IS 305 Midterm (Cronk)
The command-line command to instruct the ping utility to send packets until explicitly told to stop is ping ____.
-t
A list of virus definitions is generally in a file with a ________ extension.
.dat
What is the binary equivalent of the decimal number 240?
11110000
Unshielded twisted-pair cable capable with a specification of 100 MHz/100 Mbps is also called Category ________.
5
The virus/worm that combined email attachments along with a fake virus warning was the __________ virus.
Bagle
Which of the following occurs when a fraudulent buyer submits high bids to discourage other bidders, and then retracts the bids so people they know can get the item at a lower price?
Bid shielding
Which of the following occurs when a con artist lures bidders off legitimate auction sites by claiming to offer the same item at a lower price?
Bid siphoning
Someone who gains access to a system and causes harm is a __________?
Black hat hacker
One defense against denial-of-service attacks is to _______ ICMP packets.
Block
The company involved in an attack by Oleg Zezev from Kazahkstan, in which Zezev accessed computer data and copied personal information for purposes of blackmail was ______.
Bloomberg Inc.
_________ is a block cipher that uses a variable-length key ranging from 32 to 448 bits.
Blowfish
_________ attacks are becoming less common in modern operating systems.
Buffer overflow
If a program writes more information into the computer's memory than the memory was designed to hold, it is a(n) ___________ attack.
Buffer-overflow
If an IP address has the number 192 in the first octet, it is a class _______ address.
C
Which TCP/IP protocol operates on port 53 and translates URLs into Web addresses?
DNS
Data stored in computer systems has a high value because there is a great deal of time and effort that goes into creating an analyzing it and ________________.
Data often has intrinsic value.
In which type of hacking does the user block access from legitimate users without actually accessing the attacked system?
Denial Of Service
Which type of attack attempts to overload the system with requests, denying legitimate users access?
Denial of service
Which of the following is NOT an example of industrial espionage?
Denial-of-service attack
Which of the following is one way to protect yourself against identity theft?
Do not provide personal information to anyone if it is not absolutely necessary.
Someone who uses the Internet to harass, threaten, or intimidate another person is guilty of identity theft.
False
The Health Insurance Portability and Accountability Act of 1996 requires government agencies to identify sensitive systems, conduct computer security training, and develop computer security plans.
False
The IP command-line command to determine the number of hops it takes to get from your computer to its destination is ping.
False
The IP command-line command to determine your computer's IP address, subnet mask, and default gateway is ping.
False
The Patriot Act was the first U.S. law to criminalize theft of commercial trade secrets.
False
The Sasser virus/buffer overflow attack spreads by copying itself to shared drives and emailing itself out to everyone in your address book.
False
The TCP protocol works at the network layer of the OSI model.
False
The first four bytes of the MAC address identify the vendor.
False
The method to attract an intruder to a subsystem setup for the purpose of observing him is called intrusion deterrence.
False
The name you type into a browser's address bar, such as www.microsoft.com, is known as the IP locator.
False
The process to induce you to provide personal information through a website is called cyberstalking.
False
The technique for breaching a system's security by exploiting human nature rather than technology is war-driving.
False
The type of hacking that involves breaking into telephone systems is called sneaking.
False
When fraudulent sellers bid on the seller's items to drive up the price, it is called bid shielding.
False
Mistaking a legitimate program for a virus is a ____________.
False positive
A _________ is a barrier between your network and the outside world.
Firewall
A(n) ______ is a basic security device that filters traffic and is a barrier between a network and the outside world or between a system and other systems.
Firewall
Nmap enables you to set ________ such as -sP, -sS, and -oA.
Flags
Which of these is NOT one of the two basic types of cryptography?
Forward
Which TCP/IP protocol operates on port 80 and displays web pages?
HTTP
Which of these could be considered a course of conduct directed at a specific person that causes substantial emotional distress in such person and serves no legitimate purpose?
Harassment
Windows stores passwords using a method called __________.
Hashing
The virus scanning technique that uses rules to determine if a program behaves like a virus is _________ scanning.
Heuristic
Which device can connect many computers and sends packets out every port?
Hub
_____ theft and _______ fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception.
Identity
______________ is the use of spying techniques to find out key information that is of economic value.
Industrial espionage
Passing structured query language commands to a web application and getting the website to execute it is called SQL script _________.
Injection
The I Love You virus caused harm because ________.
It generated large numbers of emails that bogged down many networks.
The Microsoft Office suite is a tempting target for viruses because ___________.
It is designed so that legitimate programmers can access its internal objects.
The company whose chief executive officer was indicted for copyright infringement of allegedly stealing technology from D-Link, which was one of its own customers, was _________.
None of the above
The virus/worm that specifically targets Linux computers is ________.
None of the above
Which country is described by experts as having the strictest cybercrime laws?
None of the above
The attack in which the attacker sends a packet that is too large and can shut down a target machine is a(n) ________________ attack.
Ping of Death
________ refers to unencrypted text.
Plain text
There are 1,024 well-known ________ that are usually associated with specific services.
Ports
A(n) hides the internal network's IP address and presents a single IP address to the outside world.
Proxy server
With ______________ encryption, one key is used to encrypt a message, and another is used to decrypt the message.
Public key
Which defensive technique involves the server sending a wrong SYN+ACK to the client, so the client sends an RST packet notifying the server of an error? This makes the server think the client request is legitimate.
RST cookies
Which defensive technique involves altering the TCP stack on the server so that it will take less time to timeout when a SYN connection is left incomplete?
Stack tweaking
A(n)___________ firewall examines the entire conversation between client and server, not just individual packets.
Stateful Packet Inspection
Quick Stego and Invisible Secrets are two software tools that can be used for __________.
Steganography
Which device can connect many computers and sends data only out of one port?
Switch
Micro blocks, SYN cookies, RST cookies, and stack tweaking are defenses against ______.
TCP SYN flood attacks
The attack in which the attacker sends a fragmented message that the victim cannot reconstruct is a(n) ________ attack.
Teardrop
A file that stays in memory after it executes is a(n) _____________.
Terminate and Stay Resident program
Why should a cybercrime law be specific?
To prevent defendants from finding loopholes
Which of these is NOT a type of symmetric algorithm?
Transcription
One tool used for a denial-of-service attack is ______________.
Tribal Flood Network
The virus/worm transmitted in a zip file attached to an email with an enticing message is __________.
Troj/Invo-Zip
A program that looks benign but actually has a malicious purpose is a _______.
Trojan horse
"Pump and dump" refers to the process in which a con artist purchases a large amount of a virtually worthless stock, then circulates rumors that inflate the stock's value, and then sells for a profit.
True
Hacking into phone systems is also known as phreaking.
True
Heuristic scanning uses rules to determine whether a file or program behaves like a virus.
True
Identity theft and identity fraud refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception.
True
Industrial espionage is the use of spying techniques to find out key information that is of economic value.
True
Kerberos is an authentication protocol that uses a ticket granting system that sends an encrypted ticket to the user's machine.
True
L2TP uses IPsec for its encryption.
True
MAC addresses are unique addresses for each NIC.
True
Malware is a generic term for software that has a malicious purpose.
True
Malware that executes when a specific criteria is met is a logic bomb.
True
Malware that is portable to all operating systems or platforms is considered web-based code.
True
Microsoft Windows includes BitLocker in some editions, so entire hard drives can be encrypted.
True
No protocols operate at the physical layer of the OSI model.
True
One good practice in a chat room is not to use your real name.
True
One good rule that applies to online investing is "Never invest money that you cannot afford to lose."
True
Ping scanning may be stopped by blocking ICMP packets.
True
Public key encryption is fast becoming the most widely used type of encryption because there are no issues to deal with concerning distribution of keys.
True
Someone who breaks into a system legally to assess security deficiencies is a sneaker.
True
Stack tweaking is a method to alter the TCP stack so that a timeout takes less time when a SYN connection is left incomplete.
True
The Bagle virus contained email attachments and a fake virus warning.
True
The Domain Name Service is what translates human-readable domain names into IP addresses that computers and routers understand.
True
The SANS Institute website is a vast repository of security-related documentation.
True
The category of intrusion detection systems that looks for patterns that don't match those of normal use is called anomaly detection.
True
The group Anonymous is a supporter of Wikileaks founder Julian Assange and launched multiple distributed denial-of-service attacks on various financial companies.
True
The most common method to deliver spyware to a target system is by using a Trojan horse.
True
The most common way for a virus to spread is by reading your email address book and emailing itself to your contacts.
True
The most widely used symmetric key algorithm is Advanced Encryption Standard.
True
The notation used to perform variable-length subnet masking for IP addresses is CIDR.
True
The ping -l option changes the size of the packet you can send.
True
The session layer of the OSI model provides the mechanism to manage the dialogue between end-user application processes.
True
VI (value of information) = C (cost to produce) + VG (value gained).
True
When an administrator proactively seeks out intelligence on potential threats or groups, this is called infiltration.
True
Windows passwords are stored in a hash file in one of the system diretories.
True
One way to protect yourself on auction sites is _____________.
Use a separate credit card with a low limit.
Black hat hackers are also known as script kiddies.
False
Checking an organization's websites is a form of active scanning.
False
Crafting email and websites to specifically target certain victims is called dive bombing.
False
Firefox is an example of a phishing site.
False
Funcrypt is a free tool that can be used to encrypt drives, folders, or partitions.
False
Hiding a message in images is an example of stenography.
False
IPsec can only encrypt the packet data but not the header information.
False
In a virus attack, the victim machine is the source.
False
Linux and Windows typically are not shipped with firewalls.
False
NMAP is a popular hacking tool.
False
NetBIOS is an example of a port scanner.
False
PGP involves only private key encryption.
False
SYN cookies are a form of attack.
False
Sending a forged email asking for sensitive data is an example of steganography.
False
Sid2User, UserInfo, and UserDump are examples of password cracking tools.
False
Snort is an open-source firewall.
False
Software that lays dormant until some specific condition is met is a Trojan horse.
False
One classic denial-of-service attack distributed by email was _____________.
myDoom
Which of the following is an operation used on binary numbers not found in normal math?
AND
A(n) ___________is a mathematical process for doing something.
Algorithm
The process to list assets that you believe support your organization is called ________.
Asset identification
Which of these is the process to determine if the credentials given by a user or another system are authorized to access the network resource in question?
Authentication
Which one of these is NOT one the three pillars of security in the CIA triangle?
Authentication
If an IP address has the number 191 in the first octet, it is a class ______ address.
B
Auditing is the process to determine if a user's credentials are authorized to access a network resource.
False
Using the __________ cipher you choose some number by which to shift each letter of a text.
Caesar
__________refers to encrypted text.
Cipher text
Which of these was the first computer incident-response team?
Computer Emergency Response Team
The most reliable Nmap scan is ____________ scan.
Connect
A file on your computer that websites use to store information about you is a _________.
Cookie
A black hat hacker is also called a ___________
Cracker
When an attacker injects client-side scripts into web pages viewed by other users so that those users interact with it, it is an example of _________.
Cross-site scripting
__________ is the art to write in or decipher secret code.
Cryptography
Which of the following involves using the Internet to harass, threaten, or intimidate another person?
Cyberstalking
To create a domain admin account, the user must be a member of the __________ group.
Domain admins
Java and ActiveX codes should be scanned before they are _________.
Downloaded to your computer
In which firewall configuration is the firewall running on a server with at least two network interfaces?
Dual-homed host
______________ is the process to scramble a message or other information so that it cannot be easily read.
Encryption
___________ is the process to find out what is on a target system.
Enumeration
For security reasons, when an employee leaves a company, you should conduct a(n) ________ interview.
Exit
Which of these is a repository for detailed information on virus outbreaks?
F-Secure
Which TCP/IP protocol operates on ports 20 and 21 and is used for transferring files between computers?
FTP
A screening firewall works in the application layer of the OSI model.
False
A smurf attack is a type of malware attack.
False
A teardrop attack involves sending a forged packet to the victim.
False
An echo-chargen attack occurs when the attacker sends a forged packet with the same source IP address and destination IP address as the target's IP address.
False
An on-demand virus scanner runs in the background and is constantly checking your PC.
False
A(n) ________ refers to the bits that are combined with the plain text to encrypt it.
Key
With asymmetric cryptography a different ______ is used to encrypt the message and to decrypt the message.
Key
The attack in which the attacker sends a forged packet with the same source IP address and destination IP address in which the victim may be tricked into sending messages to and from itself is a(n) _______________ attack.
Land
Giving personnel access to only data that they absolutely need to perform their jobs is referred to as _________.
Least privileges
A firewall ______ is a tool that can provide information after an incident has occurred.
Log
The virus/worm that specifically targets Macintosh computers is ________.
MacDefender
The recommended Internet Explorer privacy setting is _________.
Medium high
The chief executive officer of Oracle defends his practice to hire private investigators to sift through the garbage of which competitor?
Microsoft
The virus/worm that collected email addresses from your address book and from other documents on your machine was the ________ virus.
Mimail
Using the _________ cipher you select multiple numbers by which to shift letters.
Multi-alphabet substitution
In which firewall configuration is the software installed on an existing machine with an exiting operating system?
Network host-based
The most popular port scanner in the hacking and security community is ________.
Nmap
The command-line command _______ 127.0.0.1 -l 65000 -w 0 -t will send multiple large packets to a computer, and when initiated by multiple senders may cause a denial-of-service attack.
None of the above
The command-line command to display all options for the ping command is ping ____.
None of the above
The virus/worm that sends emails to victims telling them to delete a needed system file is the __________ virus.
Nonvirus
When using a chat room, one way to protect yourself from online harassment is ______.
Not to use your real name
An IP address consists of four numbers, separated by dots. Each number is called a(n) _______.
Octet
_________ is a popular tool for cracking Windows passwords.
OphCrack
A packet-filtering firewall is a(n) ____________ firewall.
Packet Filtering
Scanning bulletin boards, making phony phone calls, and visiting websites by a hacker are examples of _________.
Passive scanning
Testing an organization's security is known as ________ testing.
Penetration
Someone who legally breaks into a system to assess security deficiencies is a ________.
Penetration tester
Which of the following is the process to try to induce someone to provide you with personal information?
Phishing
Hacking into phone systems is called ___________.
Phreaking
The IP utility used to test connectivity with a remote host is _______.
Ping
First-party cookies are the less likely to violate user privacy than third party cookies.
True
Which device is used to boost a signal?
Repeater
Which device can relay packets from one network to another and is usually programmable?
Router
Which of these is a repository of security-related documentation and also sponsors a number of security research projects?
SANS Institute
Which TCP/IP protocol operates on port 25 and sends email?
SMTP
With a(n) _________ scan, if the port is closed, the response is an RST. If the port is open, the response is a SYN/ACK.
SYN
The virus scanning technique that means you have a separate area isolated from the operating system in which a file is run, so it won't infect the system is ________.
Sandbox
The net command can be included in a ________ that will create a domain admin account.
Script
Some who performs a cyberattack without actually understanding it is a _______.
Script kiddie
Someone who calls himself a hacker but lacks the expertise is a ________.
Script kiddy
Which type of hacking occurs when the attacker monitors an authenticated session between the client and the server and takes over that session?
Session hijacking
Which of the following is a type of fraud in which an auction site bidder is actually the seller with a fake identity, who bids high drive up the price?
Shill bidding
Which attack involves sending an ICMP packet to the broadcast address so that it is then sent to the spoofed source address, causing the network to perform a DoS attack on one of more of its member servers?
Smurf IP attack
Sending an email that claims to come from a different sender, and asking for sensitive data is an example of ___________.
Social engineering
The most obvious use of ________________involves talking to a targeted employee and getting him to reveal sensitive data.
Social engineering
Cookies and key loggers are examples of ____________.
Spyware
A SQL statement may begin with the word SELECT.
True
A denial-of-service attack is one of the most common attacks on a system.
True
A digital signature is used to guarantee who sent a message. This is referred to as non-repudiation.
True
A firewall can be configured to disallow certain types of incoming traffic that may be attacking.
True
A host is a machine with data on it, to which you can connect.
True
A key logger can be hardware-based of software-based.
True
A rootkit collects user IDs and passwords to other machines on a network, giving the hacker root or privileged access.
True
A server with fake data used to attract an attacker is a honeypot.
True
A stateful packet inspection firewall examines each packet, and denies or permits access based not only on the current packet, but also on data derived from previous packets in the conversation.
True
A virtual private network is a way to use the Internet to create a connection between a remote user and a central location.
True
A virus is any file that can self-replicate.
True
ACK scans and NULL scans work only on UNIX systems.
True
After a virus is on your system, it can do anything a legitimate program can do.
True
Binary numbers are made up of 0s and 1s.
True
Blocking ICMP packets may help prevent denial-of-service attacks.
True
Cipher text is encrypted text.
True
Confidentiality, integrity, and availability are three pillars of the CIA triangle.
True
Employees with access to any sensitive information should be asked to sign nondisclosure agreements.
True
Experts consider Romania the country with the strictest cybercrime laws.
True
The most common way for a virus to spread is by __________.
Use of your email contacts
Your company is instituting a new security awareness program. You are responsible for educating end users on a variety of threats, including social engineering. Which of the following best defines social engineering?
Using people skills to obtain proprietary information
VI (value of information) = C (cost to produce) + ___________.
VG (value gained)
Any file that can self-replicate is a ________.
Virus
McAfee and Norton are examples of ________.
Virus scanners
The virus/worm that attempts to copy itself to C:\WINDOWS\FVProtect.exe is _______.
W32/Netsky-P
Firefox and Internet Explorer are examples of ____________.
Web browsers
Someone who finds a flaw in a system and reports that flaw to the vendor of the system is a __________.
White hat hacker
A program that can propagate without human interference is a _______.
Worm
Typically, when you update virus definitions _____________.
You are updating the virus definition file on your computer