CTI 120 Final Exam

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is Bluetooth's rate of transmission?

1 Mbps

In the U.S., if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report?

30

How the network resources are to be used should be clearly defined in a (an) ____________ policy.

Acceptable use

In an office setting, instead of using a wireless broadband router, a more sophisticated device known as a(n) ____________________ is used.

Access point

Some attackers might create a peer-to-peer network that connects a wireless device directly to another wireless device, such as the victim's laptop directly to the attacker's laptop. What is this type of network called?

Ad hoc

Which type of web browser enhancement can change browser menus or create additional toolbars?

Add-ons

Which of the following is NOT a privacy best practice?

Always carry your Social Security number with you

Where are you most likely to find a PKES system?

An automobile

When the malware payload allows an attacker to execute virtually any command on the victim's computer this is called ______________________________.

Arbitrary code execution

Which of the following is a risk associated with the use of private data?

Associations with groups

What type of policy defines the methods involved when a user sign in to the network?

Authentication

_________________ provides proof of the genuineness of the user.

Authentication

Using which Social engineering principle might an attacker impersonate a CEO of a company?

Authority

Which of the following ensures that data is accessible when needed to authorized users?

Availability

A ___________________ that is installed on a computer allows the attacker to return at a later time and bypass security settings.

Backdoor

What can an attacker use that gives them access to a computer program or service that circumvents normal security protections?

Backdoor

Which of the following can be used to secure data on disk drives? (Choose all that apply.)

Bitlocker EFS TrueCrypt

Which of the following is an attack that sends unsolicited messages to Bluetooth-enabled devices?

Bluejacking

Which type of BlueTooth attack accesses unauthorized information from a wireless device through a Bluetooth connection, often between cell phones and laptop computers?

Bluesnarfing

There are two major types of wireless networks that are popular today among users. One of these networks is Wi-Fi; what is the other?

Bluetooth

How do attackers today make it difficult to distinguish an attack from legitimate traffic?

By using common Internet protocols

Someone who wants to send encrypted data must acquire a digital certificate from a ____________ authority.

Certification

What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen?

Change-of-address form

Which virus detection method creates a virtual environment that simulates the central processing unit (CPU) and memory of the computer?

Code emulation

What type of backup is performed continually without any intervention by the user?

Continuous backup

What do web servers use to track whether a user has previously visited a web site?

Cookies

Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness?

Credit score

What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?"

Cyberterrorism

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following?

Cyberterrorists

A digital signature can provide which of the following benefits?

Data integrity

You have purchased a network-based IDS. You have been tasked with deploying the device in a location where the entire network can be protected. Where should you deploy it?

Demilitarized zone

Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests. What is this called?

Denying services

What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file?

Dictionary

Which of the following is NOT a technology typically used by spyware?

Disk drive formatting software

What is it called when unsuspecting users visit an infected website and their browsers download code that targets a vulnerability in the user's browser?

Drive-by-download

Which technique might an attacker employ to find documents that may reveal the true level of security within an organization?

Dumpster diving

____________________ involves digging through trash receptacles to find information that can be useful in an attack.

Dumpster diving

Which standard feature on NTFS-formatted disks encrypts individual files and uses a certificate matching the user account of the user who encrypted the file?

EFS

What is contained within the body of an email message as a shortcut to a website?

Embedded hyperlink

Changing the original text into a secret message using cryptography is known as __________________.

Encryption

What does a VPN use to ensure that any transmissions that are intercepted will be indecipherable?

Encryption

Which facet of securing access to network data makes data unusable to anyone except authorized users?

Encryption

Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks?

Enhanced encryption algorithms

How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms?

Every 12 months

An attacker sets up a look-alike Wi-Fi network, tempting unsuspecting users to connect with the attacker's Wi-Fi network instead. What is this called?

Evil twin

Which of the following expands the normal capabilities of a web browser for a specific webpage?

Extensions

What law contains rules regarding consumer privacy?

Fair and Accurate Credit Transactions Act

A rootkit is a self-replicating program that masks itself as a useful program but is actually a type of malware.T/F

False

A security policy should clearly state the desired rules, even if they cannot be enforced.T/F

False

Cryptography hides the existence of data while steganography scrambles a message so that it cannot be understood.T/F

False

Data backups only protect data against computer attacks.T/F

False

IMAP users can't work with email while offline.T/F

False

In a well-run information security program, attacks will never get through security perimeters and local defenses.T/F

False

Malware usually enters a computer system with the user's knowledge.T/F

False

Online data is collected for a number of activities, but not for online purchases.T/F

False

Passwords are still considered a strong defense against attackers.T/F

False

Script kiddies typically have advanced knowledge of computers and networks.T/F

False

Steganography can only utilize image files to hide data.T/F

False

There is a straightforward and easy solution to securing computers. T/F

False

Third-party cookies can be stolen and used to impersonate the user, while first-party cookies can be used to track the browsing or buying habits of a user.T/F

False

Whereas tablets are designed for performance, laptops are focused on ease of use.T/F

False

Wi-Fi networks operate in basically the same way as cellular telephony networks that are designed, installed, and maintained by the wireless telephone carriers.T/F

False

You don't need to physically secure your servers as long as you use a good strong password for your accounts.T/F

False

Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?

GLBA

The current location of a device can be pinpointed on a map through the device's _______________.

GPS

Under which law must healthcare enterprises guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format?

HIPAA

What do Web authors use to combine text, graphic images, audio, video, and hyperlinks into a single document?

HTML

What standardizes sounds and video format so plug-ins like Flash are no longer needed?

HTML 5

In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack computers?

Hacker

Which of the following is an advantage of hardware encryption over software encryption?

Hardware encryption is not subject to attacks like software encryption.

Which of the following creates a digest and does not create cipher text that can later be decrypted?

Hash algorithm

Which of the following is NOT an element of asymmetric cryptography?

Hash algorithm

Which type of cryptography creates a value that is primarily used for comparison purposes?

Hashing

A(n) ____________________ is a false warning, often contained in an e-mail message claiming to come from the IT department.

Hoax

What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department?

Hoaxes

What type of device should you install as a decoy to lure potential attackers?

Honeypot

____________________ allow users to jump from one area on the Web to another with a click of the mouse button.

Hyperlinks

In the field of computer networking and wireless communications, what is the most widely known and influential organization?

IEEE

Using what email protocol can mail be organized into folders on the mail server and read from any device?

IMAP

Which protocol works by establishing an association between two communicating devices and can use a preshared key for authentication?

IPsec

What type of attacker is most likely to use information you have posted about yourself on a social networking site?

Identify theft

Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?

Identity Theft

Which of the following involves using someone's personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts?

Identity theft

Which of the following uses graphical images of text in order to circumvent text-based filters?

Image spam

Which of the following is a place where steganography can hide data?

In the metadata of a file

What term is frequently used to describe the tasks of securing information that is in a digital format?

Information Security

Which of the following is a credential category used in multifactor authentication? (Choose all that apply.)

Inherence Possession Knowledge

Which attacker category might have the objective of retaliation against an employer?

Insider

Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it?

Integrity

The _____________ is a worldwide set of interconnected computers, servers, and networks.

Internet

Security is ____ convenience.

Inversely proportional to

What is it called if a user disables the built-in limitations on their Apple iOS device to provide additional functionality?

Jailbreaking

____ is a complete programming language that can be used to create stand-alone applications.

Java

____ is a scripting language that does not create standalone applications.

JavaScript

Which Windows domain-based protocol provides mutual authentication between devices?

Kerberos

A unique mathematical __________ is input into the encryption algorithm to lock down the data by creating the cipher text.

Key

What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information?

Keylogger

What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard?

Keylogger

A(n) ____________ is also called a Flash cookie, named after Adobe Flash.

LSO

Which of the following is a legitimate responsibility of an organization regarding user private data?

Limit administrative access to personal information.

What security feature can you use to cause a mobile device to be completely locked for a period of time if the passcode is entered incorrectly a number of times?

Lockout period

What security feature on a smartphone prevents the device from being used until a passcode is entered?

Lockscreen

What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event?

Logic bomb

Which of the following can be described as a poisoned ad attack?

Malvertising

Which of the following is a general term that refers to a wide variety of damaging or annoying software programs?

Malware

Which of the following can be described as data that is used to describe the content or structure of the actual data?

Metadata

____________ authentication requires the identities of both parties involved in a communication session to be verified.

Mutual

What process, available on most routers, will help improve security by replacing the internal IP address of the transmitting device with a public IP address?

NAT

Proving that a document was created by a particular user is referred to as which of the following?

Nonrepudation

How many keys are used in symmetric cryptography?

One

Which document identifies individuals within the organization who are in positions of authority?

Organizational charts

What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password?

Password management application

Which term can be described as a publicly released software security update intended to repair a vulnerability?

Patch

Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third layer?

People

____________ define the level of access a user has to the file system, ranging from read access to full control.

Permissions

Which type of attacks might send an e-mail or display a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information?

Phishing

With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers?

Phishing

A common guideline about network security is that if there's ____________ access to the equipment, there's no security.

Physical

What is data called that is input into a cryptographic algorithm for the purpose of producing encrypted data?

Plaintext

You have been asked to determine what services are accessible on your network so you can close those that are not necessary. What tool should you use?

Port scanner

Which form of authentication involves the exchange of a password-like key that must be entered on both devices?

Pre shared key

Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information?

Pretexting

Which of the following is NOT true about privacy?

Privacy of any level that you desire is easily achievable today.

Using which Internet security best practice is information not saved by the browser, such as pages that are visited will not be recorded to history or the address bar?

Private browsing

What is another name for asymmetric cryptography?

Public key cryptography

What type of malware can, for example, locks up a user's computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity?

Ransomware

Most email clients contain a ___________________ that allows the user to read an email message without actually opening it.

Reading pane

Which of the following is NOT a protection for information that cryptography can provide?

Redundancy

On tablets and smartphones, what feature can be used that can erase the contents of the device if lost or stolen?

Remote wipe

What security setting can cause a mobile device to erase installed apps and data if the passcode is incorrectly entered a number of times?

Reset to factory settings

What is a type of malware that is so difficult to detect and remove that most experts agree that it is better to backup your critical data and reinstall the OS?

Rootkit

Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?

Rootkit

What serves as the network name identifier in a Wi-Fi network?

SSID

Which VPN implementation typically needs no additional firewall configuration to be allowed access through the firewall?

SSTP

Which JavaScript defense restricts a JavaScript downloaded from Site A from accessing data that came from Site B?

Same origin

What can be used to run JavaScript in a restricted environment and limit what resources it can access?

Sandboxing

Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers and networks needed to do so?

Script kiddies

What type of software update is a cumulative package of all patches and feature updates?

Service pack

With arbitrary code execution, the ________________ launches ("spawns") a command shell from which instructions can then be issued to the computer.

Shellcode

AV software on a computer must have its _______________ files regularly updated by downloads from the Internet.

Signature

Which mobile device setting regulates when the device goes into hibernation mode?

Sleep time

Which of the following is a type of denial-of-service attack that involves flooding the network with broadcast messages that contain a spoofed source address of an intended victim?

Smurf attack

What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests?

Social networking

Text-based messages that include words such as Viagra or investments can easily be trapped by _________ filters that look for these words and block the email.

Spam

____ look for specific words and block email messages containing those words.

Spam filters

Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users?

Spear phishing

Which of the following is a type of malware that isn't self-replicating and is usually installed by the user without his knowledge. Its primary goal is to invade your privacy by monitoring your system and reporting your activities to advertisers and spammers.

Spyware

What can firewalls do to help ensure that a packet is denied if it's not part of an ongoing legitimate conversation?

Stateful packet inspection

Which technology hides the existence of data?

Steganography

What is the most secure option for the type of passcode that can be entered to access a mobile device?

Strong alphanumeric password

HTTP is a subset of a larger set of standards for Internet transmission known as ____________________.

TCP/IP

HTTP is based on which larger set of standards for Internet communication?

TCP/IP

Which phrase best describes security?

The goal to be free from danger as well as the process that achieves that freedom

If the minimum password length on a Windows system is set to zero, what does that mean?

The user can use a blank password.

Which of the following is NOT true regarding how individuals are concerned how their private data is being used?

Their personal information is no more at risk today than it was 10 years ago.

A(n) ____________________-party cookie is a cookie that was not created by the Web site that attempts to access the cookie.

Third

Which of the following is a type of action that has the potential to cause harm?

Threat

Which term is best described as a person or element that has the power to carry out a threat?

Threat agent

Which of the following is a program advertised as performing one activity but actually does something else?

Trojan

A DoS attack ties up network bandwidth or services, rendering resources useless to legitimate users.T/F

True

A honeypot is configured to entice attackers and allows administrators to get information about the attack techniques being used.T/F

True

A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an operating system on the host computer.T/F

True

Almost all viruses infect a system by inserting themselves into a computer file.T/F

True

Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.T/F

True

Because a wireless signal can only be transmitted for several hundred feet, multiple APs are used to provide "cells" or areas of coverage.T/F

True

FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every 12 months.T/F

True

If the URL of a web site begins with https, the server is using a digital certificate to verify the existence and identity of the organization.T/F

True

It is recommended that a copy of a data backup be stored at an off-site location.T/F

True

Most Bluetooth devices have a range of only about 10 meters.T/F

True

Most users actually receive only a small amount of spam in their local email inbox. The majority is blocked before it even reaches the user.T/F

True

The Likes indicated by Facebook users can statistically reveal their sexual orientation, drug use, and political beliefs.T/F

True

The weakness of passwords centers on human memory.T/F

True

Today, many attack tools are freely available and do not require any technical knowledge to use. T/F

True

Unless remote management is essential, it is recommended that this feature be disabled with a wireless router.T/F

True

Virtually anyone could type in a person's username and pretend to be that person.T/F

True

Web servers distribute HTML documents based on a set of standards, or protocols, known as the Hypertext Transport Protocol (HTTP).T/F

True

When creating passwords, the most important principle is that length is more important than complexity.T/F

True

With blocked top-level domain lists, email from entire countries or regions can be blocked and treated as spam.T/F

True

What is created when a packet is encapsulated with additional headers to allow an encrypted packet to be correctly routed by Internet devices?

Tunnel

Which of these is a characteristic of a secure hash algorithm?

Two different sets of data cannot produce the same digest

Which type of social engineering attack depends on the user incorrectly entering a URL?

Typo squatting

What is the best approach to establishing strong security with passwords?

Use technology for managing passwords

Which of the following is a characteristic of a weak password?

Used on multiple accounts

Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer's settings?

User account control

If userA wants to send a secure message to userB using an asymmetric cryptographic algorithm, which key does userB use to decrypt the message?

UserB's private key

If userA sends a secure message to userB using an asymmetric cryptographic algorithm, and userB sends a reply, what key is used if userA wants another user, userC to read the reply message?

UserC's public key

A(n) ____________________ is a unique name used for identification.

Username

Which of the following is NOT a guideline of a security policy?

Uses legal terminology to protect the organization

What type of network uses an unsecured public network, such as the Internet, as if it were a secure private network?

Virtual private network

What are the three types of malware that have the primary traits of circulation and/or infection?

Viruses, Trojans, and worms

What is a flaw or weakness that allows a threat agent to bypass security?

Vulnerability

Which Wi-Fi security protocol provides the optimum level of wireless security?

WPA2

From what term is war driving derived?

War dialing

_________________ is searching for wireless signals from an automobile or on foot using a portable computing device.

War driving

Which of the following is an optional means of configuring WPA2 Personal security using a PIN?

Wi-Fi protected setup (WPS)

The ____________________ acts as the "base station" for the wireless devices, sending and receiving wireless signals between all devices as well as providing the "gateway" to the external Internet.

Wireless router

Which type of Wi-Fi device acts as the base station for wireless devices as well as providing a gateway to the external Internet?

Wireless router

The __________________ is composed of Internet server computers on networks that provide online information in a specific format.

World Wide Web

Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability?

Worm

An infected robot computer is known as a ____.

Zombie

Unlike hashing, in which the hash is not intended to be decrypted, ______________ algorithms are designed to encrypt and decrypt the cipher text using a single key.

symmetric


Ensembles d'études connexes

AP US History Period 3 (1754-1800)

View Set

Dwelling Policy Practice Questions

View Set

50 - Cerebellum and Motor Activity

View Set

Understanding Psychology Chapter 8

View Set

Prep U - Chapter 51: Assessment and Management of Patients with Diabetes

View Set

Physics Unit 3 Exam - Ch. 30, 31, 32

View Set