INFO SEC CHAPTER 10 - 15
Role-based access control (RBAC) uses labels to determine the type and extent of access to a resource and the permission, or security, level granted to each user.
False
Safe browsing practices have little to do with whether individuals become victims online.
False
Scareware is software specifically designed to display advertisements on a system in the form of pop-ups or nag screens.
False
Sniffers are fundamentally dangerous because they are used to steal information.
False
The Linux cd command displays all the files and subdirectories in a given location.
False
The netstat command-line tool is effective in detecting viruses and worms.
False
The rise of services such as Facebook, LinkedIn, and Twitter has made the loss of personal information or loss of control of that information through social media less of a concern.
False
Using the telephone is a common way for a social engineer to gather information.
False
Whenever possible, security practitioners should encourage people to use their social network for both their professional activities and their personal activities.
False
Which of the following provides the ability to monitor a network, host, or application, and report back when suspicious activity is detected?
Intrusion detection system (IDS)
Which incident response phase involves collecting evidence?
Investigation
Even if a disaster recovery plan (DRP) is properly evaluated and tested, it must be reviewed regularly because times change and the plan must adapt.
True
Firewalls separate networks and organizations into different zones of trust.
True
For many businesses, a social media presence is a key part of the corporate communications strategy.
True
Hardware-based keystroke loggers can be plugged into a universal serial bus (USB) port on a system and monitor the passing signals for keystrokes.
True
If a computer must be removed from a crime scene, chain-of-custody requirements come into play.
True
In Linux, a Live CD or DVD contains a fully featured, fully functional operating system.
True
In Linux, the /boot directory contains all the files required to start up and boot a Linux operating system.
True
In Linux, the command line is the only way to do more advanced operations.
True
In Windows, directories are referenced with the familiar "\", but in Linux, the directories are referenced with "/."
True
In some cases, spyware creators have stated their intentions outright by presenting End-User License Agreements (EULAs) to the victim.
True
Intrusion detection is the process of detecting potential misuse or attacks and the ability to respond based on the alert that is provided.
True
It is worthwhile to conduct an Internet search on yourself in order to see what personal information is available about you online.
True
MAC flooding involves overwhelming or flooding a switch with a high volume of requests.
True
Malware can be used to turn a system into a server hosting any type of content, such as illegal music or movies, pirated software, pornography, and financial data.
True
Malware can steal passwords and personal information from an unsuspecting user.
True
Many social networking sites have grown so large so fast that they have not taken appropriate security measures to secure the information they are entrusted with.
True
Most Internet of Things (IoT) devices have little or no security controls configured.
True
Most intrusion detection systems (IDSs) are based on signature analysis.
True
No evidence, regardless of type, is necessarily admissible in court.
True
Security tokens are devices used to authenticate a user to a system or application.
True
Social engineering is a type of information security attack that depends primarily on human weakness.
True
Social engineering relies on most people's ignorance of the value of their personal information or authority.
True
Some commands provide the ability to specify a series of arguments; in these situations, each argument should be separated with a space or tab.
True
Special-purpose Live CDs/DVDs include firewall applications and rescue disks.
True
The Linux kernel, unlike that of Windows, can be configured by anyone with the time and knowledge required.
True
The Payment Card Industry Data Security Standard (PCI DSS) has specific requirements for organizations' incident response plans.
True
The language and images you share with friends and family on social media may be inappropriate on the professional side of your life.
True
The majority of Linux commands are case sensitive.
True
There is typically only one version of a Linux kernel for a specific Linux operating system.
True
Wireshark, tcpdump, WinDump, and Omnipeek are popular sniffing tools.
True
With stateful packet inspection (SPI) in a firewall, the attributes of each connection describe the state of the connection.
True
You can run Kali Linux in a virtual machine.
True
You can run a live Linux distribution on a USB flash drive.
True
Christine investigated an alert generated by her intrusion detection system (IDS) and determined that the reported activity did actually take place. How should she classify this alert?
True positive
Greg is educating users about social media concerns in the corporate setting. Which of the following risks is most likely associated with an employee who has recently been terminated?
Tweet rage
________ is an immediate, angry response to something a person disagrees with online.
Tweet rage
A ________ defines how an organization will maintain what is accepted as normal day-to-day business in the event of a security incident or other events disruptive to the business.
business continuity plan
Botnets are used to perform all of the following attacks except ________.
passive session hijacking
Software that helps organize and track various usernames and passwords is called a ________.
password manager
The process of investigating any and all security incidents and related issues pertaining to a particular situation is called ________.
due diligence
An attacker using friendliness, trust, impersonation, and empathy to get a victim to do what they want him or her to do is participating in ________.
persuasion/coercion
Dean believes that a Trojan may have affected his system. Which command can he use to query for open connections and help to determine if a Trojan is using a specific port?
netstat
An attacker who sets up a realistic persona from which the victim seeks assistance is participating in ________.
reverse social engineering
Media Access Control (MAC) flooding and Address Resolution Protocol (ARP) poisoning are ________.
methods of bypassing a switch to perform sniffing
The term ________ is defined as the improper use of privileges or resources within an organization.
misuse
Which command creates new directories in Linux?
mkdir
Which Linux command moves files from one location to a new location?
mv
Wendy is an attacker who recently gained access to a vulnerable web server running Microsoft Windows. What command can she use to create a command prompt and redirect it to her local computer?
nc
A device used to break a network into multiple logical network segments known as collision domains is called a ________.
switch
Which of the following types of malware is a piece of code or software that spreads from system to system by attaching itself to other files, and is activated when the file is accessed?
Virus
Spokeo and Intellius are ________.
websites that contain personal information about people
Which of the following statements is NOT true about firewall policy?
A policy is unnecessary if the firewall is configured properly.
Caitlyn would like to use a single, multi-homed firewall to create a traditional demilitarized zone (DMZ) network. How many network interfaces does this firewall need?
3
Which of the following statements is NOT true about firewalls?
A firewall does not provide the ability to segment a network internally or within the organization itself.
Which of the following controls fit in the area of policy and procedure?
Administrative
In what type of attack does the attacker take over an established session between two parties and then interacts with the remaining party as if the attacker were the party that has been disconnected?
Active session hijacking
What type of sniffing takes place on networks that have connectivity hardware that is "smarter" or more advanced, such as those with a switch?
Active sniffing
Which of the following is an intrusion detection system with additional abilities that make it possible to protect systems from attack by using different methods of access control?
An intrusion prevention system
Which of the following is a detection method that uses a known model of activity in an environment and reports deviations from established normal behavior?
Anomaly detection
Dave would like to use a firewall that is able to intercept user connection requests and perform those connections on behalf of end users. What type of firewall does he want?
Application proxying, stateful inspection, honeypot
Which of the following specifies filenames or other targets that fine-tune the action of a Linux command?
Argument
Which of the following covers the potential risks uncovered following an incident and their potential impact on the organization?
Business impact analysis
________ is the process of tracking evidence from collection to trial and after, when it is returned to its owner or destroyed.
Chain of custody
Ursula would like to ensure that her local servers are protected against the failure of a single disk. What technology best provides this type of fault tolerance?
Cloud services
Which of the following is a type of alternate site that does not include backed-up copies of data and configuration data from the primary location?
Cold site
Which of the following statements is true regarding social networking in a corporate setting?
Company policies may discuss proper usage of social media and networking sites at work.
Jake just determined that an attacker controls a system on his network. What stage of the incident response process should he move to next?
Containment
Many attackers gain access to a target system through something known as a window.
False
Over the past few years, the use of denial of service (DoS) attacks to commit crimes such as extortion has decreased.
False
A business continuity plan (BCP) dictates how the entire business will be brought back to an operational state.
False
A denial of service (DoS) attack is typically the first action an advanced hacker will take in an attempt to access a system.
False
Over the past several years, social networking sites have become less of a target for cybercriminals.
False
Pop-up blockers clutter up a web browser and make it weaker.
False
A distributed denial of service (DDoS) attack can be performed using only a software component; no hardware component is necessary.
False
A host-based intrusion detection system (HIDS) monitors activity on a network.
False
A packet-filtering firewall is a type of firewall that functions as a gateway for requests arriving from clients.
False
A safe computing practice is to use one password for all online accounts.
False
Private information on Facebook is truly private.
False
A single computer configured to attract attackers to it and act as a decoy is a honeynet.
False
Accumulating as many connections as possible on social media (seeking quantity over quality) makes it less likely you will link or "friend" a scam artist or an identity thief.
False
Action session hijacking is functionally no different from sniffing.
False
Adware is a type of virus.
False
All Linux distributions are free.
False
All evidence, no matter the type, is admissible in court.
False
An intrusion detection system (IDS) is a single piece of software, as opposed to a series of components.
False
An intrusion detection system (IDS) prevents attacks from occurring.
False
An intrusion detection system (IDS) provides a way of both detecting an attack and dealing with it.
False
As soon as a security incident is discovered, it is important to disconnect any devices, wires, and peripherals, and shut down the system.
False
Regarding Linux, the terms "free" and "open source" are interchangeable.
False
Corroborative evidence is considered so strong that it directly overrides all other evidence types by its existence.
False
Documentation about chain of custody does not need to include how the evidence was collected.
False
Guidelines on how to use equipment safely fall under the banner of due diligence.
False
Honeypots are illegal.
False
Replacing a Windows computer with an Apple computer is the only way to stay safe online.
False
In Linux, the files that dictate access between hardware and the operating system reside in /home.
False
In Linux, the name of a command generally consists of uppercase letters.
False
In the context of a network, misuse is always malicious in nature.
False
It is possible to eliminate the chance of a security incident.
False
Kali Linux is designed to be used as a desktop replacement operating system.
False
Like Windows, Linux refers to drives and partitions by letters of the alphabet.
False
Xavier is developing a file system in which users will have the ability to grant editing permissions to their colleagues. What type of access control model is this approach using?
DAC
Linux can be operated only from the command line.
False
Which of the following is a region of a network or zone that is located between two firewalls?
Demilitarized zone (DMZ)
Logic bombs are relatively easy to detect.
False
Which of the following types of evidence is received as the result of testimony or interview of an individual regarding something he or she directly experienced?
Direct
What is the best way to ensure that Facebook privacy settings are well-managed?
Disable all options and enable them one by one.
Carla's business recently suffered an attack that shut down operations. What planning document describes how her business should recover from this disruption?
Disaster recovery plan
Which of the following documents states how personnel and assets will be safeguarded in the event of a disaster?
Disaster recovery plan
Which disaster recovery plan test closely simulates a disaster, including interrupting services and the organization itself?
Full interruption
Which of the following is NOT considered a safe computing practice?
Have shopping websites save your address and credit card information so you don't have to reenter it each time.
In which incident response phase do team members determine how seriously the incident has affected critical systems or data?
Incident identification
Which incident response phase has the goal of determining what was done right, what was done wrong, and how to improve?
Lessons learned
Which of the following types of viruses infects and operates through the use of a macro language built into applications, such as Visual Basic for Applications (VBA) in Microsoft Office?
Macro virus
Which of the following is a general term for software that is inherently hostile, intrusive, or annoying in its operation?
Malware
Countermeasures that can be used to defeat sniffing include all of the following except ________.
Media Access Control (MAC) flooding
Which of the following is a firewall best able to control?
Network traffic
Which of the following is not a common use of a live distribution of Linux?
Office productivity applications
Which of the following statements is NOT true regarding oversharing of company activities?
Oversharing of company activities typically is conducted by disgruntled employees who are intentionally trying to harm their company.
Which of the following statements is NOT true regarding passive sniffing?
Passive sniffing works only when the traffic you wish to observe and the station that will do the sniffing are in different collision domains.
Which of the following is true regarding account passwords?
Passwords should have at least one number and one special character.
Camila is educating users about social media risks. What is the primary risk of using the same password for more than one account?
Reuse of passwords leads to tweet rage; Passwords that are compromised on one site may be reused on other sites; Reuse of passwords is against the law.
Tom is preparing to testify in court in a criminal case. He plans to bring with him an image of a drive involved in the criminal activity. What term best describes this type of evidence?
Secondary evidence
Darcy is investigating the hacking of a system that contained customer records. She discovers the attacker stole some of those records. What term best describes this situation?
Security incident
Which of the following is NOT considered a sensible guideline to follow when using social networking sites?
Set up an email account that uses your real name.
Brynn discovered that her company's accounts receivable department is discarding customer payment checks without shredding them. What is the primary social engineering risk associated with this activity?
Shoulder surfing, impersonation, dumpster diving
Which Facebook protection practice enables you to "friend" work associates with whom you feel uncomfortable sharing personal information?
Show "limited friends" a cutdown version of your profile.
Frances recently installed a system that analyzes the content of network packets for signs of malicious activity. What type of technology is this system using?
Signature analysis
Which of the following refers to an intrusion detection system (IDS) that is programmed to identify known attacks occurring in an information system or network by comparing sniffed traffic or other activity with that stored in a database?
Signature analysis
Which of the following is commonly known as misuse detection because it attempts to detect activities that may be indicative of misuse or intrusions?
Signature recognition
Which disaster recovery plan test involves practicing backup and restore operations, incident response, communication and coordination of efforts, and alternative site usage in such a way that normal business operations are not adversely affected?
Simulation
Which of the following statements is NOT true regarding social engineering?
Social engineering has different goals and objectives than other types of hacking.
Which disaster recovery plan test involves members of the disaster recovery team reading through the plan together to uncover potential gaps and bottlenecks in the response?
Structured walkthrough
Content addressable memory (CAM) is the memory present on a switch, which is used to build a lookup table.
True
Vic is analyzing the LinkedIn profiles of his company's employees. He discovers that one of them is labeled with the keyword LION. What risk does this pose?
Trigger finger
Because the operating system of a live Linux distribution is run from physical memory, performance is slower than if it were installed on the hard drive.
True
Biometrics is a type of access control mechanism.
True
Education is key to stopping both worms and viruses.
True
A business that is part of the health care industry should expect regulations to come into play that dictate data protection needs and other requirements.
True
A hot alternate site typically has a high degree of synchronization with the primary site up to the point of completely duplicating it.
True
A multi-homed device has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces.
True
A password manager uses a single password to access all other passwords.
True
A persuasion/coercion attack is considered psychological.
True
A screened host is a setup where the network is protected by a device that combines the features of proxy servers with packet filtering.
True
A security control is a technical or nontechnical mechanism that enforces an organization's security policy.
True
A security incident is an event that results in a violation of or poses an imminent threat to the security policy.
True
A security incident report should include a risk assessment of the state of the system before and after the security incident occurred.
True
A security incident that is investigated improperly can result in substantial legal problems for a company.
True
A security information and event management (SIEM) monitors log files for security events.
True
A service level agreement (SLA) is a legal contract that lays out what a service provider will provide and at what performance level.
True
A web browser is safer if it is the latest version and it is kept up to date.
True
An alternate site is where all operations will be moved if the primary or normal site is no longer able to provide those services.
True
An important component of damage assessment is to determine whether the attack is over or ongoing.
True
An intrusion detection system (IDS) captures traffic and compares the intercepted traffic to known good or bad behavior.
True
Attacks that involve social networks have been made easier by the fact that their users often willingly share information.
True
Barriers, guards, cameras, and locks are examples of physical controls.
True
The capacity of a system to keep functioning in the face of hardware or software failure is called ________.
fault tolerance
A group of computers or a network configured to attract attackers is called a ________.
honeynet
A detailed plan that describes how to deal with a security incident when it occurs is called a(n) ________.
incident response plan
The term ________ is defined as an unauthorized use or access of a system by an individual, a party, or a service.
intrusion
The principle that individuals will be given only the level of access that is appropriate for their specific job role or function is called ________.
least privilege
Attackers observing victims as they enter codes at a bank cash machine or a gas pump are participating in ________.
shoulder surfing
Tricking or coercing people into revealing information or violating normal security practices is referred to as ________.
social engineering
Facebook, Twitter, and LinkedIn are examples of ________.
social networking sites
The primary components of a network-based intrusion detection system (NIDS) are ________.
the command console and the network sensor
Which Linux directory contains executables used by the operating system and administrators but not typically by ordinary users?
/sbin
Gary is investigating an attack against his web server and would like to inspect the HTTP logs. Which top-level directory would contain these logs?
/var
All executables in the Linux ________ directory are accessible and usable by all system users.
/bin
Kaiden would like to find the list of physical disk drives that are connected to a Linux system. Which directory contains a subdirectory for each drive?
/dev
Which directory contains vital information about processes running on the Linux system?
/proc
Which of the following is a next-generation Trojan tool designed to accept customized, specially designed plug-ins?
Back Orifice (BO2K)
It is easy for a session hijacker to predict the sequence numbers of packets in order to hijack a session successfully.
False
Modern antivirus software is not equipped to deal with the problems polymorphic viruses pose.
False
Most networks and protocols are inherently secure, making them difficult to sniff.
False
Session hijacking is the process of assisting two parties in establishing a new session.
False
The drawback of planting a backdoor on a system is that an attacker will likely trigger a defense mechanism when trying to access the system in the future.
False
Typically, a computer system can see all communications, whether they are addressed to the listening station or not.
False
Worms require user intervention for their infection to take place; viruses do not.
False
Chris is concerned that attackers might engage in sniffing attacks against traffic on his network. Which of the following protocols is most susceptible to sniffing attacks?
Hypertext Transfer Protocol (HTTP)
Which of the following statements is NOT true regarding passive session hijacking?
In passive session hijacking, the attacker assumes the role of the party he has displaced.
Which of the following is NOT a common use of live Linux distributions?
Increasing random access memory (RAM) on a system
Which of the following is the first step an attacker must perform to conduct a successful session hijacking?
Insert himself/herself between Party A and Party B.
Which of the following statements is NOT true regarding Address Resolution Protocol (ARP) poisoning?
It cannot be used to tap Voice over IP (VoIP) phone calls.
Ron is building a system that he will use in a penetration test and would like to choose a Linux distribution well-suited to that purpose. Which of the following Linux distributions would be his best choice?
Kali
Which statement is NOT true of Kali Linux?
Kali is designed to be used as a desktop replacement operating system.
Which of the following statements is true of Linux?
Linux runs on a limited range of hardware.
Jane's organization recently experienced a security incident that occurred when malware set to trigger on the chief executive officer's (CEO's) birthday deleted all of the company's customer records. What type of malware was used in this attack?
Logic bomb
Which of the following types of viruses is a piece of code or software designed to lie in wait on a system until a specified event occurs?
Logic bomb
Harold is performing a penetration test and would like to force a switch to fall back to forwarding mode. Which of the following attacks would be most helpful to Harold in meeting his goal?
MAC flooding
Which of the following types of viruses infects using multiple attack vectors, including the boot sector and executable files on a hard drive?
Multipartite virus
Which of the following is a distributed denial of service (DDoS) attack in which the attacker sends a large number of ping packets with the intent of overwhelming a victim?
Ping flood
Which of the following types of viruses is designed to change its code and "shape" to avoid detection by virus scanners?
Polymorphic virus
Maria recently discovered that an attacker placed malware on a system used by her company's chief financial officer (CFO) that allowed the attacker to remotely control the system. What type of malware was used in this case?
RAT
Which of the following is a type of malware designed to hold your data hostage?
Ransomware
Barry is investigating the unauthorized access to his chief executive officer's (CEO's) email account. Barry discovers the tools Ettercap and Hunt on a nearby workstation. Which of the following attacks is the most likely cause of the breach?
Session hijacking
Yolanda discovered that a botnet infected several systems on her network. Which of the following activities is not a likely use of the botnet?
Social engineering
Helen would like to sniff network traffic for troubleshooting purposes and is looking for a command-line utility that will allow her to analyze network traffic. Which one of the following tools best meets her need?
Tcpdump
Which of the following laws was originally passed to address federal computer-related offenses and the cracking of computer systems?
The Computer Fraud and Abuse Act of 1986
Which of the following statements is NOT true regarding distributed denial of service (DDoS) attacks?
The attack is easily tracked back to its true source.
Which of the following will happen after using a Linux Live CD/DVD, ejecting the media, and rebooting the system from the hard drive?
The system will be just like it was before using the Live CD/DVD.
Joon believes that a worm infected several systems on his network. Which of the following statements is NOT true about worms?
They require user action to spread.
Which of the following statements is NOT true about dictionary-based virus detection?
This method can detect viruses that it knows about and those it does not know about.
Which of the following is malware that looks legitimate but hides a payload that does something unwanted?
Trojan
A software development kit specifically designed to facilitate the design and development of Trojans is called a ________.
Trojan construction kit
A denial of service (DoS) attack is designed to deny legitimate users the use of a system or service through the systematic overloading of its resources.
True
A lookup table is used to track which Media Access Control (MAC) addresses are present on which ports on a switch.
True
Active sniffing introduces traffic onto a network, which means the sniffer's presence is detectable on the network.
True
An attacker can use a keystroke logger to monitor activity on a system and have it reported back to the attacker.
True
Antivirus programs can use the suspicious behavior method to monitor the behavior of applications on a system.
True
Both denial of service (DoS) and distributed denial of service (DDoS) attacks seek to overwhelm a victim with requests designed to lock up, slow down, or crash a system.
True
Click fraud is a type of botnet attack in which infected systems are used to click on ads, generating revenue for the attacker.
True
Hoax viruses are those designed to make the user take action even though no infection or threat exists.
True
If any part of a multipartite virus is not eradicated from the infected system, it can re-infect the system.
True
In the first wave of a distributed denial of service (DDoS) attack, the targets that will be the "foot soldiers" are infected with the implements that will be used to attack the ultimate victim.
True
One of the main characteristics of worms is that they do not need a host program to function.
True
Promiscuous mode is a special mode that a network card can be switched to that will allow the card to observe all traffic that passes by on the network.
True
When a covert channel is in use, information is typically transferred in the open, but hidden within that information is the information the sender and receiver wish to keep confidential.
True
Wrappers can be used to merge an attacker's intended payload with a harmless executable to create a single executable from the two.
True
Which of the following is a malware program designed to replicate without attaching to or infecting other files on a host system?
Worm
Hajar needs to copy files on a Linux system. What command can she use to create a new copy of a file in a different location while preserving the original file?
cp
Which of the following Linux commands copies files from location to location?
cp
Consumption of bandwidth, consumption of resources, and exploitation of programming defects are the three broad categories of ________.
denial of service (DoS) attacks
All of the following actions can be helpful in thwarting session hijacking attacks except ________.
employing operating systems that create predictable sets of sequence numbers
Denial of service (DoS) and distributed denial of service (DDoS) attacks have the same effect. However, a DDoS attack ________.
is launched from large numbers of hosts that have been compromised
The core component of the Linux operating system, which has control over all low-level system functions such as resource management, input and output operations, and central processing unit (CPU), is called the ________.
kernel
A process where communications are redirected to different ports than they would normally be destined for is called ________.
port redirection
Which command displays the current location of the user within the Linux directory structure?
pwd
Trojans perform the following operations except ________.
replicating
Which command removes or deletes empty directories from the Linux filesystem?
rmdir
Which of the following is NOT one of the more common distributions of Linux?
Cinnamon