Cyber Final Multiple Choice
_______ is a list that contains the combinations of cryptographic algorithms supported by the client.
. CipherSuite
In a _______ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system.
. DNS amplification
The ______ is responsible for transferring the message from the MHS to the MS.
. MDA
_______ controls focus on security policies, planning,guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization's mission.
. Management
A multilevel secure system for confidentiality must enforce:
. all of the above
The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _______ on the shared file, ensuring that each process has appropriate access in turn.
. lock
A _______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures.
. security audit
TCP uses the _______ to establish a connection.
. three-way handshake
_______ are ways for an awareness program to promote the security message to employees.
All of the above
_______ is a benefit of security awareness, training, and education programs to organizations.
All of the above
_______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server.
Application-based
_________ audit trails may be used to detect security violations within an application or to detect flaws in the application's interaction with the system.
Application-level
________ is a process that ensures a system is developed and operated as intended by the system's security policy.
Assurance
_________ is a formal process to ensure that critical assets are sufficiently protected in acost-effective manner.
B. IT security management
_______ is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user.
Certification
The _________ Model was developed for commercial applications in which conflicts of interest can arise.
Clark-Wilson Integrity
________ is when a new document consolidates information from a range of sources and levels so that some of that information is now classified at a higher level than it was originally.
Classification creep
CERT stands for ___________.
Computer Emergency Response Team
________ can include computer viruses, Trojan horse programs, worms, exploit scripts,and tool kits.
Computer Emergency Response Team
Kerberos uses the_______ encryption algorithm.
DES
The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.
DNS amplification attack
_________ identifies the level of auditing, enumerates thetypes of auditable events, and identifies the minimum set of audit-related information provided.
Data generation
________ controls focus on the response to a security breach, by warning of violations or attempted violations of security policies.
Detection and recovery
The wireless environment lends itself to a ______ attack because it is so easy for the attacker to direct multiple wireless messages at the target.
DoS
_________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.
Environment variables
________ need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness.
Executives
________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, reducing the number of authentications needed by the user.
Federation
_________ is a program flaw that occurs when program input data can accidentally or deliberately influence the flow of execution of the program.
Injection attack
One of the earliest and most widely used services is _________.
Kerberos
________ requires that a user prove his or her identity for each service invoked and,optionally, requires servers to prove their identity to clients.
Kerberos
____ defines a number of content formats, which standardize representations for the support of multimedia e-mail.
MIME
The unit of data exchanged between two peer MAC entities using the services of the physical layer is a(n) ____________.
MPDU
At its most fundamental level the Internet mail architecture consists of a user world in the form of _________.
MUA
______ relates to the capacity of the network links connecting a server to the wider Internet.
Network Bandwith
Blocking assignment of form field values to global variables is one of the defenses available to prevent a __________ attack.
PHP remote code injection
__________ attacks are vulnerabilities involving the inclusion of script code in the HTML content of a Web page displayed by a user's browser.
PHP remote code injection Cross-site scripting
A ______ triggers a bug in the system's network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded.
Poison Packet
"Improper Access Control (Authorization)" is in the _________ software error category.
Porous Defenses
A _______ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.
RA
The final form of the 802.11i standard is referred to as ________.
RSN
"Incorrect Calculation of Buffer Size" is in the __________ software error category.
Risky Resource Management
______ software is a centralized logging software package similar to, but much more complex than, syslog.
SIEM
_______ is a text-based protocol with a syntax similar to that of HTTP.
SIP
_______ is a minimal set of conventions for invoking code using XML over HTTP that enables applications to request services from one another with XML-based requests and receive responses as data formatted with XML.
SOAP
It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code.
SYN spoofing attack
In both direct flooding attacks and ______ the use of spoofed source addresses results in response packets being scattered across the Internet and thus detectable.
SYN spoofing attacks
__________ data are data that may be derived from corporate data but that cannot be used to discover the corporation's identity.
Sanitized
________ is explicitly required for all employees.
Security awareness
_______ controls are pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls.
Supportive
___________ scan critical system files, directories, and services to ensure they have not been changed without proper authorization.
System integrity verification tools
_________ audit trails are generally used to monitor and optimize system performance.
System-level
The _______ is a hardware module that is at the heart of a hardware/software approach to trusted computing.
TPM
______ is the identification of data that exceed a particular baseline value.
Thresholding
________ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling.
Triage
_________ is assurance that a system deserves to be trusted such that the trust can be guaranteed in some convincing way such as through formal analysis or code review.
Trustworthiness
In order to accelerate the introduction of strong security into WLANs the Wi-Fi Alliance promulgated ________, a set of security mechanisms that eliminates most 802.11 security issues, as a Wi-Fi standard.
WPA
_______ certificates are used in most network security applications, including IP security,secure sockets layer, secure electronic transactions, and S/MIME.
X.509
_____ is a markup language that uses sets of embedded tags or labels to characterize text elements within a document so as to indicate their appearance, function, meaning, or context.
XML
The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability.
XSS reflection
A(n) __________ is any entity that has station functionality and provides access to the distribution system via the wireless medium for associated stations.
access point
Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their ________and of potential penalties.
accountability
System conditions requiring immediate attention is a(n) _______ severity.
alert
A benefit of IPsec is __________.
all of the above
A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______.
all of the above
A wireless access point is a _______.
all of the above
A wireless client can be _______.
all of the above
An IT security ________ helps to reduce risks.
all of the above
An IT security plan should include details of _________.
all of the above
Data items to capture for a security audit trail include:
all of the above
From a security point of view, which of the following actions should be done upon the termination of an employee?
all of the above
IPsec can assure that _________.
all of the above
Security auditing can:
all of the above
The follow-up stage of the management process includes _________.
all of the above
The ________ access mode allows the subject only write access to the object.
append
The ________ is a module that transmits the audit trail records from its local system to the centralized audit trail collector.
audit dispatcher
The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail.
audit trail collector
A characteristic of reflection attacks is the lack of _______ traffic.
backscatter
The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.
business continuity management
The ________ is the government agency that monitors the evaluation process.
certifier
The specification of a protocol, along with the chosen key length, is known as a ___.
cipher suite
A _______ is a collection of requirements that share a common focus or intent.
class
A _______ attack is where the input includes code that is then executed by the attacked system.
code injection
A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server.
command injection
A _______ policy states that the company may access, monitor, intercept, block access,inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy.
company rights
The objective of the ________ control category is to avoid breaches of any law, statutory,regulatory, or contractual obligations, and of any security requirements.
compliance
Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.
cost-benefit analysis
The result of S/MIME encrypting the digest using DSS and the sender's private DSS key is the ________.
digital signature
To protect the data, either the signature alone or the signature plus the message are mapped into printable ASCII characters using a scheme known as ________ or base 64 mapping.
digital signature
A _______ policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company.
disciplinary action
A system used to interconnect a set of basic service sets and LANs to create an extended service set is a _________.
distribution system
The function of the ________ layer is to control access tothe transmission medium and to provide an orderly and efficient use of that capacity.
distribution system
"An individual (or role) may grant to another individual (or role) access to a document based on the owner's discretion, constrained by the MAC rules" describes the _________.A. ss-property B. ds-property
ds-property
With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected.
dynamically linked shared libraries
The _________ level focuses on developing the ability and vision to perform complex,multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.
education and experience
Severe messages, such as immediate system shutdown, is a(n) _____ severity.
emerg
In the case of ________ only the digital signature is encoded using base 64.
enveloped data
The ________ function consists of encrypted content o fany type and encrypted-content encryption keys for one or more recipients.
enveloped data
The _________ is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect.
event discriminator
The intent of ________ is to determine whether the program or function correctly handles all abnormal inputs or whether it crashes or otherwise fails to respond appropriately.
fuzzing
The most complex part of TLS is the __________.
handshake protocol
When a DoS attack is detected, the first step is to _______.
identify the attack
Incorrect handling of program _______ is one of the most common failings in software security.
input
A contingency plan for systems critical to a large organization would be _________ than that for a small business.
larger, more detailed
The ________ accepts the message submitted by a message user agent and enforces the policies of the hosting domain and the requirements of Internet standards.
mail submission agent
Periodically reviewing controls to verify that they still function as intended, upgrading controls when new requirements are discovered, ensuring that changes to systems do not adversely affect the controls, and ensuring new threats or vulnerabilities have not become known are all ________ tasks.
maintenance
Maintenance of security controls, security compliance checking, change and configuration management, and incident handling are all included in the follow-up stage of the _________process.
management
A stead reduction in memory available on the heap to the point where it is completely exhausted is known as a ________.
memory leak
An example of a(n) __________ attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance.
network injection
Windows allows the system user to enable auditing in _______ different categories.
nine
The _______ consists of two dates: the first and last on which the certificate is valid.
period of validity
A ________ is a secret key shared by the AP and a STA and installed in some fashion outside the scope of IEEE 802.11i.
pre-shared key
The MPDU exchange for distributing pairwise keys is known as the _______.
pre-shared key
The smallest building block of a wireless LAN is a ______.
pre-shared key
______ is the recommended technique for wireless network security.
pre-shared key
The _______ field in the outer IP header indicates whether the association is an AH or ESP security association.
protocol identifier
Modifying the system's TCP/IP network code to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows, allowing a new connection attempt to proceed is _______.
random drop
A ________ is a pattern composed of a sequence of characters that describe allowable input variants.
regular expression
Defensive programming is sometimes referred to as _________.
secure programming
The _______ category is a transitional stage between awareness and training.
security basics and literacy
The ________ control the manner by which a subject may access an object.
security classes
Security classes are referred to as __________.
security levels
The implementation process is typically monitored by the organizational ______.
security officer
An integer value unique within the issuing CA that is unambiguously associated with the certificate is the ________.
serial number
Using forged source addresses is known as _________.
source address spoofing
Bots starting from a given HTTP link and then following all links on the provided Website in a recursive way is called _______.
spidering
______ attempts to monopolize all of the available request handling threads on the Webserver by sending HTTP requests that never complete.
spidering
Identification and authentication is part of the _______ class of security controls.
technical
The basic tool that permits widespread use of S/MIME is ________.
the public-key certificate
ESP supports two modes of use: transport and _________.
tunnel
The _______ access mode allows the subject both read and write access to the object.
write
