Mid-Term Study Guide
In DNS, what is the maximum number of sub-levels that is allowed
127
From 2011 to 2013, probes and intrusions into computer networks of critical infrastructure in the United States increased by what percentage?
1700
An asymmetric cryptographic digital system uses how many sets of keys?
2
What technology provides processor extensions as a chip-level solutions that allow virtualization to issue privileged x86 instructions VMMs can not virtualize
AMD's AMD-V Intel's Virtualization Technology (VT)
Examples of contactless smart cards (CSC) are,..
Access Control Badges U.S. Electronic Passport VISA, MasterCard, and American Express
The primary types of RFID tags when categorized by power source are,...
Active Passive Battery-assisted passive
What does APT stand for?
Advanced Persistent Threat
Which type of firewall would provision for web and e-mail filtering?
Application Gateway
On Window, an API stands for an,...
Application Programming Interface
For which events was TOR used?
Arab Spring Green Revolution
Shellcode is written in what language, which is passed through an assembler to create the binary machine code that the central processing unit (CPU) can execute.
Assembly Language
Which element of the CIA Triad concerns itself with attacks that try to prevent access to a network
Availbility
One common system level vulnerability and attack that uses computer memory is what type of attack?
Buffer Overflow
Exploit kits such as Death Pack and Neosploit are written in what language(s)
C PHP
Why do attackers use proxies?
Capture Traffic Mask IP Make traffic look legitimate
A trusted third party used to produce digital certificates that explicitly tie an entity to a public key is known as a
Certificate Authority
Which is not a Host-based firewalls solution?
Cisco iptables
PPC has resulted in what type of fraud?
Click Fraud
Which element of the CIA Triad concerns itself with attacks used to gain entry into computer networks to monitor activities
Confidentiality
The most pervasive type of cybercrime is
Credential Crime
Stuxnet required which type of individuals to develop the malware
Cyber Experts Engineers familiar with Siemens equipment Nuclear Physics
The use of digital tools by criminals to steal or otherwise carry out illegal activities is called?
Cybercrime
The global domain within the information environment consisting of the independent network of of information technology infrastructure, including the Internet, telecommunication networks, computers systems and embedded processors and controllers is
Cyberspace
Which type of attack is based on the principle that responding to incoming queries or request consume computer resources and network bandwidth?
DOS
Which is an example of loss of data availability? (select all that apply)
DOS Attack DDOS Attack
The National Research Council defined cyber attacks as which of the following
Deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or information
The impact of a successful SQL injection attack can include which of the following
Destruction of the entire database Sensitive Data Leakage Website Defacement
Antivirus vendors can not detect a modification to the firewall settings of Windows Firewall
False
Attacker proxies never handle or use the User Datagram Protocol (UDP).
False
Block ciphers are less common in symmetric encryption algorithms
False
Competitors cannot benefit from click fraud
False
Default passwords are generally not a problem with dealing with network security
False
Digital signatures are easy to steal
False
For information assurance, the concerns for protecting confidentiality only consider the electronic world.
False
In malware, the payload is used to exploit a well known or zero day vulnerability
False
Most Web exploit tools are so very complex and require the operator to perform difficult task to prepare the executable virus for installation.
False
Once the initial exploitation and exfiltration is over, an APT is no longer an concern
False
Paravirtualization does not require modification to the virtual machine's operating system
False
Shellcode IS NOT operating system specific
False
Shellcodes ports well between Linux, UNIX, and Windows platforms
False
The "phone home" phase of an APT attack is very difficult to detect
False
The HTTP protocol can not be used for tunneling because of the limited space for content (or payload) in the request or reply message.
False
There is no "quality assurance" involved in APTs during development
False
Using IDS iodine signatures available for Snort, it is impossible to "hack" tunnels to foil the defenses offered
False
Most smishing attacks target what institution?
Financial
Which is the core protocol for which the Internet "rides on".
HTTP
Asprox used which type of "flux" strategy?
Hydra-Flux
Botnets use which type of communication channel to manage infected machines
IRC
Which organizations provide access to the Internet to the common household?
ISP
Which are valid Windows scheduling priority classes
Idle Below Normal Above Normal High Real-Time
Which element of the CIA Triad concerns itself with attacks used to change data rather than extract information.
Integrity
What does impersonation do when used within a service
It impersonates a client while accessing requested resources on the server
When authentication requires more than one piece of information (factor), we call this,...
Multifactor Authentication
NIAG stands for
National Information Assurance Glossary
What features below describe the operations of a firewall?
Network Devices or Software Separates one trusted network from an untrusted network Uses rule-based filtering of network traffic
The Windows library function to create a process is
NtCreateProcessEx
Which are commercial PHP obfuscation commonly used by Web exploit tool authors
NuSphere's NuCoder Zend Guard
Decentralized botnets use what type of communication to send commands between bots?
P2P
The Internet is a _______ network
Packet-Switched
A unique identifier given to a new process by the system during initiation is
Process Identifier (PID)
RFID stands for,...
Radio Frequency Identification
What two categories do DNS resolvers fall into two categories:
Recursive Non-Recursive
The name RAT used within Shady RAT stands for
Remote Administration Tool
Double-flux involves
Rotating Host IPs Rotating DNS IPs
For an adversary, fast-flux solves which of the following problems
Routing Issues Firewall Filtering Infection Remediation
The TCP port 1080 is used by,...
SOCKS Proxy
Which is an example of loss of data integrity?
SQL Attack
Which is one of the most common tunneling implementations? Researchers cannot help but think of when hearing the word tunneling
Secure Shell (SSH)
Traditional antivirus software relies on what for malware detection?
Signatures
Which best describes APTs
Specific Target Work of a team Combine organization, intelligence, complexity, and patience to develop
Encryption using Exclusive OR (XOR) is what form of encryption?
Symmetric
What technology aids users in evading government surveillance and censorship
TOR
The "control plane" is used for,...
The dynamic sharing of router information
What company hosted the Taliban website that kept a running tally of suicide bombing and other attacks against the US troops in Afghanistan
ThePlanet
Administrators can detect the use of proxies through by which of the following,
Track Configuration Changes Use IDS Use tools like decloak.net
Rogue anti-virus uses what type of malware technique
Trojan
Buffer overflows are a common exploit technique using shellcode as a payload to execute code within the targeted process
True
Click Fraud occurs when an ad network charges an advertiser for a click when there is no opportunity for a legitimate "conversion"
True
Metadata is data about data, information that describes the nature of communication, rather than the content.
True
One technique for detecting Click Fraud is to record IP addresses and only count multiple "clicks" as one "click" when they occur from the same IP within a predetermined time frame, such as 30 minutes
True
PPC is based on the premises that ad publishers get paid by the number of potential customer who click on an ad on the publishers website
True
Performing an XOR operation on the same data twice with the same key will always result in the same ciphertext.
True
Shady RAT was a state-related (sponsored) campaign
True
Shellcode is binary code
True
Software flaws can lead to loss of data integrity
True
The registry key at HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings, entry named "ProxyServer", controls the proxy settings for Internet Explorer.
True
To instruct the PDF viewer to execute the JavaScript code upon opening the file, the malware author must also assign an action to the object
True
To prevent overflow attacks, a program can validate data received for both size and content
True
Web browsers load PDF files automatically, so a malicious PDF file can exploit a user's computer without any interaction once the user visits a malicious website.
True
With virtualization, each virtual machine is capable of running its operating system independent of the other virtual machines running on the same physical machine.
True
Virtualization systems consist of key components
VMM Physical Hardware Virtual Hardware Virtual Operating System Host Operating System
"doxing" is
an attacked focuses on revealing personal information to the public
When an attacker tricks a DNS server into accepting data from a nonauthoritative server and returns them to other resolvers it is called,..
cache poisoning
Exploit tools analyze the referrer HTTP header to determine
if the victim originates from an infected page, avoid sending malicious content to malware researchers who may try to analyze a website
On Linux, to perform a system call, the shellcode issues an
interrupt
Authorization relates to
permissions
A PRNG algorithm is,...
pseudo-random number generation
Which below DOES NOT describes when a binary executable becomes an actual program.
the OS reserves all resource required by the executable
An access control lists describes
the access that identities may request when accessing the token.
In PPC, an "Impression" is
the number of times a viewer sees an ad