Security + prep for Midterm

An infected ''robot'' computer is known as a ____. a. Trojan horse b. beachheaad c. zombie d. bottle

c. zombie

____ represent a specific way of implementing ActiveX and are sometimes called ActiveX applications. a. ActiveX controls b. ActiveX plug-ins c. ActiveX programs d. ActiveX applets

a. ActiveX controls

An unlocked door is an example of a(n) ____. a. threat b. risk c. vulnerability d. exploit

c. vulnerability

Layer 3 of the OSI model is the ____ layer. a. Network b. Data Link c. Session d. Presentation

a Network

Credit score reports cost about ____. a. $10 b. $15 c. $20 d. $25

a. $10

It is estimated that over 100 trillion e-mails are sent annually, increasing at a rate of ____ percent each year. a. 10 b. 20 c. 17 d. 15

a. 10

The average phishing site only exists for ____ days to prevent law enforcement agencies from tracking the attackers. a. 3.8 b. 4.3 c. 1.7 d. 2.1

a. 3.8

There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules. a. access control lists b. application control lists c. authenticity control lists d. assessment control lists

a. Access control lists

There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules. a. application control lists b. authenticity control lists c. assessment control lists d. access control list

a. Access control lists

____ attacks are responsible for half of all malware delivered by Web advertising. a. "Canadian Pharmacy" b. Fake antivirus c. Melissa d. Slammer

b. Fake antivirus

In information security, a loss can be ____. a. all of the above b. the loss of good will or a reputation c. a delay in transmitting information that results in a financial penalty d. theft of information

a. All of the above

____ attacks are often the means by which an attacker will perform an arbitrary code execution. a. Buffer overflow b. Block overflow c. Heap overflow d. Stack overflow

a. Buffer overflow

____ attacks are often the means by which an attacker will perform an arbitrary code execution. a. Buffer overflow b. Heap overflow c. Block overflow d. Stack overflow

a. Buffer overflow

In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. a. Cloud Software as a Service b. Cloud Application as a Service c. Cloud System as a Service d. Cloud Infrastructure as a Service

a. Cloud Software as a Service

Which cable is all but obsolete in data communications with the exception of its use in the cable television infrastructure to support cable modem-based high-speed Internet access for residences? a. Coaxial b. Fiber-optic c. UTP d. STP

a. Coaxial

In the last year, over 600,000 Apple Macs were infected with a malicious software called ____. a. Flashback b. Melissa c. Morris d. Slapper

a. Flashback

____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. a. GLBA b. COPPA c. Sarbox d. HIPAA

a. GLBA

____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. a. GLBA b. Sarbox c. COPPA d. HIPAA

a. GLBA

____ allows Web authors to combine text, graphic images, audio, video, and hyperlinks into a single document. a. HTML b. IPL c. XSLT d. SGML

a. HTML

____ ensures that information is correct and that no unauthorized person or malicious software has altered that data. a. Integrity b. Identity c. Availability d. Confidentiality

a. Integrity

____ is a scripting language that does not create standalone applications. a. JavaScript b. C# c. WebScript d. Java

a. JavaScript

Which e-mail attack occurs when an attacker routes large quantities of e-mail to the target system? a. Mail bomb b. Timing attack c. Spam d. Buffer overflow

a. Mail bomb

Which individual is considered to be a script kiddie who uses automated tools to inundate a Web site with a barrage of network traffic, usually resulting in a denial of service? a. Packet monkey b. Hacktivist c. Cyberterrorist d. Phreaker

a. Packet monkey

___ may reveal the true level of security within the organization. a. Policy manuals b. Organizational charts c. System manuals d. Phone directories

a. Policy manuals

____ means an attacker who pretends to be from a legitimate research firm asks for personal information. a. Pretexting b. Dumpster diving c. Phishing d. Stealing

a. Pretexting

Which attack is used when a copy of the hash of the user's password has been obtained? a. Rainbow attack b. Dictionary attack c. Spoofing d. Brute force attack

a. Rainbow attack

____ is software that displays a fictitious warning to the user in the attempt to "scare" the user into an action, such as purchasing additional software online to fix a problem that in fact does not exist. a. Scareware b. Adware c. Spyware d. Trojan

a. Scareware

____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions. a. Stateful packet filtering b. Stateless packet filtering c. Stateful frame filtering d. Stateless frame filtering

a. Stateful packet filtering

A(n) ____ is a person or element that has the power to carry out a threat. a. threat agent b. attack agent c. vulnerability d. risk

a. Threat agent

A computer ____ is a program advertised as performing one activity but actually does something else. a. Trojan b. rootkit c. virus d. worm

a. Trojan

Which protocol is typically used for applications such as streaming media? a. UDP b. TCP c. SMTP d. SCTP

a. UDP

Which protocol is typically used for applications such as streaming media? Correct Answer a. UDP b. TCP c. SCTP d. SMTP

a. UDP

A ____ allows scattered users to be logically grouped together even though they may be attached to different switches. a. VLAN b. DMZ c. subnet d. broadcast domain

a. VLAN

A(n) ____ encrypts all data that is transmitted between the remote device and the network. a. VPN b. endpoint c. router d. IKE tunnel

a. VPN

The two types of malware that have the primary objective of infecting a computer system are ____. a. viruses and worms b. worms and spyware c. Trojans and adware d. viruses and Trojans

a. Viruses and worms

Which term refers to unwanted noise from a signal coming across the media at multiple frequencies? a. White noise b. Impulse noise c. Impulse noise d. Crosstalk

a. White noise

The ____ is composed of Internet server computers on networks that provide online information in a specific format. a. World Wide Web b. Internet Web c. World Web d. Global Web

a. World Wide Web

There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules. a. access control lists b. application control lists c. authenticity control lists d. assessment control lists

a. access control lists

In information security, a loss can be ____. a. all of the above b. a delay in transmitting information that results in a financial penalty c. theft of information d. the loss of good will or a reputation

a. all of the above

In information security, an example of a threat agent can be ____. a. both a and b b. a virus that attacks a computer network c. a force of nature such as a tornado that could destroy computer equipment d. an unsecured computer network

a. both a and b

SNMP agents are protected with a password known as a(n) ____ in order to prevent unauthorized users from taking control over a device. a. community string b. entity c. OID d. MIB

a. community string

Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____. a. cybercrime b. phishing c. spam d. cyberterrorism

a. cybercrime

A(n) ____ is the end of the tunnel between VPN devices. a. endpoint b. proxy c. server d. client

a. endpoint

A ____ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack. a. flood guard b. frame guard c. link guard d. protocol guard

a. flood guard

The best approach to establishing strong security with passwords is to use a ____. a. password management tool b. password fault program c. password generation program d. password vault program

a. password management tool

A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms. a. rootkit b. hacking kit c. virus d. worm

a. rootkit

A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms. a. rootkit b. virus c. worm d. hacking kit

a. rootkit

A ____ is a network device that can forward packets across computer networks. a. router b. firewall c. bridge d. switch

a. router

A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts. a. 12 to 15 b. 10 to 14 c. 14 to 16 d. 13 to 14

b. 10 to 14

The standard for wireless networks falls under IEEE ____. a. 802.21 b. 802.11 c. 802.5 d. 802.3

b. 802.11

____ is a technology that can associate a user's identity to a public key, in which the user's public key has been "digitally signed" by a trusted third party. a. Private key cryptography b. A digital certificate c. Public key cryptography d. Asymmetric cryptography

b. A digital certificate

Which term refers to the loss of signal strength as the signal moves across media? a. Jitter b. Attenuation c. Distortion d. Impulse noise

b. Attenuation

In the ____ cloud computing model, the customer has the highest level of control. a. Cloud System as a Service b. Cloud Infrastructure as a Service c. Cloud Application as a Service d. Cloud Software as a Service

b. Cloud Infrastructure as Service

____ is a pay-per-use computing model in which customers pay only for the computing resources they need. a. Cloud Software as a Service b. Cloud computing c. Infrastructure as a Service d. Virtualization

b. Cloud computing

Which protocol is considered to be a dominant protocol for local area networking? a. PPP b. Ethernet c. FDDI d. Token ring

b. Ethernet

Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency? a. Cyberterrorist b. Hacktivist c. Packet monkey d. Phreaker

b. Hacktivist

____ provides a greater degree of security by implementing port-based authentication. a. IEEE 802.3ad b. IEEE 802.1x c. IEEE 802.11n d. IEEE 802.1z

b. IEEE 802.1X

____ uses graphical images of text in order to circumvent text-based filters. a. PDF spam b. Image spam c. Flash spam d. Java spam

b. Image spam

____ is a complete programming language that can be used to create stand-alone applications. a. JavaScript b. Java c Shell script d. WScript

b. Java

____ is a scripting language that does not create standalone applications. a. C# b. JavaScript c. WebScript d. Java

b. JavaScript

Which protocol is used for modifying and querying directory services? a. SMB b. LDAP c. IRC d. RDP

b. LDAP

Which term identifies a single instance of an information asset suffering damage, unintended or unauthorized modification, or disclosure? a. Vulnerability b. Loss c. Exposure d. Exploit

b. Loss

Which network typically covers a region the size of a municipality, county, or district? a. Wide area network b. Metropolitan area network c. Local area network d. Campus area network

b. Metropolitan area network

Layer 3 of the OSI model is the ____ layer. a. Presentation b. Network c. Session d. Data Link

b. Network

____ IP addresses are IP addresses that are not assigned to any specific user or organization. a. Public b. Private c. Public domain d. Private domain

b. Private

On the server site, what is the de facto standard for transfer-ring e-mail between post office servers across the Internet? a. IMAP b. SMTP c. POP d. S-MIME

b. SMTP

Layer 5 of the OSI model is the ____ layer. a. Presentation b. Session c. Network d. Data Link

b. Session

AV software on a computer must have its ____ files regularly updated by downloads from the Internet. a. control b. signature c. behavior d. program

b. Signature

____ look for specific words and block e-mail messages containing those words. a. Ad filters b. Spam filters c. Network filters d. Virus filters

b. Spamfilters

A computer ____ is a person who has been hired to break into a computer and steal information. a. hacker b. spy c. mole d. worm

b. Spy

On average it takes ____ days for a victim to recover from an attack. a. five b. ten c. eight d. three

b. Ten

____ is a means of managing and presenting computer resources by function without regard to their physical layout or location. a. Availability b. Virtualization c. Portability d. Migration assistance

b. Virtualization

____ is a means of managing and presenting computer resources by function without regard to their physical layout or location. a. Portability b. Virtualization c. Migration assistance d. Availability

b. Virtualization

Spyware usually performs one of the following functions on a user's computer: ____, collecting personal information, or changing computer configurations. a. keylogging b. advertising c. capturing screens d. deleting files

b. advertising

The CIA triad is based on three characteristics of information that form the foundation for many security programs: ____. a. confidentiality, integrity, and asset b. confidentiality, integrity, and availability c. confidentiality, information, and availability d. communication, information, and asset

b. confidentiality, integrity, and availability

The FBI defines ____ as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents." a. information warfare b. cyberterrorism c. cyberware d. eTerrorism

b. cycberterrorism

A ____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file. a. hash b. dictionary c. brute force d. man in the middle

b. dictionary

In the past, the term ____ was commonly used to refer to a person who uses advanced computer skills to attack computers. a. white-hat b. hacker c. slacker d. black-hat

b. hacker

A ____ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment. a. router b. hub c. switch d. firewall

b. hub

Most Internet transmissions are based on ____. a. destination numbers b. port numbers c. section numbers d. block numbers

b. port number

In ____ polling, the central control unit, usually a server, polls each client to determine if it has traffic to transmit. a. call-ahead b. roll-call c. roll ahead d. go-ahead

b. roll-call

A ____ forwards packets across computer networks. a. bridge b. router c. hub d. switch

b. router

A botnet consisting of thousands of zombies enables an attacker to send massive amounts of spam. Some botnets can also harvest e-mail addresses. This is known as ____. a. denying services b. spamming c. spreading malware d. manipulating online polls

b. spamming

A botnet consisting of thousands of zombies enables an attacker to send massive amounts of spam. Some botnets can also harvest e-mail addresses. This is known as ____. a. manipulating online polls b. spamming c. spreading malware d. denying services

b. spamming

It is estimated that over 100 trillion e-mails are sent annually, increasing at a rate of ____ percent each year. a. 15 b. 20 c. 10 d. 17

c. 10

TCP port ____ is the FTP control port used for passing FTP commands. a. 22 b. 19 c. 21 d. 20

c. 21

____ ensures that data is accessible when needed to authorized users. a. Confidentiality b. Non-repudiation c. Availability d. Integrity

c. Availability

____ ensures that data is accessible when needed to authorized users. a. Non-repudiation b. Integrity c. Availability d. Confidentiality

c. Availability

In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. a. Cloud Infrastructure as a Service b. Cloud System as a Service c. Cloud Software as a Service d. Cloud Application as a Service

c. Cloud Software as a Service

In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. a. Cloud System as a Service b. Cloud Infrastructure as a Service c. Cloud Software as a Service d. Cloud Application as a Service

c. Cloud Software as a Service

____ ensures that only authorized parties can view information. a. Security b. Availability c. Confidentiality d. Integrity

c. Confidentiality

The ____ of 2003 contains rules regarding consumer privacy. a. Fair Credit Reporting Act b. Credit and Transactions Act c. Fair and Accurate Credit Transactions Act d. Accurate Transactions Act

c. Fair and Accur ate Credit Transactions Act

The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. a. California Database Security Breach b. USA Patriot c. Gramm-Leach-Bliley d. Sarbanes-Oxley

c. Gramm-Leach-Bliley

Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format. a. HCPA b. HLPDA c. HIPAA d. USHIPA

c. HIPAA

____ is used to relay query messages. a. FTP b. TCP c. ICMP d. UDP

c. ICMP(Internet Control Message Protocol)

____ is a complete programming language that can be used to create stand-alone applications. a. WScript b. Shell script c. Java d. JavaScript

c. Java

____ is a scripting language that does not create standalone applications. a. C# b. WebScript c. JavaScript d. Java

c. JavaScript

The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion. a. Code Red b. Nimda c. Love Bug d. Slammer

c. Love bug

Which e-mail attack occurs when an attacker routes large quantities of e-mail to the target system? a. Spam b. Timing attack c. Mail bomb d. Buffer overflow

c. Mail bomb

____ is a technique that allows private IP addresses to be used on the public Internet. a. NAPT b. PAT c. NAT d. PNAT

c. NAT

Unsigned Java applets run in a security ____, which is like a fence that surrounds the program and keeps it away from private data and other resources on a local computer. a. DMZ b. firewall c. sandbox d. retaining wall

c. Sandbox

The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ____. a. affiliation sites b. affiliate network sites c. social networking sites d. social marketing sites

c. Social Networking Sites

____ look for specific words and block e-mail messages containing those words. a. Virus filters b. Ad filters c. Spam filters d. Network filters

c. Spam filters

____ infection injects portions of the code throughout the program's executable code instead of only at the end of the file (any overwritten original code is transferred and stored inside the virus code for proper execution of the host program after the infection). a. Polymorphic b. Appender c. Swiss cheese d. Replace

c. Swiss Cheese

A computer ____ is a program advertised as performing one activity but actually does something else. a. worm b. rootkit c. Trojan d. virus

c. Trojan

Which type of multiplexing is found exclusively in fiber-optic communications? a. Phase division multiplexing b. Frequency division multiplexing c. Wave division multiplexing d. Time division multiplexing

c. Wave division multiplexing

In information security, an example of a threat agent can be ____. a. a virus that attacks a computer network b. a force of nature such as a tornado that could destroy computer equipment c. both a and b d. an unsecured computer network

c. both a and b

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as ____. a. hackers b. spies c. cyberterrorists d. hacktivists

c. cyberterrorists

Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire. a. record b. plan c. data d. identity

c. data

A ____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file. a. man in the middle b. brute force c. dictionary d. hash

c. dictionary

The best approach to establishing strong security with passwords is to use a ____. a. password generation program b. password vault program c. password management tool d. password fault program

c. password management tool

The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ____. a. affiliation sites b. affiliate network sites c. social networking sites d. social marketing sites

c. social networking sites

What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it? a. $100,000 b. $1,000,000 c. $500,000 d. $250,000

d. $250,000

What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it? a. $500,000 b. $100,000 c. $1,000,000 d. $250,000

d. $250,000

____ are a loose-knit network of attackers, identity thieves, and financial fraudsters. a. Hackers b. Computer spies c. Cyberterrorists d. Cybercriminals

d. Cybercriminals

Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency? a. Cyberterrorist b. Packet monkey c. Phreaker d. Hacktivist

d. Hacktivist

____ involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain. a. Scam b. Cyberterrorism c. Phishing d. Identity theft

d. Identity theft

____ uses graphical images of text in order to circumvent text-based filters. a. PDF spam b. Java spam c. Flash spam d. Image spam

d. Image spam

____ ensures that information is correct and that no unauthorized person or malicious software has altered that data. a. Confidentiality b. Identity c. Availability d. Integrity

d. Integrity

____ is a technology that can help to evenly distribute work across a network. a. Stateful packet filtering b. DNS caching c. DNS poisoning d. Load balancing

d. Load balancing

An information security ____ position focuses on the administration and management of plans, policies, and people. a. inspector b. engineer c. auditor d. manager

d. Manager

Layer 3 of the OSI model is the ____ layer. a. Presentation b. Session c. Data Link d. Network

d. Network

IP is the protocol that functions primarily at the Open Systems Interconnection (OSI) ____. a. Data link Layer b. Transport Layer c. Presentation Layer d. Network Layer

d. Network Layer

____ may reveal the true level of security within the organization. a. System manuals b. Phone directories c. Organizational charts d. Policy manuals

d. Policy manuals

When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable. a. Comprehension (understanding) b. Dissemination (distribution) c. Compliance (agreement) d. Review (reading)

d. Review (reading)

A(n) ____ can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site. a. firewall b. security proxy c. application gateway d. Web security gateway

d. Web sec

___ switches are connected directly to the devices on a network. a. Intermediate b. Distribution c. Core d. Workgroup

d. Workgroup

A ____ self-replicates between computers (from one computer to another). a. rootkit b. virus c. Trojan d. worm

d. Worm

One of the best defenses against attacks is to create ____ on a regular basis. a. recovery disks b. system documentation c. restore disks d. data backups

d. data backups

A ____ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack. a. frame guard b. link guard c. protocol guard d. flood guard

d. flood guard

Broadcast storms can be prevented with ____. a. spanning tree b. Dijkstra's algorithm c. 802.11x d. loop protection

d. loop protection

Which term identifies a single instance of an information asset suffering damage, unintended or unauthorized modification, or disclosure? a. Vulnerability b. Exposure c. Exploit d. Loss

d. loss

A security ____ is a general software security update intended to cover vulnerabilities that have been discovered since the program was released. a. repair b. hole c. control d. patch

d. patch

Information (contained on the devices) is protected by three layers: products, ____, and policies and procedures. a. systems b. tools c. applications d. people

d. people

Information (contained on the devices) is protected by three layers: products, ____, and policies and procedures. a. tools b. applications c. systems d. people

d. people

Instead of asking the user to visit a fraudulent Web site, ____ automatically redirects the user to the fake site. a. spear phishing b. vishing c. whaling d. pharming

d. pharming

Instead of asking the user to visit a fraudulent Web site, ____ automatically redirects the user to the fake site. a. spear phishing b. vishing c. whaling d.pharming

d. pharming

Most e-mail clients contain a ____ that allows the user to read an e-mail message without actually opening it. a. safety pane b. sandbox pane c. preview pane d. reading pane

d. reading pane

A ____ forwards packets across computer networks. a. bridge b. switch c. hub d. router

d. router

Unsigned Java applets run in a security ____, which is like a fence that surrounds the program and keeps it away from private data and other resources on a local computer. a. firewall b. retaining wall c. DMZ d. sandbox

d. sandbox

ActiveX controls can be invoked from Web pages through the use of a ____ or directly by an HTML command. a. fourth-generation language b. modern language c. compiled language d. scripting language

d. scripting language

What is another name for unsolicited e-mail messages? a. spawn b. scam c. trash d. spam

d. spam

On average it takes ____ days for a victim to recover from an attack. a. three b. eight c. five d. ten

d. ten

A(n) ____ is a type of action that has the potential to cause harm. a. threat agent b. vulnerability c. asset d. threat

d. threat

An unlocked door is an example of a(n) ____. a. exploit b. risk c. threat d. vulnerability

d. vulnerability