Risk Management (Key Terms)

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

An _____ explains to users what they can and cannot do while accessing a network's resources.

AUP

Which physical security device works through wireless transmission? - Badge reader - Access control vestibule - Cipher lock - Biometrics

Badge reader

_____ involves a process in which a device scans an individual's unique physical characteristics, such as iris color patterns or hand geometry to verify the person's identity.

Biometrics

_____ attacks are orchestrated through many sources as opposed to one or a few sources owned by the attacker.

DDoS

Which type of DoS attack orchestrates an attack bounced off uninfected computers? - FTP bounce - Ransomware - DRDoS attack - PDoS attack

DRDoS attack

What type of attack relies on spoofing? - Deauth attack - Friendly DoS attack - Tailgating - Pen testing

Deauth attack

A _____ attack occurs when legitimate users are unable to access normal network resources, such as a web server, because of an attacker's intervention.

DoS

You sent a coworker a .exe file to install an app on their computer. What information should you send your coworker so they can ensure the file has not been tampered with in transit? - Public encryption key - Hash of the encryption key - Private encryption key - Hash of the file

Hash of the file

_____ means to transform data through an algorithm that is mathematically irreversible.

Hashing

What is the first step in improving network security? - Document next steps. - Identify risks. - Determine which resources might be harmed) - Develop plans for responding to threats.

Identify risks.

A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this? - Principle of least privilege - Insider threat - Vulnerability - Denial of service

Insider threat

Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this? - Ransomware - Logic bomb - Virus - Worm

Logic bomb

What kind of software can be used to secure employee-owned devices? - PUA - NDA - MDM - BYOD

MDM

_____ refers to any program or piece of code designed to intrude upon or harm a system or its resources.

Malware

A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use? - AUP - NDA - MDM - BYOD

NDA

_____ testing takes advantage of ethical hacking techniques to identify weaknesses and the extent of those weaknesses.

Pen

Which of the following is not a phase in the social engineering attack cycle? - Research. - Building trust. - Penetrate. - Exit.

Penetrate

A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers to collect information from people who make the same typo. What kind of attack is this? - Phishing - Tailgating - Quid pro quo - Baiting

Phishing

_____ can be in the form of a communication that appears to come from a legitimate source and requests access or authentication information.

Phishing

Which of the following social engineering attack types most likely requires that the attacker have existing knowledge about the victim? - Tailgating - Shoulder surfing - Piggybacking - Phishing.

Phishing.

Which term best describes the act of actively searching for a computer's ports by the use of specialized software? - Port searching - Port vulnerabilities - Port reconnaissance - Port scanning

Port scanning

Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct to develop your recommendations for the upgrade priorities? - Data breach - Security audit - Exploit - Posture assessment

Posture assessment

Which assessment type would most likely discover a security risk related to employee on-boarding? - Vendor risk assessment - Process assessment - Threat assessment - Posture assessment

Process assessment

Which of the following attack simulations detect vulnerabilities and attempt to exploit them? Choose two. - Red team-blue team exercise - Vulnerability assessment - Security audit - Pen testing

Red team-blue team exercise Pen testing

Which form of SHA was developed by private designers? - SHA-1 - SHA-3 - SHA-224 - SHA-256

SHA-3

Which of the following is considered a secure protocol? - FTP - SSH - Telnet - HTTP

SSH

Which of the following is not an example of biometric detection? - Iris color patterns - Smart Card - Facial recognition - Fingerprints

Smart Card

You need to securely store handheld radios for your network technicians to take with them when they're troubleshooting problems around your campus network. What's the best way to store these radios so all your techs can get to them and so you can track who has the radios? - Locking rack - Smart locker - Locking cabinet - Access control vestibule

Smart locker

A neighbor hacks into your secured wireless network on a regular basis, but you didn't give her the password) What loophole was most likely left open? - Guest Network was not established - You are using WPA2 encryption instead of using WEP Encryption - MAC filtering was not enabled - The default password was not changed

The default password was not changed

A _____ is a program that disguises itself as something useful but actually harms your system.

Trojan

A _____ is a program that replicates itself with the intent to infect more computers, either through network connections when it piggybacks on other files or through the exchange of external storage devices.

Virus

When a vulnerability is exploited before the software developer can provide a solution for it or before the user applies the published solution is known as a ___ attack. - DDoS - Zero-Day - Phishing - Man-in-the-middle

Zero-Day

In a _____ attack, the attacker sends faked wireless frames to the AP, the client, or as a broadcast to the whole wireless network to trigger the attack and knock one or more clients off the wireless network.

deauth

A _____ attack is typically the first technique a hacker uses when trying to guess a password (besides asking the user for their password).

dictionary

The act of taking advantage of a vulnerability is known as an _____.

exploit

Although they might engage in illegal activity, the intent of a __ is to educate and assist. - white hat hacker - black hat hacker - red hat hacker - gray hat hacker

gray hat hacker

Someone who masters the inner workings of computer hardware and software to better understand them is a _____

hacker

A _____, which is a decoy system that is purposely vulnerable and filled with what appears to be sensitive (though false) content, such as financial data. To lure hackers

honeypot

The principle of _____ means employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.

least privilege

A _____ for network users identifies your security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee.

security policy

A person secretly observes an authorized person entering their credentials to access a secure area and then uses that information later is called _____.

shoulder surfing

An intruder that poses as a technical support analyst who needs to know a user's password to troubleshoot a problem is an example of _____.

social engineering

An unauthorized person follows an authorized person into a secure area without the authorized person's knowledge or cooperation is known as _____.

tailgating

A _____ identifies specific security threats to the network and related risk factors.

threat assessment

A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access is known as a _____.

vulnerability

The ability to insert code into a database field labeled "Name" is an example of a(n) ___. - attack. - vulnerability. - breach. - exploit.

vulnerability.

A _____ exploit, or attack, is one that takes advantage of a software vulnerability that hasn't yet or has only very recently become public.

zero day


Ensembles d'études connexes

Bio 141 Ch3 Building Blocks of Life

View Set

Series 65 - Simulated Exam (April 8, 2024)

View Set

TRAINING UNITS AND DEVELOPING LEADERS

View Set

Abnormal Psych Final Exam Part 2

View Set

Chapter 47: The Normal First Trimester

View Set

Chapter 17 - Neurologic Emergencies

View Set

(Investment companies) Management companies

View Set

Study Questions #1 Multiple Choice

View Set