CSCI 3200 Final
Calculate the SLE based on the following information: The asset value is 4 million dollars. The exposure factor is about 25 percent. What is the SLE? - 3 million dollars - 4.25 million dollars - 5 million dollars - 1 million dollars
1 million dollars
Which TCP port does POP3 use? - 25 - 110 - 143 - 443
110
Question 9 4 / 4 pts <p>What TCP port does IMAP use?</p> What TCP port does IMAP use? - 110 - 25 - 143 - 443
143
Which of the following is the strongest password? - swordfish - Supercalifragilisticexpialidocious - 1Aw3u$iaIiWtww1s1a! - P@$$w0rd
1Aw3u$iaIiWtww1s1a!
Calculate the ALE based on the following information: The SLE is 4 million dollars. The ARO is 5%. What is the ALE? - 4.5 million dollars - 2 million dollars - 200,000 dollars - 4,200,000 dollars
200,000 dollars
What TCP port does SMTP use? - 25 - 110 - 143 - 443
25
HTTPS uses TCP port - 433 - 443 - 344 - 434
443
SSMTP uses TCP port - 25 - 110 - 465 - 456
465
In a UNIX operating system, which run level reboots the machine? - 0 - 1 - 3 - 6
6
ActiveX refers to A collection of APIs, protocols, and programs developed by Microsoft to automatically download and execute code over the Internet - A library of security protocols for Microsoft's Internet Explorer - A patch to fix a vulnerability that hackers exploit where the user downloads an MP3 file and the buffers of the sound card are overwritten You Answered - A method of blocking java scripts that comes from non Microsoft web sites
A collection of APIs, protocols, and programs developed by Microsoft to automatically download and execute code over the Internet
A buffer overflow can best be described as - A hacker who makes a website that has more content than the browser can handle - A hacker who sends more data than is expected in an attempt to overwrite legitimate memory - A hacker who uses an e-mail virus to format the hard drive with junk code - A hacker who sends repeated requests for information from a server in an attempt to crash the server
A hacker who sends more data than is expected in an attempt to overwrite legitimate memory
What is the waterfall model characterized by? - A generic, repeatable process for debugging software - A protocol limiting liquids in the workplace - A linear, multistep process - A process for ensuring that all inputs are tested
A linear, multistep process
What is the Gramm-Leach-Bliley Act? - Implements the principle that a signature, contract, or other record may not be deleted - Denies legal effect, validity, or enforceability solely because it is electronic form - Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications - Makes it a violation of federal law to knowingly use another's identity - A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
Running Java applets from the Web on your system is considered - A security risk - Not risky - Somewhat secure - Very secure
A security risk
A signature database contains a list of the contents of the IP packet header's signature block, for every type of packet the IDS monitors. True or False
A signature database contains a list of the contents of the IP packet header's signature block, for every type of packet the IDS monitors.
What does a host-based IDS monitor? - A single system - Networks - Physical intrusions into facilities - A system and all its surrounding systems
A single system
Which of the following is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure? - SLE - ALE - SRO - ARO
ALE
The first instant messaging program was ___________. - AOL Instant Messenger - Yahoo Instant Messenger - MSN Instant Messenger - Linux Instant Messenger
AOL Instant Messenger
Which of the following is the value for the number of times an event is expected to occur in a year? - SLE - ALE - SRO - ARO
ARO
Simple rule sets that are applied to port number and IP addresses are called - Network address translation - Stateful packet filtering - Access control lists - Basic packet filtering
Access control lists
The Electronic Communications Privacy Act (ECPA) of 1986 - Implements the principle that a signature, contract, or other record may not be - Denies legal effect, validity, or enforceability solely because it is electronic form - Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications - Makes it a violation of federal law to knowingly use another's identity - A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications
What are laws and regulations created by government-sponsored agencies such as the EPA, the FAA, and the FCC? - Statutory laws - Administrative laws - Common laws - Blue laws
Administrative laws
An initial baseline should be performed when? - After every update to a system - Before patches are installed on a system - After administrators have finished patching, securing, and preparing a system - Every 90-120 days, as determined by local policy
After administrators have finished patching, securing, and preparing a system
Your boss would like you to implement a network device that will monitor traffic and turn off processes and reconfigure permissions as necessary. To do this you would use - A firewall - A sniffer - A passive HIDS - An active HIDS
An active HIDS
The Wassenaar Arrangement can be described as which of the following? - An international arrangement on export controls for conventional arms as well as dual-use goods and technologies - An international arrangement on import controls - A rule governing import of encryption in the United States - A rule governing export of encryption in the United States
An international arrangement on export controls for conventional arms as well as dual-use goods and technologies
Which component of an IDS examines the collected network traffic and compares it to known patterns of suspicious or malicious activity? - Traffic collector - Analysis engine - Signature database - Examination collector
Analysis engine
The difference between misuse and anomaly IDS models is - Misuse models require knowledge of normal activity, whereas anomaly models don't. - Anomaly models require knowledge of normal activity, whereas misuse models don't. - Anomaly models are based on patterns of suspicious activity. - Anomaly model-based systems suffer from many false negatives
Anomaly models require knowledge of normal activity, whereas misuse models don't.
The security tool that will hide information about the requesting system and make the browsing experience secret is a - Web proxy - Reverse proxy - Anonymizing proxy - Open proxy
Anonymizing proxy
What is a software bomb? - A firework that destroys all the disks and CDs in your library - Any commands executed on the computer that have an adverse effect on the data being investigated - Screensavers that show fireworks going off - Software trying to access a computer
Any commands executed on the computer that have an adverse effect on the data being investigated
What is the process of assessing the state of an organization's security compared against an established standard called? - Pen testing - Auditing - Vulnerability testing - Accounting
Auditing
One way a user can feel confident that the code they are downloading is from a legitimate vendor and has not been modified is with the implementation of - SSL - Authenticode - SFTP - HTTPS
Authenticode
What was the primary reason for the spread of the ILOVEYOU worm. - Network firewalls failed. - Systems did not have the appropriate software patch. - Automatic execution such as Microsoft Outlook's preview pane. - Virus scan software was not updated.
Automatic execution such as Microsoft Outlook's preview pane
Which document's main focus is the continued operation of the organization? - BIA - DRP - AUP - BCP
BCP
________________ serves as a foundation for comparison or measurement. - Configuration identification - Configuration status accounting - Baseline - Configuration items
Baseline
What is the process of establishing a system's security state called? - Hardening - Baselining - Securing - Controlling
Baselining
Your boss would like you to make company files available to the general public, but does not want you to have to create user accounts for anyone that would want access to the file transfer. In this case you should use - FTP - Blind FTP - SFTP - FTPS
Blind FTP
Antivirus products do all of the following EXCEPT: - Automated updates - Media scanning - Block network traffic based on policies - Scan e-mail for malicious code and attachments
Block network traffic based on policies
Risk management is most often - Purely qualitative - Purely quantitative - Both qualitative and quantitative - Purely objective
Both qualitative and quantitative
Which of the following do not enhance the security of the browser? - Browser plug-ins - Patches - Disabling javascript - Rejecting cookies
Browser plug-ins
What is the one item that could labeled as the "most wanted" item in coding security? - Run length overflow - Proper string handling - Herman the Fly - Buffer overflow
Buffer overflow
When an attacker purposely sends more data for input that the program was designed to handle and it results in a system crash, what is this an example of? - Syn flood - Buffer overflow - Incomplete mediation - Logic bomb
Buffer overflow
Which are the most common exploit used to hack into a system? - Buffer overflows - Birthday attacks - Weak key attacks - Man-in-the-middle attacks
Buffer overflows
Contract management, fraud, regulatory risk management, and business continuity management are examples of - Business risks - Technology risks - Market risks - Operational risks
Business risks
The law that regulates unsolicited commercial e-mail is the - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
CAN-SPAM Act
Which type of error occurs when a program executes the error checking routine, prior to manipulating strings to a base form? - Canonicalization error - Improper output handling - Injection - Buffer overflow
Canonicalization error
Which management tool is used for identifying relationships between a risk and the factors that can cause it? - Affinity grouping - Cause and effect analysis - Interrelationship digraphs - Risk management plan
Cause and effect analysis
Which policy dictates the action that should be taken when a significant modification to the software or hardware takes place? - Acceptable use policy - Due care policy - Change management policy - Disposal and destruction policy
Change management policy
Change management can be applied to every type of software development EXCEPT: - Security patches - Source code - Web pages - Change management should be applied to all types of software development.
Change management should be applied to all types of software development.
Whenever a modified program is moved to the production source-code library, the executable version is moved to the production system. This is an example of which of the following? - Authenticode - Code integrity - Separation of duties - Output code variation
Code integrity
Which type of alternative site has the basic environmental controls necessary to operate, but has few of the computing components necessary for processing? - Hot site - Warm site - Cold site - Temporary site
Cold site
What do you call a law based on previous events or precedents? - Statutory law - Administrative law - Common law - Blue law
Common law
Which law makes it a crime to knowingly access a computer that is either considered a government computer or used in interstate commerce, or to use a computer in a crime that is interstate in nature? - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
Computer Fraud and Abuse Act
_____________ is the unauthorized entry into a computer system via any means. - Computer trespass - Computer entry - Computer hacking - Cyber crime
Computer trespass
Which of the following is the first step in change management? - Configuration control - Configuration status accounting - Configuration identification - Configuration audit
Configuration identification
Groups are used to - Create a collection of users to simplify privilege management - Circumvent an overly restrictive ACL ruleset - Create a collection of programs simplifying ACL implementation - Separate computers into logical groups that perform similar functions
Create a collection of users to simplify privilege management
If the loss of a business function would severely impact an organization, that function would be categorized as which of the following? - Critical - Necessary for normal processing - Desirable - Optional
Critical
The art of "secret writing" is called - Spoofing - Smurfing - Cryptography - Cryptanalysis
Cryptography
A file or resource owner has the ability to change the permissions on that file or resource. - MAC - DAC - RBAC - RBOC
DAC
What environment does UNIX use? - DAC - MAC - Role-based access control - Rule-based access control
DAC
What is it called when a person registers a domain name, relinquishes it in less than five days, and then gets the same name again, repeating this cycle over and over again? - DNS spoofing - DNS jacking - DNS pilfering - DNS kiting
DNS kiting
Which document defines the required data, resources, and steps to restore critical organizational processes? - BIA - BCP - DRP - AUP
DRP
Which type of backup is conducted at specific intervals, and only copies the portions of the files that have been changed? - Partial - Differential - Incremental - Delta
Delta
What type of evidence is used to aid a jury and may be in the form of a model, experiment, chart, and so on, to indicate that an event occurred? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Demonstrative evidence
SYN flooding is an example of a - Viral attack - Denial of service attack - Logic bomb - Trojan horse
Denial of service attack
Run levels are used to - Determine which users are allowed on a Windows machine - Describe the state of initialization and what system services are operating in a Linux system - Determine the level of user in Linux systems - Are a Windows construct to manage which services are allowed to autostart
Describe the state of initialization and what system services are operating in a Linux system
In the secure development lifecycle, in which phase should minimizing the attack surface area take place? - Coding phase - Design phase - Requirements phase - Testing phase
Design phase
What is the term for when a large list of words are used to try and crack a password? - Dictionary attack - Brute-force attack - Hybrid attack - Lister crack
Dictionary attack
Which type of backup copies all files, but only since the last full backup? - Full - Differential - Incremental - Delta
Differential
Which law makes it illegal to develop, produce, and trade any device or mechanism designed to circumvent technological controls used in copy protection? - Sarbanes-Oxley Act - Digital Millennium Copyright Act - US Digital Signatures Law - Computer Fraud and Abuse Act
Digital Millennium Copyright Act
Oral testimony that proves a specific fact with no inferences or presumptions is what type of evidence? - Hearsay - Real evidence - Direct evidence - Demonstrative evidence
Direct evidence
What is the name of the policy outlining procedures to combat dumpster diving? - Recycling - Disposal and destruction - Password management - Need to know
Disposal and destruction
Business records, printouts, and manuals are what type of evidence? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Documentary evidence
What is the automated downloading of malware that takes advantage of a browsers' ability to the download different files that compose a web page called? - Download of death - Trojanized download - Drive-by download - War-downloading
Drive-by download
Which security policy establishes an organization's need to take reasonable precautions to demonstrate that it is being responsible in its operations (and to avoid possible litigation)? - AUP - E-mail policy - Due diligence - Separation of duties
Due diligence
Which of the following is NOT a strategy for alternative site processing? - Hot site - Empty site - Cold site - Mutual aid agreements
Empty site
What must you do in order to sniff the traffic on all ports on a switch? - Nothing; you can see all the traffic on a switch by default. - Nothing; a switch does not allow you do see all traffic. - Enable port mirroring. - Run a cable to each port.
Enable port mirroring.
The Terms RC4 and 3DES refer to - Protocols used by servers to create dynamic websites - Encryption algorithms used to encrypt data - Protocols used to create directories for web services - Classes of XML protocols used for web services
Encryption algorithms used to encrypt data
A network administrator wants to be sure that when users change their passwords they do not reuse a previous password. What domain password policy will need to be configured? - Enforce password history - Maximum password age - Minimum password age - Minimum password length
Enforce password history
What is configuration auditing? - Ensures that configuration items are built and maintained according to the requirements, standards, or contractual agreements - Ensures that only approved changes to a baseline can be implemented - Ensures all changes made separate from the baseline are well documented and controlled - Identifies which assets need to be controlled
Ensures that configuration items are built and maintained according to the requirements, standards, or contractual agreements
What is configuration control? - Ensures that configuration items are built and maintained according to the requirements, standards, or contractual agreements - Ensures that only approved changes to a baseline are allowed to be implemented - Ensures all changes made separate from the baseline are well documented and controlled - Identifies which assets need to be controlled.
Ensures that only approved changes to a baseline are allowed to be implemented
Which of the following rules applies to evidence obtained in violation of the Fourth Amendment of the Constitution? - Best evidence rule - Exclusionary rule - Hearsay rule - Evidentiary rule
Exclusionary rule
Which of the following is NOT a component of an IDS? - Traffic collector - Signature database - Expert knowledge database - User interface and reporting
Expert knowledge database
A principal reference for rules governing the export of encryption can be found in the - Bureau of Industry and Security - U.S. Department of Commerce - Export Administration Regulations - State Department
Export Administration Regulations
Which of the following is a characteristic of the Patriot Act? - Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet - A major piece of legislation affecting the financial industry, and also one with significant privacy provisions for individuals - Makes it a violation of federal law to knowingly use another's identity - Implements the principle that a signature, contract, or other record may not be deleted - Denies legal effect, validity, or enforceability solely because it is electronic form
Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet
The protocol that provides a method for the transfer of files, both to and from a server is - Telnet - SSH - SNMP - FTP
FTP
TCP Ports 989 and 990 are associated with what application? - SSL/TLS 3.0 - SPOP3 - SFTP - FTPS
FTPS
A birthday attack is a type of logic bomb virus that releases its payload on some famous person's birthday, such as Michelangelo. True or False
False
A risk management plan is a comprehensive document that explains how risks will be identified on a given project. True or False
False
A syn flood is type of spam that floods the inbox with pornographic material. True or False
False
A warm site is a fully configured environment that is similar to the normal operating environment, and that can be operational immediately. True or False
False
Adding more services and applications to a system helps to harden it. True or False
False
An organization can reduce its risks to zero through careful planning and implementation. True or False
False
An organization must choose between using Capability Maturity Model Integration (CMMI) or change management. True or False
False
Authenticode is used to encrypt program code so that it is more difficult for hackers to reverse engineer it. True or False
False
Buffer overflows, while a dangerous form of code vulnerability, are the least common. True or False
False
Canonicalization vulnerabilities are restricted to Windows systems. True or False
False
Cause and effect analysis is the process of identifying relationships between a risk and the organization's needs. True or False
False
Change management and configuration management are two very different processes. True or False
False
Change management is only needed in the development and testing phases of the systems life cycle. True or False
False
Change management is the process of changing the middle managers in a company during a merger. True or False
False
Change management makes localization efforts more complex. True or False
False
Cryptography is the solution to all security problems. True or False
False
Defense begins by eliminating threats. True or False
False
Deploying, maintaining, and upgrading host-based IDSs in a large network is cheaper than NIDSs. True or False
False
Despite all the benefits from separation of duties, the biggest disadvantage is that the people who know the software best (the developers, designers, and testers) are not the ones that install and administer the software. True or False
False
Evidence offered by the witness that is not based on the personal knowledge of the witness—but is being offered to prove the truth of the matter asserted—falls under the exclusionary rule. True or False
False
FTP encrypts traffic by default. True or False
False
Falsifying header information is not covered by the CAN-SPAM Act. True or False
False
Generating true random numbers is a fairly trivial task. True or False
False
Groups are assigned by location, not function. True or False
False
HTTP uses TCP port 8080. True or False
False
Hostile activity that does not match an IDS signature and goes undetected is called a false positive. True or False
False
In 2002, Microsoft increased the number of services that were installed and running due to public demand. True or False
False
Incremental backups back up all information since the last full backup. True or False
False
It is recognized throughout the industry that the best type of risk assessment to conduct is a purely quantitative one. True or False
False
Lease privilege refers to removing all controls from a system. True or False
False
Mac OS X FileVault encrypts files with 3DES encryption. True or False
False
Minimum password age policy specifies the number of days a password may be used before it must be changed. True or False
False
Minor procedural missteps are not important provided the overall investigation is properly conducted. True or False
False
Most instant messaging programs natively support encryption. True or False
False
Names not on a DNS blacklist get filtered out, and those messages are not received. True or False
False
Network-based IDS examines activity on a system such, as a mail server or web server. True or False
False
Once an organization implements a security plan, they can expect to remain secure for an extended period of time. True or False
False
Only one person is needed to collect and document evidence obtained in performing forensics on a computer system. True or False
False
Oral testimony that proves a specific fact is considered real evidence. True or False
False
Performing a cost/benefit analysis to determine the effectiveness of a countermeasure is not a useful way to evaluate a countermeasure, because risk needs to be reduced at any cost. True or False
False
Permissions are applied to users, not to groups. True or False
False
Policies are generally step-by-step instructions. True or False
False
Privacy laws in Europe are built around the concept that privacy is not a fundamental human right. True or False
False
RAID 5 implements exact copies of disks, with all the data mirrored on another drive. True or False
False
Relevant evidence must be convincing or measure up without question. True or False
False
Residual risk is covered by insurance companies. True or False
False
Role-based access control is a method of managing access and privileges based on a set of predefined rules. True or False
False
SMTP uses TCP port 110. True or False
False
Scanning is when an attacker attempts to crash the system with programs such as ping sweep or superscan. True or False
False
Securing access to files and directories in Solaris is vastly different from most UNIX variants. True or False
False
Service pack is the term given to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks. True or False
False
Targeted attacks are easier and take less time and effort than attacks on targets of opportunity. True or False
False
Telnet is used to upload and download files. True or False
False
Testing is not an essential part of the generation of secure code. True or False
False
The BCP is part of the larger DRP. True or False
False
The disadvantage to full backups is that the restore process is complex. True or False
False
The formulas used to justify the single loss expectancy (SLE) are extremely accurate. True or False
False
The last step in minimizing possible avenues of attack is updating system patches. True or False
False
The low risk of being caught is one of the reasons that criminals are turning to computer crime. True or False
False
The lowest level of classified information, which is defined as information that would "damage" national security, is known as "unclassified." True or False
False
The misuse detection IDS model is more difficult to implement than the anomaly detection model, and is not as popular as a result. True or False
False
The ping of death is a type of distributed denial of service. True or False
False
The presence of the keyword "secure" in a cookie indicates that it can only be accessed by the web site that placed it there in the first place. True or False
False
The recycle bin contains all the deleted files on a computer. True or False
False
The specific security needs of a program being developed should be defined in the design phase of the secure development lifecycle. True or False
False
The spiral model is characterized by iterative development, where requirements and solutions evolve through an ongoing collaboration between self-organizing, cross-functional teams. True or False
False
The trends show that e-mail hoaxes are being thwarted due to new technology. True or False
False
Unsolicited commercial e-mail is referred to as a hoax e-mail. True or False
False
Using SSL protects your data from interception by devices such as key loggers. True or False
False
Viruses can exist independent of a file, whereas worms require a file to infect. True or False
False
When analyzing computer storage components, the original system should be analyzed. True or False
False
When performing forensics on a computer system you should use the utilities provided by that system. True or False
False
While NIDS are able to detect activities such as port scans and brute force attacks, it is unable to detect tunneling. True or False
False
Windows Defender is new, personal firewall software included in Vista. True or False
False
Which of the following is NOT an advantage of decentralized privilege management? - It is highly flexible; changes can be made whenever they are needed. - It does not require a dedicated set of personnel and resources. - It reduces bureaucracy. - Fewer people must be trained on tasks associated with privilege management.
Fewer people must be trained on tasks associated with privilege management.
Clusters that are marked by the operating system as usable is referred to as which of the following? - Free space - Slack space - Open space - Unused space
Free space
Which type of backup is the simplest to do, but takes the most storage space? - Full - Differential - Incremental - Delta
Full
What technique can be used to find potentially exploitable buffer overflows, without any specific knowledge of the coding? - Code injection - Use cases - Fuzzing - Backdoors
Fuzzing
Which management tool is used for diagramming schedules, events, and activity duration? - Pareto charts - Gantt charts - Interrelationship digraphs - PERT charts
Gantt charts
A new breed of IDS that is designed to identify and prevent malicious activity from harming a system. - Dynamic IDS - Preventive IDS - Active IDS - HIPS
HIPS
Which of the following has the least volatile data? - CPU storage - RAM - Hard drive - Kernel tables
Hard drive
Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, fall under which rule of evidence? - Best evidence rule - Exclusionary rule - Hearsay rule - Relevant evidence rule
Hearsay rule
What device would you use to attract potential attacks, so that you could safely monitor the activity and discover the intentions of the attacker? - Firewall - Antivirus - IDS - Honeypot
Honeypot
Which alternative site is the most costly to maintain? Correct! - Hot site - Warm site - Cold site - Mutual aid agreement site
Hot site
Which type of alternative site is a fully configured environment that is similar to the normal operating environment and can be operational within hours? - Hot site - Warm site - Cold site - Immediate site
Hot site
How does IPS differ from an IDS? - IPS is passive and IDS is active. - IPS uses heuristics and IDS is signature based. - IPS will block, reject, or redirect unwanted traffic; an IDS will only alert. - IDS will block, reject, or redirect unwanted traffic; an IPS will only alert.
IPS will block, reject, or redirect unwanted traffic; an IDS will only alert.
What are the steps for the software engineering institute model for risk management? - Identify, analyze, plan, track, and control - Analyze, track, identify, plan, and control - Identify assets, threats, vulnerabilities, and exposure factor - Cost benefit analysis, control, and review
Identify, analyze, plan, track, and control
Which of the following describes the process of asset identification during a risk assessment? - Collecting data on the value of bank accounts and other financial notes controlled by the organization - Identifying and classifying the assets, systems, and -processes that need protection because they are vulnerable to threats - Collecting data on the property plant and equipment to be prepared to file an insurance claim - Hiring an outside auditing firm to assess the total net worth of the company
Identifying and classifying the assets, systems, and processes that need protection because they are vulnerable to threats
Which of the following describes the process of threat assessment during a risk assessment? - Identifying the possible threats and vulnerabilities associated with each asset, and the likelihood of their occurrence - Categorizing and cataloging any threats made against the organization in the last 10 years - Establishing a human resource procedure to notify the police if anyone threatens an employee - Assessing the total net worth of the company, and then selecting an insurance company to insure the company against all threats.
Identifying the possible threats and vulnerabilities associated with each asset, and the likelihood of their occurrence
Using the general risk management model, direct loss of money, interruption of business activity, and breach of confidence, fall under which step? - Asset identification - Threat assessment - Impact determination and quantification - Residual risk management
Impact determination and quantification
The electronic signatures in the Global and National Commerce Act - Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form - Address a myriad of legal privacy issues resulting from the increased use of computers and other technology specific to telecommunications - Make it a violation of federal law to knowingly use another's identity - Are a major piece of legislation affecting the financial industry, and contains significant privacy provisions for individuals
Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form
Which policy outlines how the organization will prepare for and handle security incidents when they occur? - Acceptable use policy - Incident response policy - E-mail policy - Due diligence policy
Incident response policy
Unvalidated input that changes the code functioning in an unintended way is which type of coding error? - Canonicalization error - Improper output handling - Injection - Buffer overflow
Injection
Your boss is concerned about employees viewing in appropriate or illegal web sites in the workplace. Which device would be the best at addressing this concern? - Antivirus - Firewall - Protocol analyzer - Internet content filter
Internet content filter
The model that most modern intrusion detection systems use is largely based upon a model created by Dorothy Denning and Peter Neumann called: - Intrusion Detection Interface System (IDIS) - Intrusion Response Interdiction system (IRIS) - Intrusion Detection Expert System (IDES) - Discovery, Haystack, Multics Intrusion Detection and Alerting System (MIDAS)
Intrusion Detection Expert System (IDES)
The Open Vulnerability and Assessment Language (OVAL) ___________. - Is an XML framework for describing vulnerabilities - Is a framework for UDDI data structures to be passed between applications in a language-neutral and platform-independent fashion - Is used by web browsers to block harmful java scripts from executing on a system - Is used by a web browser to clean cookies and spy ware off the system hard drive
Is an XML framework for describing vulnerabilities
Which of the following is true of BitLocker, in Windows Vista? - It's where malicious code is stored when it's discovered. - It's a form of data storage for network traffic. - It allows encryption of all data on a server. - It monitors Internet Explorer traffic.
It allows encryption of all data on a server.
In Mac OS X, what does library randomization do? - It defeats buffer overflows. - It is used for encryption. - It restricts network access. - It increases the ease of code writing.
It defeats buffer overflows.
What is a message digest? - It is a hash function that can be used to compare two files to see if they are identical. - A condensed version of the messages that the computer receives. - Messages that the computer sends to other computers - Availability protocol that establishes links to other computers.
It is a hash function that can be used to compare two files to see if they are identical.
Which of the following is the command to stop a service in UNIX? - Stop - Kill - End - Finish
Kill
All access to systems, software, and data should be assigned using what principle? Least privilege - Role-based access - Minimum use - Activity-based access
Least privilege
Determining what needs to be accessed, and the appropriate level of permission for every item accessed is an example of what principle? - Least functionality - Least privilege - Least access - Least rights
Least privilege
According to SANS Internet Storm Center, the average survival time of an unpatched Windows PC on the Internet is - Less than two minutes - Less than two hours - Less than two days - Less than two weeks
Less than two hours
Malicious code that sits dormant until a particular event occurs to release its payload is called what? - Trojan - Logic bomb - Trigger virus - Logic worm
Logic bomb
What is the name of the process that controls access to information based on the sensitivity of that information and whether or not the user is operating at the appropriate sensitivity level and has the authority to access that information? - MAC - DAC - RBAC - RBOC
MAC
Which of the following is NOT a general step in securing a networking device? - Choosing good passwords - Password-protecting the console - Maintaining SNMP community strings - Turning off unnecessary services
Maintaining SNMP community strings
Antispam does all of the following EXCEPT: - Blacklisting - Malicious code detection - Language filtering - Trapping
Malicious code detection
What is it called when an attacker makes his data look like it is coming from a different source address, and is able to intercept information transferred between two computers? - Spoofing - Man-in-the-middle attack - Sniffing - Injecting
Man-in-the-middle attack
A network administrator wants to specify the number of days a password must be used before it can be changed again. What domain password policy will need to be configured? - Enforce password history - Maximum password age - Minimum password age - Minimum password length
Minimum password age
Which of the following is NOT a UNIX file permission? - Read - Write - Modify - Execute
Modify
If an organization can last without a business function for up to 30 days before it is severely impacted, that function would be categorized as which of the following? - Critical - Necessary for normal processing - Desirable - Optional
Necessary for normal processing
On a UNIX system, if a file has the permission r-x rw- ---, what permission does the world have? - Read and execute - Read and write - Read, write, execute - No permissions
No permissions
Which management tool is used for diagramming the interdependencies between project activities, showing the sequence and duration of each activity? - Pareto charts - Gantt charts - Interrelationship digraphs - PERT charts
PERT charts
Two tools that can be used to encrypt e-mail are ___________________. - MIME/S and PGP - PGP and S/MIME - PSP and MIME/S - PGP and SIME
PGP and S/MIME
With the RSA and Diffie-Hellman handshakes - The server and the client agree on what type of browser to use. - Parameters are agreed upon and certificates and keys are exchanged. - Parameters are agreed upon so that java scripts cannot execute inside the client system. - Office applications are able to e-mail secure documents.
Parameters are agreed upon and certificates and keys are exchanged.
Which of the following is NOT an element of a DRP? - Backup - Alternate sites - Fault tolerance - Password management
Password management
Management password policy should address all of the following except? - Password reuse - Password complexity rules - Protection of passwords - Password salting to ensure unique hash values
Password salting to ensure unique hash values
Which of the following is one of those critical activities that is often neglected as part of a good security baseline? - Password selection - Hardening the OS - Securing the firewall - Hardening applications
Password selection
A _________ is a more formal, large software update that may address several or many software problems. - Script - Log - Hotfix - Patch
Patch
Zone Alarm, Windows ICF, and iptables are all examples of - Antivirus - Antispyware - Antispam - Personal firewalls
Personal firewalls
Bob gets an e-mail addressed from his bank, asking for his user ID and password. He then notices that the e-mail has poor grammar and incorrect spelling. He calls up his bank to ask if they sent the e-mail, and they promptly tell him they did not and would not ask for that kind of information. What is this type of attack called? - Phishing - Pharming - Spear pharming - Spishing
Phishing
When taking photographs for use as evidence, what type should be taken? - Digital camera pictures - Film with a high speed shutter - Film with a low speed shutter - Polaroid
Polaroid
___________ are high-level, broad statements of what the organization wants to accomplish. - Policies - Procedures - Standards - Guidelines
Policies
Common Gateway Interface (CGI) security issues include - Poorly configured CGIs can crash when users input unexpected data. - CGI can only be programmed in one insecure language. - CGI can only perform one process at a time making it very susceptible to denial of service attacks. - CGI will only work with Internet Explorer
Poorly configured CGIs can crash when users input unexpected data
The nuisance of web pages that automatically appear on top of your current web page can be remedied with - Antivirus - Antispam - Pop-up blockers - Firewalls
Pop-up blockers
What is the process used to ensure that users have the correct rights to perform their jobs? - Usage auditing - Audit trails - Privilege management - Escalation auditing
Privilege management
What is the term for step-by-step instructions that describe exactly how employees are expected to act in a given situation or to accomplish a specific task? - Policies - Procedures - Standards - Usage lists
Procedures
Which of the following is NOT a component of a security policy? - Acceptable use policy - Separation of duties - Need to know - Programming language conformity policy
Programming language conformity policy
Which type of RAID does not provide redundancy to improve reliability? - RAID 0 - RAID 1 - RAID 5 - All RAID types provide redundancy and improve reliability.
RAID 0
Which type of RAID uses disk mirroring? - RAID 0 - RAID 1 - RAID 2 - RAID 5
RAID 1
Which type of RAID spreads data across disks, and also adds parity, meaning that the loss of any single disk in the array will not result in the loss of any data? - RAID 0 - RAID 1 - RAID 2 - RAID 5
RAID 5
The access control model that most closely resembles an organization's structure. - MAC - DAC - RBAC - RBOC
RBAC
On a UNIX system, if a file has the permission rwx r-- ---, what permission does the group have? - Execute, read, write - Read - Read, write, execute - No permissions
Read
Tangible objects that prove or disprove fact are what type of evidence? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Real evidence
In which incident response phase might it be necessary to implement the BCP? - Preparation phase - Detection phase - Containment and eradication phase - Recovery phase
Recovery phase
How is high availability generally achieved? - Full backup - Fault tolerance - Test, exercise, rehearse - Redundant systems
Redundant systems
Evidence that is material to the case or has bearing on the matter at hand is what standard of evidence? - Sufficient evidence - Competent evidence - Relevant evidence - Real evidence
Relevant evidence
In the secure development lifecycle, how must the specific security needs of software being developed be defined? - Coding phase - Design phase - Requirements phase - Testing phase
Requirements phase
Which of the following is usually synonymous with a job or set of functions? - Superuser - Role - Privilege - Sign on
Role
What is the use of "securityadmin" in Microsoft SQL Server an example of? - DAC - MAC - Role-based access control - Rule-based access control
Role-based access control
What is the term for malware that changes the way the operating system functions to avoid detection? - Rootkit - Boot sector virus - Spyware - Dieware
Rootkit
Which of the following is the value for the expected loss of a single asset? - SLE - ALE - SRO - ARO
SLE
Which of the following is NOT one of the three primary e-mail protocols? - SMTP - SNMP - POP3 - IMAP
SNMP
Which is related to a code injection error? - VB.NET - SQL - JavaScript - C#
SQL
Which type of attack is used especially against databases? - DB manipulation - DB injection - SQL injection - SQL rejection
SQL injection
The SFTP protocol incorporates what into FTP? - SSL - Secure java scripting - 28 bit encryption key - the TCP protocol
SSL
What is the law that overhauled the financial accounting standards for publicly traded firms in the United States? - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
Sarbanes-Oxley Act
Egress filtering - Scans incoming mail to catch spam - Scans outgoing mail to catch spam - Messages are scan for specific words or phrases - Filters out POP traffic
Scans outgoing mail to catch spam
Selecting a good password for each user account is critical to protecting information systems. How should you select a good password? - Use letters in your first name and letters in your last name. - Select a password that is still relatively easy to remember, but still difficult to "guess." - Unfortunately, there is way to keep a password safe, so it really doesn't matter what you use. - Create a password that would be hard to remember, and then write it down so you won't forget it.
Select a password that is still relatively easy to remember, but still difficult to "guess."
What is the key concept in change management? - Least privilege - Separation of duties - Defense in depth - Redundancy
Separation of duties
Which is more secure? - Common Gateway Interface (CGI) - Server side scripting - Third-party scripting - All are equally secure
Server side scripting
Your boss expressed concern about employees working on the network on weekends. She asks if there is something you can do to ensure that they do not have access. What would be the best way to accomplish this? - Publish a memo stating that employees will not be allowed to access the network on weekends. - Set time-of-day restrictions on employee accounts for the weekend. - Keep the building locked. - Set up closed-circuit TV cameras on employee workstations.
Set time-of-day restrictions on employee accounts for the weekend.
Which of the following is the most effective password policy to enforce for system security? - Setting password lengths to be 14 characters or more - Setting the password history to be 20 or higher - Setting a password expiration of 60 days - Setting a minimum password age of 180 days or more
Setting a password expiration of 60 days
What is the space in a cluster that is not occupied by a file called? - Free space - Slack space - Open space - Unused space
Slack space
_____________ relies on lies and misrepresentation to trick an authorized user into providing information or access to an attacker. - Social engineering - User exploitation - War-driving - Indirect attack
Social engineering
An attack that takes advantage of bugs or weaknesses in the software is referred to as what? - A brute-force attack - Software exploitation - A dictionary attack - Weakness exploitation
Software exploitation
Windows Defender does all of the following EXCEPT: - Spyware detection and removal - Real-time malware protection - Spam filtering - Examine programs running on your computer
Spam filtering
Making data look like it has come from a different source is called - Sniffing - A man-in-the-middle attack - A replay attack - Spoofing
Spoofing
What is software that records and reports activities of the user (typically without their knowledge) called? - Snoopware - Malware - Spyware - Eyeware
Spyware
How does stateful packet filtering differ from basic packet filtering? - Stateful packet filtering looks only at each packet individually. - Stateful packet filtering looks at the packets in relation to other packets. - Stateful packet filtering looks at the destination address. - Stateful packet filtering looks at the source address.
Stateful packet filtering looks at the packets in relation to other packets
What is a law passed by a legislative branch of government called? - Statutory law - Administrative law - Common law - Blue law
Statutory law
Creating a graphical representation of the required elements for an attack vector occurs in which step of Threat Modeling? - Step 1-Define scope - Step 4-Enumerate threats - Step 5-Classify threats - Step 8-Create threat trees
Step 8-Create threat trees
Scoring the efforts to reduce the effects of threats occurs in which step of threat modeling? - Step 2-Enumerate assets - Step 7-Score and rank threats - Step 8-Create threat trees - Step 9-Determine and score mitigation
Step 9-Determine and score mitigation
Evidence that is convincing or measures up without question is what standard of evidence? - Sufficient evidence - Competent evidence - Relevant evidence - Real evidence
Sufficient evidence
A(n) _________ is used by the change control board to track changes. - Situation process report - Software problem report - Segregated personnel responsibilities - System progress report
System progress report
A term used to refer to the process of taking control of an already existing session between a client and a server is - TCP/IP hijacking - Replay attacking - Denial-of-service attack - Password guessing
TCP/IP hijacking
Information systems testing, change management, and reliability and performance management are examples of which of the following? - Business risks - Technology risks - Market risks - Operational risks
Technology risks
In the secure development lifecycle, employing use cases to compare program responses to known inputs, and then comparing the outputs to the desired outputs should take place in which phase? - Coding phase - Design phase - Requirements phase - Testing phase
Testing phase
Which of the following is NOT a disadvantage of host-based IDS? - The IDS uses local system resources. - The IDS can have a high cost of ownership and maintenance. - The IDS must have a process on every system you want to watch. - The IDS is ineffective when traffic is encrypted.
The IDS is ineffective when traffic is encrypted.
Which of the following is the formula for single loss expectancy (SLE)? - The exposure factor added to the asset - The asset multiplied by the exposure factor - The asset divided by the annual rate of expectancy - The asset multiplied by the exposure factor and divided by the annual rate of expectancy
The asset multiplied by the exposure factor
What is the Convention on Cybercrime? - A convention of black hats who trade hacking secrets Correct Answer - The first international treaty on crimes committed via the Internet and other computer networks - A convention of white hats who trade hacker prevention knowledge - A treaty regulating international conventions
The first international treaty on crimes committed via the Internet and other computer networks
What is the first step in addressing issues with passwords? - The first step in addressing password issues is to create an effective and manageable password policy that both system administrators and users can work with. - The first step in addressing password issues is to find a systematic, alpha-numeric combination and then assign passwords, so that both system administrators and users can tell which department is using what system. - The first step in addressing password issues is to see how many passwords are required. - The first step in addressing password issues is to see how many accounts can use the same password.
The first step in addressing password issues is to create an effective and manageable password policy that both system administrators and users can work with.
How can risk best be described? - The possibility of suffering harm or loss - The chance that the organization will go bankrupt - Something that is dependent on the types of insurance the company buys - Something that is dependent on the overall asset value of the company
The possibility of suffering harm or loss
What is the formula for annual rate of expectancy? - The asset multiplied by the exposure factor - The exposure factor added to the asset - The single loss expectancy multiplied by the annual rate of occurrence - The asset divided by the annual rate of expectancy
The single loss expectancy multiplied by the annual rate of occurrence
What does the term spiral method refer to? - SQL - The software engineering process model - Proper coding of SSL - Physical security of facilities
The software engineering process model
Which of the following in a browser guarantees perfect security? - SSL/TLS - SSH - Secure java scripting - There is no guarantee of perfect security.
There is no guarantee of perfect security
Which is a 100% secure method to download applications from the Internet? - Signed applets - SSH - HTTPS - There is none.
There is none
Which of the following is NOT an advantage of network-based IDS? - It takes fewer systems to provide IDS coverage. - They can reduce false positive rates. - Development, maintenance, and upgrade costs are usually lower. - Visibility into all network traffic and can correlate attacks among multiple systems.
They can reduce false positive rates.
One of the advantages of HIDS is that - They can reduce false-positive rates - Their signatures are broader - They can examine data before it has been decrypted - They are inexpensive to maintain in the enterprise
They can reduce false-positive rates
Which of the following is true of the registry permissions area settings in security templates? - They control who should be allowed to join or be part of certain groups. - They are for services that run on the system. - They control who can access the registry and how it can be accessed. - They are settings that apply to files and folders, such as permission inheritance.
They control who can access the registry and how it can be accessed.
Which of the following is true about change control boards? - They are made up of non-administrative staff to prevent bias in decision making. - They should meet annually to revise the change control executive plan. - They should facilitate adequate change management oversight and better coordination between projects. - They are only necessary in extremely large corporations that wish to maintain standards across multinational divisions.
They should facilitate adequate change management oversight and better coordination between projects.
Using the general risk management model, natural disasters, terrorism, fraud, equipment failure, fall under which step? - Asset identification - Threat assessment - Impact determination and quantification - Residual risk management
Threat assessment
The main purpose of a honeypot is - To identify hackers so they can be tracked down by the FBI - To slow hackers down by providing an additional layer of security that they must pass before accessing the actual network - To distract hackers away from attacking an organization's live network - To help security professionals better understand and protect against threats to the system
To help security professionals better understand and protect against threats to the system
What is the primary purpose of a business impact analysis? - To address procedures for selecting user passwords - To create and maintain system backups - To identify and describe the most important functions for an organization - To outline an organization's plans to recover in the event a disaster strikes
To identify and describe the most important functions for an organization
How can the purpose of risk management best be described? - A method to improve the performance of the organizations stock portfolio - To take cost effective measures to reduce potential risk to the organization to an acceptable level - A method to inform management of the types of assets the company controls - A means of getting cheaper insurance for the organization
To take cost effective measures to reduce potential risk to the organization to an acceptable level
A type of malicious code that appears to be a safe program but that actually has a hidden purpose is called a ____________. vvirus - hoax - Trojan - worm
Trojan
Johnny received a "new version" of the game Solitaire in an e-mail. After running the program, a backdoor was installed on his computer without his knowledge. What kind of an attack is this? - Logic bomb - Hoax - Trojan - Worm
Trojan
SubSeven and Back Orifice are examples of what kinds of malicious code? - Virus - Hoax - Worm - Trojan
Trojan
A computer system is attacked for one of two reasons: it is specifically targeted by the attacker, or it is a target of opportunity. True or False
True
A configuration item is an asset that needs to be controlled or managed. True or False
True
A disaster recovery plan is critical for effective disaster recovery efforts. True or False
True
A key element in a business continuity plan is the availability of backups. True or False
True
A qualitative risk assessment relies on judgment and experience; quantitative risk assessment applies historical information and trends to attempt to predict future performance. True or False
True
A sniffer must use a NIC in promiscuous mode; otherwise it will not see all the network traffic coming into the NIC. True or False
True
ALE = SLE * ARO True or False
True
Administrator, root, and superuser are accounts that have the power to do anything that can be done on a system. True or False
True
An attacker will do reconnaissance by going to public sites like SEC.gov and whois.net to get important information that can be used in an attack. True or False
True
Attacks on computer systems can be grouped into two broad categories: attacks on specific software, and attacks on a specific protocol or service. True or False
True
CVE provides security personnel with a common language to use when discussing vulnerabilities. True or False
True
Carnivore is an eavesdropping program for the Internet. True or False
True
Categorizing business functions is useful in determining which functions will be restored first in the event of a disaster. True or False
True
Change control prevents inadvertent overwriting of critical reference data. True or False
True
Computer trespass is treated as a crime in many countries. True or False
True
Configuration status accounting consists of the procedures for tracking and maintaining data relative to each configuration item in the baseline. True or False
True
Content-based signatures detect character patterns and TCP flag settings. True or False
True
E-mail traffic is sent in plaintext by default and can be read easily by anyone who intercepts it. True or False
True
Errors found after development is complete are expensive. True or False
True
Fuzzing is a powerful tool used in testing code. True or False
True
Generally speaking, you should back up the computer using DOS instead of Windows. True or False
True
HTTPS uses TCP port 443. True or False
True
Hardening applications is similar to hardening operating systems, in that you remove functions that are not needed, restrict access where you can, and make sure the application is up to date with patches. True or False
True
Hoax e-mails can have a real impact on bandwidth and productivity due to the distraction that can be caused by them. True or False
True
Hotfixes are usually smaller than patches, and patches are usually smaller than service packs. True or False
True
Inlining is using an embedded control from another site, with or without the other site's permission True or False
True
Mandatory access control is the process of controlling access to information based on the sensitivity of that information, as well as whether or not the user is operating at the appropriate sensitivity level and has the authority to access that information. True or False
True
Network and system administrators use change management to ensure configurations consistently meet security standards. True or False
True
Only active intrusion detection systems (IDS) can aggressively respond to suspicious activity, whereas passive IDS cannot. True or False
True
Permissions under Linux are the same as for other UNIX-based operating systems. True or False
True
Rights tend to be actions that deal with accessing the system itself, process control, and logging. True or False
True
S/MIME is a secure implementation of the MIME protocol. True or False
True
The CAN-SPAM Act allows unsolicited e-mail as long as there is an unsubscribe link; the content must not be deceptive and not harvest emails. True or False
True
The DMCA protects the rights of recording artists and the music industry. True or False
True
The NIDS signature database is usually much larger than that of a host-based system. True or False
True
The Patriot Act permits the Justice Department to proceed with its rollout of the Carnivore program, an eavesdropping program for the Internet. True or False
True
The goal of the AUP is to ensure employee productivity, while limiting organizational liability due to inappropriate use of the organization's assets. True or False
True
The sale of some types of encryption overseas is illegal. True or False
True
The space that is left over in a cluster is called slack space. True or False
True
Two laws that provide wide-sweeping tools for law enforcement to convict people who hack into computers—or use them to steal information—are the ECPA and the CFAA. True or False
True
User account passwords can be set up to automatically expire. True or False
True
Viruses started as simple self-replicating program that spread via the transfer of floppy disks. True or False
True
When hardening Mac OS X, the same guidelines for all UNIX systems apply. True or False
True
When the function of code is changed in an unintended way, it is an example of code injection. True or False
True
Windows operating systems use the concept of permissions AND rights to control access to files, folders, and information resources. True or False
True
What is used to compare program responses to known inputs and comparison of the output to desired output? - Use cases - Waterfall models - Requirements testing - Good practices
Use cases
Securing e-mail is something that must be done by - Networking administrators - Security administrators - Outlook express - Users
Users
All of the following techniques help to secure IM communications EXCEPT which of the following? - Running a corporate IM server - Using a different user name - Avoiding file transfers - Using encryption
Using a different user name
What is the term used to describe a hacker's attempt to discover unprotected modem connections to computer systems and networks called? - Software exploitation - Indirect attack - War-dialing - Spoofing
War-dialing
The activity where hackers wander throughout an area with a computer with wireless capability, searching for wireless networks they can access is referred to as which of the following? - War-driving - War-dialing - Indirect attack - Brute force attack
War-driving
Which alternative site is partially configured, usually having the peripherals and software, but not the more expensive main processing computer? - Hot site - Warm site - Cold site - Temporary site
Warm site
PGP uses _______________ encryption. - symmetric - asymmetric - shared key - elliptical
asymmetric
The two main places to filter spam are ________________. - at the host itself and the server - the firewall and the LAN - the proxy server and the LAN - the host and the firewall
at the host itself and the server
In a ______________, a password cracking program attempts all possible password combinations. - brute-force attack - dictionary attack - man-in-the-middle attack - replay attack
brute-force attack
Linux and other operating systems use the _______ command to change the read-write-execute properties of a file or directory. - tracert - ifconfig - chmod - chkconfig
chmod
Which UNIX command would you use to change permissions associated with a file or directory? - chmod - chown - chgrp - chng
chmod
The Kurt Vonnegut commencement speech, the Neiman-Marcus Chocolate Chip Cookie Recipe, and the get-well e-mails to the dying boy are examples of __________. - social engineering - hoax e-mails - e-mail viruses - worms
hoax e-mails
Which of the following URL segments signifies that it is secure for transmission over the Internet? - wwws - https - shtml - aspx
https
A(n) ___________ finds weaknesses in the mechanisms surrounding the cryptography. - viral attack - worm attack - indirect attack - password attack
indirect attack
A worm is a type of virus that ____________. - is scripted to send itself to other systems - is designed to crawl in under a firewall - buries itself between the kernel and the application layer of the operating system - is passed through e-mails with a subject heading that has the word "worm" in it
is scripted to send itself to other systems
One of the steps that the majority of system administrators running Internet e-mail servers have taken to reduce spam is to shut down ________. - spam filters - mail relaying - e-mail attachments - Outlook Express
mail relaying
The term ___________ refers to software that has been designed for some nefarious purpose. - virus - worm - Trojan horse - malware
malware
A _____________ is a software or hardware device that is used to observe traffic as it passes through a network on shared broadcast media. - logic bomb - network sniffer - backdoor - trapdoor
network sniffer
One of the ways spam is able to propagate is by taking advantage of servers that will accept e-mail from anyone; these are known as ___________. - open servers - server relays - open relays - relay servers
open relays
Which UNIX command can be used to show the patches that are installed for a specific software package? - pkglist - pkgparam - pkgqury - pkgdump
pkgparam
An attack where the attacker captures a portion of a communication between two parties and retransmits it at another time is called a(n) ___________ attack. - smurf - denial-of-service - viral - replay
replay
The term forensics relates to the application of ____________ knowledge to ___________ problems. - legal; computer - complete; software - scientific; legal - familiar; unfamilia
scientific; legal
Most modern UNIX versions store the passwords associated with a user account in a - BitLocker - shadow file - passwd file - Registry
shadow file
In a ___________ attack, the attacker sends a spoofed packet to the broadcast address for a network, which distributes the packet to all systems on that network. - smurf - denial-of-service - viral - worm
smurf
Unsolicited commercial e-mail is known as __________. - hoax e-mail - worm - spam - spork
spam
One of the largest security problems with IM programs is ___________. - their inability to share files - the lack of support for encryption - the lack of support for video - the lack of support for hiding online presence
the lack of support for encryption
Malicious code that is scripted to send itself to other users is known as a ________. - virus - worm - Trojan - logic bomb
worm
