds behind the cyber attack. Sony's private company information (including confidential emails, employees' social security information, and bosses' salaries) was exposed to the public. Detrimental, Sony's new and unreleased movies were also stolen and shared through P2P websites.
Guardians of Peace
__________ refers to creations of the mind (e.g., inventions, patents, literary and works of art, trademarks, copyrighted material, recordings, photographs, images, designs, formulas) that are owned by cooperating or individual organizations, and exclusive rights are granted.
IP
Which of the following is not part of denial-of-service impact? A. Increased network bandwidth B. Failed responses to all requests C. Delayed response D. Limited service or crashing/slowed servers
Increased network bandwidth
Which of the following is NOT a main reason why traditional arms control regimes are not appropriately pertinent to the cyberworld, according to Borghard and Loergan (2018)? A. It can be challenging to measure precisely how strong a country is by its cyber capabilities. B. Due to technological innovations' rapid development, it can be challenging to predict cyber capabilities and complicate the process of establishing policies. C. Sharing private government information can exploit vulnerabilities and allow other countries to capitalize on said vulnerabilities. D. It is impossible to establish an agreement to help diminish cyber attacks and not to interfere with emergency response teams that are assisting other nations due to the different cultural norms and values.
It is impossible to establish an agreement to help diminish cyber attacks and not to interfere with emergency response teams that are assisting other nations due to the different cultural norms and values.
In 2008, _________ faced numerous cyber attacks after the parliament signed into law a bill to ban public use of Soviet and communist symbols and adopted a law amendment concerning the freedom of speech and freedom of assembly.
Lithuania
__________ is one way to prevent simple password theft by requiring the user to enter something in addition to the password.
Multifactor authentication
Which of the following is NOT related to Nessus? Nessus is known for using powerful detection, scanning, and auditing capabilities. Nessus is the most widely used vulnerability scanner in the world and has extensive management and collaboration functions. Nessus has the ability to improve the security of web and mobile applications. With Nessus Enterprise, resources can easily be shared between groups and users.
Nessus has the ability to improve the security of web and mobile applications.
Businesses need a mechanism for backing up and recovering their decryption keys. _________ provides the mechanism; sometimes it's called a Recovery Agent or sometimes key archival.
PKI (Private Key Infrastructure)
Using certificates and encryption is often considered a major step in securing communication and preserving data leakage and/or integrity. Certificates must be managed properly in order to provide such security; this management system is _________.
PKI (Public Key Infrastructure)
__________ is an attack method that attempts to use a looted password hash to authenticate to a remote system.
Pass-the-hash
__________is mainly executed by sending emails and links to prospective victims. Potential victims are lured by clicking on a link, which causes the malware to then be installed on the device.
Phishing
In August 2015, a __________ attack under the username of Albanian Hacker demanded payment of two Bitcoin, which amounted to $500 at the time, from an Illinois Internet retailer in exchange for removing bugs from their computer. While seizing control of computers, Albanian Hacker generated a kill list used as one of the first kill lists issued by the Islamic State of Iraq and Syria (ISIS).
Ransomware
Mauer (2018) recognized three types of relationships between the state and the proxy depending on the degree of control the state has over the proxy. Which of the following is not part of these three types? A. Delegation (in which the proxies are strictly ruled by the state) B. Orchestration (in which the proxies act on state directives but are not firmly controlled) C. Sanctioning (in which proxies' actions are passively supported by the state) D. Reward (in which proxies' actions are positively rewarded by the state)
Reward (in which proxies' actions are positively rewarded by the state)
A__________ allows you to hide its processes, it promotes the permissions of these processes, hides the file or registration entry, and even deletes or audits logs. User accounts can be hidden, you can readdress an executable file so that if a user were to start their calculator, it would actually begin running a backdoor process rather than the calculator.
Rootkit
A report that was released by the FBI in December 2016 concluded that __________disrupted the process of electing the president because they stole and disclosed confidential information such as highly classified emails.
Russia
While the system applies the __________database as a registry file, the Windows kernel acquires and maintains a proprietary file system lock on the __________ file.
SAM (Security Account Manager)
__________ is primarily used for network files and peripheral sharing such as printers, and it allows you to communicate with computers to share files with each other.
SMB
__________allows you to gather information about the devices (computers, printers, etc.) on your network and fix issues before they become a major problem.
SNMB (Simple Network Management Protocol)
__________ can be performed quickly, scanning thousands of ports per second on a fast network not hampered by intrusive firewalls. __________ may be requested by passing the -sS or -sT options to Nmap.
SYN scan
__________is a method that can be utilized to uniquely change the password standard hash. __________ is used to minimize any errors or hacking issues that were caused by a hacker's attempt to try out every possible permutation and combination of the characters in the English alphabets.
Salting
The __________ advisories cover all types of software and operating system vulnerabilities. __________ is known for regularly updating their advisories and whenever they occur, they will reflect on new data.
Secunia
__________ technique will first filter the target traffic data by port, address, and protocol, and will store the resulting flow as a time series. This time series can be deemed as a time domain depiction of a cluster's activity, and it can illustrate a statistical change at the onset of a DoS flood attack.
Sequential change-point detection
In ________, an attacker sends too many service requests and the target is flooded with a very high number of connection requests. In an effort to set up and destroy TCP connections, attackers will utilize zombie armies.
Service request flood attacks
__________ of 2015 provides liability and other legal protections to private sector and certain SLTT government organizations and establishes important conditions regarding sharing information with the Federal Government, SLTT government organizations, and the private sector.
The Cybersecurity Information Sharing Act
As __________ indicates, the secretary of Homeland Security is required to evaluate the work of the DHS cybersecurity personnel and establish a comprehensive strategy to enhance the keenness and quality of the cybersecurity workforce.
The Cybersecurity Workforce Act of 2014
_____provides guidance to enable a coordinated whole-of-nation approach to response activities and coordination with stakeholders during a significant cyber incident impacting critical infrastructure. _____ sets common doctrine and a strategic framework for national, sector, and individual organization cyber operational plans.
The National Cyber Incident Response Plan (NCIRP)
As __________ indicates, the secretary of Homeland Security is permitted to operate cybersecurity initiatives that aim to protect, diminish, respond to, or recuperate from cyber incidents to critical infrastructures, for instance: chemical plants, dams, the Defense Industrial Base Sector, nuclear reactors, materials, waste, and transportation systems.
The National Cybersecurity and Critical Infrastructure Protection Act of 2014
__________ is responsible for coordinating federal, state, and local governments, laboratories, owners and operators of critical infrastructure.
The Secretary of State
__________ defines economic espionage as an act that: "Occurs when an actor, knowing or intending that his or her actions will benefit any foreign government, instrumentality or agent, knowingly: (1) steals or without authorization appropriates, carries away, conceals, or obtains by deception or fraud a trade secret: (2) copies, duplicates, reproduces, destroys uploads, downloads, or transmits that trade secret without authorization; or (3) receives a trade secret knowing that the trade secret had been stolen, appropriated, obtained or converted without authorization."
The U.S. Commercial Code
What information will NOT be collated by hackers as part of footprinting? A. URLs, and IP addresses of websites B. Critical organization information C. The personal life details of the CEO, CIO, CTO, etc. D. The network, system profiles, operating system, and services running
The personal life details of the CEO, CIO, CTO, etc.
__________ tool is intended to help penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet.
TheHarvester
A distributed denial-of-service (DDoS) attack is an attempt to make an online service or a website unavailable by overloading it with huge floods of traffic generated from multiple sources.
True
According to Lee and Choi's study (2021), ransomware events fuel a significant increase in Bitcoin prices, potentially associated with terrorist activities. Monitoring changes in Bitcoin prices and ransomware attacks appears to be necessary in order for a potential diagnosis of other terrorist activities.
True
Activity profiling is based on network traffic and can be obtained by monitoring the header information of network packets.
True
An authenticated security scan is vulnerability testing performed as a logged-in user (Authenticated User) to determine the security of a network from an inside vantage point.
True
Availability can be described as the ease of access to information resources that require regular upkeep and upgrading of hardware, software, and operating system environments. Availability threats refer to the risk of harmful attacks for malicious blocking, the use of ransomware to encrypt information, or unauthorized denial of service to assets.
True
Certificates have a validity period. After the validity period, the certificate is no longer an acceptable or usable credential. The certificates snapin enables you to renew a certificate issued from a certification authority (CA) before or after the end of its validity period by using the Certificate Renewal Wizard.
True
Cyber intelligence is defined as "the collection and analysis of information that produces timely reporting, with context and relevance to a supported decision maker."
True
Cyberwarfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks.
True
Dr. Choi argues that cyberterrorism is a type of cyber attack, and cyber attacks can either be cyberterrorism or cybercrime, depending on the circumstances surrounding national security or the social
True
Google can be used to hack.
True
In server certificate models, the certificate is given to an authentication system. When clients connect to this server for authentication, the certificate should be valid and signed from the CA in order to continue with the process.
True
Integrity can be described as ensuring that files or data will not be altered. Moreover, the reliability and authenticity of information refers to maintaining consistency and accuracy during the entire life cycle of data.
True
Patch management includes obtaining, testing, and installing several patches on your computer system. The patch management task is to maintain an up-to-date knowledge of the available patches and to determine the right patch for your particular system to ensure that the patch is installed successfully.
True
The United Nations Convention Against Transnational Organized Crime serves the purpose of regulating serious crimes, such as hacking, DDoS attacks, and use of threat and extortion for economic profit.
True
When the destruction seems out of control, it is best to shut down all the services strategically and then return to normalcy by restoring in phases.
True