IT 230
SDLC is an acronym for Security Development Life Cycle
False
A MAC flood is when a person accesses a single port of a switch that was not physically secured.
False - A MAC flood is when numerous packets are sent to a switch, each with a different source MAC address, in an attempt to use up all the memory on the switch.
To protect against malicious attacks, what should you think like? a. Script Kiddie b. Hacker c. Network administrator d. Auditor
Hacker
Of the following, which is a collection of a server that was set up to attract attackers? a. Honeypot b. Honeynet c. VLAN d. DMZ
Honeynet
When you are developing a security plan which one of the following is an example of a physical control? a. Encryption b. DRP c. Password d. ID Card
ID Card
Where would a NIDS sit on a network? a. on the DMZ b. Back to Back c. on the extranet d. Inline
Inline - A NIDS normally sits inline on the network. It could be before or after the firewall but more commonly is on the side closer to the Internet.
What does the "I" stand for in CIA? a. Integrity b. Information c. Individual d. Insurrection
Integrity
Which of the following devices would detect but not read to suspicious behavior on the network ?
NIDS
Which of the following is an inline device that checks all packets? a. Network intrusion detection systemTrue b. Statistical anomaly c. Host-based intrusion detection systemFalse d.Personal software firewall
Network intrusion detection system - A network intrusion detection system (NIDS) is an inline device that checks all the packets that flow through it. It is meant to detect attacks and intrusions for the entire network
When can you declare that a system is completely secure?
Never
Avi sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Avi did indeed send the e-mails? a. Read receipt b. Integrity c. Non-Repudiation d. Authenticity e. Confidentiality
Non-Repudiation
Which of the following individuals uses code with little knowledge of how it works? a. Insider b. Hacktivist c. Script Kiddie d. APT
Script Kiddie
By checking the CVEs, you can keep informed of the latest attacks on web servers.
True
Full device encryption is one way of protecting a mobile device's data if the device is stolen.
True
Honeynets are one or more computers or servers used to counteract attempts at unauthorized aces to a network.
True
Port 88 is used by Kerberos.
True
Subnetting increases security by compartmentalizing a network.
True
When a group of compromised systems attack a single target, causing a DoS to occur at that host
True
Flashing is a term that describes the updating of the BIOS.
True - Flashing is a term that describes the updating of the BIOS.
In the case of theft, the two best ways to protect against the loss of confidential or sensitive information are encryption and a remote wipe program.
True - In the case of theft, encryption and a remote wipe program are the two best ways to protect against the loss of confidential or sensitive information.
NAT is something also known as IP masquerading
True - NAT, which stands for networks address translation is sometimes also known as IP masquerading.
Personal firewalls are applications that protect an individual computer from unwanted Internet traffic
True - Personal firewalls are applications that protect an individual computer from unwanted Internet traffic. They do so by way of a set of rules and policies.
Storage DLP systems are typically installed in data centers or server rooms as software that inspects data at rest.
True - Personal firewalls are applications that protect an individual computer from unwanted Internet traffic. They do so by way of a set of rules and policies.
A DMZ is a special area of the network accessed by clients of the Internet.
True - The DMZ might include servers such as FTP, e-mail, and web that are accessible to people on the Internet, without enabling those people access t the LAN.
Network access control (NAC) sets rules by which network connection are governed.ork
True - helps control your network in a secure fashion by setting rules by which connections to the network are governed. Example: 802.1X
Input validation is a process that ensures that correct usage of data.
True - if data is not validated correctly, it can lead to security vulnerabilities and data corruption. Input validation ensures the correct usage of data.
What two locations can be a target for DNS poisoning? (Choose all that apply.) a. local database table b. external DNS server c. directory server d. local host table
external DNS server and local host table
Which type of attack below is similar to a passive man-in-the-middle attack? a. buffer overflow b. replay c. denial d. hijacking
replay
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer? a. DNS Poisoning b. denial of service c. IP spoofing d. smurf attack
smurf attack
What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks? a. ARP poisoning b. DNS poisoning c. man-in-the-middle d. denial of service
ARP poisoning
ARP poisoning
An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination.
Which of the following does the A in CIA stand for when it comes to IT security? (Select the best answer.) a. Auditing b. Assessemt c. Accountability d. Availability
Availability
In information security, what are the three main goals?
Availability Confidentiality Integrity
Which one of the following is placed in an application by programmers either knowingly or inadvertently to bypass normal authentication a. Backdoor b. Virus c. Input validation d. Sandbox
Backdoor
Which of the following best describes IPS? a. A system that stops attacks in progress b. A system that identifies attacks c. A system that is designed to attract and trap attackers d. A system that logs attacks for later analysis
Both: a. A System that stops attacks in progress. d. A system that logs attacks for later analysis
Which of the following ways can help secure a modem? (select the two best answers) a. Use Telnet b. Mount the modem to the floor c. Use strong passwords d. Use the callback feature
Both: c. Use strong passwords d. Use the callback feature
Which of the following should you include as general browser security practices? a. Train your users b. Use a proxy server c. Use multiple web browsers d. Use the latest browser
Both: a. Train your users b. Use a proxy server
A proxy server acts as a go-between for the clients on the network and the internet
False
Replay attack
A network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
Where are MAC addresses stored for future reference?
ARP cache
Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? a. Availability of virtual machines b. Confidentiality of data c. Integrity of data d. Hardware integrity
Confidentiality of data
Which one of the following posses the greatest risk when it comes to removable storage? a. Integrity of data b. Confidentiality of data c. Availability of data d. Accountability of data
Confidentiality of data
Which of the following is used to house FTP servers, mail servers, and web servers so that people on the internet can access them but cannot access any other of the organizations servers? a. Subnet b. VLAN c. Intranet d. DMZ
DMZ
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:
DNS
Which of the following is not an example of good cloud security? a. 2FA b. Powerful authentication methods c. Eight-character passwords d. Strong data access policies
Eight-character passwords
A NIDS can inspect traffic and possibly remove, detain, or redirect malicious traffic and react to it.
False - A NIDS attempts to detect malicious network activities by monitoring network traffic and alerts the administrator in the case that it finds any. > NIPS on the other can inspect traffic and possibly remove, detain, or redirect malicious traffic and react to it.
Bluejacking is the unauthorized access of information from a wireless device through a Bluetooth connection.
False - Bluejacking is the sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones. Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection.
AN IP proxy serves client requests by caching HTTP information
False - IP proxies secure networks by keeping the machines behind them anonymous
Botnets do not affect mobile devices.
False - Mobile devices can be part of botnets—just like desktop computers.
An intranet enables multiple companies to access a secure area of a company's network.
False - an Intranet is usually for remote employees of an organization. Multiple or partner companies would usually connect to an extranet.
An example of a Windows firewall is iptables.
False - iptables is a firewall used in Linux systems, not Windows systems.
Which of the following occurs when an IDS identifies legitimate activity as something malicious? a. False negative b. Statistical anomaly c. False positive
False Positive
Which one should be your primary defense in the Network? a. Protocol Analyzer b. Proxy server c. NIPS d. Firewall
Firewall
Which tool would you use if you want to view the contents of a packet? a. Protocol Analyzer b. Port Server c. Loopback Adapter d. TDR
Protocol Analyzer - has the capability to "drill" down through a packet and show the contents of that packet as they correspond to the OSI model.
Which of the following is not a denial-of-service attack? a. Smurf Attack b. Fork Bomb c. Teardrop Attack d. replay Attack
Replay attack - is a network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. It is not within the realm of denial-of-service attacks. All the other answers are types of denial-of-service attacks.
DNS poisoning
The modification of name resolution information that should be in a DNS server's cache.
Black-box testing uses testers with no advanced knowledge of the system.
True
Spoofing
When an attacker masquerades as a another person by falsifying information
Which of the following is NOT a common safeguard for Microsoft Excel? a. Use encryption b. Setting macro security levels c. Using a digital certificate d. Using password protection
c. Using a digital certificate