Network+ Final
What is taking place when a device spoofs the MAC address of another device, attempting to change the ARP tables through spoofed traffic and the ARP table-update mechanism? ARP poisoning MAC flooding MAC poisoning ARP flooding
ARP poisoning
Which statement describes how shoulder surfing is accomplished? -An attacker attempts to find little bits of information in a target's trash can. -An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard. -An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building. -An attacker masquerades as a trusted entity in an e-mail or instant message sent to a large group of often random users.
An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard.
Which statement describes how reverse social engineering is accomplished? -An attacker attempts to find little bits of information that could be useful for an attack in a target's trash can. -An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information. -An attacker uninstalls software on an unsuspecting user's computer. -An attacker initiates a conversation with the target to obtain confidential information.
An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.
Which statement is true of an ionization fire detection device? -An ionization fire detection device provides advanced warning for smoldering fires. -An ionization fire detection device detects fast-burning fires. -An ionization fire detection device detects heat. -An ionization fire detection device relies on a change in the flames' infrared energy.
An ionization fire detection device detects fast-burning fires.
__________ is a PowerShell-based approach to configuration management of a system. Credential Guard Desired State Configuration (DSC) Network Access Protection (NAP) User Account Control
Desired State Configuration (DSC)
A control classified as preventative has to be known by a person in order to be effective. True False
False
A digital signature by itself can protect the contents of the message from interception. True False
False
Defense against attack begins by eliminating threats. True False
False
Hostile activity that does not match an IDS signature and goes undetected is called a false positive. True False
False
If your organization is highly sensitive to sharing resources, you might want to consider the use of a public cloud to reduce exposure and increase your control over security, processing, and handling of data. True False
False
In most security circles, security through obscurity is considered a good approach, especially if it is the only approach to security. True False
False
Integrity is the ability to keep some piece of data a secret. True False
False
It is possible to conduct risk management that is purely quantitative. True False
False
Large organizations typically have the resources to protect everything against all threats. True False
False
When analyzing computer storage components, the original system should be analyzed. True False
False
When performing forensics on a computer system, you should use the utilities provided by that system. True False
False
What name was given to the advanced persistent threat (APT)-style spy network responsible for bugging the Dalai Lama's office? Melissa GhostNet Conficker Code Red
GhostNet
How did the Slammer worm infect computer systems? -It entered through the victim's Outlook address book software and then replicated itself by sending infected emails to the first 50 contacts. -It collected keystrokes, screenshots, and network traffic from open ports. -It exploited a buffer-overflow vulnerability in computers running Microsoft SQL Server or SQL Server Desktop Engine. -It "slammed" shut a computer by not allowing any user to log in.
It exploited a buffer-overflow vulnerability in computers running Microsoft SQL Server or SQL Server Desktop Engine.
How do most advanced persistent threats (APTs) begin? -Most APTs begin through a denial of service attack. -Most APTs begin through a phishing or spear phishing attack. -Most APTs begin through a port scan. -Most APTs begin through password cracking.
Most APTs begin through a phishing or spear phishing attack.
A birthday attack is a type of logic bomb virus that releases its payload on the birthday of some famous person, such as Michelangelo. True False
False
Reverse social engineering is easier to execute than social engineering. True False
False
The primary reason that spread-spectrum technology is used in 802.11 protocols is to provide security. True False
False
Thick access points refer to controller-based access points. True False
False
Usage auditing and review is the routine screening of all attributes for an account. True False
False
What are the three types of accounting records in TACACS+? availability, accounting, and confidentiality availability, integrity, and confidentiality START, STOP, and UPDATE START, STOP, and DELETE
START, STOP, and UPDATE
The _______________ is a set of tools that can be used to target attacks at the people using systems; it has applets that can be used to create phishing e-mails, Java attack code, and other social engineering-type attacks. WireShark Toolkit Metasploit Suite Social-Engineering Toolkit Burp Suite
Social-Engineering Toolkit
The traditional ROM-BIOS has been replaced with __________. ELAM Boot Secure Boot Unified Extensible Firmware Interface (UEFI) Trusted Machine Platform
Unified Extensible Firmware Interface (UEFI)
Which attack technique uses Bluetooth to establish a serial connection to a device that allows access to the full AT command set? evil twin bluesnarfing bluebugging replay
bluebugging
Which attack technique involves sending an unauthorized message to another Bluetooth device? bluejacking bluesnarfing bluehacking Bluetooth DOS
bluejacking
Which term describes a legal agreement between partners establishing the terms, conditions, and expectations of the relationship between the partners? business partnership agreement (BPA) interconnection security agreement (ISA) service level agreement (SLA) memorandum of understanding (MOU)
business partnership agreement (BPA)
Which term generally refers to the standard of care a business is expected to exercise in preparation for a business transaction? due care due diligence acceptable use incident response
due diligence
Which type of computing brings processing closer to the edge of the network, which optimizes web applications and IoT devices? implicit edge recovery hybrid
edge
In an "old school" attack, which step is a listing of the systems and vulnerabilities to build an attack game plan? scanning footprinting enumeration pilfering
enumeration
Which term refers to the invocation of conditions that fall outside the normal sequence of operation? exceptions least privilege economy of mechanism fail-safe defaults
exceptions
Clusters on a hard disk that are marked by the operating system as usable when needed are referred to as __________. free space slack space open space unused space
free space
Media is typically divided into which three categories? logical, physical, and virtual magnetic, optical, and electronic solid state, Blue-ray, and magnetic portable, attached, and detached
magnetic, optical, and electronic
One of the steps that the majority of system administrators running Internet e-mail servers have taken to reduce spam is to shut down __________. spam filters mail relaying e-mail attachments Outlook Express
mail relaying
A __________ is a software or hardware device that is used to observe traffic as it passes through a network on shared broadcast media. logic bomb network sniffer backdoor trapdoor
network sniffer
What command is used to discover what systems are on a network and the open ports and services on those systems? hping route nmap ipconfig
nmap
A __________ is a more formal, larger software update that can address several or many software problems. script log hotfix patch
patch
Which is the correct syntax for the ping command? targetname/address (ping) [options] ping [options] targetname/address ping/targetname/address [options] targetname/address/options/ping
ping [options] targetname/address
Which attack occurs when the attacker captures a portion of a communication between two parties and retransmits it at a later time? TCP/IP hijacking denial-of-service man-in-the-middle replay
replay
Which term refers to a list of the risks associated with a system? risk mitigation risk model risk register risk management
risk register
Which term refers to the quarantine or isolation of a system from its surroundings? demilitarized zoning read-only domain controller pruning egress filtering sandboxing
sandboxing
Which term refers to the examination of machines to determine what operating systems, services, and vulnerabilities exist? scanning enumeration footprinting pilfering
scanning
What term is used for unsolicited commercial e-mail? hoax e-mail worms spam sporks
spam
Which term refers to a network connection used to interconnect virtual private clouds and on-premises networks? certificate repository digital sandbox captive portal transit gateway
transit gateway
Which term describes the hosting of a desktop environment on a central server? virtual desktop infrastructure Infrastructure as a Service virtualization Open Container Initiative
virtual desktop infrastructure
Suppose that an attacker attempts to get credit card numbers using telephone and voice communication technologies. What term is used for this type of attack? vishing telephishing phreaking voicing
vishing
Which term refers to characteristics of resources that can be exploited by a threat to cause harm? vulnerabilities preventive controls tangible impacts threat vectors
vulnerabilities
What is the goal of TCP? -TCPs send an unauthenticated, error-free stream of information between two computers. -TCPs provide integrity and authentication functionality through the use of cryptographic methods. -TCPs link documents to other documents by URLs. -TCPs provide a common addressing scheme.
TCPs send an unauthenticated, error-free stream of information between two computers.
What should an incident response team do when they are notified of a potential incident? -The team should immediately escalate the problem to senior management. -The team should shut down the infected system. -The team should confirm the existence, scope, and magnitude of the event and then respond accordingly. -The team should immediately back up the data on the infected system.
The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.
Which statement applies to viruses? -They typically are highly visible once released. -They are the best tool to use in highly structured attacks. -They are the best tool to use in attacks where secrecy is vital. -They are targeted at a specific organization.
They typically are highly visible once released.
What is an advantage of a network-based IDS? This type of IDS can examine data after it has been decrypted. This type of IDS coverage requires fewer systems. This type of IDS can be very application specific. This type of IDS can determine whether or not an alarm may impact a specific system.
This type of IDS coverage requires fewer systems.
In the early days of computers, security was considered to be a binary condition in which your system was either secure or not secure. True False
True
Legacy platforms is the term used to describe systems that are no longer being marketed or supported. True False
True
MAC filtering can be bypassed by attackers observing allowed MAC addresses and spoofing the allowed MAC address for the wireless card. True False
True
Protecting data while in use is a much trickier proposition than protecting it in transit or in storage. True False
True
The most common form of authentication is the user ID and password combination. True False
True
The presence of risks in a system is an absolute—they cannot be removed or eliminated. True False
True
The primary defense against a majority of physical attacks is barriers such as walls, fences, gates, and doors. True False
True
The purpose of change management is to ensure proper procedures are followed when modifications to the IT infrastructure are made. True False
True
Which term refers to a repository of alarms that an IDS has recorded? notification database notification center alarm storage alarm database
alarm storage
Which component of an HIDS must decide what activity is "okay" and what activity is "bad"? traffic collector analysis engine signature database examination collector
analysis engine
In the case of an FTP server, which account allows unlimited public access to the files and is commonly used when you want to have unlimited distribution? root anonymous administrator public
anonymous
Which term refers to standalone devices that are wired into the network and designed to run an application to perform a specific function on traffic? appliances kiosks sandboxes egress filters
appliances
In the computer security world, _______________ is a process of assessing the security state of an organization compared against an established standard. parsing auditing reconnaissance coding
auditing
Which term refers to the matching of a user to an account through previously shared credentials? nonrepudiation digital signing authentication obfuscation
authentication
Which item is an example of a clean-agent fire suppressor? water sand carbon dioxide halon
carbon dioxide
Which term refers to the design and operation of elements to ensure the proper functional environment of a system? layered security configuration management diversity of defense session management
configuration management
Which process involves implementing security tools and policies to ensure your container is running as intended? container security log aggregation secrets management edge computing
container security
What risk mitigation step can be taken to prevent data theft? reliability and performance management configuration control data minimization data maximization
data minimization
Which security principle is characterized by the use of multiple, different defense mechanisms with a goal of improving the defensive response to an attack? sandboxing defense in depth reverse-engineering complete mediation
defense in depth
Stealing a computer, using a bootdisk to erase all data on the drives, or simply unplugging computers are all effective __________ attacks. denial-of-service (DoS) road apple man-in-the-middle eavesdropping
denial-of-service (DoS)
SYN flooding is an example of a __________. viral attack denial-of-service attack logic bomb trojan horse
denial-of-service attack
Which access control type would you use to allow a file or resource owner the ability to change the permissions on that file or resource? mandatory access control discretionary access control role-based access control rule-based access control
discretionary access control
Which term refers to making different layers of security dissimilar so that even if attackers know how to get through a system that comprises one layer, they may not know how to get through a different type of layer that employs a different system for security? sandboxing reverse-engineering diversity of defense economy of mechanism
diversity of defense
What five phases should be covered in an incident response policy? -preparation, detection, containment and eradication, recovery, and follow-up actions -plan, implement, monitor, evaluate, document, and train -identification, isolation, destruction, documentation, and training -preparation, detection, isolation, destruction, and documentation
preparation, detection, containment and eradication, recovery, and follow-up actions
Which term denotes the policies and procedures employed to connect the IAM systems of the enterprise and the cloud to enable communication with the data? buffer overflow secrets management cross-site scripting discretionary access
secrets management
Which term refers to a security principle employed in many organizations to ensure that no single individual has the ability to conduct transactions alone? due diligence separation of duties defense in depth least privilege
separation of duties
How is quarantine accomplished? -through the erection of firewalls that restrict communication between machines -by rebooting the infected machine as many times as needed -by encrypting the infected data on the network's hard drive -through periodic patches of the infected systems
through the erection of firewalls that restrict communication between machines
Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on? blacklisting penetration testing auditing white box testing
white box testing
S/MIME uses the X.509 format for certificates. True False
True
Maintaining proper information in security training records is a requirement of several laws and regulations. True False
True
Most current ransomware attacks use a hybrid encrypting scheme, locking the files on a victim's computer until a ransom is paid. True False
True
One of the tenets associated with access is the need to know. True False
True
Over time, ciphers can become vulnerable to attacks. True False
True
What is a key guideline to follow when designing incident response procedures? -Keep incident response a pure information security endeavor. -Include appropriate business personnel. -Create a one-step, all-inclusive process. -Establish procedures in a real-time fashion to best respond to individual attacks.
Include appropriate business personnel.
__________ is a general term that refers to a variety of types of software that have been designed for some nefarious purpose. Virus Worm Trojan horse Malware
Malware
Impersonation can be employed in online attacks. True False
True
A sniffer must use a NIC placed in promiscuous (promisc) mode; otherwise, it will not see all the network traffic coming into the NIC. True False
True
All versions of SSL have been shown to be vulnerable to breach. True False
True
Attribute-based access control (ABAC) is a new access control schema based on the use of attributes associated with an identity. True False
True
Besides physically securing access to your computers, you can do very little to prevent drive imaging. True False
True
Context-based signatures match large patterns of activity and examine how certain types of activity fit into the other activities going on around them. True False
True
Which network security standard was created to provide users with an easy method of configuring wireless networks? Wireless Transport Layer Security (WTLS) Wi-Fi Protected Setup (WPS) Protected EAP (PEAP) Wireless Application Protocol (WAP)
Wi-Fi Protected Setup (WPS)
Which of the following devices is a sophisticated countermeasure to piggybacking? a man trap a rogue access point a concrete barrier a camera
a man trap
What name was given to an intellectual property attack executed against oil, gas, and petrochemical companies in the United States? Operation Night Dragon Shamoon Jester Stuxnet
Operation Night Dragon
Which key stretching mechanism uses a key-derivation function designed to produce a key derived from a password? Password-Based Key Derivation Function 2 (PBKDF2) Bcrypt YubiKey obfuscation
Password-Based Key Derivation Function 2 (PBKDF2)
Which statement accurately summarizes the "security problem"? -Physical access negates all other security measures. -A stitch in time saves nine. -The more secure it is, the less functional it is. -Security is 90 percent mental, 10 percent physical.
Physical access negates all other security measures.
