CTI 120 Final Exam
What is Bluetooth's rate of transmission?
1 Mbps
In the U.S., if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report?
30
How the network resources are to be used should be clearly defined in a (an) ____________ policy.
Acceptable use
In an office setting, instead of using a wireless broadband router, a more sophisticated device known as a(n) ____________________ is used.
Access point
Some attackers might create a peer-to-peer network that connects a wireless device directly to another wireless device, such as the victim's laptop directly to the attacker's laptop. What is this type of network called?
Ad hoc
Which type of web browser enhancement can change browser menus or create additional toolbars?
Add-ons
Which of the following is NOT a privacy best practice?
Always carry your Social Security number with you
Where are you most likely to find a PKES system?
An automobile
When the malware payload allows an attacker to execute virtually any command on the victim's computer this is called ______________________________.
Arbitrary code execution
Which of the following is a risk associated with the use of private data?
Associations with groups
What type of policy defines the methods involved when a user sign in to the network?
Authentication
_________________ provides proof of the genuineness of the user.
Authentication
Using which Social engineering principle might an attacker impersonate a CEO of a company?
Authority
Which of the following ensures that data is accessible when needed to authorized users?
Availability
A ___________________ that is installed on a computer allows the attacker to return at a later time and bypass security settings.
Backdoor
What can an attacker use that gives them access to a computer program or service that circumvents normal security protections?
Backdoor
Which of the following can be used to secure data on disk drives? (Choose all that apply.)
Bitlocker EFS TrueCrypt
Which of the following is an attack that sends unsolicited messages to Bluetooth-enabled devices?
Bluejacking
Which type of BlueTooth attack accesses unauthorized information from a wireless device through a Bluetooth connection, often between cell phones and laptop computers?
Bluesnarfing
There are two major types of wireless networks that are popular today among users. One of these networks is Wi-Fi; what is the other?
Bluetooth
How do attackers today make it difficult to distinguish an attack from legitimate traffic?
By using common Internet protocols
Someone who wants to send encrypted data must acquire a digital certificate from a ____________ authority.
Certification
What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen?
Change-of-address form
Which virus detection method creates a virtual environment that simulates the central processing unit (CPU) and memory of the computer?
Code emulation
What type of backup is performed continually without any intervention by the user?
Continuous backup
What do web servers use to track whether a user has previously visited a web site?
Cookies
Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness?
Credit score
What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?"
Cyberterrorism
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following?
Cyberterrorists
A digital signature can provide which of the following benefits?
Data integrity
You have purchased a network-based IDS. You have been tasked with deploying the device in a location where the entire network can be protected. Where should you deploy it?
Demilitarized zone
Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests. What is this called?
Denying services
What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file?
Dictionary
Which of the following is NOT a technology typically used by spyware?
Disk drive formatting software
What is it called when unsuspecting users visit an infected website and their browsers download code that targets a vulnerability in the user's browser?
Drive-by-download
Which technique might an attacker employ to find documents that may reveal the true level of security within an organization?
Dumpster diving
____________________ involves digging through trash receptacles to find information that can be useful in an attack.
Dumpster diving
Which standard feature on NTFS-formatted disks encrypts individual files and uses a certificate matching the user account of the user who encrypted the file?
EFS
What is contained within the body of an email message as a shortcut to a website?
Embedded hyperlink
Changing the original text into a secret message using cryptography is known as __________________.
Encryption
What does a VPN use to ensure that any transmissions that are intercepted will be indecipherable?
Encryption
Which facet of securing access to network data makes data unusable to anyone except authorized users?
Encryption
Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks?
Enhanced encryption algorithms
How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms?
Every 12 months
An attacker sets up a look-alike Wi-Fi network, tempting unsuspecting users to connect with the attacker's Wi-Fi network instead. What is this called?
Evil twin
Which of the following expands the normal capabilities of a web browser for a specific webpage?
Extensions
What law contains rules regarding consumer privacy?
Fair and Accurate Credit Transactions Act
A rootkit is a self-replicating program that masks itself as a useful program but is actually a type of malware.T/F
False
A security policy should clearly state the desired rules, even if they cannot be enforced.T/F
False
Cryptography hides the existence of data while steganography scrambles a message so that it cannot be understood.T/F
False
Data backups only protect data against computer attacks.T/F
False
IMAP users can't work with email while offline.T/F
False
In a well-run information security program, attacks will never get through security perimeters and local defenses.T/F
False
Malware usually enters a computer system with the user's knowledge.T/F
False
Online data is collected for a number of activities, but not for online purchases.T/F
False
Passwords are still considered a strong defense against attackers.T/F
False
Script kiddies typically have advanced knowledge of computers and networks.T/F
False
Steganography can only utilize image files to hide data.T/F
False
There is a straightforward and easy solution to securing computers. T/F
False
Third-party cookies can be stolen and used to impersonate the user, while first-party cookies can be used to track the browsing or buying habits of a user.T/F
False
Whereas tablets are designed for performance, laptops are focused on ease of use.T/F
False
Wi-Fi networks operate in basically the same way as cellular telephony networks that are designed, installed, and maintained by the wireless telephone carriers.T/F
False
You don't need to physically secure your servers as long as you use a good strong password for your accounts.T/F
False
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?
GLBA
The current location of a device can be pinpointed on a map through the device's _______________.
GPS
Under which law must healthcare enterprises guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format?
HIPAA
What do Web authors use to combine text, graphic images, audio, video, and hyperlinks into a single document?
HTML
What standardizes sounds and video format so plug-ins like Flash are no longer needed?
HTML 5
In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack computers?
Hacker
Which of the following is an advantage of hardware encryption over software encryption?
Hardware encryption is not subject to attacks like software encryption.
Which of the following creates a digest and does not create cipher text that can later be decrypted?
Hash algorithm
Which of the following is NOT an element of asymmetric cryptography?
Hash algorithm
Which type of cryptography creates a value that is primarily used for comparison purposes?
Hashing
A(n) ____________________ is a false warning, often contained in an e-mail message claiming to come from the IT department.
Hoax
What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department?
Hoaxes
What type of device should you install as a decoy to lure potential attackers?
Honeypot
____________________ allow users to jump from one area on the Web to another with a click of the mouse button.
Hyperlinks
In the field of computer networking and wireless communications, what is the most widely known and influential organization?
IEEE
Using what email protocol can mail be organized into folders on the mail server and read from any device?
IMAP
Which protocol works by establishing an association between two communicating devices and can use a preshared key for authentication?
IPsec
What type of attacker is most likely to use information you have posted about yourself on a social networking site?
Identify theft
Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?
Identity Theft
Which of the following involves using someone's personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts?
Identity theft
Which of the following uses graphical images of text in order to circumvent text-based filters?
Image spam
Which of the following is a place where steganography can hide data?
In the metadata of a file
What term is frequently used to describe the tasks of securing information that is in a digital format?
Information Security
Which of the following is a credential category used in multifactor authentication? (Choose all that apply.)
Inherence Possession Knowledge
Which attacker category might have the objective of retaliation against an employer?
Insider
Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it?
Integrity
The _____________ is a worldwide set of interconnected computers, servers, and networks.
Internet
Security is ____ convenience.
Inversely proportional to
What is it called if a user disables the built-in limitations on their Apple iOS device to provide additional functionality?
Jailbreaking
____ is a complete programming language that can be used to create stand-alone applications.
Java
____ is a scripting language that does not create standalone applications.
JavaScript
Which Windows domain-based protocol provides mutual authentication between devices?
Kerberos
A unique mathematical __________ is input into the encryption algorithm to lock down the data by creating the cipher text.
Key
What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information?
Keylogger
What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard?
Keylogger
A(n) ____________ is also called a Flash cookie, named after Adobe Flash.
LSO
Which of the following is a legitimate responsibility of an organization regarding user private data?
Limit administrative access to personal information.
What security feature can you use to cause a mobile device to be completely locked for a period of time if the passcode is entered incorrectly a number of times?
Lockout period
What security feature on a smartphone prevents the device from being used until a passcode is entered?
Lockscreen
What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event?
Logic bomb
Which of the following can be described as a poisoned ad attack?
Malvertising
Which of the following is a general term that refers to a wide variety of damaging or annoying software programs?
Malware
Which of the following can be described as data that is used to describe the content or structure of the actual data?
Metadata
____________ authentication requires the identities of both parties involved in a communication session to be verified.
Mutual
What process, available on most routers, will help improve security by replacing the internal IP address of the transmitting device with a public IP address?
NAT
Proving that a document was created by a particular user is referred to as which of the following?
Nonrepudation
How many keys are used in symmetric cryptography?
One
Which document identifies individuals within the organization who are in positions of authority?
Organizational charts
What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password?
Password management application
Which term can be described as a publicly released software security update intended to repair a vulnerability?
Patch
Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third layer?
People
____________ define the level of access a user has to the file system, ranging from read access to full control.
Permissions
Which type of attacks might send an e-mail or display a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information?
Phishing
With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers?
Phishing
A common guideline about network security is that if there's ____________ access to the equipment, there's no security.
Physical
What is data called that is input into a cryptographic algorithm for the purpose of producing encrypted data?
Plaintext
You have been asked to determine what services are accessible on your network so you can close those that are not necessary. What tool should you use?
Port scanner
Which form of authentication involves the exchange of a password-like key that must be entered on both devices?
Pre shared key
Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information?
Pretexting
Which of the following is NOT true about privacy?
Privacy of any level that you desire is easily achievable today.
Using which Internet security best practice is information not saved by the browser, such as pages that are visited will not be recorded to history or the address bar?
Private browsing
What is another name for asymmetric cryptography?
Public key cryptography
What type of malware can, for example, locks up a user's computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity?
Ransomware
Most email clients contain a ___________________ that allows the user to read an email message without actually opening it.
Reading pane
Which of the following is NOT a protection for information that cryptography can provide?
Redundancy
On tablets and smartphones, what feature can be used that can erase the contents of the device if lost or stolen?
Remote wipe
What security setting can cause a mobile device to erase installed apps and data if the passcode is incorrectly entered a number of times?
Reset to factory settings
What is a type of malware that is so difficult to detect and remove that most experts agree that it is better to backup your critical data and reinstall the OS?
Rootkit
Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?
Rootkit
What serves as the network name identifier in a Wi-Fi network?
SSID
Which VPN implementation typically needs no additional firewall configuration to be allowed access through the firewall?
SSTP
Which JavaScript defense restricts a JavaScript downloaded from Site A from accessing data that came from Site B?
Same origin
What can be used to run JavaScript in a restricted environment and limit what resources it can access?
Sandboxing
Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers and networks needed to do so?
Script kiddies
What type of software update is a cumulative package of all patches and feature updates?
Service pack
With arbitrary code execution, the ________________ launches ("spawns") a command shell from which instructions can then be issued to the computer.
Shellcode
AV software on a computer must have its _______________ files regularly updated by downloads from the Internet.
Signature
Which mobile device setting regulates when the device goes into hibernation mode?
Sleep time
Which of the following is a type of denial-of-service attack that involves flooding the network with broadcast messages that contain a spoofed source address of an intended victim?
Smurf attack
What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests?
Social networking
Text-based messages that include words such as Viagra or investments can easily be trapped by _________ filters that look for these words and block the email.
Spam
____ look for specific words and block email messages containing those words.
Spam filters
Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users?
Spear phishing
Which of the following is a type of malware that isn't self-replicating and is usually installed by the user without his knowledge. Its primary goal is to invade your privacy by monitoring your system and reporting your activities to advertisers and spammers.
Spyware
What can firewalls do to help ensure that a packet is denied if it's not part of an ongoing legitimate conversation?
Stateful packet inspection
Which technology hides the existence of data?
Steganography
What is the most secure option for the type of passcode that can be entered to access a mobile device?
Strong alphanumeric password
HTTP is a subset of a larger set of standards for Internet transmission known as ____________________.
TCP/IP
HTTP is based on which larger set of standards for Internet communication?
TCP/IP
Which phrase best describes security?
The goal to be free from danger as well as the process that achieves that freedom
If the minimum password length on a Windows system is set to zero, what does that mean?
The user can use a blank password.
Which of the following is NOT true regarding how individuals are concerned how their private data is being used?
Their personal information is no more at risk today than it was 10 years ago.
A(n) ____________________-party cookie is a cookie that was not created by the Web site that attempts to access the cookie.
Third
Which of the following is a type of action that has the potential to cause harm?
Threat
Which term is best described as a person or element that has the power to carry out a threat?
Threat agent
Which of the following is a program advertised as performing one activity but actually does something else?
Trojan
A DoS attack ties up network bandwidth or services, rendering resources useless to legitimate users.T/F
True
A honeypot is configured to entice attackers and allows administrators to get information about the attack techniques being used.T/F
True
A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an operating system on the host computer.T/F
True
Almost all viruses infect a system by inserting themselves into a computer file.T/F
True
Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.T/F
True
Because a wireless signal can only be transmitted for several hundred feet, multiple APs are used to provide "cells" or areas of coverage.T/F
True
FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every 12 months.T/F
True
If the URL of a web site begins with https, the server is using a digital certificate to verify the existence and identity of the organization.T/F
True
It is recommended that a copy of a data backup be stored at an off-site location.T/F
True
Most Bluetooth devices have a range of only about 10 meters.T/F
True
Most users actually receive only a small amount of spam in their local email inbox. The majority is blocked before it even reaches the user.T/F
True
The Likes indicated by Facebook users can statistically reveal their sexual orientation, drug use, and political beliefs.T/F
True
The weakness of passwords centers on human memory.T/F
True
Today, many attack tools are freely available and do not require any technical knowledge to use. T/F
True
Unless remote management is essential, it is recommended that this feature be disabled with a wireless router.T/F
True
Virtually anyone could type in a person's username and pretend to be that person.T/F
True
Web servers distribute HTML documents based on a set of standards, or protocols, known as the Hypertext Transport Protocol (HTTP).T/F
True
When creating passwords, the most important principle is that length is more important than complexity.T/F
True
With blocked top-level domain lists, email from entire countries or regions can be blocked and treated as spam.T/F
True
What is created when a packet is encapsulated with additional headers to allow an encrypted packet to be correctly routed by Internet devices?
Tunnel
Which of these is a characteristic of a secure hash algorithm?
Two different sets of data cannot produce the same digest
Which type of social engineering attack depends on the user incorrectly entering a URL?
Typo squatting
What is the best approach to establishing strong security with passwords?
Use technology for managing passwords
Which of the following is a characteristic of a weak password?
Used on multiple accounts
Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer's settings?
User account control
If userA wants to send a secure message to userB using an asymmetric cryptographic algorithm, which key does userB use to decrypt the message?
UserB's private key
If userA sends a secure message to userB using an asymmetric cryptographic algorithm, and userB sends a reply, what key is used if userA wants another user, userC to read the reply message?
UserC's public key
A(n) ____________________ is a unique name used for identification.
Username
Which of the following is NOT a guideline of a security policy?
Uses legal terminology to protect the organization
What type of network uses an unsecured public network, such as the Internet, as if it were a secure private network?
Virtual private network
What are the three types of malware that have the primary traits of circulation and/or infection?
Viruses, Trojans, and worms
What is a flaw or weakness that allows a threat agent to bypass security?
Vulnerability
Which Wi-Fi security protocol provides the optimum level of wireless security?
WPA2
From what term is war driving derived?
War dialing
_________________ is searching for wireless signals from an automobile or on foot using a portable computing device.
War driving
Which of the following is an optional means of configuring WPA2 Personal security using a PIN?
Wi-Fi protected setup (WPS)
The ____________________ acts as the "base station" for the wireless devices, sending and receiving wireless signals between all devices as well as providing the "gateway" to the external Internet.
Wireless router
Which type of Wi-Fi device acts as the base station for wireless devices as well as providing a gateway to the external Internet?
Wireless router
The __________________ is composed of Internet server computers on networks that provide online information in a specific format.
World Wide Web
Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability?
Worm
An infected robot computer is known as a ____.
Zombie
Unlike hashing, in which the hash is not intended to be decrypted, ______________ algorithms are designed to encrypt and decrypt the cipher text using a single key.
symmetric