Cybersecurity final Multiple choice

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Porous Defenses

"Improper Access Control (Authorization)" is in the _________ software error category.

Risky Resource Management

"Incorrect Calculation of Buffer Size" is in the __________ software error category

patent

A _____ for an invention is the grant of a property right to the inventor.

Regular expression

A _____ is a pattern composed of a sequence of characters that describe allowable input variants.

pre-shared key (PSK)

A _____ is a secret key shared by the AP and a STA and installed in some fashion outside the scope of IEEE 802.11i.

threat

A _____ is anything that might hinder or present an asset from providing appropriate levels of the key security services.

company rights

A _____ policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy.

Code injection

A ______ attack is where the input includes code that is then executed by the attacked system.

trademark

A ______ is a word, name, symbol, or device that is used in trade with goods to indicate the source of the goods and to distinguish them from the goods of others.

security audit

A ______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures.

disciplinary action

A ______ policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company.

Command Injection

A _______ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server.

repository

A _______ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.

distributor

A ________ provides distribution channels, such as an online shop or a Web retailer.

platform as a service

A __________ cloud provides service to customers in the form of a platform on which the customer's applications can run.

public cloud

A __________ infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

gateway

A __________ interconnects the IoT-enabled devices with the higher-level communication networks.

cloud service consumer

A __________ is a person or organization that maintains a business relationship with, and uses service from, cloud providers.

cloud broker

A __________ is an entity that manages the use, performance and delivery of cloud services, and negotiates relationships between CSPs and cloud consumers.

A. that it is below the transport layer and transparent to applications B. there is no need to revoke keying material when users leave the organization C. it can provide security for individual users if needed D. all of the above

A benefit of IPsec is __________.

A. CIRT B. CIRC C. CSIRT D. all of the above

A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______.

larger, more detailed

A contingency plan for systems critical to a large organization would be ______ than than for a small business

A. workflow automation B. delegated administration C. authentication D. all of the above

A principal element of an identity management system is _______.

memory leak

A steady reduction in memory available on the heap to the point where it is completely exhausted is known as a _____.

distribution system

A system used to interconnect a set of basic service sets and LANs to create an extended service set is a _______.

A. cell tower B. Wi-Fi hotspot C. wireless AP to a LAN or WAN D. All of the above

A wireless access point is a ______.

A. a cell phone B. a Wi-Fi enabled laptop C. A bluetooth device D. all of the above

A wireless client can be ______.

access point

A(n) _______ is any entity that has station functionality and provides access to the distribution system via the wireless medium for associated stations.

A. risks B. recommended controls C. responsible personnel D. all of the above

An IT security plan should include details of ______.

Network injection

An example of a(n) ______ attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance.

serial number

An integer value unique within the issuing CA that is unambiguously associated with the certificate is the ________.

intellectual property

Any intangible asset that consists of human knowledge and ideas is _______.

MUA

At its most fundamental level the Internet mail architecture consists of a user world in the form of _________.

PHP remote code injection

Blocking assignment of form field values to global variables is one of the defenses available to prevent a ______ attack.

Computer Emergency Response Team

CERT stands for ______.

A. events related to the security mechanisms on the system B. operating system access C. remote access D. all of the above

Data items to capture for a security audit trail include:

Secure Programming

Defensive programming is sometimes referred to as

tunnel

ESP supports two modes of use: transport and _________.

Plan

Establishing security policy, objectives, processes and procedures is part of the ______ step.

private cloud

Examples of services delivered through the __________ include database on demand, email on demand, and storage on demand.

A. remove the person's name from all lists of authorized access B. recover all assets, including employee ID, disks, documents and equipment C. remove all personal access codes D. all of the above

From a security point of view, which of the following actions should be done upon the termination of an employee?

A. a router advertisement comes from an authorized router B. a routing update is not forged C. a redirect message comes from the router to which the initial packet was sent D. all of the above

IPsec can assure that _________.

A. Determining organizational IT security objectives, strategies and policies B. detecting and reacting to incidents C. specifying appropriate safeguards D. All of the above

IT security management functions include:

technical

Identification and authentication is part of the _____ class of security controls.

Do

Implementing the risk treatment plan is part of the _____ step.

WPA (Wi-Fi protected access)

In order to accelerate the introduction of strong security into WLANs the Wi-Fi Alliance promulgated _____, a set of security mechanisms that eliminates most 802.11 security issues, as a Wi-Fi standard.

Clear-signed data

In the case of ________ only the digital signature is encoded using base64.

Input

Incorrect handling of program _______ is one of the most common failings in software security.

DES

Kerberos uses the _______ encryption algorithm.

real property

Land and things permanently attached to the land, such as trees, buildings, and stationary mobile homes are _______.

Act

Maintaining and improving the information security risk management process in response to incidents is part of the ______ step

management

Maintenance of security controls, security compliance checking, change and configuration management, and incident handling are all included in the follow-up stage of the _____ process.

cost-benefit analysis

Management could conduct a ______ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.

cloud computing

Measured service and rapid elasticity are essential characteristics of _________.

Kerberos

One of the earliest and most widely used services is _________.

maintenance

Periodically reviewing controls to verify that they still function as intended, upgrading controls when new requirements are discovered, ensuring that changes to systems do not adversely affect the controls, and ensuring new threats or vulnerabilities have not become known are all ______ tasks.

personal property

Personal effects, moveable property and goods, such as cars, bank accounts, wages, securities, a small business, furniture, insurance policies, jewelry, patents, and pets are all examples of _________.

A. provide data that can be used to define anomalous behavior B. maintain a record useful in computer forensics C. generate data that can be used in after-the-fact analysis of an attack D. all of the above

Security auditing can:

accountability

Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their _____ and of potential penalties.

emerg

Severe messages, such as immediate system shutdown, is a(n) _____ severity.

alert

System conditions requiring immediate attention is a(n) _______ severity.

4-way handshake

The MPDU exchange for distributing pairwise keys is known as the ______.

education and experience

The ____ level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.

informal

The _____ approach involves conducting a risk analysis for the organization's IT systems and exploits the knowledge and expertise of the individual s performing the analysis.

security basics and literacy

The _____ category is a transitional stage between awareness and training.

audit trail collector

The _____ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail.

ISO (International Standards Organization)

The ______ has revised and consolidated a number of national and international standards into a consensus of best practice.

audit dispatcher

The ______ is a module that transmits the audit trail records from its local system to the centralized audit trail collector.

event discriminator

The ______ is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect.

MDA

The ______ is responsible for transferring the message from the MHS to the MS.

period of validity

The _______ consists of two dates: the first and last on which the certificate is valid.

protocol identifier

The _______ field in the outer IP header indicates whether the association is an AH or ESP security association.

mail submission agent

The ________ accepts the message submitted by a message user agent and enforces the policies of the hosting domain and the requirements of Internet standards.

Enveloped data

The ________ function consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients.

private

The _________ cloud deployment model is the most secure option.

Baseline

The advantages of the _____ approach are that it doesn't require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems.

the public key certificate

The basic tool that permits widespread use of S/MIME is ________.

A. reproduction right B. distribution right C. modification right D. all of the above

The copyright owner has which exclusive right(s)?

intrusion management

The core of ___________ is the implementation of intrusion detection systems and intrusion prevention systems at entry points to the cloud and on servers in the cloud.

RSN (Robust security network)

The final form of the 802.11i standard is referred to as ________.

A. maintenance of security controls B. security compliance checking C. incident handling D. all of the above

The follow-up stage of the management process includes ______

MAC (Medium Access Control)

The function of the ______ layer is to control access to the transmission medium and to provide an orderly and efficient use of that capacity.

security officer

The implementation process is typically monitored by the organizational ______.

Fuzzing

The intent of _______ is to determine whether the program or function correctly handles all abnormal inputs or whether it crashes or otherwise fails to respond appropriately.

Corporate security policy

The intent of the _____ is to provide a clear overview of how an organization's IT infrastructure supports its overall business objectives.

lock

The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _____ on the shared file, ensuring that each process has appropriate access in turn.

XSS reflection

The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the ______ vulnerability.

handshake protocol

The most complex part of TLS is the __________.

smart objects/embedded systems

The most vulnerable part of an IoT is the __________ .

compliance

The objective of the ______ control category is to avoid breaches of any law, statutory, regulatory, or contractual obligations, and of any security requirements.

business continuity management

The objective of the ______ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.

establishing the context

The purpose of _______ is to determine the basic parameters within which the risk assessment will be conducted and then to identify the assets to be examined.

digital signature

The result of S/MIME encrypting the digest using DSS and the sender's private DSS key is the ________.

risk register

The results of the risk analysis should be documented in a _______

BSS (Basic Service Set)

The smallest building block of a wireless LAN is a ______

cipher suite

The specification of a protocol along with the chosen key length is known as a __________ .

Cybercrime victims

The success of cybercriminals, and the relative lack of success of law enforcement, influence the behavior of _______.

MPDU (MAC Protocol Data Unit)

The unit of data exchanged between two peer MAC entities using the services of the physical layer is a(n) ________.

SaaS

The use of __________ avoids the complexity of software installation, maintenance, upgrades, and patches.

DoS

The wireless environment lends itself to a _____ attack because it is so easy for the attacker to direct multiple wireless messages at the target.

radix-64

To protect the data, either the signature alone or the signature plus the message are mapped into printable ASCII characters using a scheme known as ________ or base64mapping.

nine

Windows allows the system user to enable auditing in _______ different categories.

dynamically linked shared libraries

With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected.

detection and recovery

_____ controls focus on the response to a security breach, by warning of violations or attempted violations of security policies.

MIME

_____ defines a number of content formats, which standardize representations for the support of multimedia e-mail.

XML

_____ is a markup language that uses sets of embedded tags or labels to characterize text elements within a document so as to indicate their appearance, function, meaning, or context.

A. Using encryption B. Using anti-virus and anti-spyware software C. Turning off identifier broadcasting D. all of the above

_____ is the recommended technique for wireless network security.

DMCA

_____ strengthens the protection of copyrighted materials in digital format.

environment variables

______ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

A. Posters B. Newsletters C. Workshops and training sessions D. All of the above

______ are ways for an awareness program to promote the security message to employees.

cross-site scripting

______ attacks are vulnerabilities involving the inclusion of script code in the HTML content of a Web page displayed by a user's browser.

system-level

______ audit trails are generally used to monitor and optimize system performance.

application-level

______ audit trails may be used to detect security violations within an application or to detect flaws in the application's interaction with the system.

A. Dramatic works B. Architectural works C. Software-related works D. all of the above

______ can be copyrighted.

supportive

______ controls are pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls.

management

______ controls focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization's mission.

audit analysis

______ identifies the level of auditing, enumerates the types of auditable events, and identifies the minimum set of audit-related information provided.

security controls

______ include management, operational, and technical processes and procedures that act to reduce the exposure of the organization to some risks by reducing the ability of a threat source to exploit some vulnerabilities.

A. Improving employee behavior B. Increasing the ability to hold employees accountable for their actions C. Mitigating liability of the organization for an employee's behavior D. All of the above

______ is a benefit of security awareness, training, and education programs to organizations.

risk acceptance

______ is choosing to accept a risk level greater than normal for business reasons.

fair use

______ is intended to permit others to perform, show, quote, copy, and otherwise distribute portions of the work for certain purposes.

thresholding

______ is the identification of data that exceed a particular baseline value.

triage

______ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling.

SIEM

______ software is a centralized logging software package similar to, but much more complex than, syslog.

Artifacts

_______ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits.

X.509

_______ certificates are used in most network security applications, including IP security, secure sockets layer, secure electronic transactions, and S/MIME.

IT security management

_______ ensures that critical assets are sufficiently protected in a cost-effective manner.

computers as targets

_______ is a form of crime that targets a computer system to acquire information stored on that computer system, to control the target system without authorization or payment, or to alter the integrity of data or interfere with the availability of the computer or server.

CipherSuite

_______ is a list that contains the combinations of cryptographic algorithms supported by the client.

security awareness

_______ is explicitly required for all employees.

X.509

_______ is important as part of the directory service that it supports and is also a basic building block used in other standards.

Workflow automation

_______ is movement of data in a business process.

certification

_______ is the process in which a CA issues a certificate for a user's public key and returns that certificate to the user's client system and/or posts that certificate in a repository.

registration

_______ is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user.

executives

_______ need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness.

system integrity verification tools

_______ scan critical system files, directories, and services to ensure they have not been changed without proper authorization.

unlinkability

________ ensures that a user may make multiple uses of resources or services without others being able to link these uses together.

anonymization

________ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries.

federation

________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, reducing the number of authentications needed by the user.

Injection attack

________ is a program flaw that occurs when the program input data can accidentally or deliberately influence the flow of execution of the program.

Kerberos

________ requires that a user prove his or her identity for each service invoked and, optionally, requires servers to prove their identity to clients.

Nova

_________ is the management software module that controls VMs within the IaaS cloud computing platform.

business continuity and disaster recovery

__________ comprise measures and mechanisms to ensure operational resiliency in the event of any service interruptions.

MiniSec

__________ has two operating modes, one tailored for single-source communication, and another tailored for multi-source broadcast communication.

data loss prevention

__________ is the monitoring, protecting, and verifying the security of data at rest, in motion, and in use.

A. control B. safeguard C. countermeasure D. All of the above

an IT security ______ helps to reduce risks

IT security management

is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner

selective revelation

is a method for minimizing exposure of individual information while enabling continuous analysis of potentially interconnected data.

SOAP

is a minimal set of conventions for invoking code using XML over HTTP that enables applications to request services from one another with XML-based requests and receive responses as data formatted with XML.

consequence

specification indicates the impact on the organization should the particular threat in question actually eventuate.


Ensembles d'études connexes

Master educator chapter 8: effective classroom management & supervision

View Set

Maternal Infant Ch 9, Ch 14, 10, 11, 13 Practice Questions

View Set

PUNCTUATION AND LITERATURE: Test

View Set

CH 58 EAQ Degenerative Neurologic Disorders

View Set

Workforce Planning & Talent Management

View Set

ECON: final exam multiple choice (part 1)

View Set