ITSY test 3 review

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?

800

Which Intstitute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs?

802.11

-Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

Alice public key

When malware close performance, which of the following tenets of information system security is impacted?

Availability

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a web page when they connect to the network. What technology should she deploy?

Captive portal

Which information security objective allows trusted entities to endorse information?

Certification

Why do hackers often send zipped and encrypted files and attachments?

They cannot be opened by antivirus software and so they will often reach the recipient.

A ______________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door", allowing additional hack tools and access to the system.

Trojan

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan Horse

The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.

True

When the key is successfully created, which of the following options lets you store your certificate on a public Internet server?

Upload to certificate

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?

VPN concentrator

The ___________ is a quarantine area where all removed files, virus infected or suspicious files are stored until you take action on them.

Virus Vault

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

Vlan- virtual LAN

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?

Whitelisting

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

The __________ is a personal firewall that filters incoming and outgoing traffic by blocking unauthorized traffic to the local computer.

Windows Firewall with Advanced Security

Each time a key pair is created, Kleopatra generates:

back up

Some of the more important _________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management.

host-based security measures

In a ___________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen.

non-persistent cross-site scripting

Database developers and administrators are responsible for:

nsuring regular backups of the database are performed.

No production web application, whether it resides inside or outside the firewall, should be implemented without:

penetration testing and security hardening.

In a _____________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server.

persistent cross-site scripting

Users often complain that _____________ make their systems "slow" and hard to use.

security measures

What protocol is responsible for assigning IP addresses to hosts on most networks?

DHCP- dynamic host configuration

The main principle of ____________ is to build layers of redundant and complementary security tools, policies, controls and practices around the organization's information and assets.

Defense in depth

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Hash

Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out?

IEEE 802.3

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?

ISO 27002

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Integrity

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?

International Organization for Standardization (ISO)

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?

Internet Control Message Protocol (ICMP)

What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?"

National Institute of Standard and Technology (NIST)

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

Nmap

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

Non repudiation

Web application firewalls, security information and event management systems, access controls, network security monitoring and change controls help to keep the "soft center" from becoming an easy target when the ________ fails.

Perimeter

Which approach to cryptography provides the strongest theoretical protection?

Quantum cryptography

What type of malicious software allows an attacker to remotely control a compromised computer?

RAT - remote access tool

What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?

Request for Comment (RFC)

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL Injection

Which of the following allows valid SQL commands to run within a web form?

SQL Injection

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Session hijacking

--The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack too place?

Spear phising

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?

Switch

Which type of virus targets computer hardware and software startup functions?

System infector

Web application developers and software developers are responsible for:

The secure coding and testing of their application

Which type of cipher works by rearranging the characters in a message?

transposition

A salt value is a set of random characters you can combine with an actual input key to create the encryption key.

true

Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input?

Cross-site scripting (XSS)

Which element is NOT a core component of the ISO 27002 standard?

Cryptography

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)


Ensembles d'études connexes

JHS General 3rd Year Book 3.2 Part 1

View Set

Exam 2--Ch 46:Management of Patients With Gastric and Duodenal Disorders

View Set

Urinary system: Lecture final exam

View Set

ECO 1305 - Exam Two (w/ Examples)

View Set

Critical Thinking Final Exam MJC

View Set