Advanced Security Ch.1-5 Quizzes
GPO (Group Policy Object)
A common group of settings applied to a set of computers or users using Windows Group Policy is called what? -GPM -GRE -GPO -GPT
buffer overflow
A packet containing a long string of what are called no-operation (NOP) instructions followed by a command is usually indicative of what attack? -privilege escalation -insecure direct object references -click-jacking -buffer overflow
geotagging
Adding geographical identification metadata to various media is called what? -Locational tagging -geotagging -geoID -geojacking
the digital certificate
In a PKI, which entity contains the public key of each member and makes the key portable? the digital certificate the CA the RA the CRL
Tier 3
In storage tiering, at which tier are tape backups stored? -Tier 1 -Tier 2 -Tier 4 -Tier 3
clickjacking
In what type of attack does the hacker craft a transparent page or frame over a legitimate looking page that entices the user to click something? XSS insecure direct object references clickjacking CSRF
Signature-based
Pattern matching is a characteristic of which type of IDS? -Rule-based -Anomaly-based -Heuristic-based -Signature-based
tiering
Placing the older data on low cost, low performance storage while keeping the more active data on faster storage systems is sometimes called what? data deduplication tiering archiving virtual storage
802.1x
RADIUS servers play a role in which authentication standard? -802.2 -802.1x -802.3 -802.11
Telnet
SSH is a secure alternative to which of the following protocols? -SMTP -SSL -Telnet -FTP
IP spoofing
To which of the following attacks are ACLs most susceptible? -teardrop -smurf -IP spoofing -SYN flood
to prevent malicious scripts from executing
What are techniques like URLEncode and HTMLEncode used for? -to prevent malicious scripts from executing -to perform input validation -to prevent smurf attacks -to prevent phishing attacks
to generate error messages in web applications
What is OWASPs WebScarab tool used for? -to locate dangerous code -to illicit contact information about the website -to identify SQL injection attacks -to generate error messages in web applications
El Gamal
What is the slowest asymmetric algorithm? Diffie-Hellman RSA El Gamal ECC
data purging
What method is used to make the old data unavailable even with forensics? -data sandboxing -data clearing -data deletion -data purging
989 and 990
What port or ports on the firewall must be open to allow FTPS? -22 -443 -989 and 990 -20 and 21
authenticator
What role does a WAP play in an 802.1x authentication system? -authenticator -supplicant -none -authentication server
TPM (Trusted Platform Module)
What type of chip is required to be present to make the best implementation of full disk encryption? -DMA -TPM -NVRAM -EEPROM
whitelisting
When a list of allowed applications is defined it is a version of what? -whitelisting -greylisting -blacklisting -privilege de-escalation
CSRF (Cross Site Request Forgery)
When a website thinks that a request came from the user's browser and is made by the user himself when actually the request was planted in the user's browser by a hacker, what type of attack has occurred? -CSRF -XSS -insecure direct object references -memory leaks
memory leak
When an application fails to return allocated memory to the operating system it is called what? -integer overflow -teardrop -memory leak -memory invalidation
secure by default
When an application is secure without having to change any default settings it is said to be what? -secure by default -secure by reference -secure by design -secure by deployment
DLP (Data Loss Prevention)
When data cannot be emailed to anyone other than sales group members , which of the following systems has been deployed? -HIPS -DLP -NIDS -SSL
Teredo
Which IPv6 transition mechanism is used when IPv6 hosts are located behind IPv4 network address translation (NATs) ? -Dual Stack -6-to-4 -Teredo -GRE tunnels
6-to-4
Which IPv6 transition mechanism treats the wide area IPv4 network as a unicast point-to-point link layer? -GRE tunnels -6-to-4 -Dual Stack -Teredo
Failure audit for logon/logoff
Which Windows audit policy is used to prevent a random password hack? -Success and failure audit for file-access printers and object-access events -Success audit for logon/logoff -Success audit for user rights, user and group management, security change policies, restart, shutdown, and system events -Failure audit for logon/logoff
EAP-TLS
Which authentication method is not susceptible to dictionary and brute force attacks? -CHAP -MS-CHAPv1 -MS-CHAPv2 -EAP-TLS
PAP
Which authentication method sends the password in cleartext? -MS-CHAP -CHAP -PAP -EAP
access checks
Which mitigation technique helps to prevent insecure direct object references? -access checks -input validation -fuzzing -filtering input parameters
Local policies
Which of the following Windows policy categories would contain polices that could be used to audit the use of rights or privileges on the local machine? -Account policies -File System -Restricted Groups -Local policies
ISO/IEC 27034
Which of the following are standards created to provide guidance to organizations in integrating security into the development and maintenance of software applications? -IEEE 802.11i -ISO/IEC 27034 -IEEE 802.1x -ISO 9000
hot fixes
Which of the following are updates that solve a security issue and should be applied immediately? -rollups -service packs -updates -hot fixes
bluejacking
Which of the following attacks sends an unsolicited message to a Bluetooth-enabled device often for the purpose of adding their business card to the victims contact list? -bluejacking -bluesnarfing -bluebombing -bluesmurf
owned and managed by a group of organizations that create the cloud for a common purpose
Which of the following describes a community cloud? -owned and managed by a group of organizations that create the cloud for a common purpose -a solution provided by a third party -uses the facilities of the provider but the customer manages the data -a solution owned and managed by one company solely for that company's use
personal company-owned
Which of the following device types does a Mobile Device Management (MDM) solution attempt to secure? (Choose all that apply.) -government -personal -company-owned -proprietary
FCoE
Which of the following encapsulates Fiber Channel traffic within Ethernet frames? -FCP -NFS -FCoE -iSCSI
RSA
Which of the following encryption algorithms support digital signatures and encryption? RSA 3DES Blowfish IDEA
LUN masking
Which of the following hides or makes unavailable storage devices or groups of storage devices from all but devices with approved access? -SAN -RAID -LUN masking -NAS
password
Which of the following is NOT a Type III authentication factor? -retina scan -fingerprint -password -iris scan
Expensive
Which of the following is NOT a disadvantage of Network Attached Storage (NAS) when compared with SAN? -Competes with regular data on the network -Expensive -Higher latency and lower reliability than SAN -Taking frequent snapshots works better in SAN
Default passwords for default accounts should be left unchanged
Which of the following is NOT a part of host hardening? -Default passwords for default accounts should be left unchanged -Unnecessary applications should be removed -Default accounts should be renamed, if possible -Unnecessary accounts should be disabled
Inability to retain inactive data for regulatory or organizational requirements
Which of the following is NOT a potential security issue with archiving systems? -Over reliance on a single form of media -Weak access controls on the archive servers leading to stolen data -Inability to retain inactive data for regulatory or organizational requirements -Inadequate logging by the archiving software
2001::85a3:8a2e::7334
Which of the following is NOT a proper IPv6 address representation? 2001:0db8:85a3:: 8a2e:0370:7334 2001:0000:0000:85a3:8a2e:0000:0000:7334 2001:0db8:85a3:0:0:8a2e:0370:7334 2001::85a3:8a2e::7334
Difficulty in providing physical security
Which of the following is NOT a security issue with Storage Area Networks (SANs)? -No security against spoofing attacks -Ability to alter device driver code in a SAN client -Security of the data may only as secure as the OS of the client -Difficulty in providing physical security
Lack of fault tolerance
Which of the following is NOT a security issue with public cloud storage? -Data at risk traveling across the public Internet -Lack of fault tolerance -Inability to apply and manage access controls and security policies in the provider cloud -Potential theft of physical machines holding the data
Implement data deduplication.
Which of the following is NOT a security measure that should be taken when using data warehousing applications? -Reconcile data moved between the operations environment and data warehouse. -Control metadata from being used interactively. -Implement data deduplication. -Monitor the data purging plan.
RSA
Which of the following is NOT a symmetric algorithm? DES Skipjack Blowfish RSA all of the options none of the options
It is widely understood.
Which of the following is NOT an advantage of IPv6? -It has a larger address space. -IPsec is built into the standard, not an add-on. -It provides better performance due to a simpler header. -It is widely understood.
RDP requires little knowledge to implement and support.
Which of the following is NOT an advantage of RDP? -RDP requires little knowledge to implement and support. -Data is kept in the data center so disaster recovery is easier. -Users can work from anywhere when using RDP in a virtual desktop infrastructure. -A potential reduction in cost of business software occurs.
Light resource usage for encryption and decryption
Which of the following is NOT an advantage of SSL? -Easy for user to identify its use (https ://) -Light resource usage for encryption and decryption -Supported on all browsers -Data encryption
Performance
Which of the following is NOT an advantage of iSCSI deployments? -Eliminates distance limitations imposed by SCSI transfers -Inexpensive in simple deployments -Performance -Simplicity
elimination of security issues
Which of the following is NOT an advantage of virtualization? -elimination of security issues -dynamic resource allocation -reduction in power usage -high availability
It is compatible with TLS.
Which of the following is NOT true of SSL? -The two options are 40-bit and 128-bit. -It is a transport-layer protocol. -SSL v2 must be used for client-side authentication. -It is compatible with TLS.
clipping level
Which of the following is a baseline number of user errors above which violations will be recorded? -ceiling -trigger -clipping level -gate
UTM
Which of the following is a concept that attempts to perform multiple security functions within the same device or appliance? -VPN -UTP -UTM -DMVP
CIFS
Which of the following is a is a public version of Server Message Block (SMB) ? -FCoE -NFS -CIFS -iSCSI
Private Cloud
Which of the following is a solution owned and managed by one company solely for that company's use? -Hybrid Cloud -Community Cloud -Public Cloud -Private Cloud
iSCSI
Which of the following is a standard method of encapsulating SCSI commands within IP packets? iSCSI FCoE FCP NFS
RC4
Which of the following is a stream cipher? RC4 Blowfish Twofish RC5 RC6
knowledge factor
Which of the following is also known as a Type 1 authentication factor? -knowledge factor -behavioral factor -characteristic factor -ownership factor
race condition
Which of the following is an attack where the hacker inserts himself between instructions, introduces changes, and alters the order of execution of the instructions, thereby altering the outcome? -memory leak -race condition -bluesnarfing -integer overflow
iptables
Which of the following is an example of a host based firewall in Linux-based systems? -iptables -ACLs -DLP -APIPA
Heuristic-based IDS
Which of the following is an expert system that uses a knowledge-based inference engine, and rule-based programming? -Signature-based IDS -Rule-based IDS -Heuristic-based IDS -Anomaly-based IDS
APIPA
Which of the following is another name for the 169.254.0.1-169.254.255.254 private address range? -VLSM -APIPA -NDLP -CIDR
memory cards
Which of the following is easy to counterfeit? -memory cards -token cards -proximity cards -smart cards
Set the X-FRAME-OPTION value to deny.
Which of the following is one way to prevent a clickjacking attack? -Implement fuzzing. -Set the X-FRAME-OPTION value to deny. -Use strong authentication. -Use input validation.
TPM
Which of the following is responsible for managing keys issued to a single computer? CRL CA RA TPM
SSH
Which of the following is the MOST secure to use to connect to a remote server? Telnet rlogin rexec SSH
scrubbing
Which of the following is the act of deleting incriminating data within an audit log? -wiping -scrubbing -clearing -cleansing
data warehousing
Which of the following is the process of combining data from multiple databases or data sources in a central location for analysis? -data mining -cloud storage -data warehousing -data deduplication
privilege escalation
Which of the following is the process of exploiting a bug or weakness in an operating system to allow a user to receive privileges to which they are not entitled? -CSRF -clickjacking -privilege escalation -insecure direct object references
slows performance
Which of the following is true of a NIPS system? -cannot take action to prevent attacks -eliminates false positives -slows performance -inexpensive
Microsoft's BitLocker to Go
Which of the following is used to encrypt information on a portable device, such as USB thumb drive? -Microsoft's BitLocker to Go -Secure Star's DriveCrypt -PGP's Whole Disk Encryption -MobileArmor's Data Armor
TCSEC (Trusted Computer System Evaluation Criteria)
Which of the following is used to identify a trusted operating system? -TPM chip -TOS -TCSEC -posture assessment
XSS (Cross Site Scripting)
Which of the following occurs when an attacker locates a web site vulnerability, thereby allowing the attacker to inject malicious code into the Web application? -CSRF -XSS -insecure direct object references -memory leaks
input validation
Which of the following prevents XSS attacks? -strong authentication -fuzzing -input validation -access checks
options b and e only
Which of the following protocols provides encryption to protect the data as it is transmitted over the network? A. HTTP B. SHTTP C. FTP D. TFTP E. SFTP options a and b only options c, d, and e only options a and c only options b and e only all of the options
HTTPS
Which of the following protocols uses port 443? -SSH -HTTPS -SFTP -SHTTP
TOS (Trusted Operating System)
Which of the following refers to an operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements? -NIPS -TOS -EAL -TCSEC
Bourne shell
Which of the following shells is the most basic shell available on all UNIX systems? -C shell -Korn shell -Bourne shell -tsch
C. End-to-end encryption provides protection against packets sniffers.
Which of the following statements regarding encryption are FALSE? A. Link encryption encrypts all data being transmitted over a particular medium. B. End-to-end encryption allows attackers to learn more about a captured packet. C. End-to-end encryption provides protection against packets sniffers. D. Link encryption occurs at the physical and data-link layers. options a, b, and c only options a, b, and d only all of the options
Skipjack
Which of the following symmetric algorithms performs the most rounds of transformation? IDEA Skipjack Twofish AES 256
sandboxing
Which of the following techniques limits the parts of the operating system and user files the application is allowed to interact with? -sandboxing -data views -zoning -masking
SET
Which of the following was specifically created to protect credit card transactions? SSL TLS SET SSH
fuzzing
Which process injects invalid or unexpected input (sometimes called faults) into an application to test how the application reacts? -fuzzing -buzzing -stress testing -input validation
HTTPS
Which protocol protects the communication channel between two computers? HTTPS SHTTP HTTP FTP
IPsec
Which protocol should you implement to protect data that is transmitted over a VPN? SET IPsec SHTTP SFTP
When using a digital signature, the message is used as an input to a hash function, and the sender's public key encrypts the hash value.
Which statement about cryptography is FALSE? -Asynchronous encryption occurs when encryption or decryption requests are processed from a queue. -Symmetric encryption is an encryption method whereby a single private key both encrypts and decrypts the data. -When using a digital signature, the message is used as an input to a hash function, and the sender's public key encrypts the hash value. -Key clustering occurs when different encryption keys generate the same ciphertext from the same plaintext message.
Diffusion is the process of changing the location of the plaintext within the ciphertext.
Which statement about cryptography is TRUE? -Transposition is the process of changing a key value during each round of encryption. -Diffusion is the process of changing the location of the plaintext within the ciphertext. -Substitution is the process of shuffling or reordering the plaintext to hide the original message. -Confusion is the process of exchanging one byte in a message for another.
Packets are decrypted at each device.
Which statement is TRUE regarding link encryption? -Packets are decrypted at each device. -The user can select exactly what is encrypted. -It only affects the performance of the sending and receiving devices. -Packet headers are not encrypted.
input length
Which type of input validation is used to prevent buffer overflow attacks? -clipping levels -traffic policing -input length -whitelisting
SHA-256
You need to ensure that a message that you are transmitting to another user is not altered. You decide to use a hashing algorithm. Which of the following should you implement? SHA-256 3DES AES El Gamal
all of the options
Your organization decides to use digital signatures to sign messages. In addition, the messages will be encrypted. Which security tenets are covered by this implementation? A. confidentiality B. authentication C. nonrepudiation D. integrity options a and b only options c and d only options b, c, and d only all of the options
digital certificate
Your organization has recently signed a contract with another organization. As part of this contract, you must establish a public key infrastructure (PKI) for added security during inter-organizational communication. Which mechanism in the PKI is issued to users and includes a public key? certification authority (CA) registration authority (RA) steganography digital certificate
options a, c, and d only
Your organization must be able to send confidential messages to another organization over the Internet. You must ensure that the encryption scheme that you use can never be broken. You decide to use one-time pads when sending these confidential messages. Which of the following statements are TRUE regarding this encryption scheme? A. Each pad can be used only one time. B. Each pad must be shorter than the message it is securing. C. The pads must be securely distributed and protected in storage. D. The pads must be made up of random values. options a, b, and c only options a, b, and d only options a, c, and d only