Info Tech Security Final Exam Review
This type of access control gives control of every resource to an owner. For example, it allows one user that owns a resource to allow access to another user. -ABAC -DAC -MAC -RBAC
-DAC
Your network uses the subnet mask 255.255.255.224. Which two of the following IPv4 addresses are able to communicate with each other? -10.10.10.62 -10.10.10.97 -10.10.10.2 -10.10.10.33 -10.10.10.68
10.10.10.33, 10.10.10.62
SNMP uses which of the following ports? Select one or more: a. 160 b. 163 c. 162 d. 161
161 162
Select all private IPv4 addresses -172.31.10.99 -10.0.0.1 -192.168.255.254 -191.168.1.1 -10.255.255.255
192.168.255.254, 172.31.10.99, 10.0.0.1, 10.255.255.255
WPA2 has a _____-bit encryption key size.
256
What port does Remote Desktop Protocol use?
3389
Which port does LDAP use?
389
What is the most common port used when connecting an Internet Explorer browser to a proxy server for use with HTTPS connections?
443
To use the Lightweight Directory Access Protocol (LDAP) in a secure fashion, what port should be used?
636
WEP most commonly has a _____-bit encryption key size.
64
This device masquerades as an important target on the network to encourage attackers to waste time trying to break in.
Honeypot
Which of the following are examples of physical security? -IP cameras -Security lighting -Door locks -Security guards
IP cameras, Security guards, Door locks, Security lighting
A system that stops attacks in progress is a(n)
IPS
You see a network address in the command-line that is composed of a long string of letters and numbers. What protocol is being used?
IPv6
This practice is really a blacklist. It prevents access unless otherwise configured. -Implicit deny -Least privilege -Separation of duties -Job rotation
Implicit deny
Which of the following can run on any platform? -Group Policy -ActiveX controls -Internet Explorer -Java applets
Java applets
This practice has more than one user working on a single task. It focuses on cross-training to make it easier to detect mistakes or improper use. - Separation of duties - Job rotation - Implicit deny - Least privilege
Job rotation
Active Directory uses what type of authentication protocol?
Kerberos
This practice gives the user only the access needed to complete a task and no more. It would prevent a accounting user from accessing the HR files in the file share. - Least privilege - Separation of duties - Implicit deny - Job rotation
Least privilege
A complex password would contain which of the following? Select one or more: -Lowercase characters - A character length of 8 or greater - Uppercase characters - Special characters - Number characters
Lowercase characters A character length of 8 or greater Uppercase characters Special characters Number characters
This type of access control is the most restrictive. It can be based on labels that allow or reject the "subject's" attempt to access an "object". -ABAC -DAC -RBAC -MAC
MAC
Snort and Bro are examples of what type of device?
NIDS
This device sits near a firewall and inspects every packet for unwanted activity and generates an alert for every instance of this activity.
NIDS
This device detects unwanted activity on a network and actively stops or redirects the traffic.
NIPS
These are groups of policies that can be loaded in one procedure.
Security Templates
A patch to fix ETERNALBLUE, an SMB version 1 exploit, would be considered a
Security update
What is the purpose of AP isolation?
Segments each wireless user from every other wireless user
This practice has more than one person or user account involved to complete a task. For example, a standard user account would be used to browse the web, but an administrator account would be used to write to system files. - Least privilege - Separation of duties - Implicit deny - Job rotation
Separation of duties
Which of the following can best be described as the exploitation of a computer session in an attempt to gain unauthorized access to data -Session hijacking -DoS -Domain name kitting -Null session
Session hijacking
This type of malware collects information from a user's computer without his or her consent.
Spyware
The act of identifying assets to the system, uncovering vulnerabilities, and identifying, documenting and rating threats is
Threat modeling
This type of malware appears to be legitimate software, but is actually malicious.
Trojan
A RAT is an example of a Trojan.
True
A master computer controls a botnet.
True
NAT is sometimes also known as IP masquerading.
True
Port 88 is used by Kerberos
True
Social engineering is the act of manipulating users into revealing confidential information.
True
To protect against threats such as malware, social engineering, and so on, an IT person can implement encryption, authentication, anti-malware, and user awareness.
True
When performing forensic analysis of a computer, what should you do first? Select one: a. Scan for viruses b. Analyze the files c. Back up the system d. Make changes to the operating system
Back up the system
The process of measuring changes in hardware and software is called
Baselining
A finger-swipe would be what type of authentication?
Biometric
The testing of functionality of a system by people who do not know the system beforehand is called
Black-box testing
Malware can be delivered in which of the following ways? -Privilege Escalation -Botnets -Backdoors -Logic Bombs -Active Onterception
Botnets, Active Interception, Privilege Escalation, Backdoors, Logic Bombs
Which of the following uses every possible password instance? - Guessing - Cryptanalysis attack - Brute-force attack - Dictionary attack
Brute-force attack
When a process stores data outside the memory that the developer intended, this is a
Buffer overflow
This device will store a local copy of a website to save bandwidth and speed up internet requests.
Caching proxy
When using a USB flash drive, which of the following is most concerning? -Availability -Integrity -Authorization -Confidentiality
Confidentiality
The CIA of Computer Security stands for
Confidentiality, Integrity, Availability
Text files that are used by websites to remember information about the user are called
Cookies
Which of the following uses a massive lookup table, known as a rainbow table? - Cryptanalysis attack - Guessing - Brute-force attack - Dictionary attack
Cryptanalysis attack
This service is used to keep all Windows users in Standard User mode instead of Administrator mode.
UAC
You have been tasked with segmenting internal traffic between layer 2 devices on the LAN. Which of the following network design elements would most likely be used? -DMZ -Routing -NAT -VLAN
VLAN
A malicious user or malware capable of breaking out of a VM would cause a
Virtual machine escape
Which is the most secure form of wireless encryption?
WPA2
Which option best prevents spyware infections? -Blacklists -Windows Defender -Whitelists -Host-based firewall
Windows Defender
Which of the following is a protocol analyzer? Select one: a. Cain & Abel b. Nessus c. Wireshark d. John the Ripper
Wireshark
Which of the following is an example of an ethical hacker?
With the owner's consent, this hacker will use penetration testing and intrusion testing techniques to gain access to a system.
This type of malware takes uses security flaws in an operating system to self-replicate to other computers.
Worm
Which type of cable offers the most security?
Fiber-optic
If a server has inbound port 21 open, what service is it running?
File Transfer Protocol
This device blocks and allows data in and out of a network based on IP addresses and ports.
Firewall
Your boss wants you to secure your web servers transactions. Which protocol and port number should you use to accomplish this?
HTTPS
This type of access control uses if-then statements. For example, if a user is part of the security team, then allow the user access to the server room. -DAC -RBAC -MAC -ABAC
ABAC
WPA2 uses the stronger _____ protocol to encrypt data.
AES
Which of the following best describes the proper method and reason to implement port security?
Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network.
Which of the following verifies who a person is? -Authorization -Confidentiality -Integrity -Authentication
Authentication
The AAA of Computer Security stands for
Authentication, Authorization and Accounting
A client computer uses the IP address 10.254.254.189. It has made a connection to a web server by opening the outbound port 1589. The server uses the IP address 65.19.28.154. You want to filter out any HTTP packets coming from the server. Which IP address and port should you specify to be filtered on the firewall? - 10.254.254.189:1589 - 10.254.254.189:80 - 65.19.28.154: 1589 - 65.19.28.154:80
65.19.28.154:80
Which port does Kerberos use?
88
This router technology allows a host to be fully visible to the internet while physically behind the router.
DMZ
What type of attack would be in effect if there is a WAP with an identical SSID to a legitimate WAP being used for phishing purposes.
Evil twin
After auditing and patching flaws, a computer system can be completely secure.
False
HTTPS uses port 80
False
One way to protect a WAN is to place all the computers behind a router.
False
True or False: In qualitative risk assessment: SLE * ARO = ALE
False
True or False: In quantitative risk assessment: SLE * ALE = ARO
False
True or False: Wireshark is a type of vulnerability scanner.
False
WEP should be replaced with WPA.
False
Which of the following tools works best to create a topology of a network? Select one: a. John the Ripper b. NMap c. netstat d. Wireshark
NMap
Which of the following are Hypervisors? -VMWare VSphere -Microsoft Hyper-V -Citrix XenServer -Oracle Virtualbox
Oracle Virtualbox, Microsoft Hyper-V, VMWare VSphere, Citrix XenServer
Which of the following authentication protocols sends credentials in clear-text? -CHAP -PAP -MS-CHAP v2 -MS-CHAP
PAP
Which of the following is a VPN tunneling protocol? -RADIUS -Kerberos -802.11X -PPTP
PPTP
You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in?
Promiscuous mode
If a password is sent in clear text, which of the following could view it? Select one: a. John the Ripper b. Rainbow table c. Protocol analyzer d. Port scanner
Protocol analyzer
This type of server acts as a middle man between the client and the internet caching information to speed up browsing.
Proxy
Which of the following technologies will prioritize traffic, like VOIP? -DMZ -QoS -SOHO -NAT
QoS
This type of access control automatically allows access to resources when a user is associated with a function. For example, adding a user to the Accounting group gives that user permission to edit the budget.xlsx file. -MAC -RBAC -DAC -ABAC
RBAC
This type of malware encrypts files and prompts the user to pay to retrieve the encryption key.
Ransomware
When an attacker has the ability to execute commands on a remote server, this is called
Remote Code Execution
When an attacker injects "shellcode" to allow commands to be run on a remote computer, this is called
Remote code execution
When a company accepts some risk, but transfers some of that risk to another company by purchasing insurance, this is known as Select one: a. Risk sharing b. Risk avoidance c. Risk acceptance d. Risk reduction
Risk sharing
This type of malware loads before the operating system and grants admin-level access to the system.
Rootkit
Which of the following should be removed to increase security? -SSID -MAC filtering -Firewall -WPA
SSID
Which of the following firewall rules only denies DNS zone transfers? -deny TCP any any port 53 -deny IP any any -deny UDP any any port 53 -deny all dns packets
deny TCP any any port 53
To access the Group Policy Editor directly, type
gpedit.msc
The availability of data means
having data obtainable regardless of how it is stored.
The command to manually stop the gupdate service in Windows is
net stop gupdate
Having indisputable proof that someone did something on company systems is called -Integrity -Authorization -Advanced persistent threat -Non-repudiation
non-repudiation
A static NAT uses a
one-to-one mapping
The command to manually stop the Maria DB service in Linux is
systemctl mariadb stop
