Security + prep for Midterm
An infected ''robot'' computer is known as a ____. a. Trojan horse b. beachheaad c. zombie d. bottle
c. zombie
____ represent a specific way of implementing ActiveX and are sometimes called ActiveX applications. a. ActiveX controls b. ActiveX plug-ins c. ActiveX programs d. ActiveX applets
a. ActiveX controls
An unlocked door is an example of a(n) ____. a. threat b. risk c. vulnerability d. exploit
c. vulnerability
Layer 3 of the OSI model is the ____ layer. a. Network b. Data Link c. Session d. Presentation
a Network
Credit score reports cost about ____. a. $10 b. $15 c. $20 d. $25
a. $10
It is estimated that over 100 trillion e-mails are sent annually, increasing at a rate of ____ percent each year. a. 10 b. 20 c. 17 d. 15
a. 10
The average phishing site only exists for ____ days to prevent law enforcement agencies from tracking the attackers. a. 3.8 b. 4.3 c. 1.7 d. 2.1
a. 3.8
There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules. a. access control lists b. application control lists c. authenticity control lists d. assessment control lists
a. Access control lists
There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules. a. application control lists b. authenticity control lists c. assessment control lists d. access control list
a. Access control lists
____ attacks are responsible for half of all malware delivered by Web advertising. a. "Canadian Pharmacy" b. Fake antivirus c. Melissa d. Slammer
b. Fake antivirus
In information security, a loss can be ____. a. all of the above b. the loss of good will or a reputation c. a delay in transmitting information that results in a financial penalty d. theft of information
a. All of the above
____ attacks are often the means by which an attacker will perform an arbitrary code execution. a. Buffer overflow b. Block overflow c. Heap overflow d. Stack overflow
a. Buffer overflow
____ attacks are often the means by which an attacker will perform an arbitrary code execution. a. Buffer overflow b. Heap overflow c. Block overflow d. Stack overflow
a. Buffer overflow
In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. a. Cloud Software as a Service b. Cloud Application as a Service c. Cloud System as a Service d. Cloud Infrastructure as a Service
a. Cloud Software as a Service
Which cable is all but obsolete in data communications with the exception of its use in the cable television infrastructure to support cable modem-based high-speed Internet access for residences? a. Coaxial b. Fiber-optic c. UTP d. STP
a. Coaxial
In the last year, over 600,000 Apple Macs were infected with a malicious software called ____. a. Flashback b. Melissa c. Morris d. Slapper
a. Flashback
____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. a. GLBA b. COPPA c. Sarbox d. HIPAA
a. GLBA
____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. a. GLBA b. Sarbox c. COPPA d. HIPAA
a. GLBA
____ allows Web authors to combine text, graphic images, audio, video, and hyperlinks into a single document. a. HTML b. IPL c. XSLT d. SGML
a. HTML
____ ensures that information is correct and that no unauthorized person or malicious software has altered that data. a. Integrity b. Identity c. Availability d. Confidentiality
a. Integrity
____ is a scripting language that does not create standalone applications. a. JavaScript b. C# c. WebScript d. Java
a. JavaScript
Which e-mail attack occurs when an attacker routes large quantities of e-mail to the target system? a. Mail bomb b. Timing attack c. Spam d. Buffer overflow
a. Mail bomb
Which individual is considered to be a script kiddie who uses automated tools to inundate a Web site with a barrage of network traffic, usually resulting in a denial of service? a. Packet monkey b. Hacktivist c. Cyberterrorist d. Phreaker
a. Packet monkey
___ may reveal the true level of security within the organization. a. Policy manuals b. Organizational charts c. System manuals d. Phone directories
a. Policy manuals
____ means an attacker who pretends to be from a legitimate research firm asks for personal information. a. Pretexting b. Dumpster diving c. Phishing d. Stealing
a. Pretexting
Which attack is used when a copy of the hash of the user's password has been obtained? a. Rainbow attack b. Dictionary attack c. Spoofing d. Brute force attack
a. Rainbow attack
____ is software that displays a fictitious warning to the user in the attempt to "scare" the user into an action, such as purchasing additional software online to fix a problem that in fact does not exist. a. Scareware b. Adware c. Spyware d. Trojan
a. Scareware
____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions. a. Stateful packet filtering b. Stateless packet filtering c. Stateful frame filtering d. Stateless frame filtering
a. Stateful packet filtering
A(n) ____ is a person or element that has the power to carry out a threat. a. threat agent b. attack agent c. vulnerability d. risk
a. Threat agent
A computer ____ is a program advertised as performing one activity but actually does something else. a. Trojan b. rootkit c. virus d. worm
a. Trojan
Which protocol is typically used for applications such as streaming media? a. UDP b. TCP c. SMTP d. SCTP
a. UDP
Which protocol is typically used for applications such as streaming media? Correct Answer a. UDP b. TCP c. SCTP d. SMTP
a. UDP
A ____ allows scattered users to be logically grouped together even though they may be attached to different switches. a. VLAN b. DMZ c. subnet d. broadcast domain
a. VLAN
A(n) ____ encrypts all data that is transmitted between the remote device and the network. a. VPN b. endpoint c. router d. IKE tunnel
a. VPN
The two types of malware that have the primary objective of infecting a computer system are ____. a. viruses and worms b. worms and spyware c. Trojans and adware d. viruses and Trojans
a. Viruses and worms
Which term refers to unwanted noise from a signal coming across the media at multiple frequencies? a. White noise b. Impulse noise c. Impulse noise d. Crosstalk
a. White noise
The ____ is composed of Internet server computers on networks that provide online information in a specific format. a. World Wide Web b. Internet Web c. World Web d. Global Web
a. World Wide Web
There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules. a. access control lists b. application control lists c. authenticity control lists d. assessment control lists
a. access control lists
In information security, a loss can be ____. a. all of the above b. a delay in transmitting information that results in a financial penalty c. theft of information d. the loss of good will or a reputation
a. all of the above
In information security, an example of a threat agent can be ____. a. both a and b b. a virus that attacks a computer network c. a force of nature such as a tornado that could destroy computer equipment d. an unsecured computer network
a. both a and b
SNMP agents are protected with a password known as a(n) ____ in order to prevent unauthorized users from taking control over a device. a. community string b. entity c. OID d. MIB
a. community string
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____. a. cybercrime b. phishing c. spam d. cyberterrorism
a. cybercrime
A(n) ____ is the end of the tunnel between VPN devices. a. endpoint b. proxy c. server d. client
a. endpoint
A ____ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack. a. flood guard b. frame guard c. link guard d. protocol guard
a. flood guard
The best approach to establishing strong security with passwords is to use a ____. a. password management tool b. password fault program c. password generation program d. password vault program
a. password management tool
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms. a. rootkit b. hacking kit c. virus d. worm
a. rootkit
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms. a. rootkit b. virus c. worm d. hacking kit
a. rootkit
A ____ is a network device that can forward packets across computer networks. a. router b. firewall c. bridge d. switch
a. router
A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts. a. 12 to 15 b. 10 to 14 c. 14 to 16 d. 13 to 14
b. 10 to 14
The standard for wireless networks falls under IEEE ____. a. 802.21 b. 802.11 c. 802.5 d. 802.3
b. 802.11
____ is a technology that can associate a user's identity to a public key, in which the user's public key has been "digitally signed" by a trusted third party. a. Private key cryptography b. A digital certificate c. Public key cryptography d. Asymmetric cryptography
b. A digital certificate
Which term refers to the loss of signal strength as the signal moves across media? a. Jitter b. Attenuation c. Distortion d. Impulse noise
b. Attenuation
In the ____ cloud computing model, the customer has the highest level of control. a. Cloud System as a Service b. Cloud Infrastructure as a Service c. Cloud Application as a Service d. Cloud Software as a Service
b. Cloud Infrastructure as Service
____ is a pay-per-use computing model in which customers pay only for the computing resources they need. a. Cloud Software as a Service b. Cloud computing c. Infrastructure as a Service d. Virtualization
b. Cloud computing
Which protocol is considered to be a dominant protocol for local area networking? a. PPP b. Ethernet c. FDDI d. Token ring
b. Ethernet
Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency? a. Cyberterrorist b. Hacktivist c. Packet monkey d. Phreaker
b. Hacktivist
____ provides a greater degree of security by implementing port-based authentication. a. IEEE 802.3ad b. IEEE 802.1x c. IEEE 802.11n d. IEEE 802.1z
b. IEEE 802.1X
____ uses graphical images of text in order to circumvent text-based filters. a. PDF spam b. Image spam c. Flash spam d. Java spam
b. Image spam
____ is a complete programming language that can be used to create stand-alone applications. a. JavaScript b. Java c Shell script d. WScript
b. Java
____ is a scripting language that does not create standalone applications. a. C# b. JavaScript c. WebScript d. Java
b. JavaScript
Which protocol is used for modifying and querying directory services? a. SMB b. LDAP c. IRC d. RDP
b. LDAP
Which term identifies a single instance of an information asset suffering damage, unintended or unauthorized modification, or disclosure? a. Vulnerability b. Loss c. Exposure d. Exploit
b. Loss
Which network typically covers a region the size of a municipality, county, or district? a. Wide area network b. Metropolitan area network c. Local area network d. Campus area network
b. Metropolitan area network
Layer 3 of the OSI model is the ____ layer. a. Presentation b. Network c. Session d. Data Link
b. Network
____ IP addresses are IP addresses that are not assigned to any specific user or organization. a. Public b. Private c. Public domain d. Private domain
b. Private
On the server site, what is the de facto standard for transfer-ring e-mail between post office servers across the Internet? a. IMAP b. SMTP c. POP d. S-MIME
b. SMTP
Layer 5 of the OSI model is the ____ layer. a. Presentation b. Session c. Network d. Data Link
b. Session
AV software on a computer must have its ____ files regularly updated by downloads from the Internet. a. control b. signature c. behavior d. program
b. Signature
____ look for specific words and block e-mail messages containing those words. a. Ad filters b. Spam filters c. Network filters d. Virus filters
b. Spamfilters
A computer ____ is a person who has been hired to break into a computer and steal information. a. hacker b. spy c. mole d. worm
b. Spy
On average it takes ____ days for a victim to recover from an attack. a. five b. ten c. eight d. three
b. Ten
____ is a means of managing and presenting computer resources by function without regard to their physical layout or location. a. Availability b. Virtualization c. Portability d. Migration assistance
b. Virtualization
____ is a means of managing and presenting computer resources by function without regard to their physical layout or location. a. Portability b. Virtualization c. Migration assistance d. Availability
b. Virtualization
Spyware usually performs one of the following functions on a user's computer: ____, collecting personal information, or changing computer configurations. a. keylogging b. advertising c. capturing screens d. deleting files
b. advertising
The CIA triad is based on three characteristics of information that form the foundation for many security programs: ____. a. confidentiality, integrity, and asset b. confidentiality, integrity, and availability c. confidentiality, information, and availability d. communication, information, and asset
b. confidentiality, integrity, and availability
The FBI defines ____ as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents." a. information warfare b. cyberterrorism c. cyberware d. eTerrorism
b. cycberterrorism
A ____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file. a. hash b. dictionary c. brute force d. man in the middle
b. dictionary
In the past, the term ____ was commonly used to refer to a person who uses advanced computer skills to attack computers. a. white-hat b. hacker c. slacker d. black-hat
b. hacker
A ____ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment. a. router b. hub c. switch d. firewall
b. hub
Most Internet transmissions are based on ____. a. destination numbers b. port numbers c. section numbers d. block numbers
b. port number
In ____ polling, the central control unit, usually a server, polls each client to determine if it has traffic to transmit. a. call-ahead b. roll-call c. roll ahead d. go-ahead
b. roll-call
A ____ forwards packets across computer networks. a. bridge b. router c. hub d. switch
b. router
A botnet consisting of thousands of zombies enables an attacker to send massive amounts of spam. Some botnets can also harvest e-mail addresses. This is known as ____. a. denying services b. spamming c. spreading malware d. manipulating online polls
b. spamming
A botnet consisting of thousands of zombies enables an attacker to send massive amounts of spam. Some botnets can also harvest e-mail addresses. This is known as ____. a. manipulating online polls b. spamming c. spreading malware d. denying services
b. spamming
It is estimated that over 100 trillion e-mails are sent annually, increasing at a rate of ____ percent each year. a. 15 b. 20 c. 10 d. 17
c. 10
TCP port ____ is the FTP control port used for passing FTP commands. a. 22 b. 19 c. 21 d. 20
c. 21
____ ensures that data is accessible when needed to authorized users. a. Confidentiality b. Non-repudiation c. Availability d. Integrity
c. Availability
____ ensures that data is accessible when needed to authorized users. a. Non-repudiation b. Integrity c. Availability d. Confidentiality
c. Availability
In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. a. Cloud Infrastructure as a Service b. Cloud System as a Service c. Cloud Software as a Service d. Cloud Application as a Service
c. Cloud Software as a Service
In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. a. Cloud System as a Service b. Cloud Infrastructure as a Service c. Cloud Software as a Service d. Cloud Application as a Service
c. Cloud Software as a Service
____ ensures that only authorized parties can view information. a. Security b. Availability c. Confidentiality d. Integrity
c. Confidentiality
The ____ of 2003 contains rules regarding consumer privacy. a. Fair Credit Reporting Act b. Credit and Transactions Act c. Fair and Accurate Credit Transactions Act d. Accurate Transactions Act
c. Fair and Accur ate Credit Transactions Act
The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. a. California Database Security Breach b. USA Patriot c. Gramm-Leach-Bliley d. Sarbanes-Oxley
c. Gramm-Leach-Bliley
Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format. a. HCPA b. HLPDA c. HIPAA d. USHIPA
c. HIPAA
____ is used to relay query messages. a. FTP b. TCP c. ICMP d. UDP
c. ICMP(Internet Control Message Protocol)
____ is a complete programming language that can be used to create stand-alone applications. a. WScript b. Shell script c. Java d. JavaScript
c. Java
____ is a scripting language that does not create standalone applications. a. C# b. WebScript c. JavaScript d. Java
c. JavaScript
The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion. a. Code Red b. Nimda c. Love Bug d. Slammer
c. Love bug
Which e-mail attack occurs when an attacker routes large quantities of e-mail to the target system? a. Spam b. Timing attack c. Mail bomb d. Buffer overflow
c. Mail bomb
____ is a technique that allows private IP addresses to be used on the public Internet. a. NAPT b. PAT c. NAT d. PNAT
c. NAT
Unsigned Java applets run in a security ____, which is like a fence that surrounds the program and keeps it away from private data and other resources on a local computer. a. DMZ b. firewall c. sandbox d. retaining wall
c. Sandbox
The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ____. a. affiliation sites b. affiliate network sites c. social networking sites d. social marketing sites
c. Social Networking Sites
____ look for specific words and block e-mail messages containing those words. a. Virus filters b. Ad filters c. Spam filters d. Network filters
c. Spam filters
____ infection injects portions of the code throughout the program's executable code instead of only at the end of the file (any overwritten original code is transferred and stored inside the virus code for proper execution of the host program after the infection). a. Polymorphic b. Appender c. Swiss cheese d. Replace
c. Swiss Cheese
A computer ____ is a program advertised as performing one activity but actually does something else. a. worm b. rootkit c. Trojan d. virus
c. Trojan
Which type of multiplexing is found exclusively in fiber-optic communications? a. Phase division multiplexing b. Frequency division multiplexing c. Wave division multiplexing d. Time division multiplexing
c. Wave division multiplexing
In information security, an example of a threat agent can be ____. a. a virus that attacks a computer network b. a force of nature such as a tornado that could destroy computer equipment c. both a and b d. an unsecured computer network
c. both a and b
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as ____. a. hackers b. spies c. cyberterrorists d. hacktivists
c. cyberterrorists
Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire. a. record b. plan c. data d. identity
c. data
A ____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file. a. man in the middle b. brute force c. dictionary d. hash
c. dictionary
The best approach to establishing strong security with passwords is to use a ____. a. password generation program b. password vault program c. password management tool d. password fault program
c. password management tool
The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ____. a. affiliation sites b. affiliate network sites c. social networking sites d. social marketing sites
c. social networking sites
What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it? a. $100,000 b. $1,000,000 c. $500,000 d. $250,000
d. $250,000
What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it? a. $500,000 b. $100,000 c. $1,000,000 d. $250,000
d. $250,000
____ are a loose-knit network of attackers, identity thieves, and financial fraudsters. a. Hackers b. Computer spies c. Cyberterrorists d. Cybercriminals
d. Cybercriminals
Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency? a. Cyberterrorist b. Packet monkey c. Phreaker d. Hacktivist
d. Hacktivist
____ involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain. a. Scam b. Cyberterrorism c. Phishing d. Identity theft
d. Identity theft
____ uses graphical images of text in order to circumvent text-based filters. a. PDF spam b. Java spam c. Flash spam d. Image spam
d. Image spam
____ ensures that information is correct and that no unauthorized person or malicious software has altered that data. a. Confidentiality b. Identity c. Availability d. Integrity
d. Integrity
____ is a technology that can help to evenly distribute work across a network. a. Stateful packet filtering b. DNS caching c. DNS poisoning d. Load balancing
d. Load balancing
An information security ____ position focuses on the administration and management of plans, policies, and people. a. inspector b. engineer c. auditor d. manager
d. Manager
Layer 3 of the OSI model is the ____ layer. a. Presentation b. Session c. Data Link d. Network
d. Network
IP is the protocol that functions primarily at the Open Systems Interconnection (OSI) ____. a. Data link Layer b. Transport Layer c. Presentation Layer d. Network Layer
d. Network Layer
____ may reveal the true level of security within the organization. a. System manuals b. Phone directories c. Organizational charts d. Policy manuals
d. Policy manuals
When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable. a. Comprehension (understanding) b. Dissemination (distribution) c. Compliance (agreement) d. Review (reading)
d. Review (reading)
A(n) ____ can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site. a. firewall b. security proxy c. application gateway d. Web security gateway
d. Web sec
___ switches are connected directly to the devices on a network. a. Intermediate b. Distribution c. Core d. Workgroup
d. Workgroup
A ____ self-replicates between computers (from one computer to another). a. rootkit b. virus c. Trojan d. worm
d. Worm
One of the best defenses against attacks is to create ____ on a regular basis. a. recovery disks b. system documentation c. restore disks d. data backups
d. data backups
A ____ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack. a. frame guard b. link guard c. protocol guard d. flood guard
d. flood guard
Broadcast storms can be prevented with ____. a. spanning tree b. Dijkstra's algorithm c. 802.11x d. loop protection
d. loop protection
Which term identifies a single instance of an information asset suffering damage, unintended or unauthorized modification, or disclosure? a. Vulnerability b. Exposure c. Exploit d. Loss
d. loss
A security ____ is a general software security update intended to cover vulnerabilities that have been discovered since the program was released. a. repair b. hole c. control d. patch
d. patch
Information (contained on the devices) is protected by three layers: products, ____, and policies and procedures. a. systems b. tools c. applications d. people
d. people
Information (contained on the devices) is protected by three layers: products, ____, and policies and procedures. a. tools b. applications c. systems d. people
d. people
Instead of asking the user to visit a fraudulent Web site, ____ automatically redirects the user to the fake site. a. spear phishing b. vishing c. whaling d. pharming
d. pharming
Instead of asking the user to visit a fraudulent Web site, ____ automatically redirects the user to the fake site. a. spear phishing b. vishing c. whaling d.pharming
d. pharming
Most e-mail clients contain a ____ that allows the user to read an e-mail message without actually opening it. a. safety pane b. sandbox pane c. preview pane d. reading pane
d. reading pane
A ____ forwards packets across computer networks. a. bridge b. switch c. hub d. router
d. router
Unsigned Java applets run in a security ____, which is like a fence that surrounds the program and keeps it away from private data and other resources on a local computer. a. firewall b. retaining wall c. DMZ d. sandbox
d. sandbox
ActiveX controls can be invoked from Web pages through the use of a ____ or directly by an HTML command. a. fourth-generation language b. modern language c. compiled language d. scripting language
d. scripting language
What is another name for unsolicited e-mail messages? a. spawn b. scam c. trash d. spam
d. spam
On average it takes ____ days for a victim to recover from an attack. a. three b. eight c. five d. ten
d. ten
A(n) ____ is a type of action that has the potential to cause harm. a. threat agent b. vulnerability c. asset d. threat
d. threat
An unlocked door is an example of a(n) ____. a. exploit b. risk c. threat d. vulnerability
d. vulnerability