Chapter 8 - Desktop and Server OS Vulnerabilities, Chapter 9, Chapter 10, Chapter 11, Chapter 12, Ethical Hacking and Network Security - Ch 13 - Network Protection Systems
demilitarized zone (DMZ)
A small network containing resources that sits between the Internet and the internal network, sometimes referred to as a "perimeter network." It's used when a company wants to make resources available to Internet users yet keep the company's internal network secure.
Which of the following is the interface that determines how a Web server passes data to a Web browser?
CGI
firewalls
Hardware devices or software used to control traffic entering and leaving an internal network.
intrusion detection systems (IDSs)
Hardware or software devices that monitor network traffic and send alerts so that security administrators can identify attacks in progress and stop them.
Visual Basic Script (VBScript) is a scripting language developed by which of the following companies?
Microsoft
Which type of wireless technology uses microwave radio waves to transmit data?
Narrowband
SMB is used to share files and usually runs on top of NetBIOS, NetBEUI, or which of the following?
TCP/IP
Asymmetric algorithms are more scalable than symmetric algorithms.
True
What is the IEEE 802 standards name for a wireless network that is limited to one person's workspace?
WPAN
Which of the following is a Window's client/server technology designed to manage patching and updating systems software from the network?
WSUS
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection
Network Address Translation (NAT)
A basic security feature of a firewall used to hide the internal network from outsiders. Internal private IP addresses are mapped to public external IP addresses to hide the internal infrastructure from unauthorized personnel.
honeypot
A computer placed on the network perimeter that contains information or data intended to lure hackers and distract them from legitimate network resources.
security appliance
A device that combines multiple network protection functions, such as those performed by a router, a firewall, and an IPS, on the same piece of hardware.
state table
A file created by a stateful packet filter that contains information on network connections. See also stateful packet filters.
application-aware firewall
A firewall that inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does.
IP access lists
A list of IP addresses, subnets, or networks that are allowed or denied access through a router's interface.
privileged mode
A mode on Cisco routers that allows administrators to perform full router configuration tasks; also called enable mode.
path-vector routing protocol
A protocol that uses dynamically updated paths or routing tables to transmit packets from one autonomous network to another.
distance-vector routing protocol
A routing protocol that passes the routing table (containing all possible paths) to all routers on the network. If a router learns one new path, it sends the entire routing table again, which isn't as efficient as a link-state routing protocol.
link-state routing protocol
A routing protocol that uses link-state advertisements to send topology changes or new paths to other routers on the network. This method is efficient because only new information is sent, not the entire routing table.
security incident response team (SIRT)
A team of security professionals with the main responsibility of responding to network attacks and security events.
anomaly detectors
A type of IDS that sends alerts on network traffic varying from a set baseline.
drive-by downloads
A type of attack in which Web site visitors download and install malicious code or software without their knowledge.
What type of encryption is currently used to secure WPA2?
AES
Which of the following encryption standards is part of the NSA's suite B cryptographic algorithms and is validated strong enough to protect classified data?
AES-256
active systems
An IDS or IPS that logs events, sends out alerts, and can interoperate with routers and firewalls.
network protection system
Any system designed specifically to protect networks or network devices from attacks; includes routers, firewalls, Web filters, network-based and host-based IPSs and IDSs, and honeypots.
Which of the following refers to verifying the sender or receiver (or both) is who they claim to be?
Authentication
What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?
BIOS-based rootkit
NetBios is not available in Windows Vista, Server 2008, and later versions of Windows. However, NetBios should be understood by a security professional because it is used for which of the following?
Backward compatibility
network-based IDSs/IPSs
Devices that monitor traffic on network segments and alert security administrators of suspicious activity.
What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?
Domain Controllers
Which of the following protocols is an enhancement to PPP, and was designed to allow a company to select its authentication method?
EAP
What encryption algorithm is efficient requiring few resources, and is based on complex algebra and calculations on curves?
ECC
Which of the following is a scripting language for Windows and Linux that performs repetitive tasks, such as password cracking?
EXPECT
AES uses a 128-bit key and is used in PGP encryption software.
False
CSMA/CD is implemented at the data link layer on wireless networks.
False
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
False
Routers are the bridge between wired and wireless networks.
False
Symmetric algorithms use two keys that are mathematically related.
False
What critical component of any OS, that can be can be vulnerable to attacks, is used to store and manage information?
File system
stateless packet filters
Filters on routers that handle each packet separately, so they aren't resistant to spoofing or DoS attacks.
stateful packet filters
Filters on routers that record session-specific information in a file about network connections, including the ports a client uses.
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
passive systems
IDSs that don't take any action to stop or prevent a security event.
Which of the following is a utility that is a wireless network detector, sniffer, and an intrusion detection system?
Kismet
What application is considered the original password-cracking program and is now used by many government agencies to test for password strength?
L0phtcrack
Which of the following defines how data is placed on a carrier signal?
Modulation
What is the current file system that Windows utilizes that has strong security features?
NTFS
Early Windows OSs used which of the following programs loaded into memory to interact with a network resource or device?
NetBIOS
NetBIOS over TCP/IP is called which of the following in Windows Server 2003?
NetBT
intrusion prevention systems (IPSs)
Network-based or host-based devices or software that go beyond monitoring traffic and sending alerts to actually block malicious activity they detect.
Which function ensures that a sender and receiver cannot deny sending or receiving a specific message?
Nonrepudiation
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
If an organization does not want to rely on a wireless device to authenticate users, which of the following is a secure alternative?
RADIUS server
What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce?
RSA
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
What type of attack is being performed when an attacker intercepts the initial communications between a Web server and a Web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher?
SSL/TLS downgrade attack
Which of the following is an open-source implementation of CIFS?
Samba
host-based IDSs/IPSs
Software used to protect a critical network server or database server. The software is installed on the system you're attempting to protect, just like installing antivirus software on a desktop system.
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?
Stored
user mode
The default method on a Cisco router, used to perform basic troubleshooting tests and list information stored on the router. In this mode, no changes can be made to the router's configuration.
ECC is an efficient algorithm requiring few hardware resources, so it's a perfect candidate for wireless devices and cell phones.
True
It is possible to have a wireless network that does not connect to a wired network.
True
Symmetric algorithms support confidentiality, but not authentication and nonrepudiation.
True
The 802.11b standard introduced Wired Equivalent Privacy (WEP), which gave many users a false sense of security that data traversing the WLAN was protected.
True
There are measures for preventing radio waves from leaving or entering a building so that wireless technology can be used only by people located in the facility.
True
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
True
Windows Software Update Services (WSUS) is designed to manage patching and updating system software from the network.
True
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
User-level Security
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
User-level security
Which of the following is a flawed wireless authentication standard created to allow users to easily add devices to a wireless network securely?
WPS
Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack?
Web server
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate?
X.509
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters?
brute force
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
cgi-bin
In what type of attack does the attacker need access to the cryptosystem, and the ciphertext to be decrypted to yield the desired plaintext results?
chosen-ciphertext
What type of attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt?
chosen-plaintext
Cryptography is the process of converting plaintext, which is readable text, into unreadable or encrypted text called which if the following?
ciphertext
In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data?
ciphertext-only
If a security expert decides to study the process of breaking encryption algorithms, they are performing which of the following?
cryptanalysis
What type of system converts between plaintext and ciphertext?
cryptosystem
Which of the following is the process of converting ciphertext back into plaintext?
decryption
When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing?
dictionary
Which of the following is a mathematical function or program that works with a key?
encryption algorithm
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
Which of the following terms is the rate at which a sound wave repeat?
frequencyt
Which JavaScript function is a "method" or sequence of statements that perform a routine or task?
getElementById()
Which of the following is a function that takes a variable-length string or message and produces a fixed-length message digest?
hashing algorithm
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
input validation
Which of the following is a range of allowable values that is used to generate an encryption key?
keyspace
What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms?
known plaintext
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources?
router
Which type of symmetric algorithm operates on plaintext one bit at a time?
stream ciphers
What type of cryptography is demonstrated by reversing the alphabet so A becomes Z, B becomes Y, and so on?
substitution cipher
Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm?
symmetric
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
Which of the following IEEE projects was developed to create LAN and WAN standards?
802
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
SQLOLEDB
What is the 1 to 32 character configurable name used to identify a WLAN?
SSID
The MSBA tool can quickly identify missing patches and misconfigurations.
True
Ubuntu and Debian Linux use what command to update and manage their RPM packages?
apt-get
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?
business logic
Which of the following is contained in a wireless frequency band and breaks up the band into smaller frequency ranges?
channels
Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device?
connection strings
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
developer tools
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?
reflected
Which of the following results from poorly configured technologies that a Web application runs on top of?
security misconfigurations
In 802.11, which of the following is an addressable unit?
station STA
In 802.1X, what component refers specifically to the wireless user attempting access to a WLAN?
supplicant
What specific type of spread spectrum modulation allows data to hop to other frequencies to avoid interference that might occur over a frequency band?
FHSS
Samba is a proprietary implementation of CIFS.
False
When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?
Share-level security
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
Microsoft Security Bulletin
Which of the following is a transceiver that connects to a network via an Ethernet cable and bridges a wireless LAN with a wired network?
access point AP
Which of the following is an interprocess communication mechanism that allows a program running on one host to run code on a remote host?
RPC
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?
Static Application Security Testing
What protocol improves WPA encryption by adding Message Integrity Checks, Extended Initialization Vectors, Per-packet key mixing, and a Re-keying mechanism to improve encryption?
TKIP
Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have.
True
Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs.
True
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?
CFML
For a Windows computer to be able to access a *nix resource, which of the following must be enabled on both systems?
CIFS
Which of the following protocols does NetBios use to access a network resource?
NetBEUI
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
True
What wireless hacking tool can perform scans for wireless access points and can set up fake APs to social-engineer users or confuse attackers using airbase-ng?
WiFi pineapple
When hackers drive around or investigate an area with an antenna, they are usually looking for which component of a wireless network?
access point
Which IEEE standard can achieve a throughput of 54 Mbps?
802.11g
The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of which OSI model layer?
Data Link layer
Which of the following application tests analyzes a running application for vulnerabilities?
Dynamic Application Security Testing
A user can view the source code of a PHP file by using their Web browser's tools.
False
Which of the following is a common Linux rootkit?
Linux Rootkit 5
To determine whether a system could be vulnerable to an RPC-related issue, which of the following tools can be used?
MBSA
A device that performs more than one function, such as printing and faxing is called which of the following?
MFD
What standard specifically defines the process of authenticating and authorizing users on a network?
802.1X
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?
ADO
Which of the following is an alternative term used when referring to Application Security?
AppSec
What programming languages are vulnerable to buffer overflow attacks?
C and C++
Which standardized remote file system protocol replaced SMB in Windows 2000 Server and later?
Common Internet File System
Windows 10, Windows 8, Windows Server 2016, and Windows Server 2012 have most services and features enabled by default.
False
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
Java-based
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
Which frequency band is used by commercial AM radio stations?
Medium frequency MF
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
OLE DB
Which of the following EAP methods uses TLS to authenticate the server to the client, but not the client to the server?
PEAP
Which of the following Window's utilities includes a suite of tools to help administrators deploy and manage servers and even allows for administrators to control mobile devices running Android, iOS, and Windows Mobile OS?
SCCM
What type of modulation spreads data across a large-frequency bandwidth instead of traveling across just one frequency band?
Spread spectrum
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
True
Which specific type of tag do All CFML tags begin with?
CF
Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?
PHP
