4200 Final Question List
Which TCP port does SMTP use by default? A. 25 B. 110 C. 143 D. 443
A. 25
What does a host-based IDS monitor? A. Activity on an individual system B. Activity on the network itself C. A honeynet D. A digital sandbox
A. Activity on an individual system
Which term refers to the process by which application programs manipulate strings to a base form, creating a foundational representation of the input? A. Canonicalization B. Obfuscation C. Injection D. Blacklisting
A. Canonicalization
What is an advantage of a host-based IDS? A. It can reduce false-positive rates. B. It's signatures are broader. C. It can examine data before it is decrypted. D. It is inexpensive to maintain in the enterprise.
A. It can reduce false-positive rates.
DNS __________ is a variant of a larger attack class referred to as DNS spoofing, in which an attacker changes a DNS record through any of a multitude of means. A. poisoning B. smurfing C. caching D. kiting
A. Poisoning
Which protection ring has the highest privilege level and acts directly with the physical hardware? A. Ring 0 B. Ring 1 C. Ring 2 D. Ring 3
A. Ring 0
Which term refers to a form of malware that is specifically designed to modify the operation of the operating system in some fashion to facilitate nonstandard functionality? A. Rootkit B. Boot sector virus C. Spyware D. Dieware
A. Rootkit
Which of the following is a primary e-mail protocol? A. STMP B. SNMP C. P3OP D. MUA
A. SMTP
Which term refers to a type of an attack where an attacker spoofs addresses and imposes their packets in the middle of an existing condition? A. Spoofing B. Man in the middle attack C. Sniffing D. Injecting
A. Spoofing
The process of taking control of an already existing session between a client and a server is known as _________. A. TCP/IP hijacking B. DNS kiting C. smurfing D. sniffing
A. TCP/IP hijacking
Which advanced malware tool assists security engineers in hunting down malware infections based on artifacts that the malware leaves behind in memory? A. Snort B. Suricata C. Yara D. Wireshark
C. Yara
A honeypot is sometimes called a(n) __________. A. antivirus packet B. SPAN C. digital sandbox D. firewall
C. digital sandbox
In PGP, the content is encrypted with the generated ________ key. A. symmetric B. asymmetric C. shared key D. elliptical
C. shared key
In a UNIX operating system, which runlevel reboots the machine? A. 0 B. 1 C. 3 D. 6
D. 6
Which term is a means of signing an ActiveX control so that a user can judge trust based on the control's creator? A. Side-jacking B. Server side scripting C. Cross-site scripting D. Authenticode
D. Authenticode
The process of attempting to break a cryptographic system is called _________. A. encrypting B. cipher texting C. cryptography D. cryptanalysis
D. Cryptanalysis
Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection? A. Telnet B. SSH C. SNMP D. FTP
D. FTP
What application is associated with TCP Ports 989 and 990? A. SSL/TLS 3.0 B. SPOP3 C. SFTP D. FTPS
D. FTPS
Which type of testing involves running the system under a controlled speed environment? A. Fuzz testing B. Penetration testing C. Stress testing D. Load testing
D. Load testing
Which term refers to the quarantine or isolation of a system from it's surroundings? A. Demilitarized zoning B. Read-only domain controller pruning C. Egress filtering D. Sandboxing
D. Sandboxing
________ systems are a combination of hardware and software designed to classify and analyze security data from numerous sources. A. Port scanning B. Honeypot C. Network security monitoring (NSM) D. Security information and event management (SIEM)
D. Security information and event management (SIEM)
In which phase of the secure development lifecycle model would you employ use cases? A. Coding phase B. Design phase C. Requirements phase D. Testing phase
D. Testing phase
Which term refers to the process of checking whether the program specification captures the requirements from the customer? A. Data exposure B. Static analysis C. Verification D. Validation
D. Validation
Which of the following is a popular, open source protocol analyzer? A. Snort B. Suricata C. Bit Defender D. Wireshark
D. Wireshark
The term ______ refers to software that has been designed for some nefarious purpose. A. virus B. worm C. Trojan horse D. malware
D. malwave
A birthday attack is a type of logic bomb virus that releases its payload on some famous person's birthday, such as Michelangelo. True or False
False
A worm is malicious code that has to attach itself to something else to survive. True or False
False
Buffer overflow is one of the most common web attack methodologies. True or False
False
Certificates voucher for code security. True or False
False
Compilers create runtime code that can be executed via an interpreter engine, like a Java virtual machine (JVM), on a computer system. True or False
False
Defense against attack begins by eliminating threats. True or False
False
FTP encrypts traffic by default. True or False
False
Hostile activity that does not match an IDS signature and goes undetected is called a false positive. True or False
False
Javascript is part of the Java environment. True or False
False
Least privilege refers to removing all controls from a system. True or False
False
Network-based IDS (NIDS) examines activity on a system, such as a mail server or web server. True or False
False
Performing cloud-based data loss prevention (DLP) is as simple as moving the enterprise edge methodology to the cloud. True or False
False
Sender Policy Framework (SPF) validates the receiving address of the e-mail. True or False
False
Service pack is the term given to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks. True or False
False
TLS is dead and SSL is the path forward. True or False
False
The generation of a real random number is a trivial task. True or False
False
The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project. True or False
False
With the availability of DNS blacklisting, pattern matching is no longer utilized for filtering spam. True or False
False
Traffic that is encrypted will typically passed by an intrusion prevention system untouched. True or False
True
Windows Defender is now standard with all versions of the Windows desktop operating systems. True or False
True
A(n) ________ outlines the proper settings and configurations for an application or set of applications. A. application configuration baseline B. memory management report C. locally shared object D. deprecated function
A. application configuration baseline
The two main places to filter spam are at the ____________. A. host itself and the server B. firewall and the LAN C. proxy server and the LAN D. host itself and the firewall
A. host itself and the server
The term ________ refers the unauthorized scanning for and connecting to wireless access points, frequently done while driving near a facility. A. war-driving B. war-dialing C. indirect attack D. brute force attack
A. war-driving
When using Secure FTP (SFTP) for confidential transfer, what protocol is combined with FTP to accomplish this task? A. Secure Sockets Layer (SSL) B. Secure Shell (SSH) C. Transport Layer Security (TLS) D. Secure Hyper Text Transfer Protocol (HTTPs)
B. Secure Shell (SSH)
Which tool has been the de facto standard IDS engine since it's creation in 1998? A. Squid B. Snort C. Bro D. Suricata
B. Snort
______ technologies involve the miniaturization of the various circuits needed for a working computer system. A. TCP wrappers B. System on a Chip (SoC) C. Daemon D. Supervisory control and data acquisition (SCADA)
B. System on a Chip (SoC)
Which port does HTTP traffic travel over by default? A. TCP port 8080 B. TCP port 80 C. UDP port 8080 D. UDP port 80
B. TCP port 80
SYN flooding is an example of a _________. A. viral attack B. denial of service attack C. logic bomb D. Trojan horse
B. denial of service attack
Few instant messaging programs currently support _________. A. the ability to share files B. encryption C. video transmission D. connection to a smart device
B. encryption
One of the steps that the majority of system administrators running Internet e-mail servers have taken to reduce spam is to shut down ________. A. spam filters B. mail relaying C. e-mail attachments D. Outlook Express
B. mail relaying
A ______ is a software or hardware device that is used to observe traffic as it passes through a network on shared broadcast media. A. logic bomb B. network sniffer C. backdoor D. trapdoor
B. network sniffer
The security kernel is also known as a ________. A. Baseline monitor B. Reference monitor C. Baseline reference D. Secure Monitor
B. reference monitor
An attack that takes advantage of bugs or weaknesses in the software is referred to as ________. A. a brute-force attack B. software exploitation C. a dictionary attack D. weakness exploitation
B. software exploitation
What term refers to the process of assessing the state of an organization's security compared against an established standard? A. Pen testing B. Auditing C. Vulnerability testing D. Accounting
B. Auditing
What term refers to the process of establishing a system's operational state? A. Hardening B. Baselining C. Securing D. Controlling
B. Baselining
Which attack is a code injection attack in which an attacker sends code in response to an input request? A. Cache poisoning B. Cross-site scripting attack C. Man in the middle D. Buffer overflow
B. Cross-site scripting attack
S/MIME uses the X.509 format for certificates. True or False
True
Snapshots are instantaneous save points in time on virtual machines. True or False
True
Swimming is the process of putting a layer of code between the driver and the operating system. True or False
True
Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present? A. NoScript B. FTPS C. HTTPS Everywhere D. Authenticode
C. HTTPS Everywhere
Which term describes a piece of code that is distributed to allow additional functionality to be added to an existing program? A. Plug-in B. Add-on C. Applet D. Certificate
B. Add-on
Which phase of the secure development lifecycle model is concerned with minimizing the attack surface area? A. Coding phase B. Design phase C. Requirements phase D. Testing phase
B. Design phase
Which cryptographic protocols can be used by SSL/TLS? A. HTTPS and SSMTP B. Diffie-Hellman and RSA C. RC4 and 3DES D. MD5 and SHA-1
B. Diffie-Hellman and RSA
Which protocol is used for the transfer of hyperlinked data over the Internet, from web servers to browsers? A. SSMTP B. HTTP C. SPOP3 D. HSTS
B. HTTP
What command stops a service in UNIX? A. Stop B. Kill C. End D. Finish
B. Kill
What is an advantage or a network-based IDS? The difference between misuse and anomaly IDS models is A. An IDS can examine data after it has been decrypted. B. An IDS coverage requires fewer systems. C. An IDS can be very application specific. D. An IDS can determine whether or not an alarm may impact that specific system.
B. An IDS coverage require fewer systems.
Which component of an IDS examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database? A. Traffic collector B. Analysis engine C. Signature database D. Examination collector
B. Analysis Engine
What does the term spiral method refer to? A. A newer method of code signing B. A software engineering process category C. An obsolete way to stress test a program D. The recommended method to provision a system
B. A software engineering process category
Which TCP port does IMAP use by default? A. 110 B. 25 C. 143 D. 443
C. 143
How does an IPS differ from an IDS? A. An IPS is passive and an IDS is active. B. An IPS uses heuristics and an IDS is signature-based. C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert. D. An IDS will block, reject, or redirect unwanted traffic, an IPS will only send an alert.
C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert.
Which product filters out junk e-mail? A. Intrusion detection system B. Personal firewall C. Antispam D. Antivirus
C. Antispam
What was the primary reason for the spread of the ILOVEYOU worm? A. Network firewall failed. B. Systems did not have the appropriate software patch. C. Automatic execution, such as Microsoft Outlook's preview pane. D. Virus scan software was not updated.
C. Automatic execution, such as Microsoft Outlook's preview pane.
Which protocol allows the exchange of different kinds of data across text-based e-mail systems? A. MTA B. MUA C. MIME D. MDA
C. MIME
Which tool is designed to probe a system for open ports? A. Web proxy B. Reverse scanner C. Port Scanner D. Open Proxy
C. Port scanner
Which type of attack can be used to execute arbitrary commands in a database? A. DB manipulation B. DB injection C. SQL injection D. XML injection
C. SQL injection
Unsolicited commercial e-mail is known as ________. A. Hoax e-mail B. Worm C. Spam D. Spork
C. Spam
Which port is used by SSMTP? A. TCP port 21 B. TCP port 443 C. TCP port 465 D. TCP port 80
C. TCP port 465
Windows Server 2016 replaced the traditional ROM-BIOS with the __________. A. ELAM Boot B. Secure Boot C. Unified Extensible Firmware Interface (UEFI) D. Trusted Machine Platform
C. Unified Extensible Firmware Interface (UEFI)
A signed applet can never hijacked. True or False
True
Context-based signatures match a pattern of activity based on the other activity around it, such as a port. True or False
True
General UNIX baselining follows similar concepts as baselining for Windows OSs. True or False
True
Hoax e-mails can have a real impact in bandwidth. True or False
True
Most e-mail is sent in plaintext, providing no privacy in it's default form. True or False
True
Perpetrating some sort of electronic fraud is one reason a specific system might be targeted for attack. True or False
True
Protecting data while in use is a much trickier proposition than protecting it in transit or in storage. True or False
True
