Final exam

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

An incident response team does not respond to which of the following events?

Spam

Which of the following is a Windows-based port scanner designed to scan TCP and UDP ports, perform ping scans, run Whois queries, and use Traceroute, and hostname lookup?

SuperScan

Which of the following tools is used to perform port scanning, but can also be used to perform enumeration by using utilities designed for extracting information from a Windows-based host?

SuperScan

The process of investigating any and all security incidents and related issues pertaining to a particular situation is called:

due diligence

An attacker can deprive the system owner of the ability to detect the activities that have been carried out by:

disabling auditing

Which of the following ports does SSH operate on?

22

SMTP (Simple Mail Transfer Protocol)

A TCP/IP Protocol used in sending and receive email, either use POP3 (Post Office Protocol 3) or IMAP (Internet Message Access Protocol).

What is Brutus?

A password cracker tool

Port Scanning

A port scanner is an application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

Which of the following is a form of OS fingerprinting that involves actively requesting information from the target system?

Active fingerprinting

Which of the following reveals telling information such as version and service data that will help an attacker?

Banner

Which of the following defines how the organization will maintain what is accepted as normal day-to-day business in the event of a security incident or other events disruptive to the business?

Business continuity plan

Which of the following discusses all the potential risks uncovered following an incident and their potential impact on the organization?

Business impact analysis

They replicate a disaster fairly accurately without disrupting the system.

Cold site

Which of the following should be on a security incident report form?

Contact information for the original reporting organization or person

Inserting <script>action</script> is an example of what type of Web attack?

Cross-site scripting

What is XSS?

Cross-site scripting

Identifying fixes and prevention methods occurs in which of these incident response stages?

Debriefing and feedback

Which of the following documents states how personnel and assets will be safeguarded in the event of a disaster?

Disaster recovery plan

Why are database attacks that inject data a concern for organizations?

False data might be added , malicious code could be injected, and Databases could be filled

What does OS fingerprinting allow?

Host OS identification

Which of the following are considered offline attacks?

Hybrid and precomputed attacks

Interviewing system administrators about technical details of an event most often occurs in which stage of incident response?

Incident identification

What can an insecure login system provide?

Information about the existence of a user

Installing Netcat on a remote system by using an exploit is an example of what type of attack?

Installing a back door

Which of these describes a database security problem that occurs when actions of database users are not properly tracked?

Limited audit log settings

A standard format for reporting a security incident prevents which of the following?

Missing data

The feature in the Windows operating system that is used to give access to certain types of information across the network is the:

NULL session

Which of the following best describes what occurs when a user attempts a connection to a Windows system without the standard username and password being provided?

NULL session

Through which of the following can port scans gain information about Windows IPC administrative share information?

NULL sessions

Which of the following best describes the control of information when a security incident occurs?

Need to know

Enumeration can be used to discover all but which of the following types of information?

Smartcard PINs

Which of the following options is a useful defense against database attacks?

Nonstandard ports, Firewall, OS Security

The practice of identifying the operating system of a networked device through either passive or active techniques is called:

OS identification

Which of the following are considered passive online attacks?

Packet sniffing, or man-in-the-middle and replay attacks

Which of the following is a method of identifying the OS of a targeted computer or device in which no traffic or packets are injected into the network and attackers simply listen to and analyze existing traffic?

Passive fingerprinting

Nmap's -sT command tells the application to do which of the following?

Perform a full TCP connection scan

The process of sending ping requests to a series of devices or to the entire range of networked devices is called a:

Ping Sweep

Which of the following best describes what occurs when a lower-level account is cracked in order to obtain increased access?

Privilege escalation

Which of the following is an attack that uses the rights of a low-privilege user to assume higher privileges?

Privilege escalation

NetBIOS enumeration can allow ___________.

Registry enumeration, trusted domain enumeration, and user enumeration

Which of the following refers to software designed to alter system files and utilities on a victim's system with the intention of changing the way a system behaves?

Rootkits

An attacker who adds commands to a database query has likely used

SQL injection

Which of the following user accounts is considered a super user-style account that gets nearly unlimited access to the local system and can perform actions on the local system with little or no restriction?

SYSTEM

Which of the following is a database on the local system that stores user account information?

Security Account Manager (SAM)

A XMAS scan detects packets in which all flags are active.

THC-Amap

THC-Scan

THC-Scan is a wardialer that works under DOS, Win95/98/NT/2K/XP, and usage with Scavenger Dialer and THC-Login Hacker.

Which of the following is a law originally passed to address federal computer-related offenses and the cracking of computer systems?

The Computer Fraud and Abuse Act 1986

All but which of the following is commonly included in a security policy?

The city evacuation routes and emergency shelter contact information

Shoulder Surfing

The practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information.

All but which of the following constitutes a security incident?

The result is loss of power and water.

What is a characteristic of an incident response and disaster recovery simulation?

They replicate a disaster fairly accurately without disrupting the system.

Changing the content of a Web site with the intent of leaving a distinguishing mark or changing its appearance is

Web site defacement.

Which of the following is a malware program designed to replicate without attaching to or infecting other files on a host system?

Worm

A _____ scan detects packets in which all flags are active.

XMAS

Spyware is software

___that is installed on a computing device without the end user's knowledge, it can violate the end user's privacy and has the potential to be abused.

A brute force attack is___

a trial-and-error method used to obtain information such as a user password or personal identification number. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.

A detailed plan that describes how to deal with a security incident when it occurs is called____

a(n) incident response plan.

The phase of incident response that involves determining which evidence is relevant to the investigation and which is not is called:

analysis and tracking.

A warm site relies on____

backups for recovery. As a result, it doesn't require dedicated storage but instead can take advantage of less-expensive shared storage. In other words, all components of a warm site, including storage, are shared among multiple customers. Therefore, most of the considerations of hot sites also apply for warm sites.

Cross-site Scripting (XSS) refers to ____

client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application.

The capacity of a system to keep functioning in the face of hardware or software failure is called:

fault tolerance.

Warm site recoveries were typically measured

in days, while hot site is in minutes

Freeware is software that ______

is available for use at no monetary cost. In other words, while freeware may be used without payment it is most often proprietary software, as usually modification, re-distribution or reverse-engineering without the author's permission is prohibited

Shoulder surfing, keyboard sniffing, and social engineering are considered ____

nontechnical attacks.

All of the following are active fingerprinting tools except

p0f

Privilege escalation gives the attacker the ability to____

perform actions on the system with fewer restrictions and perform tasks that are potentially more damaging.

A patch is a____

piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually called bug fixes, and improving the usability or performance.

Adware, or advertising-supported software, is ____

software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process.

Spyware installs itself on a____

system by deceiving the user or by exploiting software vulnerabilities. They do not transmit or copy from one software to another computer.

The second phase of incident response is to determine how seriously the incident has affected critical systems or data. This phase is called:

triagle

Which of the following should be the next step after the identification of an incident?

triagle

Banner grabbing is a technique ____

used to gain information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network. However, an intruder can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.


संबंधित स्टडी सेट्स

Ch.2 Tax Compliance, the IRS, and Tax Authorities

View Set

Chapter 11: Health Care of the Older Adult PrepU

View Set

Chapter 1 - Database Management Systems

View Set

Module 11 Studying the Brain, Older Brain Structures, and the Limbic System

View Set