Security+ Chapter 3

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

baseline

A reference set of data against which operational data is compared.

Trojan

Executable program advertised as performing one activity, but actually does something else.

Privilege escalation

Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.

deadbolt locks

Extends a small metal bar into the door frame for extra security.

Store entry double cylinder locks

Include a keyed cylinder in both the outside and inside knobs so that a key in either knob locks or unlocks both at the same time.

Cross site scripting (XSS) attack

Injects scripts into a web application server that will then direct attacks at clients.

distributed

In a ____ attack, attackers can use hundreds or thousands of computers in an attack against a single computer or network.

Swiss Cheese

In a ____ infection, a virus injects itself into the programs executable code instead of at the end of the file.

False

Workgroup switches must work faster than core switches.

hacker

A person who uses computer skills to attack computers.

10 to 14

A Study by Foote Partners showed that Security certifications earn employees ____ percent more than their uncertified counterparts.

HTTP

All web traffic is based on ____ protocol.

False

Because of the minor role it plays, DNS is never the focus of attacks

False

Because the XSS is a widely known attack, the number of web sites that are vulnerable are very small.

First-party cookie

Created from the web site that a user is currently viewing.

True

Data, once restricted to papers in office filing cabinets, now flows freely both in and out of organizations, among employees, customers, contractors, and business partners.

DMZ

Functions as a separate network that rests outside the secure network perimeter.

(B) test report

The end product of a penetration test is the penetration _____.

(B) VPN

A ___ encrypts all data that is transmitted between the remote device and the network.

(D) VLAN

A ____ allows scattered users to be logically grouped together even though they may be attached to different switches.

replay

A ____ attack is similar to a passive Man-in-the-middle- attack.

gray

A ____ box test is one in which some limited information has been provided to the tester.

(D) cable lock

A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or other immobile object.

(C) Web security gateway

A ____ can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site.

(C) honeypot

A ____ computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

session

A ____ cookie is stored in random access memory (RAM) instead of on the hard drive, and only lasts for the duration of visiting the web site.

(D) reverse proxy

A ____ does not serve clients, but instead routes incoming requests to the correct server.

(D) Vulnerability scan

A ____ examines the current security in a passive method.

(B) Vulnerability appraisal

A ____ in effect takes a snapshot of the current security of the organization.

(D) closed port

A ____ indicates that no process is listening at this port.

(A) proxy server

A ____ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.

logic bomb

A ____ is a computer program or part of a program that lies dormant until it is triggered by a specific logical event.

markup language

A ____ is a method for adding annotations to the text so that the additions can be distinguished form the text itself.

(B) router

A ____ is a network device that can forward packets across computer networks.

(A) honeynet

A ____ is a network set up with intentional vulnerabilities.

Trojan

A ____ is a program advertised as performing one activity but performing something else.

access list

A ____ is a record or list of individuals who have permission to enter a secured area, the time that they entered and the time that they left the area.

macro

A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or repeated series of tasks.

rootkit

A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms.

(D) hub

A ____ is a standard network device for connecting multiple ethernet devices together using twisted pair copper or fiber- optic cables in order for them to function as a single network segment.

(C) Roller barrier

A ____ is an independently rotating large cups affixed to the top of a fence to prevent the hands of intruders from gripping the top of a fence to climb over it.

(B) mantrap

A ____ is designed to separate a non secured area from a secured area.

keylogger

A ____ is either a small hardware device or a program that monitors each keystroke a user types on the computers keyboard.

(B) protocol analyzer

A ____ is hardware or software that captures packets to decode and analyze its contents.

(C) firewall

A ____ is hardware or software that is designed to prevent malicious packets from entering or leaving the computer.

(C) service pack

A ____ is software that is a cumulative package of all security updates.

(A) endpoint

A ____ is the end of the tunnel between VPN devices.

(A) open port

A ____ means that the application or service assigned to that port is listening for any instructions.

(B) baseline

A ____ outlines the major security considerations for a system and becomes the starting point for solid security.

(D) baseline

A ____ outlines the major security considerations for a system and becomes the starting point for solid security.

stealth

A ____ scan uses various techniques to avoid detection .

(A) white box

A ____ tester has an in-depth knowledge of the network being tested, including network diagrams, IP addresses, and even the source code of custom applications.

companion

A ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program.

program

A ____ virus infects program executable files.

boot

A ____ virus infects the master boot record of a hard disk drive

resident

A ____ virus is loaded into the Random Access Memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.

True

A basic level of security can be achieved through using the security features found in network hardware.

drive-by-download

A client-side attack that results in a user's computer becoming compromised just by viewing a web page and not even clicking on any content is known as a ____.

virus

A computer ___ is a malicious computer code that reproduces itself on the same computer.

True

A healthy security posture results from a sound and workable strategy toward managing risks.

trust

A macro takes advantage of the "____" relationship between the application and the software system.

threat agent

A person or thing that has power to carry out a threat.

computer spy

A person who has been hired to break into a computer and steal information.

worm

A program designed to take advantage of a vulnerability in an application or an operating system in order to enter a system.

(B) vulnerability

A security weakness is known as a ____.

HIDS

A software application that runs on a local host computer that can detect an attack when it occurs.

Vulnerability assessment

A systematic and methodical evaluation of the exposure of assets to attackers such as forces of nature, or any other entity that is potentially harmful.

vulnerability

A weakness that allows a threat agent to bypass security.

Easter egg

A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations or mouse clicks.

False

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies

Subnet addressing

Allows an ip address to be split anywhere within its 32 bits.

True

Although traditional network security devices can block traditional network attacks, they cannot always block web application attacks.

(B) spiked collar

An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing.

Vulnerability scan

An automated software search through a system for any known security weaknesses.

threat

An event or action that might defeat security measures in place and result in a loss.

vulnerability

An example of a ____ that information security must deal with is a software defect in an operating system that allows an unauthorized user to gain access to a computer without the user's knowledge or permission.

Manager

An information security ____ position focuses on the administration and management of plans, policies, and people.

80

Approximately ____ percent of households in the united states use the internet for managing their finances.

False

Approximately two out of three malicious web attacks have been developed using one of four popular attack toolkits.

False

Attack toolkits range in price from only $400 to as much as $8000.

True

Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.

data

Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that a competitor is eager to acquire.

False

Cipher locks are the same as combination padlocks.

Penetration testing

Designed to actually exploit any weaknesses in the system that are valuable.

(c) DLP agent

Each host (desktop, wireless laptop, smartphone, gateway server) runs a local application called a ____, which is sent over the network to the devices and runs as an OS service.

(A) system call

Each operation in a computing environment starts with a ____.

NAT

Each outgoing packet is given a different IP address.

PAT

Each packet is given the same IP address but a different TCP port.

Hardening

Eliminating as many security risks as possible and make the system more secure.

(D) signature

Examining network traffic, activity, transactions or behavior and looking for well known patterns is known as ____-based monitoring.

Zero day attack

Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.

/var/www

For a web server's Linux system, the default root directory is typically ____.

spyware

General term used to describe software that violates a user's personal security.

tags

HTML is a markup language that uses specific ____ embedded in brackets.

(D) RFID

ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags.

(D) 32

IP addresses are ____-bit addresses.

Risk assessment

Identify what damages could result form the threats.

Asset identification

Identify what needs to be protected.

threat evaluation

Identify what the pressures are against the company.

Risk mitigation

Identify what to do about threats.

True

If port 20 is available than an attacker can assume that ftp is being used.

(D) security template

In Microsoft Windows, a ---- is a collection of security configuration settings.

(A) heuristic detection

In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer.

False

In a general sense assurance may be defined as the necessary steps to protect a person or property from harm.

Security

In a general sense, ____ may be defined as the necessary steps to protect a person from property or harm.

False

In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested.

All of the above : (theft of information, a delay in transmitting information, loss of good will or reputation)

In information security a loss can be____.

Both a and b (A force of nature, a virus that attacks a computer network)

In information security, an example of a threat agent can be ____.

(C) DMZ

In order to allow untrusted outside users access to resources such as web servers, most networks employ a ____.

split infection

In the ____ technique, the virus is divided into several parts and placed at random positions throughout the host program, overwriting the original contents of the host.

(C) physical token

Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself.

cyberterriorism

Intended to cause panic, provoke violence, or result in a financial catastrophe.

content

Internet ____ filters monitor internet traffic and block access to pre-selected websites and files.

Transitive access attack

Involving using a third party to gain access rights.

False

Keyed entry locks are much more difficult to defeat than deadbolt locks.

passage locks

Latch a door closed but do not lock; typically used on hall and closet doors.

(A) network

Layer 3 of the OSI model is the ____layer.

(C) Session

Layer 5 of the OSI model is ____ layer.

False

Like a virus a worm needs the user to perform an action such as starting a program or opening an email attachment to start the infection.

Privacy locks

Lock the door but have access to unlock from the outside via a small hole.

Patio locks

Lock the door from the inside but cannot be unlocked from the outside.

malware

Malicious software, or ____ , silently infiltrate computers with the intent to do harm.

Standard keyed entry locks

Most common type of door lock for keeping out intruders, but its security is minimal

database

Most vulnerability scanners maintain a ____ that categorizes and describes the vulnerabilities that it can detect.

public

NAT replaces a private IP address with a ___ ip address.

switches

Networks are usually segmented by using ____ to divide the network into a hierarchy.

(C) 19

Passive tags have ranges from 1/3 inch to ____ feet>

Script Kiddies

Persons who want to break into computers and cause damage having no real computer skills.

Procedures

Plans and policies established by an organization to ensure that people correctly use the products.

Access rights

Privileges that are granted to users to access hardware and software resources.

True

Recent employment trends indicate that employees with security certifications are in high demand

Remote access

Refers to any combination of hardware and software that enables remote users to to access a local internal network.

(C) SATAN

Released in 1995, one of the first tools that was widely used for penetration testing was ____.

True

Removing a rootkit from an infected computer is extremely difficult.

(c) Fencing

Securing a restricted area by erecting a barrier is called ____.

True

Securing the host involves protecting the physical device itself, securing the operating system, using security based software applications, and monitoring logs.

True

Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate hosts into groups.

administrators

Security____ have both technical knowledge and managerial skills and analyze and design security solutions within a specific entity.

VLAN

Segmenting a network by separating devices into logical groups.

True

Software key loggers are programs that silently capture all keystrokes including passwords and sensitive information.

asset

Something that has value.

Directory transversal attack

Takes advantage of vulnerability in the web application, program, or the web server software so that a user can move from the root directory to other restricted directories.

cybercrime

Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.

Client-side attack

Targets vulnerabilities in client applications that interact with a compromised server or process malicious data.

True

The "omnipresence" of access from any computer with only an internet connection and a web browser has made applications an essential element of organizations today.

DNS poisioning

The Chinese government uses ____ to prevent internet content that it considers unfavorable from reaching its citizenry.

True

The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security.

False

The OSI model breaks down networking steps into a series of six layers.

(D) whatever' AND email IS NULL; --

The SQL injection statement ____ determines the names of different fields in a database.

(B) whatever' AND 1=(SELECT COUNT(*) FROM tabname); --

The SQL injection statement ____ discovers the name of a table.

(C) whatever' OR full_name LIKE '%MIA%'

The SQL injection statement ____ finds specific users.

(a) whatever' DROP TABLE members; --

The SQL injection statement____ that erases the database table.

Master Boot Record (MBR)

The ____ contains the program necessary for the computer to start up and a description of how the hard drive is organized.

root

The ____ directory is a specific directory on a web server's file system.

(D) Attack surface

The ____ for software is the code that can be executed by unauthorized users.

HTTP header

The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.

(A) SLE

The ____ is the expected monetary loss every time a risk occurs.

Gramm-Leach-Bliley

The ____Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.

Command Injection

The ability to move to another directory, could allow an unauthorized user to view confidential files or even enter commands.

(B) C:\Inetpub\wwwroot

The default root directory of the Microsoft Internet Information Services (IIS) web server is ____.

False

The demand for IT professionals who know how to secure networks is at an all time low.

(D) ../ traverses

The expression ____ up one directory level.

True

The first step in a vulnerability assessment is to determine the assets that need to be protected.

(D) Threat modeling

The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.

layers

The key to the OSI reference model is ____.

risk

The likelihood that a threat agent will exploit a vulnerability.

MPack

The most popular attack toolkit, which has almost half of the attacker toolkit market is ____.

Classroom locks

The outside can be locked or unlocked, and the inside lever is always unlocked.

storeroom locks

The outside is always locked, entry is by key only, and the inside lever is always unlocked.

security technician

The position of ____ is generally an entry level position.

ARPAnet

The predecessor of today's internet was a network called ____.

(A) proximity reader

The signal form an id badge is detected as the owner moves near a ____.

Love Bug

The single most expensive malicious attack was the 2000____, which cost an estimated $8.7 billion.

information security

The term ____ is frequently used to describe the tasks of securing information that is in digital format.

viruses and worms

The two types of malware that has the primary objective of spreading is___.

70

There are almost ____ different Microsoft Windows file extensions that could contain a virus.

exploit

To take advantage of a vulnerability.

HIPAA

Under____health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be paper or electronic.

virus

Unlike other malware, a ____ is heavily dependent on the user for its survival.

Keyed entry locks

Use a key to open the lock from the outside.

(C) Tailgate sensors

Use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated.

OSI model

Used to classify standard network devices based on their function.

root

Users who access a web server are usually restricted to the ___ directory.

Image spam

Uses graphical images of text in order to circumvent text based filters.

(A) CCTV

Using video cameras to transmit a signal to a specific and limited set of receivers is called ____.

replicating

Viruses and worms are said to be self-____.

False

Vulnerability scans are usually performed from outside the security perimeter.

True

Weakness in software can be more quickly uncovered and exploited with new software tools and techniques.

server-side

Web application attacks are considered ___ attacks.

spam

What is another name for unsolicited email messages?

$250,000

What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?

zone transfer

When DNS servers exchange information among themselves it is known as a ____.

DNS

When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as ____.

(C) port scanner

When performing a vulnerability assessment, many organizations use ____.

social engineering

When using a black box test, many testers use ____ tricks to learn about the network infrastructure from inside employees.

(B) code review

While the code for a program is being written, it is being analyzed by a ____.

(B) Private

____ IP addresses that are not assigned to any specific user or organization>

Cybercriminals

____ are a loose knit network of attackers, identity thieves, and financial fraudsters.

(B) Cipher locks

____ are combination locks that use buttons which must be pushed in the proper sequence to open the door.

Fake anti-virus

____ are responsible for half of all malware delivered by the web.

(a) Locking cabinets

____ can be pre-wired for electrical power as well as wired network connections.

Vulnerability scanners

____ for organizations are intended to identify vulnerabilities and alert network administrators to these probelms

Word splitting

____ involves horizontally separating words, although it is still readable by the human eye.

Identity theft

____ involves stealing another person's personal information such as a social security number, and then using the information to impersonate the victim, generally for financial gain.

(A) Baseline reporting

____ is a comparison of the present state of a system compared to its baseline.

SQL

____ is a language used to view and manipulate data that is stored in a relational database.

(B) Outsourcing

____ is a means by which an organization can transfer risk to a third party who can demonstrate a higher capability at managing or reducing risks.

Adware

____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

(D) DLP

____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.

(D) NAT

____ is a technique that allows private IP addresses to be used on the public internet.

(B) Load balancing

____ is a technology that can help to evenly distribute work across a network.

Session hijacking

____ is an attack in which an attacker attempts to impersonate the user.

Gif Layering

____ is an image spam that is divided into multiple images.

HTML

____ is designed to display data, with the primary focus on how the data looks.

(C) ARO

____ is the probability that a risk will occur in a particular year.

(C) EF

____ is the proportion of an asset's value that is likely to be destroyed by a particular risk.

XML

____ is the transport of data, with the focus on what the data is.

(A) PAT

____ is typically used on home routers that allow multiple users to share one IP address received from an internet service provider (ISP).

Social engineering

____ is when an attacker tricks users into giving out information or performing a compromising action.

(C) Stateful packet filtering

____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.

Cipher

____ locks keep a record of when the door was opened and by which code.

anti-climb

____ paint is a non-toxic petroleum gel-based paint that is thickly applied and does not harden, making any coated surface very difficult to climb.

(B) remote access

____ provides remote users with the same access and functionality as local users through a VPN or dial-up connection.

Accounting

____ provides tracking of events.

physical

____ security involves restricting access to the areas in which equipment is located.

Hardware

____ security is the physical security that specifically involves protecting the hardware of the host system, particularly laptops , netbooks, and tablet computers that can easily be stolen.

DNS poisioning

____ substitutes DNS addresses so that the computer is automatically redirected to another device.

(A) workgroup

____ switches are connected directly to the devices on a network.

Geometric variance

____ uses "speckling" and different colors so that no two spam e-mails appear to be the same.

telecommuters

____ work occasionally or regularly from a home office.

Confidentiality

_____ insures that only authorized parties can view information.

(B) Content inspection

_____ is defined as security analysis of the transaction within its approved context.

Information Security

_____is focused on protecting the valuable electronic information of organizations and users.

Integrity

____ensures that information is correct and that no unauthorized person or malicious software has altered the data.

Authentication

____ensures that the individual is who they claim to be (the authentic or genuine person) and not an impostor.

companion virus

adds a program to the operating system that is a malicious copycat version to a legitimate program.

hoax

false warning, often contained in an e-mail message claiming to come from the IT department.

malware

general term that refers to a wide variety of damaging or annoying software programs.

rootkit

hides or removes traces of log-in records, log entries and related processes.

macro virus

series of instructions that can be grouped together as a single command.


Ensembles d'études connexes

Chapter 9: Arguments of Definition

View Set