CS 249 - Test 1

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

What language below is used to view and manipulate data that is stored in a relational database?

SQL

Spam filtering software that analyzes every word in an email and determines how frequently a word occurs in order to determine if it is spam.​

Bayesian filtering

A logical computer network of zombies under the control of an attacker.​

Botnet

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer​

Buffer overflow attack

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?

C:\Inetpub\ wwwroot

What type of video surveillance is typically used by banks, casinos, airports, and military installations, and commonly employs guards who actively monitor the surveillance?

CCTV

Injecting and executing commands to execute on a server​

Command injection

Malicious computer code that, like its biological counterpart, reproduces itself on the same computer.​

Computer virus

Most DLP systems make use of what method of security analysis below?

Content inspection

​An attack that uses the user's web browser settings to impersonate the user

Cross-site request forgery

​An attack that injects scripts into a web application server to direct attacks at clients.

Cross-site scripting

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

DNS

XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.​

True

How can an area be made secure from a non-secured area via two interlocking doors to a small room?

Using a mantrap

The two types of malware that require user intervention to spread are:

Viruses and trojans

​A phishing attack that uses telephone calls instead of e-mails.

Vishing

What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company?​

Watering hole

What is the name for a standard or checklist against which systems can be evaluated and audited for their level of security (security posture)?

baseline

Most portable devices, and some computer monitors, have a special steel bracket security slot built into the case, which can be used in conjunction with a:

cable lock

An attack that corrupts the ARP cache​

ARP Poisoning

​A paper or electronic record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area

Access list

Subtypes of security controls, classified as deterrent, preventive, detective, compensation, or corrective.​

Activity phase controls

Part of the TCP/IP protocol for determining the MAC address based on the IP address.

Address Resolution Protocol

What kind of software program delivers advertising content in a manner that is unexpected and unwanted by the user, and is typically included in malware?

Adware

​A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

Adware

​An operating system for Google Android smartphones and other devices.

Android

Software code that gives access to a program or a service that circumvents normal security protections.​

Backdoor

What type of system security malware allows for access to a computer, program, or service without authorization?

Backdoor

A structure designed to block the passage of traffic​

Barricade

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

DNS poisoning

​An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

DNS poisoning

Select the tool below that consists of a system of security tools that is used to recognize and identify data that is critical to an organization and ensure that it is protected:

Data Loss Prevention

A system such as a printer, smart TV, or HVAC controller, typically uses an operating system on what is called a:

Embedded system

What is the best way to prevent data input by a user from having potentially malicious effects on software?​

Escaping user responses

Successful attacks on computers today consist of a single element, malicious​ software programs that are created to infiltrate computers with the intent to do harm.

False

​Another name for locally shared object (LSO)

Flash cookie

​A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program.

Fuzz testing

What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?

HTTP header

A false warning designed to trick users into changing security settings on their computer​

Hoax

Software or a hardware device that captures and stores each keystroke that a user types on the computer's keyboard.​

Keylogger

Computer code that lies dormant until it is triggered by a specific logical event​

Logic bomb

​A computer virus that is written in a script known as a macro

Macro virus

​A nonrelational database that is better tuned for accessing large data sets.

NoSQL

Of the three types of mutating malware, what type changes its internal code to one of a set number of predefined mutations whenever it is executed?​

Oligomorphic malware

​An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.

Ping flood

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

Privilege escalation

Proximity readers utilize a special type of tag that can be affixed to the inside of an ID badge. What is the name for this type of tag?

Radio Frequency Identification tag (RFID)

Malware that locks or prevents a device from functioning properly until a fee has been paid is known as:​

Ransomware

Which of the following is not one of the types of settings that would be included in a Microsoft Windows security template?

Resolution settings

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

Session hijacking

​A form of verification used when accessing a secure web application

Session token

​An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Smurf attack

What is used to describe a means of gathering information for an attack by relying on the weaknesses of individuals?

Social engineering

Which of the following is not one of the four methods for classifying the various types of malware?​

Source

​A phishing attack that targets only specific users

Spear phishing

What is the term used to describe unsolicited messages received on instant messaging software?

Spim

Anti-virus products typically utilize what type of virus scanning analysis?​

Static analysis

​Large-scale, industrial control systems.

Supervisory control and data aquisition

One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique?

Swiss cheese

Cipher locks are sometimes combined with what type of sensor, which uses infrared beams that are aimed across a doorway?

Tailgate sensors

The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as?

Tailgating

Select below the type of malware that appears to have a legitimate use, but actually contains or does something malicious:

Trojan

What language below is for the transport and storage of data, with the focus on what the data is?

XML

A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

drive-by-download

What type of device, sometimes called a packet filter, is designed to prevent malicious network packets from entering or leaving computers or networks?

firewall

Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristics of a virus. What is the name for this technique?

heuristic detection

A mobile operating system for Apple iPhones​

iOS

Instead of using a key or entering a code to open a door, a user can use an object, such as an ID badge, to identify themselves in order to gain access to a secure area. What term describes this type of object?

physical token

A virus that infects an executable program file is known as?

program virus

Which type of attack below is similar to a passive man-in-the-middle attack?

replay

To what specific directory are users generally restricted to on a web server?

root

What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?

rootkit

Attacks that take place against web based services are considered to be what type of attack?

server-side

What is the name for a cumulative package of all patches and hotfixes as well as additional features up to a given point?

service pack

A macro virus takes advantage of the ____________________ relationship between the application and the operating system.

trusted

What type of malware is heavily dependent on a user in order to spread?

virus

Which of the following is malicious computer code that reproduces itself on the same computer?

virus

The exchange of information among DNS servers regarding configured zones is known as:

zone transfer


संबंधित स्टडी सेट्स

Accounting Chapter 12 Vocabulary

View Set

Chapter 53 Disorders of the Female Repro System

View Set

Bates' Advanced Health Assessment Chapters 1-4, & 7 (Health History, HEENT)

View Set

TestOut Security Pro Semester 1 Review (Thorough version)

View Set

Microbiology by Body System - Bauman - Ch 13 Objectives

View Set

Compensation: Chapter 8: Designing Pay Levels, Mix, and Pay Structures

View Set

ACC 205 Business Law NAU Final Exam Review

View Set

Exam Review for Chapter 14: Lymphatic system and Immunity

View Set

(Exam 2) Chapter 8 Study Questions

View Set