S+ Midterm

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?

$250,000

In information security, an example of a threat agent can be ____.

--a force of nature such as a tornado that could destroy computer equipment --virus that attacks a computer network

The expression ____ up one directory level.

../ traverses

For a Web server's Linux system, the default root directory is typically ____.

/var/www

A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts.

10 to 14

Passive tags have ranges from about 1/3 inch to ____ feet.

19

IP addresses are ____-bit addresses.

32

There are almost ____ different Microsoft Windows file extensions that could contain a virus.

70

Approximately ____ percent of households in the United States use the Internet for managing their finances.

80

____ is the probability that a risk will occur in a particular year.

ARO

____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

Adware

____ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter.

Authentication

____ is a comparison of the present state of a system compared to its baseline.

Baseline reporting

The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.

C:\Inetpub\ wwwroot

Using video cameras to transmit a signal to a specific and limited set of receivers is called ____.

CCTV

____ are combination locks that use buttons which must be pushed in the proper sequence to open the door.

Cipher locks

____ ensures that only authorized parties can view information.

Confidentiality

____ is defined as a security analysis of the transaction within its approved context.

Content inspection

____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.

Cyberterrorists

____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.

DLP

Each host (desktop, wireless laptop, smartphone, gateway server) runs a local application called a ____, which is sent over the network to the devices and runs as an OS service.

DLP agent

In order to allow untrusted outside users access to resources such as Web servers, most networks employ a ____.

DMZ

When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.

DNS

The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.

DNS poisoning

____ substitutes DNS addresses so that the computer is automatically redirected to another device.

DNS poisoning

____ is the proportion of an asset's value that is likely to be destroyed by a particular risk.

EF

A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks.

Easter egg

____ attacks are responsible for half of all malware delivered by Web advertising.

Fake antivirus

____ is an image spam that is divided into multiple images.

GIF layering

____ uses "speckling" and different colors so that no two spam e-mails appear to be the same.

Geometric variance

The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.

Gramm-Leach-Bliley

Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.

HIPAA

____ is designed to display data, with the primary focus on how the data looks.

HTML

The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.

HTTP header

____ ensures that information is correct and that no unauthorized person or malicious software has altered that data.

Integrity

____ is a technology that can help to evenly distribute work across a network.

Load balancing

____ can be prewired for electrical power as well as wired network connections.

Locking cabinets

The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.

Love Bug

The most popular attack toolkit, which has almost half of the attacker toolkit market is ____.

MPack

____ is a technique that allows private IP addresses to be used on the public Internet.

NAT

Layer 3 of the OSI model is the ____ layer.

Network

____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.

Outsourcing

____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP).

PAT

____ IP addresses are IP addresses that are not assigned to any specific user or organization.

Private

ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags.

RFID

____ provides remote users with the same access and functionality as local users through a VPN or dial-up connection.

Remote access

Released in 1995, one of the first tools that was widely used for penetration testing was ____.

SATAN

The ____ is the expected monetary loss every time a risk occurs.

SLE

____ is a language used to view and manipulate data that is stored in a relational database.

SQL

Layer 5 of the OSI model is the ____ layer.

Session

____ is an attack in which an attacker attempts to impersonate the user by using his session token.

Session hijacking

____ is when an attacker tricks users into giving out information or performing a compromising action.

Social engineering

____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.

Stateful packet filtering

In a(n) ____ infection, a virus injects itself into the program's executable code instead of at the end of the file.

Swiss cheese

____ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated.

Tailgate sensors

A ____ is a program advertised as performing one activity but actually does something else.

Trojan

A ____ allows scattered users to be logically grouped together even though they may be attached to different switches.

VLAN

A(n) ____ encrypts all data that is transmitted between the remote device and the network.

VPN

A(n) ____ can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site.

Web security gateway

____ involves horizontally separating words, although it is still readable by the human eye.

Word splitting

____ switches are connected directly to the devices on a network.

Workgroup

____ is for the transport and storage of data, with the focus on what the data is.

XML

In information security, a loss can be ____.

a. theft of information b. a delay in transmitting information that results in a financial penalty c. the loss of good will or a reputation

The ____ for software is the code that can be executed by unauthorized users.

attack surface

Users who access a Web server are usually restricted to the ____ directory.

base

A ____ outlines the major security considerations for a system and becomes the starting point for solid security.

baseline

A ____ virus infects the Master Boot Record of a hard disk drive.

boot

A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or immobile object.

cable lock

A(n) ____ indicates that no process is listening at this port.

closed port

While the code for a program is being written, it is being analyzed by a ____.

code review

A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program.

companion

Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.

cybercrime

Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire.

data

In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network.

distributed

A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.

drive-by-download

A(n) ____ is the end of the tunnel between VPN devices.

endpoint

Securing a restricted area by erecting a barrier is called ____.

fencing

A(n) ____ is hardware or software that is designed to prevent malicious packets from entering or leaving computers.

firewall

In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer.

heuristic detection

A ____ is a network set up with intentional vulnerabilities.

honeynet

A ____ is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

honeypot

A ____ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment.

hub

The term ____ is frequently used to describe the tasks of securing information that is in a digital format.

information security

A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.

logic bomb

A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks.

macro

An information security ____ position focuses on the administration and management of plans, policies, and people.

manager

A ____ is designed to separate a nonsecured area from a secured area.

mantrap

A(n) ____ means that the application or service assigned to that port is listening for any instructions.

open port

Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself.

physical token

When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities.

port scanner

A ____ virus infects program executable files.

program

A(n) ____ is hardware or software that captures packets to decode and analyze its contents.

protocol analyzer

The signal from an ID badge is detected as the owner moves near a ____, which receives the signal.

proximity reade

A ____ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.

proxy server

A ____ attack is similar to a passive man-in-the-middle attack.

replay

Viruses and worms are said to be self-____.

replicating

A ____ virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.

resident

A(n) ____ does not serve clients, but instead routes incoming requests to the correct server.

reverse proxy

A ____ is an independently rotating large cups affixed to the top of a fence prevent the hands of intruders from gripping the top of a fence to climb over it.

roller barrier

A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms.

rootkit

A ____ is a network device that can forward packets across computer networks.

router

The position of ____ is generally an entry-level position for a person who has the necessary technical skills.

security technician

In Microsoft Windows, a ____ is a collection of security configuration settings.

security template

Web application attacks are considered ____ attacks.

server-side

A ____ is software that is a cumulative package of all security updates plus additional features.

service pack

Examining network traffic, activity, transactions, or behavior and looking for well-known patterns is known as ____-based monitoring

signature

What is another name for unsolicited e-mail messages?

spam

An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing.

spiked collar

Each operation in a computing environment starts with a ____.

system call

HTML is a markup language that uses specific ____ embedded in brackets.

tags

The end product of a penetration test is the penetration ____.

test report

The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.

threat modeling

A computer ____ is malicious computer code that reproduces itself on the same computer.

virus

Unlike other malware, a ____ is heavily dependent upon the user for its survival.

virus

The two types of malware that have the primary objective of spreading are ____.

viruses and worms

A security weakness is known as a(n) ____.

vulnerability

A ____ in effect takes a snapshot of the current security of the organization.

vulnerability appraisal

A(n) ____ examines the current security in a passive method.

vulnerability scan

The SQL injection statement ____ discovers the name of a table.

whatever' AND 1=(SELECT COUNT(*) FROM tabname); --

The SQL injection statement ____ determines the names of different fields in a database.

whatever' AND email IS NULL; --

The SQL injection statement ____ finds specific users.

whatever' OR full_name LIKE '%Mia%'

The SQL injection statement ____ erases the database table.

whatever'; DROP TABLE members; -- Correct

A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.

white box

When DNS servers exchange information among themselves it is known as a ____.

zone transfer


Ensembles d'études connexes

Chapter 7 Management & Leadership

View Set

2. Queries: Learn the most commonly used SQL commands to query a table in a database-retrieve information

View Set

Movement Disorders (Acute dystonia, Akathisia, Parkinsonism, Tardive dyskinesia)

View Set

2.Measuring the force of earthquakes

View Set

NUR450 - Final Exam - Blackboard posted questions and case studies

View Set

Kliiniline farmakoloogia I teemablokk

View Set

Calculating Medication Dose Based on Body Surface Area - practice test

View Set

Chapter 52: Drug Therapy for Migraine and Other Headaches

View Set

Grays Anatomy Review - Upper Limb

View Set

Ch. 3- Business Continuity Planning

View Set

Advanced Vocabulary C1, Denis Vocabulary C1-C2

View Set