Prowse Midterm Exam
You need to ensure that external traffic from the Internet is able to access your organization's front-end servers, but also protect access to your organization's internal networks. Which network design element below is the best option to accomplish this?
DMZ (Demilitarized Zone)
Bozo attempts to access a server during a zone transfer to access the zone file. What type of server is Bozo attacking?
DNS Server
This core cyber security principle states that multiple layers of security are better than fewer layers.
Defense in Depth
This attacks is also known as a dot dot slash (../) attack.
Directory Traversal
Which of the following actions reduces the attack surface of a server?
Disabling unnecessary services
You are responsible for information security at a small business and you receive an alert from your Intrusion Detection System that your database system is being attacked. You look on your database server and observe that an unauthorized user is in the process of deleting critical business information from your server's hard drives. Which of the possible actions below would be the most appropriate response for you to take?
Disconnect the server from the network, implement a firewall rule to block the intruder's IP address from your network, then begin to investigate how the intruder was able to access your server.
The most common purpose of ping scanning is what?
Discovery of hosts on a network
This attack can cause a switch to fail open, broadcasting data out all ports like a hub does.
MAC Flooding
Which of the following is an example of Session Hijacking?
Man in the Middle Attack
Which of the following is necessary in order to run a virtual machine?
A Hypervisor
A list of trusted e-mail addresses and domains is known as what?
A Whitelist
What is a Zero Day Attack?
An attack that exploits previously unknown vulnerabilities
Preventing specific applications from running on a computer system is called what?
Application Blacklisting
What is session hijacking?
Attacker steals session token and impersonates user
Which of the following does the "A" in "CIA" stand for when relating to IT security? (Select the best answer)
Availability
Encryption, authentication, and anti-malware are all ways to protect against malicious threats.
True
Which of the following attacks uses the Bluetooth protocol?
Bluejacking
Which of the following can result in unauthorized access of information from a Bluetooth device?
Bluesnarfing
Which of the actions below is the best way to prevent buffer overflows?
Bounds-checking inputs
This type of vulnerability occurs when data spills over outside of the memory space allocated for it.
Buffer Overflow
Which of the following is a social engineering attack?
Calling a company and telling them you are with their Internet service provider and you need to know the IP address of their computer so they can stay connected to the internet.
Which of the following is an advantage of encrypting individual files on a hard drive that already uses whole disk encryption?
Individual files will remain encrypted when copied to external drives.
This coding practice is key to preventing injection attacks, such as SQL Injection, Code Injection, and Cross-site Scripting (XSS) attacks.
Input Validation
What concept below applies when an organization configures computers to provide only essential functions, limiting applications, services, open ports, and protocols?
Least Functionality
This core cybersecurity principle states that users and applications should have only the bare minimum of access that they need to complete their functions.
Least Privilege
Switch Spoofing and Double Tagging are examples of what category of attack below?
VLAN Hopping
Creating too many virtual machines can lead to which of the problems below?
Virtualization Sprawl
Which of the following WIFI security protocols is more secure?
WPA2
What operating system uses the net stop command to stop running services?
Windows
Which type of malware self-replicates, and does not require any sort of carrier or explicit instructions to be executed in order to spread?
Worm
Match the malware term to its description 1. Looks like legitimate software but performs malicious functions behind the scenes. 2. Restricts access to the computer or data and demands payment to restore access. 3. General term for any software that has malicious intent. 4. Abuse of e-mail to deliver unwanted messages such as advertising or phishing e-mails. 5. Monitors a users actions, browsing, passwords, etc. without the user's knowledge. 6. Designed to gain administrative control of the computer. May replace system files in order to avoid detection. 7. Code that runs on a computer without the user's knowledge, infecting the computer when the code is executed.
1. Trojan Horse 2. Randomware 3. Malware 4. Spam 5. Spyware 6. Rootkit 7. Virus
Match each type of malware, vulnerability, or attack with the statement that best describes it below. 1. May spread directly over networks from computer to computer with no user interaction. 2. A form of social engineering that typically uses email. 3. Waits for a particular trigger before becoming active. 4. Hides within legitimate-looking software. 5. Must be attached to a disk, email, file, etc. in order to spread.
1. Worm 2. Phishing 3. Logic Bomb 4. Trojan Horse 5. Virus
How many network port numbers are there?
65, 536
What is a botnet?
A group of computers controlled by malware working together.
Which of the following is the greatest risk for removable storage?
Confidentiality of data
You are responsible for information security at a small business and an intruder is attacking a honey pot computer set up in your DMZ network in order to catch intruders before they are able to attack your internal network. The honey pot system is loaded with important-looking information and files that are actually just worthless decoys. Which of the following actions is the most appropriate response for you to take in this situation?
Continue to observe the intruder in the hopes of gathering clues as to how he was able to gain access to your server and gather evidence to report to law enforcement authorities.
These are text files placed on your computer by Web sites that store information such as browsing habits, user credentials, session information, etc.
Cookies
Bozo inserts JavaScript code into a social media site. The code is processed by each unsuspecting user who views the Web page. This code steals session cookies from the victims' browsers. What type of attack is this?
Cross-site scripting (XSS)
You scan your WIFI and find an unauthorized access point with the same or very similar SSID as your official WIFI network. What kind of attack is this?
Evil Twin
Social Engineering includes viruses, worms, and Trojan horses.
False
This is a form of testing where random data is inputted in order to find vulnerabilities.
Fuzz Testing
Which of the following raises a privacy concern based upon a user taking pictures on a smartphone?
Geotagging
You oversee compliance with financial regulations for credit card transactions. You need to block certain ports on individual computers used for these transactions. Which solution below would best achieve this goal?
Host-based Firewall
Which of the following is a security benefit of virtualization?
If a virtual machine is compromised, it does not effect the other virtual machines on the host, therefore it is compartmentalized.
This is typically the last rule in a firewall Access Control Lost (ACL).
Implicit Deny
You are responsible for information security at a small business and you receive notice from a security email list of an new worm spreading across the internet by exploiting a zero-day vulnerability in the Windows CIFS file sharing protocol. Your company has several Window servers with CIFS services exposed to the internet and you have been charged with making sure that this worm does not infect your company's network. Which of the countermeasures described below would be most effective against the spread of this worm?
Installation of a firewall between your company's network and the internet configured to filter CIFS service traffic.
Which of the following is considered a step for hardening an operating system?
Installing updates
In the context of information security, what is the I in CIA stand for?
Integrity
Which of the following file systems is the most secure?
NTFS
Which of the following will detect malicious traffic on a network and block or discard it?
Network Intrusion Prevention System (NIPS)
This is a program which will allow you to perform a dictionary or brute force attack against a remote system.
None of the Above
Tom sends out many e-mails containing secure information to other companies. Which of the cybersecurity concepts below should be implemented to prove that Tom did indeed send the e-mails?
Nonrepudiation
This is an operating system utility that allows you to test for TCP/IP connectivity between hosts.
Ping
Which of the following is an example of a DoS attack?
Ping Flood
Which type of virus can change every time it is executed in an attempt to avoid antivirus detection?
Polymorphic
This is a go-between for clients on the internal network and servers on the Internet. It can cache information and filter content to the clients.
Proxy
Your organization uses VoIP phones. Which of the following can be used to prioritize VoIP traffic over other network traffic in order to ensure the quality of VoIP connections on your network?
QoS (Quality of Service)
An unauthorized WIFI access point that allows access to a secure network is called what?
Rogue AP
Which of the following attacks allows 2 mobile phones to share the same service and an attacker to gain access to all the phone data?
SIM Cloning
Google Docs is an example of which of the following Cloud Services?
Saas (Software as a Service)
This protocol is used to remotely administer servers using a terminal interface. It uses port 22 and encrypts traffic to keep the connection secure.
Secure Shell (SSH)
Which of the following describes a false positive in an IDS system?
The IDS identifies legitimate activity as an attack
Which network protocols below make use of network ports?
TCP/UDP
This protocol is used to remotely administer servers. It uses port 23, and should be avoided on networks because it uses no encryption and therefore is not secure.
Telnet
Which file system below is the best option for a Linux system?
ext4
This is a command line tool in Windows and Linux that will provides information about active network connections.
netstat
This is an free open source network scanner that allows you to determine open ports on a remote host.
nmap
