CTC 362
________ is a suite of protocols designed to connect sites securely using IP networks. Answers: Dynamic Host Configuration Protocol (DHCP) Network access control (NAC) Point-to-Point Tunneling Protocol (PPTP) Internet Protocol Security (IPSec)
Internet Protocol Security (IPSec)
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium? Answers: Data Link Layer Transport Layer Session Layer Physical Layer
Physical Layer
Which OSI Reference Model layer is responsible for the coding of data? Answers: Presentation Layer Session Layer Data Link Layer Transport Layer
Presentation Layer
Which of the following is the definition of white-box testing? Answers: An act carried out in secrecy. Software and devices that assist in collecting, storing, and analyzing the contents of log files. Security testing that is based on knowledge of the application's design and source code. Analysis of activity as it is happening.
Security testing that is based on knowledge of the application's design and source code.
_____________is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task. Answers: Accountability Decentralized access control User Datagram Protocol (UDP) Separation of duties
Separation of duties
The ___________ framework defines the scope and contents of three levels of audit reports. Answers: Service Organization Control (SOC) permission-level real-time monitoring zone transfer
Service Organization Control (SOC)
________ is the basis for unified communications and is the protocol used by real-time applications, such as IM chat, conferencing, and collaboration. Answers: Dense wavelength division multiplexing (DWDM) Direct inward system access (DISA) Multimodal communications Session Initiation Protocol (SIP)
Session Initiation Protocol (SIP)
What is a Security Information and Event Management (SIEM) system? Answers: An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. Security testing that is based on knowledge of the application's design and source code. Software and devices that assist in collecting, storing, and analyzing the contents of log files.
Software and devices that assist in collecting, storing, and analyzing the contents of log files.
Which of the following is the definition of network address translation (NAT)? Answers: A management protocol for IP networks. A protocol to implement a VPN connection between two computers. A method to restrict access to a network based on identity or other rules. A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
Which of the following is the definition of guideline? Answers: A method of developing software that is based on small project iterations, or sprints, instead of long project schedules. Recorded information from system events that describes security-related activity. A recommendation to purchase or how to use a product or system. A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
A recommendation to purchase or how to use a product or system.
_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain. Answers: RC4 RC2 CAST Blowfish
Blowfish
Which of the following identifies what assets are required for the business to recover from an event and continue doing business? Disaster recovery plan Risk assessment Business continuity plan Business impact analysis
Business impact analysis
There are four basic forms of a cryptographic attack. In a ________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be. Answers: Chosen-ciphertext attack Chosen-plaintext attack Known-plaintext attack (KPA) Ciphertext-only attack (COA)
Ciphertext-only attack (COA)
Which part of the C-I-A triad refers to preventing the disclosure of secure information to unauthorized individuals or systems? Answers: Confidentiality Integrity Accessibility Availability
Confidentiality
____________ is exercised by frequently evaluating whether countermeasures are performing as expected. Answers: Corrective control Due diligence Detective control Preventive control
Due diligence
Another name for a border firewall is a DMZ firewall. Answers: True False
False
Quantitative analysis defines risk using a scenario that describes it. Answers: True False
False
________ is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them. Answers: Hijacking Malware Packet sniffer Spoofing
Hijacking
Which of the following is the definition of false negative? Answers: The process of gathering the wrong information. Incorrectly identifying abnormal activity as normal. Analysis of activity as it is happening. A method of security testing that isn't based directly on knowledge of a program's architecture.
Incorrectly identifying abnormal activity as normal.
In a ________, the cryptanalyst possesses certain pieces of information before and after encryption. Answers: Known-plaintext attack (KPA) Ciphertext-only attack (COA) Chosen-ciphertext attack Chosen-plaintext attack
Known-plaintext attack (KPA)
Which of the following allows analysts to view and analyze network packet traces? Answers: NetWitness Investigator OpenVAS Filezilla Promiscuous mode
NetWitness Investigator
During the vulnerability assessment, any known vulnerabilities or bugs will be flagged and identified by: Answers: footprinting. enumeration. a Ping scan. OpenVAS.
OpenVAS.
________ is an authentication credential that is generally longer and more complex than a password. Answers: Authorization Continuous authentication Passphrase Two-factor authentication (TFA)
Passphrase
What name is given to a protocol to implement a VPN connection between two computers? Answers: Dynamic Host Configuration Protocol (DHCP) Internet Control Message Protocol (ICMP) screened subnet Point-to-Point Tunneling Protocol (PPTP)
Point-to-Point Tunneling Protocol (PPTP)
________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical. Answers: Risk mitigation Risk assignment Risk acceptance Risk acceptance
Risk mitigation
________ is the difference between the security controls you have in place and the controls you need to have in place in order to address all vulnerabilities. Answers: Gap analysis Negative risk Quantitative risk analysis Security gap
Security gap
Which of the following is the definition of business drivers? Answers: A comparison of security controls in place and the controls that are needed to address all identified threats. The collection of components, including people, information, and conditions, that support business objectives. The process of identifying, assessing, prioritizing, and addressing risks. The estimated loss due to a specific realized threat.
The collection of components, including people, information, and conditions, that support business objectives.
Mandatory access control (MAC) is a means of restricting access to an object based on the object's classification and the user's security clearance. Answers: True False
True
Residual risk is the risk that remains after you have installed countermeasures and controls. Answers: True False
True
Sprint means one of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software. Answers: True False
True
Which of the following combines something you know (e.g. password) with something you are (e.g. fingerprint) or something you possess (e.g. USB stick) and can also employ a certificate system that adds a distinct third layer to the authentication process? Answers: Single-factor authentication Two-factor authentication Three-factor authentication Multi-factor authentication
Two-factor authentication
hat term is used to describe the current encryption standard for wireless networks? Answers: wireless access point (WAP) Wi-Fi Protected Access (WPA) screened subnet Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Which of the following is a protocol analyzer tool (sometimes called a "packet sniffer") that is used to capture IP traffic from a variety of sources? Answers: OpenVAS Zenmap NetWitness Investigator Wireshark
Wireshark
Which of the following is a graphical interface for Nmap that is typically used during the scanning phase of the ethical hacking process? Answers: Zenmap Greenbone Security Assistant SYN scan OpenVAS
Zenmap
Which of the following is a port scanning tool that can quickly identify hosts and detect what operating system and services are running on them? OpenVAS Ping scan Zenmap Greenbone Security Assistant
Zenmap
Which of the following is used to perform a scan of the network and create a network topology chart? Answers: Wireshark Zenmap OpenVAS NetWitness Investigator
Zenmap
Malicious software can be hidden in a ________. Answers: URL link PDF file ZIP file all of the above
all of the above
Prior to VoIP, attackers would use wardialers to ________. Answers: identify analog modem signals to gain access gain access to PBX phone systems to commit toll fraud identify the operating system running on a computer all of the above
all of the above
How often should an organization perform a risk management plan? Answers: every couple of years biannually annually when a risk is identified
annually
How your organization responds to risk reflects the value it puts on its ___________. Answers: environment assets technology vulnerability
assets
An attempt to exploit a vulnerability of a computer or network component is the definition of ________. Answers: phreaking attack spyware protocol analyzer
attack
Zenmap's Topology tab displays a __________ that shows the relative size and connection type of all discovered IP hosts. Answers: searchable database bar chart line graph bubble chart
bubble chart
The ________ is a simple review of a plan by managers and the business continuity team to make sure that contact numbers are current and that the plan reflects the company's priorities and structure. Answers: structured walk-through test checklist test parallel test review test
checklist test
Information security activities directly support several common business drivers, including ________ and efforts to protect intellectual property. Answers: confidentiality quantitative risk analysis regulations compliance
compliance
Cryptography accomplishes four security goals: nonrepudiation, integrity, authentication, and ________________. Answers: security confidentiality privacy reliability
confidentiality
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures. Answers: applications mitigation activities configurations recommendations
configurations
Notification, response, recovery and follow-up, and documentation are all components of what process? Answers: control countermeasure business impact analysis Correct incident handling
control
Forensics and incident response are examples of ___________ controls. Answers: preventive technical corrective detective
corrective
What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system? Answers: denial of service (DoS) quality of service (QoS) toll calls Regional Bell Operating Company (RBOC)
denial of service (DoS)
An intrusion detection system (IDS) is an example of ___________ controls. Answers: preventive corrective administrative detective
detective
Based on your interpretation of the Zenmap Intense Scan, the purpose/results of the ARP Ping Scan was to: Answers: discover how many hosts are alive. discover the IP path to the remote system. look for fingerprints of known services by testing responses to certain types of packets. identify open TCP ports.
discover how many hosts are alive.
A(n) ________ is a measurable occurrence that has an impact on the business. Answers: corrective control event cost critical business function
event
A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network. Answers: hub firewall router switch
firewall
Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. Answers: security privacy nonrepudiation reliability
nonrepudiation
If knowing about an audit changes user behavior, an audit will ____________. Answers: not be accurate be more accurate skew results not be required
not be accurate
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________. Answers: stateful inspection firewall packet-filtering firewall application proxy firewall Point-to-Point Tunneling Protocol (PPTP)
packet-filtering firewall
What name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them? Answers: quantitative risk analysis qualitative risk analysis annual loss expectancy (ALE) gap analysis
qualitative risk analysis
The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks. Answers: qualitative risk analysis annual rate of occurrence (ARO) quantitative risk analysis risk register
quantitative risk analysis
Network ________ is gathering information about a network for use in a future attack. Answers: reconnaissance eavesdropping denial of service surveying
reconnaissance
What name is given to any risk that exists but has a defined response? Answers: qualitative risk analysis residual risk risk management risk register
residual risk
An organization knows that a risk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________. Answers: risk mitigation risk assignment risk acceptance risk acceptance
risk acceptance
The process of managing risks starts by identifying __________. A. risks B. business drivers C. exposure factor (EF) D. standards
risks
What term is used to describe something built in or used in a system to address gaps or weaknesses in the controls that could otherwise lead to an exploit? Answers: safeguard countermeasure technical control detective control
safeguard
An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________. Answers: private branch exchange (PBX) phone system divestiture network infrastructure security secure shell (SSH)
secure shell (SSH)
One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle. Answers: audit security benchmark monitoring
security
The primary task of an organization's __________ team is to control access to systems or resources. Answers: compliance liaison management software development security administration
security administration
Your organization's __________ sets the tone for how you approach related activities. Answers: assets security policy configuration guidelines
security policy
One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks. Answers: cloud computing the World Wide Web social engineering worms
social engineering
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________. Answers: controls management standards plan
standards
An attacker or event that might exploit a vulnerability is a(n) ____________. Answers: incident threat source cost hacker
threat source
RTO identifies the maximum allowable ________ to recover the function. Answers: risk support data loss time
time
Which of these biometric authentication methods is not as accurate as the rest? Answers: iris scans voice pattern retina scan facial recognition
voice pattern
A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. Answers: threat impact risk vulnerability
vulnerability
A method of restricting resource access to specific periods of time is called ________. Answers: temporal isolation classification multi-tenancy separation of duties
temporal isolation
A(n) ________ is an intent and method to exploit a vulnerability. Answers: impact incident threat source safeguard
threat source
Which of the following best describes quantitative risk analysis? Answers: The process of identifying, assessing, prioritizing, and addressing risks. A risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them. A comparison of security controls in place and the controls that are needed to address all identified threats. A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.
A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.
Which of the following is known as stateful matching? Answers: Security testing that is based on limited knowledge of an application's design. A method of security testing that isn't based directly on knowledge of a program's architecture. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets. Using tools to determine the layout and services running on an organization's systems and networks.
A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.
What is meant by rootkit? Answers: An attack in which one user or computer pretends to be another user or computer. A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised. An attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination. Unwanted e-mail or instant messages.
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
What is the difference between a BCP and a DRP? Answers: A BCP does not specify how to recover from disasters, just interruptions. A DRP directs the actions necessary to recover resources after a disaster. A DRP is a part of a BCP. All of the above.
All of the above.
What is meant by pharming? Answers: The unique knowledge a business possesses that gives it a competitive advantage over similar companies in similar industries. An attack that seeks to obtain personal or private financial information through domain spoofing. A type of window that appears on top of the browser window. These generally contain ads, and although they are not strictly adware, many adware programs use them to interact with users. An application that captures traffic as it travels across a network.
An attack that seeks to obtain personal or private financial information through domain spoofing.
Which of the following is the definition of anomaly-based IDS? Answers: An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. Using tools to determine the layout and services running on an organization's systems and networks.
An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.
Which of the following is the definition of pattern-based IDS? Answers: The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. Software and devices that assist in collecting, storing, and analyzing the contents of log files. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
________ is an authorization method in which access to resources is decided by the user's formal status. Answers: Authority-level policy Knowledge Physically constrained user interface Decentralized access control
Authority-level policy
Which part of the C-I-A triad refers to making sure information is obtainable when needed? Answers: Confidentiality Integrity Accessibility Availability
Availability
Organizations currently use several symmetric algorithms, including ________, which is a substitution-permutation algorithm similar to DES. Unlike DES, its authors made its design criteria public. This 64-bit symmetric block cipher can use keys from 40 to 256 bits. Although it is patented (U.S. patent 5,511,123), its inventors, C.M. Adams and S.E. Tavares, made it available for free use. Answers: Blowfish CAST RC2 International Data Encryption Algorithm (IDEA)
CAST
________is a one-way calculation of information that yields a result usually much smaller than the original message. Answers: Caesar cipher Checksum Hash Symmetric key
Checksum
In a ________, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system. Answers: Known-plaintext attack (KPA) Ciphertext-only attack (COA) Chosen-ciphertext attack Chosen-plaintext attack
Chosen-ciphertext attack
Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)? Answers: Presentation Layer Session Layer Data Link Layer Transport Layer
Data Link Layer
Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address. Answers: Data Link Layer Presentation Layer Transport Layer Session Layer
Data Link Layer
Which of the following allows Wireshark to capture packets destined to any host on the same subnet or virtual LAN (VLAN)? Answers: NetWitness Investigator OpenVAS Filezilla Promiscuous mode
Promiscuous mode
What is meant by application convergence? Answers: A basic digital signaling rate that corresponds to one voice-frequency-equivalent channel. Although the true data rate for DS0 is 64 kbit/s, the effective data rate for a single voice channel when using DS0 is 56 kbit/s. The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail. An attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system. DDoS attacks initiate from more than one host device. A term used to describe streamlining processes with automation or simplified steps.
The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.
What is meant by promiscuous mode? Answers: The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer. An event that results in a violation of any of the C-I-A security tenets. A software program that enables a computer to monitor and capture network traffic, including passwords and data. An attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password.
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
Which of the following is an accurate description of cloud computing? Answers: The process of providing credentials to claim to be a specific person or entity. The process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task. The practice of using computing services that are delivered over a network. A database feature that allows different groups of users to access the database without being able to access each other's data.
The practice of using computing services that are delivered over a network.
Which of the following is not a type of authentication? Answers: knowledge ownership characteristics identification
identification
A ________ is an encryption key used to encrypt other keys before transmitting them. Answers: key directory key distribution key-encrypting key private (symmetric) key
key-encrypting key
The number of possible keys to a cipher is a ___________. Answers: checksum cryptosystem keyspace key directory
keyspace
The CVE listing is a database of: Answers: approved methods that can be used to identify hosts and detect what operating system and services are running on them. known software vulnerabilities and exposures as well as how to mitigate them with software patches and updates. graphical interfaces for Nmap that are typically used during the scanning and vulnerability phase of the ethical hacking process. license agreements that must be acknowledged in order to access the OpenVAS report that includes the details for each host.
known software vulnerabilities and exposures as well as how to mitigate them with software patches and updates.
What term is used to describe the probability that a potential vulnerability might be exercised within the construct of an associated threat environment? Answers: likelihood event detective control incident
likelihood
Loss of financial assets due to ________ is a worst-case scenario for all organizations. Answers: hijacking masquerade attacks phishing malicious attacks
malicious attacks
What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address? Answers: application proxy firewall network address translation (NAT) Internet Control Message Protocol (ICMP) network access control (NAC)
network address translation (NAT)