Computer Network Security Midterm
Discuss the two significant weaknesses of DAC.
1. poses risk becuase it relies on the end user to set the proper level of security 2. a subject's permissions will be inherited by any programs that the subject executes
What are botnets?
A botnet is a network of computers infected with malicious software and controlled as a group without the user's knowledge.
Describe a macro virus.
A macro virus is a computer virus written in the same macro language used for software programs. When a macro virus infects a software application, it causes a sequence of actions to begin automatically when the application is opened.
What are script kiddies?
A script kiddie is someone who wishes to be a hacker but lacks knowledge of network or computer systems.
Describe the security principle of simplicity.
A secure system should be simple from the inside but complex on the outside. Creating the information security structure in layers helps to achieve simplicity; this is useful in resisting a variety of attacks and provides comprehensive protection.
What is a worm?
A worm is a standalone malware computer program that replicates itself in order to spread to other computers. A worm often uses a computer network to spread itself, relying on security failures to access the targeted system.
What is dumpster diving?
Dumpster diving involves digging through trash receptacles to find information that can be useful in an attack.
List and describe three of the characteristics of information that must be protected by information security?
Information security is the confidentiality, integrity, and availability of information. Confidentiality ensures that data is not disclosed to unintended persons. Integrity ensures that the data is not modified. And availability ensures that data is available when needed.
Why is the speed of malicious attacks making the challenge of keeping computers secure more difficult?
Malicious attacks can affect millions of computers in a matter of seconds; fast attacks are harder to detect and harder to stop.
What is malware?
Malware is software that enters a computer system without the user's knowledge or consent and then performs an unwanted-and usually harmful-action. Malware is a general term that refers to a wide variety of damaging or annoying software programs.
List three major access control models.
Mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC)
Information security is achieved through a combination of what three entities? Provide at least one example of each entity.
Products like anti-virus software, people like the employees of a company, and procedures like having a plan in place in the event of an attack.
How does a rootkit work?
Rootkits work using modification. A rootkit locates and modifies the software so that it makes incorrect decisions. They have the ability to hide the existence of certain computer programs.
Describe how Kerberos works.
The user is provided a ticket by the Kerberos authentication server, the user presents the ticket to the network for service, the ticket is examined to verify the user's identity
What are some of the functions performed by viruses?
Viruses have the ability to copy themselves. They harm computers by deleting code, filling up space in hard drives, etc.
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? a. DNS poisoning b. phishing c. DNS marking d. DNS overloading
a. DNS poisoning
Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs? a. RADIUS b. ICMP c. FTP d. Telnet
a. RADIUS
What kind of software program delivers advertising content in a manner that is unexpected and unwanted by the user, and is typically included in malware? a. adware b. keylogger c. spam d. trojan
a. adware
Which of the folowwing ensures that data is accessible to authorized users? a. availability b. confidentiality c. integrity d. identity
a. availability
Which of the following are considered threat actors? (Choose all that apply.) a. brokers b. competitors c. administrators d. individuals
a. brokers and b. competitors
What technology expands the normal capabilities of a web browser for a specific webpage? a. extensions b. add-ons c. plug-ins d. java applets
a. extensions
Which of the following controls can be implemented so an organization can configure multiple computers by setting a single policy for enforcement? a. group-based access control b. computer-based access control c. role-based access control d. system access control
a. group-based access control
What term is used to describe a group that is strongly motivated by ideology, but is usually not considered to be well-defined and well-organized? a. hactivists b. hacker c. script kiddies d. cyberterrorist
a. hacktivist
Which of the following are considered to be the primary payload capabilities found in malware? (Choose all that apply.) a. launch attacks b. modify data c. delete data d. collect data
a. launch attacks, c. delete data, and d. collect data
What two locations can be a target for DNS poisoning? (Choose two that apply.) a. local host table b. external DNS server c. local database table d. directory server
a. local host table, b. external DNS server
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian? a. mandatory access control b. role based access control c. discretionary access control d. rule based access control
a. mandatory access control
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? a. privilege escalation b. DNS cable poisoning c. ARP poisoning d. man in the middle
a. privilege escalation
What process periodically validates a user's account, access control, and membership role or inclusion in a specific group? a. recertification b. revalidation c. control audit d. group auditing
a. recertification
Which type of attack below is similar to a passive man-in-the-middle attack? a. replay b. hijacking c. denial d. buffer overflow
a. replay
Which access control model that uses access based on a user's job function within an organization? a. role based access control b. rule based access control c. discretionary access control d. mandatory access control
a. role based access control
When using Role Based Access Control (RBAC), permissions are assigned to which of the following? a. roles b. groups c. labels d. users
a. roles
What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as a virus? a. rootkit b. backdoor c. wrapper d. shield
a. rootkit
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following? a. separation of duties b. process sharing c. mandatory splitting d. role reversal
a. separation of duties
A user or a process functioning on behalf of the user that attempts to access an object is known as the: a. subject b. reference monitor c. entity d. label
a. subject
Which major types of access involving system resources are controlled by ACLs? (Choose all that apply.) a. system access b. remote access c. user access d. application access
a. system access, c. user access, and d. application access
Which of the following is malicious computer code that reproduces itself on the same computer? a. virus b. worm c. adware d. spyware
a. virus
What are the two types of cross-site attacks? (Choose two that apply.) a. cross-site input attacks b. cross-site scripting attacks c. cross-site request forgery attacks d. cross-site flood attacks
b and c
What is an entry in an ACL known as? a. DACL b. ACE c. SQL d. flag
b. ACE
What protocol can be used by a host on a network to find the MAC address of another device based on an IP address? a. DNS b. ARP c. TCP d. UDP
b. ARP
If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known web site in order for the attacker to gain Web traffic to generate income, what type of attack are they using? a. spoofing b. URL hijacking c. web squatting d. typo hijacking
b. URL hijacking
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active? a. password expiration b. account expiration c. last login d. account last used
b. account expiration
What type of software can be installed in an individual's web browser to prevent ads from displaying? a. antivirus b. ad blocking c. cookie scanning d. ad sensing
b. ad blocking
Which of the following is a valid fundamental security principle? (Choose all that apply.) a. signature b. diversity c. simplicity d. layering
b. diversity, c. simplicity, and d. layering
What type of theft involves stealing another person's personal information and then using the information to impersonate the victim, generally for financial gain? a. cyberterrorism b. identity theft c. phishing d. social scam
b. identity theft
Which term below is frequently used to describe the tasks of securing information that is in a digital format? a. network security b. information security c. physical security d. logical security
b. information security
What type of computer code is typically added to a legitimate program but lies dormant until a specific logical event triggers it? a. script b. logic bomb c. macro virus d. metamorphic virus
b. logic bomb
A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as: a. rootkit b. macro c. program d. process
b. macro
A virus that infects an executable program file is known as? a. macro virus b. program virus c. companion virus d. boot sector virus
b. program virus
Malware that locks or prevents a device from functioning properly until a fee has been paid is known as: a. lock-ware b. ransomware c. stealware d. hostageware
b. ransomware
What framework is used for transporting authentication protocols instead of the authentication protocol itself? a. CHAP b. SAML c. EAP d. MS-CHAP
c. EAP
What type of computer can forward RADIUS messages between RADIUS clients and RADIUS servers? a. intermediate proxy b. remote proxy c. RADIUS proxy d. translation proxy
c. RADIUS proxy
What is the name for a predefined framework (Model) that can be used for controlling access, and is embedded into software and hardware? a. accounting and access model b. user control model c. access control model d. authorization control model
c. access control model
What type of privileges to access hardware and software resources are granted to users or devices? a. access privileges b. user rights c. access rights d. permissions
c. access rights
What type of system security malware allows for access to a computer, program, or service without authorization? a. botnet b. zombie c. backdoor d. command and control
c. backdoor
What policy is designed to ensure that all confidential or sensitive materials, either in paper form or electronic, are removed from a user's workspace and secured when the items not in use or when employees leave their workspace? a. clean workspace b. secure workspace c. clean desk d. secure desk
c. clean desk
What term best describes any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents? a. cybercriminal b. cracking c. cyberterrorism d. hacking
c. cyberterrorism
When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack? a. MITM b. spoofing c. denial of service d. blocking
c. denial of service
Select the information protection item that ensures that information is correct and that no unaothorized person or malicious software has altered the data. a. availability b. confidentiality c. integrity d. identity
c. integrity
When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the Web ads, what type attack is being performed? a. ad squatting b. clickjacking c. malvertising d. ad spoofing
c. malvertising
Which of the following are considered to be interception attacks? (Choose two that apply.) a. denial of service b. amplification attack c. man in the middle d. replay attacks
c. man in the middle, d. replay attacks
What type of attack intercepts communication between parties to steal or manipulate the data? a. replay b. MAC spoofing c. man-in-the-browser d. ARP poisoning
c. man-in-the-browser
What term is used to describe state-sponsored attackers that are used for launching computer attacks against their foes? a. nation state threats b. cyber military c. nation state actors d. state hackers
c. nation state actors
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts? a. abandoned b. stale c. orphaned d. inactive
c. orphaned
What specific science discipline do most social engineering attacks rely on when they are being used? a. psychiatry b. criminology c. psychology d. engineering
c. psychology
Which access control model can dynamically assign roles to subjects based on a set of defined rules? a. role based access control b. mandatory access control c. rule based access control d. discretionary access control
c. rule based access control
Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so? a. cybercriminal b. hacker c. script kiddies d. cyberterrorist
c. script kiddies
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as: a. session replay b. session spoofing c. session hijacking d. session blocking
c. session hijacking
What term below is used to describe the process of gathering information for an attack by relying on the weaknesses of individuals? a. phreaking b. hacking c. social engineering d. reverse engineering
c. social engineering
One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique? a. stealth b. appendor c. swiss cheese d. split
c. swiss cheese
Select below the type of malware that appears to have a legitimate use, but contains something malicious: a. script b. virus c. trojan d. worm
c. trojan
What specific type of phishing attack uses the telephone to target a victim? a. target phishing b. whaling c. vishing d. spear phishing
c. vishing
What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company? a. spam b. adware c. watering hole d. typo squatting
c. watering hole
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n): a. ACE b. DAC c. entity d. ACL
d. ACL
What type of additional attack does ARP spoofing rely on? a. DNS poisoning b. replay c. MITB d. MAC spoofing
d. MAC spoofing
An attack that takes advantage of the procedures for initiating a session is known as what type of attack? a. DNS amplification attack b. IP spoofing c. smurf attack d. SYN flood attack
d. SYN flood attack
In information security, what can constitute a loss? a. theft of information b. a delay in transmitting information that results in a financial penalty c. the loss of good will or reputation d. all of the above
d. all of the above
In information security, which of the following is an example of a threat actor? a. a force of nature such as a tornado that could destroy computer equipment b. a virus that attaks a computer network c. a person attempting to break into a secure computer network d. all of the above
d. all of the above
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password? a. accounting request b. access request c. verification request d. authentication request
d. authentication request
What type of structure is used to provide instructions to infected bot computers? a. client-server b. hive c. bot herder d. command and control
d. command and control
Which of the three protections ensures that only authorized parties can view information? a. security b. availability c. integrity d. confidentiality
d. confidentiality
What term describes a layered security approach that provides the comprehensive protection? a. comprehensive-security b. diverse-defense c. limiting-defense d. defense-in-depth
d. defense-in-depth
Which of the following is a database stored on the network itself that contains information about users and network devices? a. user permissions b. network service c. system registry d. directory service
d. directory service
Which access control model is considered to be the least restrictive? a. role based access control b. mandatory access control c. rule based access control d. discretionary access control
d. discretionary access control
What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor? a. pointer hack b. DNS spoofing c. clickjacking d. domain hijacking
d. domain hijacking
What type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks? a. trojan horse b. virus c. bug d. easter egg
d. easter egg
What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard? a. key indexing b. ransomware c. passive tracking d. keylogger
d. keylogger
The action that is taken by a subject over an object is called a(n): a. authorization b. access c. control d. operation
d. operation
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer? a. IP spoofing b. denial of service c. DNS poisoning d. smurf attack
d. smurf attack
Which of the following is not one of the four methods for classifying the various instances of malware by using the primary trait that the malware possesses? a. circulation b. infection c. concealment d. source
d. source
Which type of phishing attack targets specific users? a. target phishing b. whaling c. vishing d. spear phishing
d. spear phishing
What type of malware is heavily dependent on a user in order to spread? a. trojan b. worm c. rootkit d. virus
d. virus
True or false? A Local Group Policy (LGP) has more options than a Group Policy.
false
True or false? A polymorphic virus changes its internal code to one of a set number of predefined mutations whenever it is executed.
false
True or false? A rootkit can hide its presence, but not the presence of other malware.
false
True or false? A virus self-replicates on the host computer and spreads to other computers by itself.
false
True or false? ACLs provide file system security for protecting files managed by the user.
false
True or false? As security is increased, convenience is often increased.
false
True or false? Malware is software that enters a computer system with the user's knowledge or consent and then performs an unwanted and harmful action.
false
True or false? Securing web applications is easier than protecting other systems.
false
True or false? The malicious content of an XSS URL is confined to material posted on a website
false
True or false? Vishing is a false warning, often contained in an email message claiming to come from the IT department.
false
True or false? With the Discretionary Access Control (DAC) model, no object has an owner; the system has total control over that object.
false
True or false? A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
true
True or false? A remote access Trojan has the basic functionality of a Trojan but also gives the threat actor unauthorized remote access to the victim's computer by using specially configured communication protocols.
true
True or false? A vulnerability is a flaw or weakness that allows a threat to bypass security.
true
True or false? Authentication, authorization, and accounting are sometimes called AAA.
true
True or false? Authorization is granting permission for admittance.
true
True or false? Employee onboarding refers to the tasks associated with hiring a new employee.
true
True or false? In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.
true
True or false? Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated.
true
True or false? Once the malware reaches a system through circulation, then it must embed itself into that system.
true
True or false? Permission auditing and review is intended to examine the permissions that a user has been given to determine if each is still necessary.
true
True or false? Phishing is sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
true
True or false? Rule-Based Access Control can be changed by users.
true
True or false? Social engineering impersonation means to masquerade as a real or fictitious character and then play out the role of that person on a victim.
true
True or false? To mitigate risks is the attempt to address risk by making the risk less serious.
true
True or false? Traditional network security devices can block traditional network attacks, but they cannot always block web application attacks.
true
True or false? Two types of malware have the primary trait of circulation. These are viruses and worms.
true
True or false? XSS is like a phishing attack but without needing to trick the user into visiting a malicious website.
true