Final
Due to technological advances, which new category of shared "secrets" for authentication has emerged that is patterned after subconscious behavior? A. "What users know" B. "What users have" C. "What users are" D. "What users do"
"What users do"
When referring to the three steps in the establishment of proper privileges, what does AAA stand for?
Authentication, authorization, and accounting
Which term is a means of signing an ActiveX control so that a user can judge trust based on the control's creator? A. Side-jacking B. Server side scripting C. Cross-site scripting D. Authenticode
Authenticode
What is an advantage of detecting indicators of compromise (IOCs)? A. Detecting IOCs is a quick way to jumpstart a response element. B. Detecting IOCs allows law enforcement to identify the adversary's exact location. C. Detecting IOCs allows an organization to safely identify the necessary patches to apply. D. Detecting IOCs is a quick way to perform a safe penetration test.
Detecting IOCs is a quick way to jumpstart a response element.
Which authentication standard supports port-based authentication services between a user and an authorization device, such as an edge router?
IEEE 802.1X
Which tool is a newer entrant in the IDS marketplace? A. Snort B. Squid C. Suricata D. SPAN
Suricata
Which tool is designed to probe a system for open ports? A. Web proxy B. Reverse scanner C. Port scanner D. Open proxy
Port scanner
Which RAID configuration, known as dedicated parity drive, stripes data across several disks but in larger stripes than in RAID 3 and uses a single drive for parity-based error checking? A. RAID 2 B. RAID 4 C. RAID 5 D. RAID 6
RAID 4
Which term defines a collection of predefined activity patterns that have already been identified and categorized—patterns that typically indicate suspicious or malicious activity?
Signature database
Which component of an IDS collects activity/events for the IDS to examine? A. Traffic collector B. Signature database C. Expert knowledge database D. User interface and reporting
Traffic collector
Which ports are used by TACACS+ for the login host protocol?
UDP port 49 and TCP port 49
Which of the following is a popular, open source protocol analyzer?
Wireshark
A(n) ____________________ is an attack that always maintains a primary focus on remaining in the network, operating undetected, and having multiple ways in and out.
advanced persistent threat
Planning for the issue of returning to an earlier release of a software application in the event that a new release causes either a partial or complete failure is known as ____________________.
backout planning
A(n) ____________________ is a group of servers deployed to achieve a common objective.
cluster
____________________ signatures are designed to match large patterns of activity, and examine how certain types of activity fit into the other activities going on around them.
context-based
____________________ is the act of gathering information specifically targeting the strategic intelligence effort of another entity.
counterintelligence gathering
A(n) ____________________ attack is an attack designed to prevent a system or service from functioning normally.
denial-of-service
____________________ is a modulation type that spreads the traffic sent over the entire bandwidth.
direct-sequence spread spectrum
____________________ consists of the documents, verbal statements, and material objects that are admissible in a court of law.
evidence
____________________ is an application-level protocol that operates over a wide range of lower-level protocols.
file transfer protocol
____________________ is the process of ascribing a computer ID to a specific user, computer, network device, or computer process.
identification
The term __________ refers to software that has been designed for some nefarious purpose. A. virus B. worm C. Trojan horse D. malware
malware
A __________ is a software or hardware device that is used to observe traffic as it passes through a network on shared broadcast media. A. logic bomb B. network sniffer C. backdoor D. trapdoor
network sniffer
____________________ is a general-purpose protocol developed by Netscape for managing the encryption of information being transmitted over the Internet.
secure sockets layer
TCP/IP hijacking and ____________________ are terms used to refer to the process of taking control of an already existing session between a client and a server.
session hijacking
Which protocol is commonly used on wireless access points as a port-based authentication service prior to admission to the wireless network?
802.1X
How does an IPS differ from an IDS?
An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert.
____________________ is a standardized schema for the communication of observed data from the operational domain.
Cyber Observable eXpression (CybOX)
Which plan defines the data and resources necessary and the steps required to restore critical organizational processes?
Disaster recovery plan (DRP)
What is the first rule of incident response investigation?
Do no harm.
Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution?
Exclusionary rule
What application is associated with TCP Ports 20 and 21?
FTP
Which backup technique requires a large amount of space and is considered to have a simple restoration process? A. Delta B. Differential C. Incremental D. Full
Full
Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present?
HTTPS Everywhere
Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present? A. NoScript B. FTPS C. HTTPS Everywhere D. Authenticode
HTTPS Everywhere
What is a disadvantage of a host-based IDS?
It can have a high cost of ownership and maintenance.
The cryptographic standard proposed for 3G networks is known as __________.
KASUMI
Which term refers to the ability to distribute the processing load over two or more systems?
Load balancing
What term refers to a piece of code that sits dormant for a period of time until some event invokes its malicious payload?
Logic bomb
Which initiative is a comprehensive effort, including registries of specific baseline data, standardized languages for the accurate communication of security information, and formats and standardized processes to facilitate accurate and timely communications? A. MITRE's Making Security Measurable B. Cyber Observable eXpression (CybOX) C. Trusted Automated eXchange of Indicator Information (TAXII) D. Structured Threat Information eXpression (STIX)
MITRE's Making Security Measurable
Which term refers to a type of an attack where an attacker spoofs addresses and imposes their packets in the middle of an existing connection?
Man-in-the-middle attack
Which term refers to refers to the predicted average time that will elapse before failure (or between failures) of a system?
Mean time to failure
Which type of alternative site generally use trailers, often rely on generators for their power but also factor in the requirement for environmental controls immediately?
Mobile backup site
How do most advanced persistent threats (APTs) begin? A. Most APTs begin through a denial of service attack. B. Most APTs begin through a phishing or spear phishing attack. C. Most APTs begin through a port scan. D. Most APTs begin through password cracking.
Most APTs begin through a phishing or spear phishing attack.
Which indicator of compromise (IOC) standard is an open source initiative established by Mandiant that is designed to facilitate rapid communication of specific threat information associated with known threats?
OpenIOC
Which RAID configuration, known as mirrored disks, copies the data from one disk onto two or more disks?
RAID 1
Which type of attack occurs when the attacker captures a portion of a communication between two parties and retransmits it at a later time?
Replay
____________________ is the first commercially available IDS.
Stalker
What is a key item to consider when designing incident response procedures?
To design the incident response procedures to include appropriate business personnel
A honeypot is sometimes called a(n) __________. A. antivirus packet B. SPAN C. digital sandbox D. firewall
digital sandbox
The term ____________________ relates to the application of scientific knowledge to legal problems.
forensics
The ____________________ Amendment to the U.S. Constitution precludes illegal search and seizure.
fourth
A(n) ____________________ monitors network traffic for malicious or unwanted behavior and can block, reject, or redirect traffic in real time.
intrusion prevention system (IPS)
The term __________ refers to software that has been designed for some nefarious purpose.
malware
____________________ is a form of authentication that involves the transferring of credentials between systems.
single sign-on
In a __________ attack, the attacker sends a spoofed packet to the broadcast address for a network, which distributes the packet to all systems on that network.
smurf
____________________ refer to copies of virtual machines.
snapshots
__________ relies on lies and misrepresentation, which an attacker uses to trick an authorized user into providing information or access the attacker would not normally be entitled to. A. Social engineering B. User exploitation C. War-driving D. Indirect attack
social engineering
____________________ is the use of all resources to make determinations.
strategic intelligence
____________________ is a structured language for cyberthreat intelligence information.
structured threat information eXpression
Which term refers to a unique alphanumeric identifier for a user of a computer system?
Username
What does WAP use for its encryption scheme? A. WEP B. SSL C. WTLS D. ElGamal
WTLS
Which attack technique uses Bluetooth to establish a serial connection to a device that allows access to the full AT command set? A. Bluejacking B. Bluesnarfing C. Bluebugging D. Bluetooth DOS
Bluebugging
An attacker who uses Bluetooth to copy e-mails, contact lists, or other files on a device is __________.
Bluesnarfing
The term __________ refers the unauthorized scanning for and connecting to wireless access points, frequently done while driving near a facility. A. war-driving B. war-dialing C. indirect attack D. brute force attack
war-driving
802.11a operates in the __________ spectrum using orthogonal frequency division multiplexing (OFDM).
5-GHz
802.11a operates in the __________ spectrum using orthogonal frequency division multiplexing (OFDM). A. 5-GHz B. 7.5-GHz C.60-GHz D. 150-GHz
5-GHz
One standard for sending packetized data traffic over radio waves in the unlicensed 2.4 GHz band is __________.
802.11b
Which term refers to a set of wireless technologies that enables smartphones and other devices to establish radio communication over a short proximity?
Near field communication (NFC)
Which term refers to a set of wireless technologies that enables smartphones and other devices to establish radio communication over a short proximity? A. Orthogonal frequency division band (OFDB) B. Direct-sequence spread spectrum (DSSS) C. Near field communication (NFC) D. 802.11i
Near field communication (NFC)
What DRP category would a business function fall under if an organization could last without that function for up to 30 days before the business was severely impacted?
Necessary for normal processing
What tool is the protocol/standard for the collection of network metadata on the flows of network traffic? A. Sniffer B. Penetration test C. NetFlow D. NetStat
NetFlow
Which term refers to a hardware device that can be placed inline on a network connection and that will copy traffic passing through the tap to a second set of interfaces on the tap?
Network tap
Which browser plug-in allows the user to determine which domains have trusted scripts?
NoScript
What name is given to a logical storage unit that is subsequently used by an operating system?
Partition
Which port is used by HTTPS? A. TCP port 465 B. TCP port 443 C. TCP port 80 D. TCP port 21
TCP port 443
Which port is used by SSMTP?
TCP port 465
The process of taking control of an already existing session between a client and a server is known as __________.
TCP/IP hijacking
The process of account ____________________ can be as simple as a check against current payroll records to ensure all users are still employed, or as intrusive as having users identify themselves again.
recertification
____________________ is the time period representing the maximum period of acceptable data loss.
recovery point objective
Evidence that is material to the case or has bearing on the matter at hand is known as __________.
relevant evidence
Remote authentication usually takes the common form of an end user submitting his credentials via an established protocol to a(n) ____________________, which acts upon those credentials, either granting or denying access.
remote access server
____________________ started with people using chalk on sidewalks to mark some of the wireless networks they found.
war-chalking
A person registers a domain name, relinquishes it in less than five days, and then gets the same name again. She repeats this cycle over and over again. What term describes this practice?
DNS kiting
A person registers a domain name, relinquishes it in less than five days, and then gets the same name again. She repeats this cycle over and over again. What term describes this practice? A. DNS spoofing B. DNS jacking C. DNS pilfering D. DNS kiting
DNS kiting
Which term implies the concept of "don't keep what you don't need"?
Data minimization
What type of attack is based on the automated download of malware that takes advantage of a browsers' ability to download the different files that compose a web page? A. Download of death B. Trojanized download C. Drive-by download D. War-downloading
Drive-by download
__________ is a branch of digital forensics dealing with identifying, managing, and preserving digital information that is subject to legal hold. A. Clustering B. Partitioning C. Litigation holding D. E-discovery
E-discovery
What is a disadvantage of a host-based IDS? A. It is ineffective when traffic is encrypted. B. It cannot see traffic that does not cross it. C. It must be able to handle high volumes of traffic. D. It can have a high cost of ownership and maintenance.
It can have a high cost of ownership and maintenance.
Which term describes a computer language invented by Sun Microsystems as an alternative to Microsoft's development languages?
Java
Which port is used to establish the Layer 2 Tunneling Protocol (L2TP)? A. UDP port 1701 B. TCP port 1701 C. TCP port 1107 D. TCP port 1217
UDP port 1701
Which ports are used by Remote Authentication Dial-In User Service (RADIUS) for authentication and accounting?
UDP port 1812 for authentication and UDP port 1813 for accounting
Which ports are used by Remote Authentication Dial-In User Service (RADIUS) for authentication and accounting? A. TCP port 1812 for authentication and TCP port 1813 for accounting B. TCP port 1812 for accounting and TCP port 1813 for authentication C. UDP port 1812 for authentication and UDP port 1813 for accounting D. UDP port 1812 for accounting and UDP port 1813 for authentication
UDP port 1812 for authentication and UDP port 1813 for accounting
Which item should be available for short-term interruptions, such as what might occur as the result of an electrical storm? A. Backup emergency generator B. Uninterruptible power supply (UPS) C. Cloud computing service D. RAID 6 disk storage with parity duplication
Uninterruptible power supply (UPS)
____________________ management is the process of restricting a user's ability to interact with the computer system.
privilege
An attacker purposely sends a program more data for input than it was designed to handle. What type of attack does this represent? A. Syn flood B. Buffer overflow C. Incomplete mediation D. Logic bomb
Buffer overflow
Which term refers to a specific technique of using an HTTP client to handle authentication on a wireless network?
Captive portal
Which term refers to a specific technique of using an HTTP client to handle authentication on a wireless network? A. Captive portal B. Walled-off C. Walled-on D. Public Wi-Fi
Captive portal
Which backup requires a medium amount of space and is considered to have an involved restoration process? A. Differential B. Incremental C. Delta D. Full
Incremental
Which term refers to a key measure used to prioritize actions throughout the incident response process? A. Information criticality B. Information scalability C. Footprinting D. Steganography
Information criticality
Which term describes a computer language invented by Sun Microsystems as an alternative to Microsoft's development languages? A. JavaScript B. Java C. Applet D. Authenticode
Java
Which attack type is common, and to a degree, relatively harmless? A. Port flooding B. Port scan C. Buffer overflow D. SQL injection
Port scan
____________________ is a form of denial of service, specifically against the radio spectrum aspect of wireless.
Jamming
____________________ multiplexes or separates the data to be transmitted into smaller chunks and then transmits the chunks on several sub channels.
Orthogonal frequency division multiplexing (OFDM)
Which protocol involves a two-way handshake in which the username and password are sent across the link in cleartext?
PAP
Which protocol involves a two-way handshake in which the username and password are sent across the link in cleartext? A. PAP B. SSH C. EAP D. CHAP
PAP
If the characteristics of an incident include a large number of packets destined for different services on a machine, a(n) ____________________ is occurring.
Port scan
Which access control type allows a company to restrict employee logon hours?
Rule-based access control
Which statement applies to a low-impact exposure incident?
A low-impact exposure incident only involves repairing the broken system.
What is WAP? A. A technique used by laptop computers for wireless communication B. A method of encryption for wired or wireless communications C. A piece of hardware that implements 802.11g D. A lightweight protocol designed for mobile devices
A lightweight protocol designed for mobile devices
A(n) ____________________ is a programming error condition that occurs when a program attempts to store a numeric value, an integer, in a variable that is too small to hold it.
integer overflow
Which term refers to a repository of alarms that an IDS has recorded? A. Notification database B. Notification center C. Alarm storage D. Alarm database
Alarm storage
Which term is a means of signing an ActiveX control so that a user can judge trust based on the control's creator?
Authenticode
The term Switched Port Analyzer (SPAN) is usually associated with __________.
Cisco switches
____________________ was an attempt to bring the security of shrink-wrapped software to software downloaded from the Internet.
Code signing
Which alternative site provides the basic environmental controls necessary to operate, but has few of the computing components necessary for processing?
Cold site
Which of the following has the least volatile data? A. CPU storage B. RAM C. Hard disk D. Kernel table
Hard disk
____________________ refers to the ability to maintain availability of data and operational processing (services) despite a disrupting event.
High availability
What are the three states of the data lifecycle in which data requires protection?
In storage, in transit, and during processing
____________________ is defined as the relative importance of specific information to the business.
Information criticality
Which RAID configuration, known as mirrored disks, copies the data from one disk onto two or more disks? A. RAID 0 B. RAID 1 C. RAID 4 D. RAID 5
RAID 1
Which RAID configuration, known as block-striped with error check, is a commonly used method that stripes the data at the block level and spreads the parity data across the drives?
RAID 5
Which access control type would be used to grant permissions based on the specific duties that must be performed? A. Mandatory access control B. Discretionary access control C. Role-based access control D. Rule-based access control
Role-based access control
Which attack works on both SSL and TLS by transparently converting the secure HTTPS connection into a plain HTTP connection, removing the transport layer encryption protections?
SSL stripping attack
Which attack works on both SSL and TLS by transparently converting the secure HTTPS connection into a plain HTTP connection, removing the transport layer encryption protections? A. SSL stripping attack B. Buffer overflow C. Session hijacking D. Cross-site scripting
SSL stripping attack
Which term refers to the examination of machines to determine what operating systems, services, and vulnerabilities exist? A. Scanning B. Enumeration C. Footprinting D. Pilfering
Scanning
Which term defines a collection of predefined activity patterns that have already been identified and categorized—patterns that typically indicate suspicious or malicious activity? A. Packet filtering B. Signature database C. Pattern structure D. Pattern filter
Signature database
Which term refers to a critical operation in the organization upon which many other operations rely and which itself relies on a single item that, if lost, would halt this critical operation?
Single point of failure
Which term refers to a critical operation in the organization upon which many other operations rely and which itself relies on a single item that, if lost, would halt this critical operation? A. High availability clustering B. Load balancing C. Infrastructure as a Service (IaaS) D. Single point of failure
Single point of failure
____________________ is a situation where someone examines all the network traffic that passes their NIC, whether addressed for them or not.
Sniffing
Which tool has been the de facto standard IDS engine since its creation in 1998?
Snort
What is the goal of TCP? A. To send an unauthenticated, error-free stream of information between two computers. B. To provide integrity and authentication functionality through the use of cryptographic methods. C. To link documents to other documents by URLs. D. To provide a common addressing scheme.
To send an unauthenticated, error-free stream of information between two computers.
Johnny receives a "new version" of the game Solitaire in an e-mail. After running the program, a backdoor is installed on his computer without his knowledge. What kind of an attack is this?
Trojan
Physical memory storage devices can be divided into a series of containers; each of these containers is called a(n) ____________________.
partition
____________________ consists of misdirecting users to fake web sites that have been made to look official.
pharming
Which network security standard was created to provide users with an easy method of configuring wireless networks? A. Wireless Transport Layer Security (WTLS) B. Wi-Fi Protected Setup (WPS) C. Protected EAP (PEAP) D. Wireless Application Protocol (WAP)
Wi-Fi Protected Setup (WPS)
____________________ are small application programs that increase a browser's ability to handle new data types and add new functionality.
plug-ins
Which of the following is a popular, open source protocol analyzer? A. Snort B. Suricata C. Bit Defender D. Wireshark
Wireshark
To enable interoperability, the ____________________ standard was created as a standard for directory services.
X.500
Which advanced malware tool assists security engineers in hunting down malware infections based on artifacts that the malware leaves behind in memory? A. Snort B. Suricata C. Yara D. Wireshark
Yara
Evidence that must be legally qualified and reliable is known as __________.
competent evidence
____________________ is the posting of location information into a data stream, signifying where the device was when the stream was created.
geo-tagging
The hashing algorithm applies mathematical operations to a data stream (or file) to calculate some number, the ____________________, that is unique based on the information contained in the data stream (or file).
hash
A(n) ____________________ performs a function similar to the familiar parity bits, checksum, or cyclic redundancy check (CRC).
hashing algorithm
The ____________________ model uses artificial intelligence to detect intrusions and malicious traffic.
heuristic
____________________ refers to the analysis of a specific system, including the analysis of file systems and artifacts of the operating system.
host forensics
A(n) ____________________ is any event in an information system or network where the results are different than normal.
incident
A(n) __________ of an encryption system finds weaknesses in the mechanisms surrounding the cryptography.
indirect attack
