CNG 133 Final
Which of the following methods is available as an add-in for most email clients? A) PGP B) DES C) RSA D) Caesar cipher
A) PGP
Sending an email that claims to come from a different sender, and asking for sensitive data is an example of ___________. A) Social engineering B) None of these C) Phishing D) Key logging
A) Social engineering
Which U.S. government agency created the distributed network that formed the basis for the Internet? A) Central Intelligence Agency B) Advanced Research Projects Agency C) Department of Energy D) NASA
B) Advanced Research Projects Agency
Which of these is a repository of security-related documentation and also sponsors a number of security research projects? A) Microsoft Security Advisor B) SANS Institute C) F-Secure D) Computer Emergency Response Team
B) SANS Institute
Where would you go to find various state sex offender registries? A) The national sex offender online database B) The FBI website C) The special victims' unit website D) The interstate online sex offender database
B) The FBI website
One tool used for a denial-of-service attack is ______________. A) Linux B) Tribal Flood Network C) UDP D) None of these
B) Tribal Flood Network
With _____, an attacker injects client-side script into web pages viewed by other users. A- SQL injection B- Cross-Site Scripting C- Scanning D- Port detection
B- Cross-Site Scripting
What is being configured in the browser settings in the following figure? Figure A A- Harassment settings B- Privacy settings C- Phishing settings D- Safe browsing settings
B- Privacy settings
Copies of __________ virus are created in the Windows System directory as #_up.exe. A- Stuxnet B- Sasser C- TrojanAB D- MiMail
B- Sasser
In Windows the log that contains events collected from remote computers is the ____________ log. A) Application B) Applications and services C) ForwardedEvents D) System
C) ForwardedEvents
If you experience a denial-of-service attack, you can use firewall logs to determine the _______ from which the attack originated. A) Computer operating system B) Computer manufacturer C) IP address D) None of these
C) IP address
_______ theft and _______ fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception. A) Cyber B) None of these C) Identity D) Neutral
C) Identity
Why do you not want too much personal data about you on the Internet? A) There is no reason to worry about personal information on the Internet. B) It might be used by a potential employer to find out more about you. C) It might be used by an identity thief to impersonate you. D) It might reveal embarrassing facts about you.
C) It might be used by an identity thief to impersonate you.
The simplest form of firewall is a(n) ____________ firewall. A) Circuit-level gateway B) Domain gateway C) Packet Filtering D) Application gateway
C) Packet Filtering
Although the Cyberterrorism Preparedness Act of 2002 was not passed, many of its goals were addressed by the ___________. A) CIA B) Pentagon C) Patriot Act D)None of these
C) Patriot Act
Question 16 :Firewall ______ is a tool that can provide information after an incident has occurred. A) Scanning B) Port detection C) None of these D) Logging
D) Logging
The virus/worm that specifically targets Macintosh computers is ________. A) None of these B) W32/Netsky-P C) Troj/Invo-Zip D) MacDefender
D) MacDefender
With a(n) _________ scan, if the port is closed, the response is an RST. If the port is open, the response is a SYN/ACK. A) ACK B) FIN C) XMAS D) SYN
D) SYN
Micro blocks, SYN cookies, RST cookies, and stack tweaking are defenses against ______. A) None of these B) Viruses C) Phishing D) TCP SYN flood attacks
D) TCP SYN flood attacks
What is most important to learn about a person listed in a sex offender registry? A) The extent of his punishment B) How old she was when she committed her crime C) How long he has been out of prison D) The nature of her specific crime
D) The nature of her specific crime
Which of the following is not an example of financial loss due to cyber terrorism? A) Damage to facilities including computers B) Computer fraud C) Lost data D) Transferring money from accounts
D) Transferring money from accounts
One way to protect yourself on auction sites is? A) None of these. B) Bid early in the process. C) Bid late in the process. D) Use a separate credit card with a low limit.
D) Use a separate credit card with a low limit.
The most common way for a virus to spread is by __________. A) None of these B) Locating Linux machines C) Scanning your computer for network connections and copying itself to other machines on the network D) Use of your email contacts
D) Use of your email contacts
VI (value of information) = C (cost to produce) + ___________. A) VL (value lost) B) MU (markup) C) GM (gross margin) D) VG (value gained)
D) VG (value gained)
McAfee and Norton are examples of ________. A) Trojan horses B) Worms C) Viruses D) Virus scanners
D) Virus scanners
What search engine can be used to find details about someone in the US? A) Infobel B) The National Center for State Courts Website C) Google Groups D) Yahoo! People Search
D) Yahoo! People Search
What is the name of the Standard Linux command that is also available as a Windows application that can be used to create bitstream images and make a forensic copy? A) mcopy B) image C) MD5 D) dd
D) dd
Which of the following would be most important to know about a potential business partner? A- Past bankruptcies B- A lawsuit from a former business partner C- A recent DUI D- All of these
D- All of these
Which of the following agencies has allegedly had one of its cyber spies caught? A- NSA B- KGB C- FBI D- CIA
D- CIA
Scanning bulletin boards, making phony phone calls, and visiting websites by a hacker are examples of _________. A- Phreaking B- Scouring C- Active scanning D- Passive scanning
D- Passive scanning
Which of the following is the process to try to induce someone to provide you with personal information? A- Licensing B-Cyberstalking C- Looping D- Phishing
D- Phishing
________ refers to unencrypted text. A- Key B- Cipher text C- Algorithm D- Plain text
D- Plain text
A ____________ hides the internal network's IP address and presents a single IP address to the outside world. A- Intrusion detection system B- Network Monitor C- Firewall D- Proxy server
D- Proxy server
The virus that infected Iranian nuclear facilities was exploiting a vulnerability in SCADA systems. A- Persian B- None of these C- MyDoom D- Stuxnet
D- Stuxnet
A ________ invites attackers and lures them into breaking into a system, while deviating their attention from target systems. A) Cloud drive B) Sandbox C) Honeypot D) Deep box
B) Sandbox
A file that stays in memory after it executes is a(n) _____________. A) Bug B) Terminate and Stay Resident program C) Executable D) Text file
B) Terminate and Stay Resident program
Internet addresses of the form www.google.com is known as what? A) User-friendly web addresses B) Uniform resource locators C) User-accessible web addresses D) Uniform address identifiers
B) Uniform resource locators
At a minimum, a security audit should________________. A- Check security logs and personnel records of those in secure positions B- All of these C- Review system patching and security policies D- Probe ports for flaws
B- All of these
Using the _________ cipher you select multiple numbers by which to shift letters. A- Multi-alphabet substitution B- ASCII C- DC4 D- Caesar
A- Multi-alphabet substitution
Which defensive technique involves altering the TCP stack on the server so that it will take less time to timeout when a SYN connection is left incomplete? A- Stack tweaking B- None of these C- SYN cookies D- RST cookies
A- Stack tweaking
What encryption algorithms are used by WEP and WPA? A) RC4 and DES B) RC4 and 3DES C) RC4 and AES D) RC3 and AES
C) RC4 and AES
The command-line command to instruct the ping utility to send packets until explicitly told to stop is ping ____. A) -s B) -t C) -u D) None of these
B) -t
Which country is described by experts as having the strictest cybercrime laws? A) None of these B) United States C) Russia D) France
A) None of these
Which of the following is the most accurate description of Usenet? A) A global collection of bulletin boards B) A large-scale chat room C) A repository of computer security information D) A nationwide bulletin board
A) A global collection of bulletin boards
_______ is a free tool that can be used to recover Windows files. A) DiskDigger B) FileRecover C) None of these D) SearchIt
A) DiskDigger
Which of the following is one way to protect yourself against identity theft? A) Do not provide personal information to anyone unless it is absolutely necessary. B) None of these. C) Use Windows as your operating system. D) Use Firefox as your web browse
A) Do not provide personal information to anyone unless it is absolutely necessary.
Nmap enables you to set ________ such as -sP, -sS, and -oA. A) Flags B) Parameters C) None of these D) Switches
A) Flags
The process to make a system as secure as it can be without adding on specialized software or equipment is _______________ A) Hardening B) Routing C) None of these D) Securitizing
A) Hardening
In 1996 a hacker allegedly associated with the white supremacist movement temporarily disabled a ___________ ISP. A) Massachusetts B) None of these C) Sri Lankan D) New York
A) Massachusetts
The virus/worm that collected email addresses from your address book and from other documents on your machine was the ________ virus. A) Mimail B) None of these C) Nonvirus D) Bagle
A) Mimail
The company whose chief executive officer was indicted for copyright infringement of allegedly stealing technology from D-Link, which was one of its own customers, was _________. A) None of these B) VIA C) Interactive Television Technologies, Inc. D) General Motors
A) None of these
Which would you use to begin a search for information on a United States court case? A) The National Center for State Courts Website B) Google Groups C) Yahoo! People Search D) Infobel
A) The National Center for State Courts Website
The TCP protocol operates at what layer of the OSI model? A) Transport B) Data link C) Network D) Application
A) Transport
The joint task force representing components of all four U.S armed services is the ____________. A) U.S. Cyber Command B) Patriot Command C) Cyber Terror Association D) None of these
A) U.S. Cyber Command
It would be advisable to obtain __________ before running a background check on any person. A) Written permission B) None of these C) A Social Security number D) An IP address
A) Written permission
Using Linux to wipe the target drive, the command-line command would be ___ A) dd B) cc C) md5sum D) nd
A) dd
During the ___________ War, Western democracies invested time and money for radio broadcasts into communist nations. A- Cold B- Vietnam C- Korean D -None of these
A- Cold
A good password has at least ______ characters. A) 6 B) 8 C) 10 D) 15
B) 8
What is the rule about ports? A) Block ICMP packets. B) Block all unused ports. C) Block all nonstandard ports. D) Block all incoming ports.
B) Block all unused ports.
A propaganda agent can manage multiple online personalities, posting to many different _____________. A) Discussion groups and email accounts B) Bulletin boards and discussion groups C) Bulletin boards and email accounts D) None of these
B) Bulletin boards and discussion groups
Which web search approach is best when checking criminal backgrounds? A) Check as many places as might have information. B) Check the current and previous state of residence. C) Check primarily federal records. D) Check primarily the person's state of residence.
B) Check the current and previous state of residence.
_________ can include logs, portable storage, emails, tablets, and cell phones. A) None of these B) Computer evidence C) Ancillary hardware D) Network devices
B) Computer evidence
A black hat hacker is also called a ___________. A) Sneaker B) Cracker C) Thief D) None of these
B) Cracker
Which TCP/IP protocol operates on port 53 and translates URLs into Web addresses? A) FTP B) DNS C) HTTP D) SMTP
B) DNS
Which of the following is a cyber-attack that would likely cause imminent loss of life? A) Disruption of security systems B) Disruption of chemical plant control systems C) Disruption of banking system D) Disruption of water
B) Disruption of chemical plant control systems
______________ is the process to scramble a message or other information so that it cannot be easily read. A) Cryptography B) Encryption C) Decryption D) Keying
B) Encryption
A(n) ______ is a basic security device that filters traffic and is a barrier between a network and the outside world or between a system and other systems. A) Network Monitor B) Firewall C) Proxy server D) Intrusion detection system
B) Firewall
Which of these is NOT one of the two basic types of cryptography? A) All of these B) Forward C) Symmetric D) Asymmetric
B) Forward
Question 22 :Giving personnel access to only data that they absolutely need to perform their jobs is referred to as _________. A) Job rotation B) Least privilege C) None of these D) Business continuation planning
B) Least privilege
When an employee leaves, all _______ should be terminated. A) Desktops B) Logins C) Web histories D) Passwords
B) Logins
_________ is a popular tool for cracking Windows passwords. A) Sid2User B) OphCrack C) Netcat D) Cheops
B) OphCrack
Testing an organization's security is known as ________ testing. A) Location B) Penetration C) None of these D) Virus
B) Penetration
Which Nmap flag can be used for Xmas tree scan? A) -O B) None of these C) -sX D) -sL
C) -sX
The conflict between the user's goal for unfettered access to data and the security administrator's goal to protect that data is an issue of ______________. A) Social engineering B) System administration C) Access control D) Password protection
C) Access control
What is APT? A) Advanced Persistent Trojan B) Always Possible Threat C) Advanced Persistent Threats D) Advanced Permanent Theory
C) Advanced Persistent Threats
Question 19 :The process to list assets that you believe support your organization is called ________. A) Organizational charting B) Business planning C) Asset identification D) Making a balance sheet
C) Asset identification
Why may protecting against Trojan horse attacks reduce DoS attacks? A) Because a Trojan horse will often open ports allowing a DoS attack B) Because a Trojan horse attacks in much the same way as a DoS attack C) Because many denial of service attacks are conducted by using a Trojan horse to get an unsuspecting machine to execute the DoS D) Because if you can stop a Trojan horse attack, you will also stop DoS attacks
C) Because many denial of service attacks are conducted by using a Trojan horse to get an unsuspecting machine to execute the DoS
Which layer of the OSI model is divided into two sublayers? A) Presentation B) Session C) Data link D) Network
C) Data link
What attack is in progress in the following figure? A) Flooding attack B) None of these C) DoS attack D) UDP attack
C) DoS attack
In which firewall configuration is the firewall running on a server with at least two network interfaces? A) Screened host B) Network host-based C) Dual-homed host D) Router-based
C) Dual-homed host
Investing with well-known, reputable brokers protects against what? A) Identity theft B) Online fraud C) Investment fraud D) Phishing
C) Investment fraud
Someone who calls himself a hacker but lacks the expertise is a ________. A) White hat hacker B) Black hat hacker C) Script kiddy D) Sneaker
C) Script kiddy
There have been cases of mistaken identity with _________lists. A) None of these B) Computer hardware C) Sex offender D) Voter registration
C) Sex offender
Firefox and Internet Explorer are examples of ____________. A) Proxy servers B) Cookies C) Web browsers D) Websites
C) Web browsers
Someone who abides the law but can turn into a malicious actor to gain access to a system to cause harm is known as a __________? A- White hat hacker B- Black hat hacker C- Gray hat hacker D- Red hat hacker
C- Gray hat hacker
CIA explains the three pillars of security. What does 'I' stand for in CIA? A- Intermission B- Information C- Integrity D- Intermittent
C- Integrity
What are the six Ps of security? A- Ports, patch, probe, physical, privacy, policies B- Patch, ports, personnel, privacy, protect, policies C- Patch, ports, protect, policies, probe, physical D- Physical, privacy, patch, ports, probe, protect
C- Patch, ports, protect, policies, probe, physical
Any legitimate security professional will not mind giving? A- References, Permission to check house condition, and criminal background B- References, Permission to check credit history, and car plate C- References, Permission to check credit history, and criminal background D- All of these
C- References, Permission to check credit history, and criminal background
The rule that packets not originating from inside your LAN should not be forwarded relates to ___________. A- Servers B- Workstations C- Routers D- Web servers
C- Routers
The Linux log file that can reveal attempts to break into the system is ___________. A) /var/log/apport.log B) /var/log/lighttpd/* C) /var/log/apache2/* D) /var/log/faillog
D) /var/log/faillog
The Linux log file that can reveal attempts to compromise the web server is ______________. A) /var/log/apache2/* B) /var/log/kern.log C) /var/log/apport.log D) /var/log/lighttpd/*
D) /var/log/lighttpd/*
What is BCP? A) Business Completion Plan B) Business and Continuity Processes C) Business Continuity Practice D) Business Continuity Plan
D) Business Continuity Plan
Using the __________ cipher you choose some number by which to shift each letter of a text. A) Multi-alphabet substitution B) DES C) DC4 D) Caesar
D) Caesar
Which TCP/IP protocol operates on port 80 and displays web pages? A) SMTP B) FTP C) DNS D) HTTP
D) HTTP
Which of these could be considered a course of conduct directed at a specific person that causes substantial emotional distress in such person and serves no legitimate purpose? A) Browsing B) Phishing C) None of these D) Harassment
D) Harassment
The principal that users have access to only network resources when an administrator explicitly grants them is called ___________. A) Least privilege B) Separation of duty C) Job rotation D) Implicit deny
D) Implicit deny
The I Love You virus caused harm because ________. A) None of these. B) It had a negative payload. C) It erased data on computers. D) It generated large numbers of emails that bogged down many networks.
D) It generated large numbers of emails that bogged down many networks.
If you fail to handle evidence properly ___________. A) Law enforcement may not look at it. B) None of these. C) You may damage the hard drive. D) It may be unusable in court.
D) It may be unusable in court.
The virus scanning technique that means you have a separate area isolated from the operating system in which a file is run, so it won't infect the system is ________. A) Heuristic B) Updates C) Signatures D) Sandbox
D) Sandbox
Quick Stego and Invisible Secrets are two software tools that can be used for __________. A) Port scanning B) None of these C) Key logging D) Steganography
D) Steganography
