Risk Management (Key Terms)
An _____ explains to users what they can and cannot do while accessing a network's resources.
AUP
Which physical security device works through wireless transmission? - Badge reader - Access control vestibule - Cipher lock - Biometrics
Badge reader
_____ involves a process in which a device scans an individual's unique physical characteristics, such as iris color patterns or hand geometry to verify the person's identity.
Biometrics
_____ attacks are orchestrated through many sources as opposed to one or a few sources owned by the attacker.
DDoS
Which type of DoS attack orchestrates an attack bounced off uninfected computers? - FTP bounce - Ransomware - DRDoS attack - PDoS attack
DRDoS attack
What type of attack relies on spoofing? - Deauth attack - Friendly DoS attack - Tailgating - Pen testing
Deauth attack
A _____ attack occurs when legitimate users are unable to access normal network resources, such as a web server, because of an attacker's intervention.
DoS
You sent a coworker a .exe file to install an app on their computer. What information should you send your coworker so they can ensure the file has not been tampered with in transit? - Public encryption key - Hash of the encryption key - Private encryption key - Hash of the file
Hash of the file
_____ means to transform data through an algorithm that is mathematically irreversible.
Hashing
What is the first step in improving network security? - Document next steps. - Identify risks. - Determine which resources might be harmed) - Develop plans for responding to threats.
Identify risks.
A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this? - Principle of least privilege - Insider threat - Vulnerability - Denial of service
Insider threat
Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this? - Ransomware - Logic bomb - Virus - Worm
Logic bomb
What kind of software can be used to secure employee-owned devices? - PUA - NDA - MDM - BYOD
MDM
_____ refers to any program or piece of code designed to intrude upon or harm a system or its resources.
Malware
A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use? - AUP - NDA - MDM - BYOD
NDA
_____ testing takes advantage of ethical hacking techniques to identify weaknesses and the extent of those weaknesses.
Pen
Which of the following is not a phase in the social engineering attack cycle? - Research. - Building trust. - Penetrate. - Exit.
Penetrate
A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers to collect information from people who make the same typo. What kind of attack is this? - Phishing - Tailgating - Quid pro quo - Baiting
Phishing
_____ can be in the form of a communication that appears to come from a legitimate source and requests access or authentication information.
Phishing
Which of the following social engineering attack types most likely requires that the attacker have existing knowledge about the victim? - Tailgating - Shoulder surfing - Piggybacking - Phishing.
Phishing.
Which term best describes the act of actively searching for a computer's ports by the use of specialized software? - Port searching - Port vulnerabilities - Port reconnaissance - Port scanning
Port scanning
Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct to develop your recommendations for the upgrade priorities? - Data breach - Security audit - Exploit - Posture assessment
Posture assessment
Which assessment type would most likely discover a security risk related to employee on-boarding? - Vendor risk assessment - Process assessment - Threat assessment - Posture assessment
Process assessment
Which of the following attack simulations detect vulnerabilities and attempt to exploit them? Choose two. - Red team-blue team exercise - Vulnerability assessment - Security audit - Pen testing
Red team-blue team exercise Pen testing
Which form of SHA was developed by private designers? - SHA-1 - SHA-3 - SHA-224 - SHA-256
SHA-3
Which of the following is considered a secure protocol? - FTP - SSH - Telnet - HTTP
SSH
Which of the following is not an example of biometric detection? - Iris color patterns - Smart Card - Facial recognition - Fingerprints
Smart Card
You need to securely store handheld radios for your network technicians to take with them when they're troubleshooting problems around your campus network. What's the best way to store these radios so all your techs can get to them and so you can track who has the radios? - Locking rack - Smart locker - Locking cabinet - Access control vestibule
Smart locker
A neighbor hacks into your secured wireless network on a regular basis, but you didn't give her the password) What loophole was most likely left open? - Guest Network was not established - You are using WPA2 encryption instead of using WEP Encryption - MAC filtering was not enabled - The default password was not changed
The default password was not changed
A _____ is a program that disguises itself as something useful but actually harms your system.
Trojan
A _____ is a program that replicates itself with the intent to infect more computers, either through network connections when it piggybacks on other files or through the exchange of external storage devices.
Virus
When a vulnerability is exploited before the software developer can provide a solution for it or before the user applies the published solution is known as a ___ attack. - DDoS - Zero-Day - Phishing - Man-in-the-middle
Zero-Day
In a _____ attack, the attacker sends faked wireless frames to the AP, the client, or as a broadcast to the whole wireless network to trigger the attack and knock one or more clients off the wireless network.
deauth
A _____ attack is typically the first technique a hacker uses when trying to guess a password (besides asking the user for their password).
dictionary
The act of taking advantage of a vulnerability is known as an _____.
exploit
Although they might engage in illegal activity, the intent of a __ is to educate and assist. - white hat hacker - black hat hacker - red hat hacker - gray hat hacker
gray hat hacker
Someone who masters the inner workings of computer hardware and software to better understand them is a _____
hacker
A _____, which is a decoy system that is purposely vulnerable and filled with what appears to be sensitive (though false) content, such as financial data. To lure hackers
honeypot
The principle of _____ means employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.
least privilege
A _____ for network users identifies your security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee.
security policy
A person secretly observes an authorized person entering their credentials to access a secure area and then uses that information later is called _____.
shoulder surfing
An intruder that poses as a technical support analyst who needs to know a user's password to troubleshoot a problem is an example of _____.
social engineering
An unauthorized person follows an authorized person into a secure area without the authorized person's knowledge or cooperation is known as _____.
tailgating
A _____ identifies specific security threats to the network and related risk factors.
threat assessment
A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access is known as a _____.
vulnerability
The ability to insert code into a database field labeled "Name" is an example of a(n) ___. - attack. - vulnerability. - breach. - exploit.
vulnerability.
A _____ exploit, or attack, is one that takes advantage of a software vulnerability that hasn't yet or has only very recently become public.
zero day