Network Security Exam 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The most popular public key encryption cipher is ________.

RSA

Which of the following is not a signaling protocol?

RTP

Which comes third in a VoIP packet?

RTP header

In addition to deauthenticate messages, an attacker could flood wireless clients with ________.

RTS, CTS

________ is a good option if an attack is aimed at a single server because it keeps transmission lines at least partially open for other communication.

Rate limiting

RTP stands for ________.

Real Time Protocol

________ are prescriptive statements about what companies should do and are put together by trade associations and government agencies.

Recommended practices

Which of the following is a benefit of using a central authentication server in 802.1X?

Reduced cost, Consistency in authentication,Immediacy in access control changes

With RAID 1, the following is achieved ________.

Redundancy

Which types of VPNs use VPN gateways?

Remote access VPNs

Which of the following is not one of the three elements in the fraud and abuse triangle?

Resistance

________ means implementing no countermeasures and absorbing any damages that occur.

Risk acceptance

________ means responding to risk by not taking a risky action.

Risk avoidance

Which of the following is a way of responding to risk with active countermeasures?

Risk reduction

________ means responding to risk by taking out insurance.

Risk transference

Which type of program can hide itself from normal inspection and detection?

Rootkit

To get to the super user account in Windows, the administrator can use the ________ command.

RunAs

What e-mail standard provides end-to-end security?

S/MIME

Which of the following uses a PKI?

S/MIME

________ offers no security at all.

SNMP V1

________ introduced community strings for security, in which a shared secret was used to authenticate messages.

SNMP V2

Spam over VoIP is called ________.

SPIT

The attack method used in the Sony data breaches was

SQL injection

In a(n) ________ attack, the user enters part of a database query instead of giving the expected input.

SQL injection attack

When you make a purchase over the Internet, your sensitive traffic is almost always protected by ________ VPN transmission.

SSL/TLS

A(n) ________ attack requires a victim host to prepare for many connections, using up resources until the computer can no longer serve legitimate users.

SYN Flooding

A ________ attack is when a victim is flooded with SYN packets in an attempt to make many half-open TCP connections.

SYN flood

________ is the destruction of hardware, software, or data.

Sabotage

Under what Internet Options tabs are general security settings for websites controlled?

Security

________ are sets of specific actions to be taken to harden all hosts of a particular type and of particular versions within each type.

Security baselines

________ occurs when companies believe they have good security because they are using proprietary ciphers that hackers do not know.

Security through obscurity

________ allows for very recent file changes to be restored.

Shadowing

________ detection looks for specific patterns in the network traffic to identify a threat.

Signature

________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers.

Skype

Which of the following statements accurately describes Skype?

Skype's proprietary software and protocols have not been publicly studied and approved.

________ is an example of PII.

Social Security number

________ attacks take advantage of flawed human judgment by convincing the victim to take actions that are counter to security policies.

Social engineering

________ is the process of obscuring an attackers source IP address.

Spoofing

________ are mandatory.

Standards

________ is/are effective method(s) to preventing ARP poisoning attacks.

Static tables,Limiting local access

Another name for RAID 0 is ________.

Striping

________ ciphers leave letters in their original positions.

Substitution

Which of the following gives the best estimate of the complete cost of a compromise?

TCI

"Death of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is impossible.

TRUE

18 U.S.C. § 1030 prohibits hacking.

TRUE

802.11i offers strong security.

TRUE

A CSIRT should include members from the public relations department.

TRUE

A DoS attack makes a server or network unavailable by flooding it with attack packets.

TRUE

A Microsoft Windows Service Pack is a group of vulnerability fixes and sometimes functionality improvements.

TRUE

A Trojan horse is a program that hides itself by deleting a system file and taking on the system file's name.

TRUE

A border firewall sits at the boundary between the corporate site and the external Internet.

TRUE

A company should consider list of possible remediation plans as an investment portfolio.

TRUE

A connection opening is a state.

TRUE

It is easier to create appropriate ACL rules for server host firewalls than for border firewalls.

TRUE

It is easier to punish employees than to prosecute outside attackers.

TRUE

It is getting easier for attackers to bypass the border firewall.

TRUE

It is mandatory for decision makers to consider guidelines.

TRUE

It is very important for testers to get permission before running a password cracking program on their company's computers to check for weak passwords even if such testing is in their job definitions.

TRUE

LINUX commonly uses the rpm method to download patches.

TRUE

Magnetic tape can store large amounts of data at the lowest cost per bit of any backup medium.

TRUE

Many compliance regimes require firms to adopt specific formal governance framework to drive security planning and operational management.

TRUE

Many firms prioritize patches because the cost of installing all patches it too high.

TRUE

Mesh backup is where client PCs in an organization back up each other.

TRUE

Misappropriation of assets is an example of employee financial theft.

TRUE

Mobile code usually is contained in webpages.

TRUE

A direct attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer.

TRUE

A down side of spam filtering is the deletion of some legitimate messages.

TRUE

A firewall does note set aside resources for a connection when a SYN segment arrives, so handling a large number of false SYN segments is only a small burden.

TRUE

A remote access VPN typically gives users access to multiple resources within a site.

TRUE

A router can be a NIDS.

TRUE

A socket designates a specific program designated by a port number on a specific computer's IP address.

TRUE

A specific distribution of UNIX comes with multiple user interfaces.

TRUE

A state is a distinct phase in a connection between two applications.

TRUE

A system using an array of drives increases reliability.

TRUE

ARP is used to resolve 32-bit IP addresses into 48-bit local MAC addresses.

TRUE

Accepting cookies is necessary to use many websites.

TRUE

After access is granted to a network, many NACs continue to monitor network PCs.

TRUE

After performing a preliminary security assessment, a company should develop a remediation plan for EVERY security gap identified.

TRUE

An IDS provides query and reporting tools to help administrators analyze the data interactively during and after an incident.

TRUE

An application proxy firewall needs have multiple proxy programs if it is to filter multiple application protocols.

TRUE

Another name for data is raw facts.

TRUE

Antivirus protections may be deliberately turned off by users.

TRUE

Application proxy firewalls can always examine application layer content.

TRUE

Attackers cannot use IP address spoofing in port scanning attack packets.

TRUE

Attackers frequently create exploits within hours or days after a fix is released by a vendor.

TRUE

Attacks other than application level attacks usually fail to get through SPI firewalls.

TRUE

Backed-up data must be physically stored on something.

TRUE

Backing up data to a second hard drive on a computer is more expensive than backup onto to magnetic tape.

TRUE

Backup media should be encrypted.

TRUE

Bandwidth limitation for certain types of traffic is less risky than dropping packets.

TRUE

Baselines are used to go beyond default installation configurations for high-value targets.

TRUE

Blind SQL injection uses a series of SQL statements that produce different responses based on true/false questions, or timed responses.

TRUE

Both TCP and UDP can be used by an application .

TRUE

Botnets usually have multiple owners over time.

TRUE

By giving unauthorized users access to a local WLAN means that they are on the local network.

TRUE

CDP requires expensive high-speed transmission link between the sites.

TRUE

CTS frames tell other clients that you have received a RTS frame.

TRUE

Centralized firewall management systems automatically create ACLs from policies.

TRUE

Changing the default listening port is an effective way of discouraging attackers from accessing the database.

TRUE

Companies are responsible for filtering sexually or racially harassing messages and can be sued for not doing so.

TRUE

Companies create codes of ethics in order to make ethical decision making more predictable.

TRUE

Cookies can used to track users at a website.

TRUE

DES uses block encryption.

TRUE

DRM restricts what people can do with sensitive material.

TRUE

DRM usually is difficult to enforce.

TRUE

Data is the principal element of any information system.

TRUE

Detective countermeasures identify when a threat is attacking and especially when it is succeeding.

TRUE

Different UNIX versions have different security methods.

TRUE

Different honest people can make different ethical decisions in a given situation.

TRUE

DoS attacks against VoIP can be successful even if they increase latency only slightly.

TRUE

Downloading pornography can lead to sexual harassment lawsuits.

TRUE

Each network interface card (NIC) has a media access control address (MAC).

TRUE

Employees often have extensive knowledge of systems and can pose a greater risk than external attackers.

TRUE

Employees pose an increased risk to organizations as they ofter have access to sensitive parts of systems.

TRUE

Employees usually must rationalize bad behavior.

TRUE

Encryption is usually fully transparent to the PC user.

TRUE

False positives are legitimate activities that are flagged as suspicious.

TRUE

Money mules transfer stolen money for criminals and take a small percentage for themselves.

TRUE

Most CAs are not regulated.

TRUE

Most countermeasure controls are preventative controls.

TRUE

Most databases are relational databases.

TRUE

Most message-by-message authentication methods provide message integrity as a by-products.

TRUE

Most traditional external hackers do not cause extensive damage or commit theft for money.

TRUE

NAT adds latency to VoIP packets.

TRUE

Nearly all encryption for confidentiality uses symmetric key encryption ciphers.

TRUE

Federal jurisdiction typically does not extend to computer crimes that are committed entirely within a state and that do not have a bearing on interstate commerce.

TRUE

Firewall appliances need little or no hardening before they are installed.

TRUE

Firewall port openings are required for SIP/H.323 messages.

TRUE

Flooding the frequency of a wireless network is one method attackers use to affect the network.

TRUE

Focusing electronic attacks on specific high-value targets is known as whaling.

TRUE

For message-by-message authentication, each message must contain an electronic signature.

TRUE

From a legal standpoint, loss of encrypted data comes with negligible risk from the loss private information.

TRUE

H.323 uses Ports 1719 and 1720

TRUE

Half-open TCP SYN attacks can be stopped by many border firewalls.

TRUE

Having a permanent business continuity staff is necessary.

TRUE

If a hacker takes over an application program, he or she receives the permissions with which the program runs.

TRUE

In 802.11i, EAP outer authentication takes place before inner authentication.

TRUE

Nearly all wireless access points can support 802.11i.

TRUE

Nonmobile malware can be on webpages that users download.

TRUE

On a compromised computer, if you mistype the name of a URL, you may be taken to a malicious website even if you set your browser security to high.

TRUE

Once established, botnets can be leased to other criminals for DoS attacks.

TRUE

One of the most often overlooked mechanisms used to reduce data loss is employee training.

TRUE

One problem with ARP requests and replies is that they do not require authentication of verification.

TRUE

Only an expert witness is allowed to interpret facts for juries.

TRUE

Operating system account passwords provide limited protection.

TRUE

PEAP is a popular extended EAP protocol.

TRUE

Password hashes are created when a password is passed from a user to a hashing function.

TRUE

In Windows, a user's effective permissions are all those inherited from its parent directory plus any specifically allowed permission, minus those denied.

TRUE

In a P2P attack, there is a change in traffic pattern but the overall volume of traffic is the same.

TRUE

In a SQL injection attack, attackers may use lookup commands to obtain unauthorized information.

TRUE

In a firewall policy database, the source field and destination field are fairly explanatory.

TRUE

In a man-in-the-middle attack, an evil twin sends own attacks, impersonating the victim.

TRUE

In a reflected DoS attack, attackers send spoofed requests to legitimate servers. The servers then send all responses to the victim.

TRUE

In a replay attack, the attacker cannot read the contents of the replayed message.

TRUE

In benefits, costs and benefits are expressed on a per-year basis.

TRUE

In fraud, the attacker deceives the victim into doing something against the victim's financial self-interest.

TRUE

In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet arrives that attempts to open a connection.

TRUE

In ingress filtering, the firewall examines packets entering the network from the outside, typically from the Internet.

TRUE

In normal ARP traffic, every host can make ARP requests.

TRUE

In normal ARP traffic, generally an attacker on the same network cannot see traffic between two hosts.

TRUE

In pretexting, an attacker calls claiming to be a certain person in order to ask for private information about that person.

TRUE

In relational database, a row is the same as a tuple or record.

TRUE

In response to a chain of attack, victims can often trace the attack back to the final attack computer.

TRUE

In the long term, backup media should be stored at a different site.

TRUE

Incident response is defined as reacting to incidents according to plan.

TRUE

Incremental and full backups must be restored in the order in which they were created.

TRUE

Incremental backups are usually discarded after the next full backup.

TRUE

Ingress ACL rules typically permit a specific type of externally originated connection to network resources.

TRUE

Interactive log file analysis can filter out irrelevant entries.

TRUE

Internal corporate attackers often have a history of overt unacceptable behavior.

TRUE

It generally is a good idea from a security point of view to upgrade to a new version of an operating system.

TRUE

It is OK for a verifier to receive digital certificates from the sender.

TRUE

It is better to have an ACL that permits access to a single internal webserver than one that allows access to all internal webservers.

TRUE

Placing IT auditing in an existing auditing department would give independence from IT security.

TRUE

Pre-shared key mode was created for homes and small businesses with a single access point.

TRUE

Preventative countermeasures keep attacks from succeeding.

TRUE

Properly hardened hosts and securely coded applications can help protect data while it is processed.

TRUE

RTS frames tell other wireless clients that you want to transmit for a given amount of time.

TRUE

Rainbow tables contain lists of pre-computed password hashes that are indexed to expedite the password cracking process.

TRUE

Rehearsing IT disaster recovery procedures is essential to improve response speed and accuracy.

TRUE

Restoration from backup tapes is one way to move files to the backup site.

TRUE

Retaining data can create negative consequences.

TRUE

Rogue access points are unauthorized access points set up by individuals or departments.

TRUE

SPI filtering for packets that are part of ongoing communications is usually simple.

TRUE

SPI firewalls can handle both ICMP and UDP.

TRUE

SYN-ACK can be best described as the second part of a three-way TCP handshake sent in response to a SYN.

TRUE

Sanitation can protect against SQL injection attacks.

TRUE

Security metrics allow a company to know if it is improving in its implementation of policies.

TRUE

Security professionals should minimize burdens on functional departments.

TRUE

Security tends to impede functionality.

TRUE

Senior officers often have an additional code of ethics.

TRUE

Shredding is the best approach to destroying media.

TRUE

Similar to a direct attack, an indirect attack occurs when an attacker spoofs his/her IP address.

TRUE

Since Windows Server 2003, servers can be programmed to check for updates automatically

TRUE

Site-to-site VPNs typically decrypt messages when they arrive from the outside.

TRUE

Skype can decrypt and read user traffic.

TRUE

Skype's file transfer generally does not work with antivirus programs.

TRUE

Some writers prefer to turn off SSID broadcasting.

TRUE

Spammers are one reason that some companies have outsourced e-mail filtering.

TRUE

Stealing the password file from a computer is safer than attempting to log in remotely.

TRUE

Strong security can be an enabler, allowing a company to do things it could not do otherwise.

TRUE

Symmetric session key exchange can be done with public key encryption.

TRUE

Systems administrators generally do not manage the network.

TRUE

The 802.11 standards were developed by the IEEE 802.11 Working Group.

TRUE

The FTC can act against companies that fail to take reasonable precautions to protect privacy information.

TRUE

The act of taking over a super user account is called hacking root.

TRUE

The combination of high safety and low cost makes SPI firewalls extremely popular.

TRUE

The definition of hacking is "intentionally accessing a computer resource without authorization or in excess of authorization."

TRUE

The definition of spam is "unsolicited commercial e-mail."

TRUE

The factors that require a firm to change its security planning, protection, and response are called driving forces.

TRUE

The firewall should go through vulnerability testing after each change.

TRUE

The first task in establishing a cryptographic system is selecting a cryptographic system standard for the dialogue.

TRUE

The first task in security is to understand the environment to be protected.

TRUE

The goal of IT security is reasonable risk reduction.

TRUE

The growing number of compliance laws and regulations is driving firms to use formal governance frameworks to guide their security processes.

TRUE

The hash size in SHA-1 is 160 bits.

TRUE

The most common form of deletion in Windows-based systems is nominal deletion.

TRUE

The most popular public key cipher is RSA.

TRUE

The person the supplicant claims to be is the true party.

TRUE

The term sanitizing has lost its distinct meaning as special laboratory methods become ineffective.

TRUE

There is a legitimate reason for systems administrators to crack user passwords.

TRUE

Threat environment consists of the types of attackers and attacks that companies face.

TRUE

To take advantage of user typing errors, attackers register site names that are similar to those of legitimate domain names.

TRUE

To use an access point, you must know its SSID.

TRUE

Trade secret theft can occur through interception, hacking, and other traditional cybercrimes.

TRUE

Traditionally, Ethernet LANs offered no access security.

TRUE

Traffic in a honeypot usually indicates an attack.

TRUE

Training users what not to put into e-mail messages is the most effective method of avoiding problems during the legal discovery process.

TRUE

Typically, having enough shadow backup space for a few days is sufficient.

TRUE

Under current U.S. federal laws, if a company allows personal information to be stolen, it may be subject to government fines.

TRUE

Users usually must click on malicious links in order to execute them.

TRUE

Using a secure cryptographic system can prevent attacks while data is being processed.

TRUE

Using a secure cryptographic system can prevent attacks while data is being transmitted.

TRUE

Validation can protect against SQL injection attacks.

TRUE

Vulnerability patches can result in a loss of functionality in the patched host.

TRUE

WEP encrypts each frame with a per-frame key that consists of the shared RC4 key plus a 24-bit initialization vector that is different for each frame.

TRUE

WEP mandates shared keys.

TRUE

WEP uses RC4 for fast and therefore cheap encryption.

TRUE

When a computer attempts to connect to a network, NAC queries the PC for information present in the Windows Security Center to determine if all updates are current and AV is working.

TRUE

When a hashing algorithm is applied, the hash will ALWAYS have a fixed length.

TRUE

When companies studied where they stored private information, they found that much of this information was stored inside spreadsheets and word processing documents.

TRUE

When considering penalties for hacking, motivation is irrelevant.

TRUE

When performing trend analysis, decreasing granularity in queries is desirable.

TRUE

When you use your mobile firm to surf the Internet, it is a host.

TRUE

When you wish to create a specific firewall, you should create a security policy for that firewall specifically.

TRUE

Windows GPOs can restrict PCs from changing standard configurations.

TRUE

Wireless IDSs get their data from the company's access points.

TRUE

With Active-X controls, active scripting is enabled by default.

TRUE

With CDP, each location backs up the other in real time.

TRUE

With CDP, the backup site already has the proper equipment, and data and recovery is instantaneous.

TRUE

With image backup, even if the entire hard drive is lost, its content can be restored onto the same machine or a different machine.

TRUE

Writing data to an array of hard drives has several advantages over writing to a single drive.

TRUE

You accidentally find someone's password and use it to get into a system. This is hacking.

TRUE

You can quickly assess the general security posture of your Windows Vista PC by using the status check in the Windows Security Center.

TRUE

You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else's files. You spend just a few minutes looking around. This is hacking.

TRUE

Which of the following is transmitted across a network?

The ciphertext

What is missing from the definition of response as "recovery?"

The phrase "according to plan" must be added to "recovery."

Which of the following are ways that trade secret espionage occur?

Theft through interception, By bribing an employee, None of the above

________ thwart replay attacks by ensuring "freshness" using cutoff values.

Time stamps

In a stack overflow attack, to where does the return address point?

To the beginning of the stack entry's data area

________ ciphers move letters around within a message but characters are not substituted.

Transposition

VoIP traffic and data traffic tend to be segregated from each other on a network for added security.

True.

Precedents can be created by ________.

U.S. Circuit Courts of Appeal.

Which of the following is not one of the three levels of U.S. federal courts?

U.S. State Courts

________ is a family of operating systems that share interoperability at the kernel level.

UNIX

Which of the following is an example of a wireless attack?

Unauthorized network access, Man-in-the-middle attack using an evil twin, Wireless DOS attacks

Which of the following is not one of the three rules for apologies?

Use wording aimed at reducing lawsuits.

________ eliminates the problem of having to re-baseline the system to proper security levels.

Using a disk image

Which version of SNMP allows the manager to have a different shared secret with each agent?

Version 3

Which of the following is not one of the four security levels of incidents?

Virus epidemics

________ are programs that attach themselves to legitimate programs.

Viruses

________ can spread through e-mail attachments.

Viruses, Worms

The original 802.11 core security protocol, ________, was deeply flawed.

WEP

Using a shared initial key is dangerous in ________.

WEP

What was the first core wireless security standard?

WEP

In ________, users authenticate themselves to the access point via the use of a single, shared initial key.

WEP, 802.11i pre-shared key mode, WPA pre-shared key mode

________ security uses the RC4 cipher in encryption for confidentiality and the Temporal Key Integrity Protocol for keying and rekeying.

WPA

The Wi-Fi Alliance calls 802.11i ________.

WPA2

Which of the following are examples of opportunity?

Weak security controls, Insufficient oversight from management, An unlocked safe

________ is a single countermeasure composed of multiple interdependent components in series that require all components to succeed if the countermeasure is to succeed.

Weakest link

Which of the following are examples of social engineering?

Wearing a uniform to give the appearance that you work at a business Gaining unauthorized access by following an authorized individual in to a business

________ allows many different groups to be assigned different permissions.

Windows

Microsoft's server operating system is called ________.

Windows Server

In a(n) ________ attack, information that a user enters is sent back to the user in a webpage.

XSS

To obtain IP addresses through reconnaissance, an attacker can use ________.

a chain of attack computers

An EAP response message may contain ________.

a negative acknowledgement

To satisfy legal retention and other compliance regulations, companies should use ________ in IM.

a relay server

The business continuity team should be headed by ________.

a senior business manager

In regards to network security, ________ is the policy-driven control of access to systems, data, and dialogues.

access control

The ________ collects event data and stores them in log files on the monitoring devices.

agent

Integrated log files are ________ event logs from multiple IDSs.

aggregated

A technical security architecture includes ________.

all of a firm's countermeasures, how countermeasures are organized

To how many accounts and groups can different permissions be applied in Windows?

almost an unlimited number

Restoration of data files from tape ________.

always results in data loss

In a man-in-the-middle attack, ________.

an evil twin must have a stronger signal than the legitimate AP, an evil twin sends own attacks, impersonating the victim

Someone who pretends to be someone else is ________.

an impostor

Zero-day attacks might be stopped by ________ detection.

anomaly

Central security consoles ________.

are dangerous, allow policies to be applied consistently

Companies transmit over the wireless LANs because WLANs ________.

are secure

A Windows systems administrator should use the Administrator account ________.

as little as possible, and only when needed

The first step in developing an IT security plan is to ________.

assess the current state of the company's security

Proving your identity to a communication partner is ________.

authentication

An EAP failure message is sent to the ________.

authenticator

When a new EAP authentication is added, software does not have to be changed on the ________.

authenticator

Updating should be done on client PCs ________.

automatically

Ensuring network ________ means that authorized users have access to information, services, and network resources.

availability

WLAN DoS attacks are designed to affect the ________ of the network.

availability

Firms still choose to use WPA in order to ________.

avoid configuration expenses for access points, avoid configuration expenses for wireless clients

In ________ transfers, the agent waits until it has several minutes or several hours of data and then sends a block of log file data to the manager.

batch

A technical security architecture should be created ________.

before a firm creates individual countermeasures

Countries would engage in cyberwar ________.

before a physical attack, after a physical attack

Mobile computers should be backed up ________.

before being taken off site

SSL/TLS provides security ________.

between the sender and his or her e-mail server

Dropping all future packets from a particular IP address is called ________.

black holing

When a threat succeeds in causing harm to a business, this is called a

breach, compromise, incident

An attacker types more data in a field than the programmer expected. This is a(n) ________ attack.

buffer overflow

The most popular way for hackers to take over hosts today is ________.

by taking over an application

Stealing credit card numbers is also known as ________.

carding

The dominant type of attacker today is the ________.

career criminal

Past judicial precedents constitute ________.

case law

The ultimate goal of a DoS attack is to ________.

cause harm

After gaining wireless access to the private network, the attach can ________.

cause harm to internal clients, steal data,launch external attacks

When a new EAP authentication is added, software has to be changed on the ________.

central authentication server

In FISMA, ________ is done internally by the organization.

certification, accreditation

Both A and B Assigning security measures to groups is ________ than assigning security measures to individuals within groups.

cheaper

A ________ is a mathematical process used in encryption and decryption.

cipher

In SSL/TLS, a ________ is a specific set of security methods and options.

cipher suite

In SSL/TLS, a specific set of protocols that a particular cryptographic system will use to provide protection is called a ________.

cipher suite

Plaintiffs initiate legal proceedings in ________ cases.

civil

The normal standard for deciding a case in ________ trials is a preponderance of the evidence.

civil

Once a company's resources are enumerated, the next step is to ________.

classify them according to sensitivity

The Microsoft Windows Server interface looks like the interface in ________.

client versions of Microsoft Windows

Nonces can be used in ________.

client/server applications

IDS false alarms cause ________.

companies to ignore IDS alerts

In codes, code symbols may represent ________.

complete words, complete phrases, individual letters

Long passwords that use several types of keyboard characters are called ________ passwords.

complex

Public key encryption is ________.

complex, slow,expensive

Audits place special attention on ________.

compliance avoidance

Closing all routes of attack into an organization's system(s) is called ________.

comprehensive security

A(n) ________ is a professional who is trained to collect and evaluate computer evidence in ways that are likely to be admissible in court.

computer forensics expert

Whisker is a popular tool for ________.

conducting vulnerability testing on webservers

In regards to network security, ________ means preventing unauthorized users from gaining information about the network structure, data flowing across the network, network protocols used, or packet header values.

confidentiality

The three common core goals of security are

confidentiality, integrity, and availability

A ________ is a persistent conversation between different programs on different computers.

connection

In COSO, a company's overall control culture is called its ________.

control environment

CobiT focuses on ________.

controlling entire IT function

COSO focuses on ________.

corporate internal and financial controls

Policies should be written by ________.

corporate teams involving people from multiple departments

A benefit of using MSSPs is that they provide ________.

cost savings, independence

Another name for safeguard is

countermeasure

Compliance laws and regulations ________.

create requirements to which security must respond, can be expensive for IT security

Quantum key cracking ________.

creates a major threat to many traditional cryptographic methods

Mens Rea usually is important is ________ trials.

criminal

Prosecutors initiate legal proceedings in ________ cases.

criminal

The normal standard for deciding a case in ________ trials is guilt beyond a reasonable

criminal

Someone who breaks encryption is called a ________.

cryptanalyst

Packaged sets of cryptographic countermeasures for protecting data transmission are ________.

cryptographic systems

A ________ is law dealing with information technology.

cyberlaw

File/directory data backup copies ________.

data

This book focuses on ________.

defense

Using both a firewall and host hardening to protect a host is ________.

defense in depth

Terrorists can use IT to ________.

destroy utilities, finance their terrorism

An IDS is a ________ control.

detective

The purpose(s) of auditing is(are) to ________.

develop opinions on the health of controls

Developers have permissions on the ________.

development server

Attacks in which a user reaches a directory outside of the WWW root directory and its subdirectories is called a(n) ________ attack.

directory traversal

A ________ IDS sends data from many devices at a central management console.

distributed

One of the two characterizations of expert hackers is ________.

dogged persistence

If an IDS cannot process all of the packets it receives, it will ________ packets it cannot process.

drop

If a firewall cannot keep up with traffic volume, it will ________.

drop packets it cannot process

In public key encryption, "signing" is the act of ________.

encrypting the message digest with its own private key

The supplicant creates a digital signature by ________.

encrypting the message digest with its own private key

In order to demonstrate support for security, top management must ________.

ensure that security has an adequate budget, support security when there are conflicts between the needs of security and the needs of other business functions, follow security procedures themselves

SIP Identity protocols ________.

ensure that traffic is authenticated between two companies holding public/private keys

The analysis of multi-event patterns is called ________.

event correlation

SLE times APO gives the ________.

expected annual loss

A(n) ________ is a program that takes advantage of a(n) ________.

exploit, vulnerability

In ________, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.

extortion

The prevention of sensitive information from being sent out of a company is called ________.

extrusion prevention

Stateful packet inspection firewalls are ________.

fairly safe in practice

False alarms in an IDS are known as ________.

false positives

UNIX offers ________ directory and file permissions than (as) Windows.

fewer

In cryptographic systems, the negotiation of security methods and options takes place during the ________ handshaking stage.

first

A botmaster can remotely ________.

fix a bug in the bots, update bots with new functionality

In 802.11i pre-shared key mode, the initial key is generated ________.

from a passphrase

Ensuring appropriate network ________ means preventing attackers from altering the capabilities or operation of the network.

functionality

Rerouting traffic using ARP poisoning is an attack on ________ of a network.

functionality, confidentiality

The key to security being an enabler is ________.

getting it involved early within the project

A digital certificate ________.

gives the subject's public key

A DoS attack that uses TCP flags is called a ________ attack.

half-open

Firms can address the increasing ability of attackers to bypass the border firewalls by ________.

hardening hosts

Disconnection ________.

harms legitimate users

In checking the digital signature, the verifier ________.

hashes the plaintext message with the same algorithm used by the sender to get the message digest

The supplicant creates a message digest by ________.

hashing the plaintext message

Before doing a vulnerability test, a security employee must ensure that ________.

he or she has a specific contract to do a specific test

Having realistic goals for reducing vulnerabilities ________.

helps to focus on the most critical threats

A ________ is a fake network segment with multiple clients and servers.

honeypot

Any device with an IP address is a ________.

host

SSL/TLS was developed for ________ VPNs.

host-to-host

SSL/TLS is used for ________ VPNs.

host-to-host, remote access

SIP identity protocols are common on IP telephones.

identity protocols are common on IP telephones. Answer: TRUE

Regarding retention policies, firms need to ________.

implement strong and clear backup policies

Policies drive ________.

implementation, oversight

The FTC can ________.

impose fines,require annual audits by external auditing firms for many years

In VoIP, encryption may ________.

increase latency

In VoIP, firewalls are a problem because they tend to ________.

increase latency

In ________ filtering, the firewall examines packets entering the network from the outside.

ingress

In ________ filtering, the firewall filters packets when they are leaving the network

ingress

MS-CHAP is used for ________ authentication.

initial

Static packet filtering firewalls are limited to ________.

inspecting packets in isolation from their context

If an attacker breaks into a corporate database and deletes critical files, this is a attack against the ________ security goal.

integrity

IPsec operates at the ________ layer.

internet

Penalties for hacking are ________.

irrelevant of the amount stolen

Quantum key distribution ________.

is a way to deliver enormously long keys to communication partners

In a crisis, human cognition ________.

is degraded

IPsec tunnel mode ________.

is firewall-friendly

Companies transmit over the Internet because the Internet ________.

is inexpensive

Placing security within IT ________.

is likely to give security stronger backing from the IT department

The 56-bit key size ________.

is sufficient for most residential consumer applications

Image backup is attractive because ________.

it requires minimal additional work to restore a fully functioning PC

A ________ is a random string of 40 to 4,000 bits (ones and zeros) used to encrypt messages.

key

Companies address the risk of losing a security key by using ________.

key escrow

If a firewall receives a provable attack packet, the firewall will ________.

log the packet drop the packet

The user reaches a webpage before logging in. This is a(n) ________ attack.

login screen bypass

The ________ is responsible for integrating the information from the multiple agents that run on multiple monitoring devices.

manager

Software vendors typically release ________ patches per product in a typical year.

many

A ________ is a material deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement in the annual or interim financial statements will not be prevented or detected.

material control deficiency

The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial.

mens rea

Digital signatures provide ________.

message authentication, message integrity

HMACs provide the cryptographic protection of ________.

message authentication, message integrity

Digital signatures are used for ________ authentication.

message-by-message

Electronic signatures usually provide ________.

message-by-message authentication, message integrity

WEP typically takes ________ to crack today.

minutes

Code on a webpage that is executed on the client PC is ________.

mobile code

Live tests are ________.

more effective than walkthroughs

Compared to full programming languages, scripts are ________ in what they can do.

more limited

In a URL, ".." (without the quotes) means ________.

move one directory up

When both parties prove their identities to the other, this is called ________.

mutual authentication

Cyberwar consists of computer-based attacks conducted by ________.

national governments

Data destruction is ________.

necessary

For all applications, a basic rule is ________.

never trust user input

In MMCs, the tree pane lists ________.

objects on which actions can be taken

Employees are very dangerous because they

often have access to sensitive parts of the system, are trusted by companies

In 802.11i, ________ authentication always uses SSL/TLS.

outer

A ________ can be used to gather network information or user data.

packet sniffer

A connection between two programs on different computers is represented by its ________.

pair of sockets

In a firm, codes of ethics apply to ________.

part-time employees, senior managers

In a virus, the code that does damage is called the ________.

payload

In a relational database, examples of entities include ________.

persons

You receive an e-mail that seems to come from your bank. Clicking on a link in the message takes you to a website that seems to be your bank's website. However, the website is fake. This is called a ________ attack.

phishing

Following someone through a secure door for access without using an authorized ID card or pass code is called ________.

piggybacking

A ________ is an older attack that uses an illegally large IP packet to crash an operating system.

ping of death

A governance framework specifies how to do ________.

planning, implementation, oversight

A(n) ________ is a statement of what should be done under specific circumstances.

policy

802.11i works in ________ mode.

pre-shared key, enterprise

In an IDS, ________ means that the IDS should report all attacks events and report as few false alarms as possible.

precision

In IM, ________ servers allow two users to locate each other.

presence

The steps required to issue a new employee a password should be specified in a ________.

procedure

A planned series of actions in a corporation is a(n) ________.

process

DML triggers are used to ________.

produce automatic responses if the data of the database has been altered.

DDL triggers are used to ________.

produce automatic responses if the structure of the database has been altered.

The stage of the plan-protect response cycle that consumes the most time is ________.

protection

Firewalls will drop ________.

provable attack packets

HIDSs ________.

provide highly specific information about what happened on a particular host

Evil twin access point attacks are most common in ________.

public hotspots

The sender the uses public key of the recipient in ________.

public key encryption for confidentiality

To be strong, ________ keys need to be longer than ________ keys.

public, symmetric

The cost of ________ LINUX is definitely far less than the cost of commercial operating systems such as Windows.

purchasing

Conducting stings on employees ________.

raises awareness, raises resentment

The most time-consuming part of firewall management is ________.

reading firewall logs

In ________ transfers, each event's data goes to the manager immediately.

real-time

If a company wishes to prosecute people or companies that steal its trade secrets, it must take ________ precautions to protect those trade secrets.

reasonable

Inheritance ________ labor costs in assigning permissions.

reduces

In manual procedures, the segregation of duties ________.

reduces risk

If a PC fails its initial NAC health assessment, it may be ________.

refused access

In IM, all messages pass through a ________ server.

relay

If it can be applied, the least-damaging recovery option is ________.

repair during continuing server operation

Hashing is ________.

repeatable

An attack where an adversary intercepts an encrypted message and transmits it again later is called a ________.

replay attack

Data breach notification laws typically ________.

require companies to notify affected people if sensitive personally identifiable information is stolen or even lost, have caused companies to think more about security

If an attacker takes over a router, he or she will be able to ________.

reroute traffic to cause a local DoS

After wiping/clearing, data is ________.

reusable

An unauthorized access point set up by individuals or departments is called a(n) ________ access point.

rogue

The super user account in UNIX is called ________.

root

Sophisticated attacks often are difficult to identify amid the "noise" of many ________ attacks.

script kiddie

Successful attacks are commonly called ________.

security incidents

To check a certificate's revocation status, the verifier can ________.

send an OCSP message to the CA

The decision to let an attack continue should be made by ________.

senior business executives

RTP adds ________ to UDP.

sequence numbers

There is(are) ________ NAT traversal method(s).

several

The process of keeping a backup copy of each file being worked on by backing it up every few minutes is called ________.

shadowing

UNIX command line interfaces are called ________.

shells

Watching someone type their password in order to learn the password is called ________.

shoulder surfing

SIP proxy servers are used in ________.

signaling transmissions

A ________ is an individual application on the tree pane of an MMC that can be added or dropped from the tree list easily.

snap-in

You receive an e-mail that seems to come from a frequent customer. It contains specific information about your relationship with the customer. Clicking on a link in the message takes you to a website that seems to be your customer's website. However, the website is fake. This is ________.

spear fishing

Nearly all main border walls today use ________ filtering.

stateful packet inspection

DoS attacks can cause harm by ________.

stopping a critical service, slowly degrading services over a period of time

To get to the super user account in UNIX, the administrator should use the ________ command.

su

In MS-CHAP, the ________ creates the response message.

supplicant

Nearly all encryption for confidentiality uses ________ encryption ciphers.

symmetric key

A walkthrough is also called a ________.

table-top exercise

Testers have permissions on the ________.

testing server

When a system runs out of storage space, ________.

the IDS will start a new log file

Companies achieve time synchronization for integrated log files by using ________.

the Network Time Protocol

The manager of the security department often is called ________.

the chief security officer (CSO), the chief information security officer (CISO)

To ensure that a digital certificate is valid, the receiver of the certificate must check ________.

the digital signature, the valid period

18 U.S.C. § 2511 prohibits ________.

the interception of electronic messages

The core part of the LINUX operating system is called ________.

the kernel

The party that is ultimately held accountable for a resource or control is ________.

the owner

The only person who should speak on behalf of a firm should be ________.

the public relations director

Walkthroughs are ________ table-top exercises.

the same thing as

In public key encryption for authentication, the supplicant uses ________ to encrypt.

the supplicant's private key

Most traditional external attackers were heavily motivated by ________.

the thrill of breaking in

In public key encryption for authentication, the supplicant must prove that it knows ________, which nobody else should be able to know.

the true party's private key

The owner can delegate ________ to the trustee.

the work of implementation of a resource or control

In mutual authentication between two parties, ________.

there are two verifiers and two supplicants

Traditional hackers are motivated by ________.

thrill, validation of power, doing damage as a by-product

Replay attacks can be thwarted by using ________.

time stamps, sequence numbers, nonces

The best way to thwart exhaustive searches by cryptanalysts is ________.

to make the key very long

Today, application proxy firewalls are commonly used ________.

to protect internal clients from malicious external servers

Mandatory vacations should be enforced ________.

to reduce the possibility of collusion between employees

Someone breaks into a corporate VoIP system to place free long-distance and international toll calls. This is referred to by security professionals as ________.

toll fraud

The super user account has ________ control over the computer.

total or nearly total

RTP is used in ________.

transport

SSL/TLS operates at the ________ layer.

transport

Many e-commerce companies will not ship to certain countries because of a high rate of consumer fraud. To get around this, attackers use ________.

transshippers

The most common attack against a wireless network is a ________.

unauthorized network access

A ________ firewall handling all traditional firewall functions (SPI, ACLs, etc.) as well as additional security functions such as antivirus filtering, spam filtering, application proxy filtering, and so forth.

unified threat management

To prevent eavesdropping, applications should ________.

use encryption for confidentiality

Attackers can exploit WEPs weaknesses by ________.

using WEP cracking software, reading two messages encrypted with the same key

3DES is ________.

very slow, strong enough for communication in corporations, expensive in terms of processing cost

A ________ is a cryptographic system that provides secure communication over an untrusted network.

virtual private network

A(n) ________ is a security weakness that makes a program vulnerable to attack.

vulnerability

Adding invisible information to a file that can be used to identify its source is called ________.

watermarking

To find out who is sending trade secrets out of the firm, you can use ________.

watermarking

The worst problem with classic risk analysis is that ________.

we cannot estimate the annualized rate of occurrence

A ________ occur(s) when a single security element failure defeats the overall security of a system.

weakest link failure

Mobile code usually is delivered through ________.

webpages

A commonly SSL/TLS-aware application is ________.

webservice

Companies usually conduct full backups on a ________ basis.

weekly

A ________ port number designates a specific application running on a server.

well-known

WEP stands for ________.

wired equivalent privacy

Eavesdropping usually is more of a concern for ________ LANs than for ________ LANs.

wireless, wired

The authenticator is the ________.

workgroup switch

Some ________ can jump directly between computers without human intervention.

worms

The fastest propagation occurs with some types of ________.

worms

In UNIX, the ________ permission allows the user to make changes.

write

A ________ attack is an attack that is made before attack signatures for the threat are defined.

zero-day

A(n) ________ is defined as an attack that comes before fixes are released.

zero-day attack

18 U.S.C. § 1030 protects ________.

"protected computers" such as government computers

What were the approximate dollar losses for the series of data breaches against Sony Corp?

$171 million

When two parties communicate with each other using symmetric key encryption, how many keys are used in total to encrypt and decrypt?

1

Strong RSA keys are at least ________ bits long.

1,024

Wireless 802.11 networks generally have a range of ________.

10 to 30 meters

In order to be considered strong today, a symmetric encryption key must be at least ________ bits long.

100

Which of the following is one of the effective key lengths in 3DES?

112 bits

If a key is 43 bits long, how much longer will it take to crack it by exhaustive search if it is extended to 50 bits?

128 times as long

Which of the following is one of the key lengths offered by AES?

192 bits

When two parties in an IPsec connection communicate back and forth, there are ________ security associations.

2

In pre-shared key mode, a passphrase should be at least ________ characters long?

20

What is the hash size of SHA-256?

256 bits

About how long was the Sony PlayStation Network offline as a result of the cyber attacks?

3 weeks

If you will proxy four different applications, how many proxy programs will you need?

4

To meet national export limitation in many countries, RC4 often uses a key length of ________ bits.

40

development server ________ errors may indicate that an attacker is trying to send invalid data to the server.

500

SIP requires port ________ to be open.

5060

A DES key is ________ bits long.

56

A dual-layer DVD can hold up to about ________ GB.

8

If you will proxy 8 different applications, you will need ________ proxy programs.

8

The book recommends that passwords be at least ________ characters long.

8

What standard did the 802.11 Working Group create to extend 802.1X operation to WLANs with security for EAP?

802.11i

________ security uses 128-bit AES encryption for confidentiality and AES-CCMP for automatic rekeying.

802.11i

________ is called Port-Based Access Control.

802.1X

Which of the following can be a type of spyware?

A cookie, A keystroke logger

________ is a password-cracking method wherein the attacker compares passwords to lists of common words.

A dictionary attack

Who should head the CSIRT?

A senior manager

________ is a password-cracking method wherein the attacker tries all possible passwords, starting with single-character passwords.

Brute-force guessing

________ is concerned with the restarting of the day-to-day revenue generating operations of the firm.

Business continuity planning

________ specify how a company will maintain or restore core business operations after disasters.

Business continuity plans

Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt to open connections?

Permit all attempts to open a connection from an internal host to an external host

A ________ attack is when a victim is flooded with ICMP packets that appear to be normal supervisory traffic.

Ping flood

What security function(s) usually is(are) not outsourced?

Planning

Why is creating firewall policies desirable compared to just creating a list of ACL rules?

Policies are easier to understand.

Which of the following is an example of a conflict of interest?

Preferential dealings with relatives Investing in competitors Competing with the company while still employed by the company

Which of the following are types of countermeasures?

Preventative, Detective, Corrective

Under what Internet Options tabs are cookies controlled?

Privacy

________ specify the low-level detailed actions that must be taken by specific employees.

Procedures

________ is the plan-based creation and operation of countermeasures.

Protection

Which of the following can be used as a keying method?

Public key encryption for confidentiality

Which of the following fields are contained on a digital certificate?

Public key, Digital signature, Serial number

Most central authentication servers are governed by the ________ standard.

RADIUS

A program that gives the attacker remote access control of your computer is specifically called a ________.

RAT

Which of the following statements accurately describes RC4?

RC4 can use a broad range of key lengths.

Which of the following statements accurately describes RC4?

RC4 is extremely fast.

Eavesdropping can be thwarted by encrypting ________.

Both A and B

Example of DBMSs include ________.

Both A and B

Firewall policies should govern ________.

Both A and B

Host operating system monitors look at ________.

Both A and B

If an IPS identifies an attack, it can ________.

Both A and B

Inheritance can be modified from the ________ box in the security tab.

Both A and B

Integrated log files ________.

Both A and B

NAT is able to stop ________.

Both A and B

Properly backed up data includes ________.

Both A and B

Rehearsals improve ________.

Both A and B

Repair during ongoing server operation is ________.

Both A and B

Retaining data can be ________.

Both A and B

SPI firewalls can conduct ________ inspection.

Both A and B

Standard configurations ________.

Both A and B

Static packet filtering is sometimes used ________.

Both A and B

In a MITM attack, access to the local network is not required in order to work.

FALSE

A router that connects to three subnets is called a ________ router.

None of the above

What is the name for a small program that fixes a particular vulnerability?

Patch

________ can greatly reduce patching costs.

Patch management servers

Wal-Mart was able to respond to hurricane Katrina so quickly because it had ________.

Both A and B

What information should alarms give the security staff?

Both A and B

What protection can a firm provide for people in the event of an emergency?

Both A and B

What type of host may be placed in the DMZ?

Both A and B

Which of the following security protections are provided by recent version of Windows Server?

Both A and B

Which type of analysis do IDSs usually do?

Both A and B

Who should be involved in the creation of retention policies?

Both A and B

With basic file deletion, data is ________.

Both A and B

________ of response is critical.

Both A and B

________ punishments may result in fines.

Both A and B

With nominal deletion, data is ________.

Both A and B.

________ are compromised hosts running malware controlled by the hacker.

Bots

________ are monetary gifts to induce an employee to favor a supplier or other party.

Bribes

In a P2P attack, there is a change in the overall volume of traffic but the traffic pattern is the same.

FALSE

In a crisis, rigid adherence to plans and processes for recovery is critical.

FALSE

In a large organization, WEP rekeying is inexpensive.

FALSE

Technology is the most effective method of avoiding problems during the legal discovery process.

FALSE

The 802.1X protocol created for wired LANs can work in wireless LANs without significant modification.

FALSE

The Skype protocol is relatively easy for corporate firewalls to filter.

FALSE

The basic strategy of log file reading is to determine what traffic is usual.

FALSE

The book recommends hard-headed thinking about security ROI analysis.

FALSE

The definition of hacking is "accessing a computer resource without authorization or in excess of authorization."

FALSE

The goal of IT security is risk elimination.

FALSE

The hash size in MD-5 is 160 bits.

FALSE

The last egress ACL rule in a border firewall is DENY ALL.

FALSE

The main access threat to 802.11 wireless LANs is an attacker plugging into a wall jack.

FALSE

The most common attack against a wireless network is a wireless DoS attack.

FALSE

The password SeAtTle can be broken by a dictionary attack.

FALSE

The primary purpose for attackers to send port scanning probes to hosts is to identify which ports are open.

FALSE

The purpose of egress firewall filtering is to stop attack packets from entering the firm's internal network.

FALSE

The super user account in Windows is called root.

FALSE

The terms "intellectual property" and "trade secret" are synonymous.

FALSE

To get to the super user account in UNIX, the administrator can use the RunAs command.

FALSE

To outsource some security functions, a firm can use an MISP.

FALSE

To test the digital signature, the verifier will use sender's public key.

FALSE

Total software reinstallation effectively addresses data loss.

FALSE

Transport consists of communication to manage the network.

FALSE

Triggers are damaging code that attackers use to destroy databases.

FALSE

Which of the following are elements of host hardening?

Both A and B

Which of the following is a danger created by notebook computer loss or theft?

Both A and B

Which of the following is one of the four steps in business process analysis?

Both A and B

Allowing an attacker to continue working in a system after the attack has been discovered ________.

Both A and B

Assigning security measures to groups is better than assigning security measures to individuals within groups because ________.

Both A and B

Automatic protections for application proxy firewalls include ________.

Both A and B

________ is efficient enough in processing power and RAM requirements to be used on small devices, such as PDAs and cell phones.

AES

________ consists of activities that violate a company's IT use policies or ethics policies.

Abuse

Which of the following is the most dangerous because it can do more on a computer when it is executed?

Active-X

The super user account in Windows is called the ________.

Administrator

Which of the following is not a standard Windows privilege?

All

18 U.S.C. § 1030 prohibits ________.

All of the above

After an antivirus server performs filtering, it may ________.

All of the above

Antivirus servers can look for ________.

All of the above

Data can be lost by ________.

All of the above

E-mail filtering can be done at which of the following?

All of the above

Full backups are ________.

All of the above

If an attacker takes over a firewall, he or she will be able to ________.

All of the above

The policies for protecting sensitive information should be applied to all mobile data on ________.

All of the above

Trusting users to do key escrow is risky because ________.

All of the above

UNIX allows permissions to be assigned to ________.

All of the above

Which of the following are reasons to ensure WWW Service and E-Commerce security?

All of the above

Which of the following database events should be regularly audited?

All of the above

Which of the following should the CSIRT include?

All of the above

With RAID 5, the following is achieved ________.

All of the above

Which of the following is not a common problem with antivirus protections?

All of the above are common problems with antivirus protections.

Which of the following is not a type of fix for vulnerabilities?

All of the above are types of fixes for vulnerabilities

Profiling uses ________ to find patterns in a dataset which uniquely identify an individual.

All of the above.

________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery.

Analysis

Which of the following is a formal process?

Annual corporate planning, Planning and developing individual countermeasures

________ detection looks at traffic patterns for deviations from set norms.

Anomaly

What time of filtering do UTM firewalls provide?

Antivirus filtering

Any device with an IP address is a host.

Any device with an IP address is a host.

________ firewalls always examine application messages in depth.

Application proxy

Overall for firms, which is more time consuming to patch?

Applications

Which of the following is a function of IDSs?

Automated analysis

Backup creation policies should specify ________.

Both A and B

Communication between IDS ________ must be secure.

Both A and B

Compared to local backup, centralized backup ________.

Both A and B

Configuring multiple hard drives as an array within a single system is ________.

Both A and B

________ are check lists of what should be done in a specific procedure.

Baselines

Why did hackers attack Sony Corp?

Because Sony was suing a fellow hacker

________ are descriptions of what the best firms in the industry are doing about security.

Best practices

________ is one method of thwarting DoS attacks by dropping all IP packets from an attacker.

Black holing

When Carol sends a message to Bob, Bob will use ________ to decrypt the message.

Bob's private key

A PSTN gateway translates between a VoIP network's ________ protocols and those of the public switched telephone network.

Both A and B

A ________ is a type of fix for vulnerabilities.

Both A and B

A systems administrator may manage ________.

Both A and B

Cookies are dangerous because they ________.

Both A and B

Databases are ________.

Both A and B

In a smurf flood DoS attack, attackers can benefit from a multiplier effect because a single ICMP request is responded to by multiple hosts.

FALSE

In a smurf flood DoS attack, attackers can benefit from a multiplier effect because multiple ICMP requests are responded to by a single host.

FALSE

In authentication, the party trying to provide its identity to the other party is called the applicant.

FALSE

In cryptographic systems, keying takes place during the second handshaking stage.

FALSE

Two computer systems each back up the other in real time in ________.

CDP

Which of the following is the most effective alternative for disaster recovery backup?

CDP

A major security incident is generally handled by the ________.

CSIRT

________ deals with interpretations of rights and duties that companies or individuals have relative to each other.

Civil law

________ is form of online fraud when bogus clicks are performed to charge the advertiser without creating potential new customers.

Click fraud

________ is preferred by U.S. auditors.

CobiT

Which companies do PCI-DSS affect?

Companies that accept credit card payments

________ may engage in commercial espionage against a firm.

Competitors, National governments

The Local Users and Groups snap-in is available on the ________ MMC.

Computer Management

________ is the security guarantee that people who intercept messages cannot read them.

Confidentiality

________ is the act of actually stopping an incident's damage.

Containment

________ are proofs of identity.

Credentials

________ punishments may result in jail time.

Criminal

________ deals with the violation of criminal statutes.

Criminal law

________ is the use of mathematical operations to protect messages travelling between parties or stored on a computer.

Cryptography

In fraud, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.

FALSE

In hacking, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.

FALSE

In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet arrives that does not attempt to open a connection.

FALSE

In public key encryption for authentication, the receiver decrypts with the public key of the sender.

FALSE

A patch is a labor-intensive process of manual steps that a firm must do to address a vulnerability.

FALSE

An attacker controlling bots in a coordinated attack against a victim is known as a ________.

DDoS attack

DNS, DHCP, and LDAP are examples of supervisory protocols in TCP/IP.

DNS, DHCP, and LDAP are examples of supervisory protocols in TCP/IP.

________ is the process of obscuring data such that it cannot identify a specific person, but remains practically useful.

Data masking

What type of filtering do IDSs do?

Deep packet inspection

________ requires multiple countermeasures to be defeated for an attack to succeed.

Defense in depth

Which CobiT domain has the most control objectives?

Delivery & Support

Which of the following is a type of countermeasure?

Detective,Corrective

Another name for RAID 5 is ________.

Distributed Parity

A(n) ________ attack attempts to make a server or network unavailable to serve legitimate users by flooding it with attack packets.

DoS

A network administrator notices extensive damage to wireless packets. This might indicate a ________ attack.

DoS flood attack

A ________ is a small program that, after installed, downloads a larger attack program.

Downloader

Which IPS response to an attack can do the most damage?

Dropping packets

Which IPS response to an attack is the most effective in stopping attacks?

Dropping packets

________ entails investigating the IT security of external companies and the implications of close IT partnerships before implementing interconnectivity.

Due diligence

An EAP message begins with an ________ message.

EAP start

________ is used by ________ for authentication.

EAP, RADUS

________ is the act of passing an incident to the CSIRT or business continuity team.

Escalation

________ threaten to do at least temporary harm to the victim company's IT infrastructure unless the victim pays the attacker.

Extortionists

"Breadth of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is possible.

FALSE

A CSIRT should not include members from the legal department.

FALSE

A DES key is 40 bits long.

FALSE

A LINUX distribution consists only of the LINUX kernel.

FALSE

A company should decide upon a single security baseline for use with its client PCs.

FALSE

A company should not replace default passwords during configuration.

FALSE

A connection designates a specific program designated by a port number on a specific computer's IP address.

FALSE

A shoulder surfing attack will not be successful unless the attacker can read the entire password.

FALSE

ARP is used to resolve 48-bit IP addresses into 32-bit local MAC addresses.

FALSE

Access control is more of a problem for wired LANs than for wireless LANs.

FALSE

According to the author, information assurance is a good name for IT security.

FALSE

According to the book, r%Dv$ is a strong password.

FALSE

An attack that comes before fixes are released is called a vulnerability attack.

FALSE

An attacker who captures the keying information in Diffie-Hellman key agreement can compute the symmetric session key.

FALSE

An example of "pressure" from the fraud triangle would include paying back embezzled money.

FALSE

An indirect attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer.

FALSE

An internal firewall sits at the boundary between the corporate site and the Internet.

FALSE

Antivirus servers can only find viruses, not other types of malware.

FALSE

Assigning security measures to individuals within groups is cheaper than assigning security measures to groups.

FALSE

In public key encryption for authentication, the verifier decrypts the ciphertext with the supplicant's public key.

FALSE

In public key encryption for authentication, the verifier decrypts the ciphertext with the verifier's public key.

FALSE

In relational database, a row is different from a record.

FALSE

In relational database, an attribute is the same as a tuple or record.

FALSE

Incident response is defined as reacting to incidents impromptu.

FALSE

Incremental Differential backups only back up data that has changed since the most recent full backup.

FALSE

Incremental and full backups may be restored out of order in which they were created.

FALSE

Independence is best provided for IT security by placing it within the IT department.

FALSE

Informing employees that monitoring will be done is a bad idea.

FALSE

Ingress ACL rules typically permit a specific type of internally originated connection to outside resources.

FALSE

International laws about cybercrime are fairly uniform.

FALSE

Typically, the shadow storage space is nearly unlimited.

FALSE

UNIX offers more directory and file permissions than Windows.

FALSE

Attackers rarely use IP address spoofing to conceal their identities.

FALSE

Backup onto another hard drive is a very slow method of backup.

FALSE

Backup policies should be audited regularly and include tracing what happens in samples of data.

FALSE

Black holing is an effective long-term containment solution.

FALSE

CDP is inexpensive to use.

FALSE

CLI shells use more system resources than GUIs.

FALSE

CLIs usually are easier to learn than GUIs.

FALSE

CTS frames tell other wireless clients that you want to transmit for a given amount of time.

FALSE

Carding is more serious than identity theft.

FALSE

Companies can nearly always stop DoS attacks without assistance from ISPs and other upstream agencies.

FALSE

Companies should replace their legacy security technologies immediately.

FALSE

Compared to non-computer crime, computer crime is very small.

FALSE

Computer recover software reports its physical location to a recovery company that works with the local police to recover the notebook.

FALSE

Confidentiality means that attackers cannot change or destroy information.

FALSE

Courts will often admit unreliable evidence if judges believe that juries can be trusted to evaluate it properly.

FALSE

Creating ACLs is the most time-consuming part of firewall management.

FALSE

Custom programs generally are safe because attackers do not know the code.

FALSE

Cybercriminals avoid black market forums.

FALSE

Detective countermeasures keep attacks from succeeding.

FALSE

DoS network attacks are fairly uncommon.

FALSE

E-commerce software is not complex and has few subsystems.

FALSE

EAP uses RADIUS for authentication.

FALSE

Each media access control (MAC) address has a network interface card (NIC).

FALSE

Electronic employee monitoring is rare.

FALSE

Encryption is heavily used in commercial e-mail.

FALSE

Exceptions in policies and procedures should be forbidden.

FALSE

Experts advise firms to turn on most or all applications and then harden them.

FALSE

File/directory backup is slower and takes up more storage space than image backup.

FALSE

File/directory data backup copies data, programs, configurations, and registry settings.

FALSE

Firewalls do not stop provable attack packets

FALSE

Focusing electronic attacks on specific high-value targets is known as promiscuous attacks.

FALSE

Generally speaking, script kiddies have high levels of technical skills.

FALSE

Generally speaking, vendors use similar mechanisms for downloading and installing patches.

FALSE

Guidelines are appropriate in simple and highly certain circumstances.

FALSE

Hashing is a reversible process.

FALSE

Hotlines for reporting improper behavior are required by law to be non-anonymous.

FALSE

ICMP can be best described as the second part of a three-way TCP handshake sent in response to a SYN.

FALSE

IDSs drop packets that are merely suspicious.

FALSE

IDSs need to filter individual packets rather than packet streams.

FALSE

IDSs tend to issue many false negatives.

FALSE

IT security people should maintain a negative view of users.

FALSE

Identity theft is stealing credit card numbers.

FALSE

If NAT changes the Layer 3 IP destination addresses, the protocol will still work properly.

FALSE

If a PC user has full-disk encryption, a weak password is not as great a danger as it would be if the disk were not encrypted.

FALSE

If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial.

FALSE

If a firewall receives a packet that is suspicious, it will drop and log the packet.

FALSE

Image backup is a fast form of backups.

FALSE

In Internet Explorer, the Security tab controls the website's pop-up blocker.

FALSE

In UNIX, the Execute permission gives the permission to make changes.

FALSE

It is a good idea to view the security function as a police force or military organization.

FALSE

Java applets are large Java programs.

FALSE

JavaScript is a scripted form of Java.

FALSE

Julia encrypts a message to David using public key encryption for confidentiality. After encrypting the message, can Julia decrypt it?

FALSE

Like the public switched telephone network, VoIP technology is a closed system.

FALSE

Losing an encryption key is not a serious danger.

FALSE

MS-CHAP provides mutual authentication.

FALSE

Main border firewalls rarely use stateful packet inspection.

FALSE

Many companies continue to use WEP to avoid the cost of reconfiguring all of their access points and clients to 802.11i and because WEP has not been fully cracked yet.

FALSE

Most DoS attacks are difficult to detect.

FALSE

Most IT security analysts recommend placing IT security functions within the IT department.

FALSE

Most companies are quick to enforce strict data management policies.

FALSE

Most companies conduct full backups on a daily basis.

FALSE

Most cookies are dangerous.

FALSE

Most countermeasure controls are detective controls.

FALSE

Most firewall database policies include less than 5 rules.

FALSE

Most firms do a satisfactory job overseeing the deployment of custom programs used to supplement packaged software.

FALSE

Most traditional external hackers cause extensive damage or commit theft for money.

FALSE

Nearly all applications can be proxied effectively.

FALSE

Normally, there is no limit on how long shadowing may maintain backed up files.

FALSE

Once an attack has begun, a company should never allow the attacker to continue.

FALSE

Open networks can be legally accessed by anyone and are frequently posted as such.

FALSE

Operating system hardening is more total work than application hardening.

FALSE

Optical disks can safely hold data for decades.

FALSE

PKI uses circles of trust.

FALSE

Planning, protection, and response follow a fairly strict sequence from one stage to another.

FALSE

Policies should not require that backup data be encrypted.

FALSE

Policies should specify implementation in detail.

FALSE

Policies should specify the details of how protections are to be applied.

FALSE

Preventative countermeasures identify when a threat is attacking and especially when it is succeeding.

FALSE

Programmers can trust user input if the person is strongly authenticated.

FALSE

Properly hardened hosts and securely coded applications can help protect data while it is transmitted.

FALSE

Prosecuting attackers in other countries is relatively straightforward under existing computer crime laws.

FALSE

RC4 uses WEP for fast and therefore cheap encryption.

FALSE

Reading firewall logs requires limited time in firewall administration.

FALSE

Responding to risk through risk avoidance is likely to be acceptable to other units of the firm.

FALSE

Restrictions on removable media should be enforced by relying on user behavior, rather than technological restrictions.

FALSE

Rogue access points are authorized access points set up by individuals or departments.

FALSE

Rootkits replace legitimate programs and are considered a deeper threat than a set of programs called Trojan horses.

FALSE

SPI firewalls cannot handle UDP communications because UDP is connectionless.

FALSE

SPIT is where the attacker uses the corporate VoIP network to place free calls.

FALSE

SSL/TLS protection is transparent to applications.

FALSE

SSL/TLS was developed for remote access VPNs.

FALSE

Scripts do not have the ability to permanently change your computer registry.

FALSE

Secure wireless networks can be legally accessed by anyone and are frequently posted as such.

FALSE

Signaling does not consist of communication to manage the network.

FALSE

Signaling is the carriage of voice between two parties.

FALSE

Signing a message digest means encrypting it with the sender's public key.

FALSE

Skype's security protocols have been publicly studied and approved.

FALSE

Social engineering is rarely used in hacking.

FALSE

Someone sends you a "game." When you run it, it logs you into an IRS server. This is hacking.

FALSE

Spammers use sticky spam, which presents their message as a graphical image.

FALSE

Spreadsheets are rarely the subject of compliance regulations.

FALSE

Stateful packet inspection firewalls use relay operation with two connections per client/server pair.

FALSE

Systems administrators manage individual hosts but not groups of hosts.

FALSE

Using new and proprietary encryption ciphers is a good idea because cryptanalysts will not know them.

FALSE

Using the delete key prevents data from being easily recovered.

FALSE

VoIP security can easily be implemented even if the company's basic security is weak.

FALSE

Vulnerability testing typically is not outsourced

FALSE

WEP mandates private keys.

FALSE

Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests may miss.

FALSE

Website defacement occurs when attackers take over a computer and produce false web pages.

FALSE

When Emma sends a message to Lucy, Emma will use the public key to encrypt it.

FALSE

When a company visits a website to collect public information about a competitor, this is a form of trade secret espionage.

FALSE

When executing attack code, if the attacker has skillfully overwritten the return address, the return address will not point back to "data" in the buffer.

FALSE

When performing trend analysis, increasing granularity in queries is desirable.

FALSE

When securing application configuration settings, default password settings should not be changed.

FALSE

Windows offers only 3 directory permissions.

FALSE

Wiped data can be read.

FALSE

Wiping/clearing is the best approach to destroying media.

FALSE

Wire speed is the maximum speed at which a firewall can filter packets.

FALSE

Wireless attacks avoid the access points to limit detection.

FALSE

With centralized backup, each location backs up the other in real time.

FALSE

With good planning and protection, a company can eliminate security incidents.

FALSE

With local backup processes, policies are easily enforced.

FALSE

several

FALSE

________ are failures to report true attack activities.

False negatives

________ examines financial processes for efficiency, effectiveness, and adequate controls.

Financial auditing

________ drop packets.

Firewalls

________ evidence is evidence that is acceptable for court proceedings.

Forensic

________ specifically addresses data protection requirements at financial institutions.

GLBA

What type of organization is subject to FISMA?

Government organizations

________ are discretionary.

Guidelines

________ specifically addresses data protection requirements at health care institutions.

HIPAA

A ________ attack is when a webserver is flooded with application layer web requests.

HTTP flood

________ are an additional layer of compromised hosts that are used to manage large groups of bots.

Handlers

Which of the following measures do HMACs use?

Hashing

________ is necessary to protect the host against attacks.

Host hardening

Which of the following is a type of VPN?

Host-to-host, Remote access

________ do not drop packets.

IDSs

Almost all main border firewalls use ________ filtering as their primary filtering mechanism.

None of the above

Computer recover software reports its ________ to a recovery company that works with local police to recover the notebook.

IP address

ICMP Echo messages are often used in ________.

IP address scanning

Sending packets with false IP source addresses is called ________.

IP address spoofing

________ drop packets.

IPSs

________ offers transparent protection.

IPsec

Companies can enforce policies for ________.

IPsec security associations

Which of the following specifies how to do certification by external parties?

ISO/IEC 27000

________ examines IT processes for efficiency, effectiveness, and adequate controls.

IT auditing

Getting a firm's IT back into operation is ________.

IT disaster recovery

________ specify how a company will restore IT functions after a disaster.

IT disaster recovery plans

The ISO/IEC 2700 family focuses on ________.

IT security governance

What type of employee is the most dangerous when it comes to internal IT attacks?

IT security professionals

________ backups only back up data that has changed since the most recent full backup.

Incremental

________ audits are done by an organization on itself.

Internal

________ firewalls filter traffic passing between different parts of a site's network.

Internal

________ firewalls may be able to stop attacks by employees within the firm against internal site resources.

Internal

________ examines organizational units for efficiency, effectiveness, and adequate controls.

Internal auditing

What security functions typically are outsourced?

Intrusion detection, Vulnerability testing

________ are areas of responsibility within which different government bodies can make and enforce laws but beyond which they cannot.

Jurisdictions

________ are payments made by a supplier to a corporate buyer when a purchase is made

Kickbacks

________ is a version of ________ for PCs.

LINUX, UNIX

When Joshua sends a message to Larry, Joshua will use ________ to encrypt the message.

Larry's public key

When someone requests to take an action that is potentially dangerous, what protection should be put into place?

Limit the number of people that may request an approval

Which is not one of the three UNIX permissions?

List folder contents

________ investigate(s) most violations of local and state computer laws.

Local police

Which hacker group was likely involved in the Sony data breaches?

LulzSec

Cryptanalysts have found weaknesses in ________.

MD5

Which of the following statements is not an accurate description of MMCs?

MMCs are located under the Start / Management menu choice.

What mistake did the 802.11i Working Group make when creating IVs?

Making the IV too short

________ is a generic term for "evil software."

Malware

What protection do cryptographic systems provide on a message-by-message basis?

Message authentication, Message integrity,Message confidentiality

It is acceptable for an employee to reveal ________.

None of the above

The ________ is a subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world.

None of the above

Which of the following measures offers strong security?

None of the above

What usually is the longest stage in a cryptographic system dialogue?

Ongoing communication

Which of the following is a good rule for handling exceptions?

Only some people should be allowed to request exceptions, The requestor and approver should be different people, The exception should be documented.

Listing your friend's home in the local classifieds at a low price is equivalent to a ________.

P2P redirect

What type of filtering do IDSs do?

Packet stream analysis

What is the SPI firewall rule for packets that do not attempt to open connections?

Pass the packet if it is part of a previously approved connection

MMCs are administrative used to manage ________ servers.

Microsoft

Which of the following are elements of host hardening?

Minimizing applications on the host

Another name for RAID 1 is ________.

Mirroring

When risk analysis deals with costs and benefits that vary by year, the computations should use ________.

NPV, IRR

A NIDS can ________.

Neither A nor B

A digital ________, by itself, provides authentication.

Neither A nor B

After destroying, data is ________.

Neither A nor B

Border management ________.

Neither A nor B

Checkouts of backup media for restoration ________.

Neither A nor B

DLL triggers are used to ________.

Neither A nor B

DML triggers are used to ________.

Neither A nor B

Hot sites ________.

Neither A nor B

If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________.

Neither A nor B

If a firewall receives a suspicious packet, the firewall will ________.

Neither A nor B

In 802.1X, the heavy authentication work is done on ________.

Neither A nor B

Magnetic tape is ________.

Neither A nor B

Most packets are part of the ________ state.

Neither A nor B

NIDs look at ________.

Neither A nor B

Stateful packet inspection firewalls ________.

Neither A nor B

Which encryption method does MS-CHAP use?

Neither A nor B

Which of the following layers does IPsec protect?

Neither of the above

A VoIP caller wishing to contact another sends an INVITE message to ________.

None of the above

What is the SPI firewall rule for packets that only have their TCP ACK bits set but no other flags set?

Pass the packet if it is part of a previously approved connection


Ensembles d'études connexes

Exercise 27 Autonomic Nervous System

View Set

Trauma and burns practice questions

View Set

Biology 101 (chapter 26, 27, 28)

View Set

FN - Unit 2 - Chapter 19: Evaluating

View Set