Network Security Exam 1
The most popular public key encryption cipher is ________.
RSA
Which of the following is not a signaling protocol?
RTP
Which comes third in a VoIP packet?
RTP header
In addition to deauthenticate messages, an attacker could flood wireless clients with ________.
RTS, CTS
________ is a good option if an attack is aimed at a single server because it keeps transmission lines at least partially open for other communication.
Rate limiting
RTP stands for ________.
Real Time Protocol
________ are prescriptive statements about what companies should do and are put together by trade associations and government agencies.
Recommended practices
Which of the following is a benefit of using a central authentication server in 802.1X?
Reduced cost, Consistency in authentication,Immediacy in access control changes
With RAID 1, the following is achieved ________.
Redundancy
Which types of VPNs use VPN gateways?
Remote access VPNs
Which of the following is not one of the three elements in the fraud and abuse triangle?
Resistance
________ means implementing no countermeasures and absorbing any damages that occur.
Risk acceptance
________ means responding to risk by not taking a risky action.
Risk avoidance
Which of the following is a way of responding to risk with active countermeasures?
Risk reduction
________ means responding to risk by taking out insurance.
Risk transference
Which type of program can hide itself from normal inspection and detection?
Rootkit
To get to the super user account in Windows, the administrator can use the ________ command.
RunAs
What e-mail standard provides end-to-end security?
S/MIME
Which of the following uses a PKI?
S/MIME
________ offers no security at all.
SNMP V1
________ introduced community strings for security, in which a shared secret was used to authenticate messages.
SNMP V2
Spam over VoIP is called ________.
SPIT
The attack method used in the Sony data breaches was
SQL injection
In a(n) ________ attack, the user enters part of a database query instead of giving the expected input.
SQL injection attack
When you make a purchase over the Internet, your sensitive traffic is almost always protected by ________ VPN transmission.
SSL/TLS
A(n) ________ attack requires a victim host to prepare for many connections, using up resources until the computer can no longer serve legitimate users.
SYN Flooding
A ________ attack is when a victim is flooded with SYN packets in an attempt to make many half-open TCP connections.
SYN flood
________ is the destruction of hardware, software, or data.
Sabotage
Under what Internet Options tabs are general security settings for websites controlled?
Security
________ are sets of specific actions to be taken to harden all hosts of a particular type and of particular versions within each type.
Security baselines
________ occurs when companies believe they have good security because they are using proprietary ciphers that hackers do not know.
Security through obscurity
________ allows for very recent file changes to be restored.
Shadowing
________ detection looks for specific patterns in the network traffic to identify a threat.
Signature
________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers.
Skype
Which of the following statements accurately describes Skype?
Skype's proprietary software and protocols have not been publicly studied and approved.
________ is an example of PII.
Social Security number
________ attacks take advantage of flawed human judgment by convincing the victim to take actions that are counter to security policies.
Social engineering
________ is the process of obscuring an attackers source IP address.
Spoofing
________ are mandatory.
Standards
________ is/are effective method(s) to preventing ARP poisoning attacks.
Static tables,Limiting local access
Another name for RAID 0 is ________.
Striping
________ ciphers leave letters in their original positions.
Substitution
Which of the following gives the best estimate of the complete cost of a compromise?
TCI
"Death of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is impossible.
TRUE
18 U.S.C. § 1030 prohibits hacking.
TRUE
802.11i offers strong security.
TRUE
A CSIRT should include members from the public relations department.
TRUE
A DoS attack makes a server or network unavailable by flooding it with attack packets.
TRUE
A Microsoft Windows Service Pack is a group of vulnerability fixes and sometimes functionality improvements.
TRUE
A Trojan horse is a program that hides itself by deleting a system file and taking on the system file's name.
TRUE
A border firewall sits at the boundary between the corporate site and the external Internet.
TRUE
A company should consider list of possible remediation plans as an investment portfolio.
TRUE
A connection opening is a state.
TRUE
It is easier to create appropriate ACL rules for server host firewalls than for border firewalls.
TRUE
It is easier to punish employees than to prosecute outside attackers.
TRUE
It is getting easier for attackers to bypass the border firewall.
TRUE
It is mandatory for decision makers to consider guidelines.
TRUE
It is very important for testers to get permission before running a password cracking program on their company's computers to check for weak passwords even if such testing is in their job definitions.
TRUE
LINUX commonly uses the rpm method to download patches.
TRUE
Magnetic tape can store large amounts of data at the lowest cost per bit of any backup medium.
TRUE
Many compliance regimes require firms to adopt specific formal governance framework to drive security planning and operational management.
TRUE
Many firms prioritize patches because the cost of installing all patches it too high.
TRUE
Mesh backup is where client PCs in an organization back up each other.
TRUE
Misappropriation of assets is an example of employee financial theft.
TRUE
Mobile code usually is contained in webpages.
TRUE
A direct attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer.
TRUE
A down side of spam filtering is the deletion of some legitimate messages.
TRUE
A firewall does note set aside resources for a connection when a SYN segment arrives, so handling a large number of false SYN segments is only a small burden.
TRUE
A remote access VPN typically gives users access to multiple resources within a site.
TRUE
A router can be a NIDS.
TRUE
A socket designates a specific program designated by a port number on a specific computer's IP address.
TRUE
A specific distribution of UNIX comes with multiple user interfaces.
TRUE
A state is a distinct phase in a connection between two applications.
TRUE
A system using an array of drives increases reliability.
TRUE
ARP is used to resolve 32-bit IP addresses into 48-bit local MAC addresses.
TRUE
Accepting cookies is necessary to use many websites.
TRUE
After access is granted to a network, many NACs continue to monitor network PCs.
TRUE
After performing a preliminary security assessment, a company should develop a remediation plan for EVERY security gap identified.
TRUE
An IDS provides query and reporting tools to help administrators analyze the data interactively during and after an incident.
TRUE
An application proxy firewall needs have multiple proxy programs if it is to filter multiple application protocols.
TRUE
Another name for data is raw facts.
TRUE
Antivirus protections may be deliberately turned off by users.
TRUE
Application proxy firewalls can always examine application layer content.
TRUE
Attackers cannot use IP address spoofing in port scanning attack packets.
TRUE
Attackers frequently create exploits within hours or days after a fix is released by a vendor.
TRUE
Attacks other than application level attacks usually fail to get through SPI firewalls.
TRUE
Backed-up data must be physically stored on something.
TRUE
Backing up data to a second hard drive on a computer is more expensive than backup onto to magnetic tape.
TRUE
Backup media should be encrypted.
TRUE
Bandwidth limitation for certain types of traffic is less risky than dropping packets.
TRUE
Baselines are used to go beyond default installation configurations for high-value targets.
TRUE
Blind SQL injection uses a series of SQL statements that produce different responses based on true/false questions, or timed responses.
TRUE
Both TCP and UDP can be used by an application .
TRUE
Botnets usually have multiple owners over time.
TRUE
By giving unauthorized users access to a local WLAN means that they are on the local network.
TRUE
CDP requires expensive high-speed transmission link between the sites.
TRUE
CTS frames tell other clients that you have received a RTS frame.
TRUE
Centralized firewall management systems automatically create ACLs from policies.
TRUE
Changing the default listening port is an effective way of discouraging attackers from accessing the database.
TRUE
Companies are responsible for filtering sexually or racially harassing messages and can be sued for not doing so.
TRUE
Companies create codes of ethics in order to make ethical decision making more predictable.
TRUE
Cookies can used to track users at a website.
TRUE
DES uses block encryption.
TRUE
DRM restricts what people can do with sensitive material.
TRUE
DRM usually is difficult to enforce.
TRUE
Data is the principal element of any information system.
TRUE
Detective countermeasures identify when a threat is attacking and especially when it is succeeding.
TRUE
Different UNIX versions have different security methods.
TRUE
Different honest people can make different ethical decisions in a given situation.
TRUE
DoS attacks against VoIP can be successful even if they increase latency only slightly.
TRUE
Downloading pornography can lead to sexual harassment lawsuits.
TRUE
Each network interface card (NIC) has a media access control address (MAC).
TRUE
Employees often have extensive knowledge of systems and can pose a greater risk than external attackers.
TRUE
Employees pose an increased risk to organizations as they ofter have access to sensitive parts of systems.
TRUE
Employees usually must rationalize bad behavior.
TRUE
Encryption is usually fully transparent to the PC user.
TRUE
False positives are legitimate activities that are flagged as suspicious.
TRUE
Money mules transfer stolen money for criminals and take a small percentage for themselves.
TRUE
Most CAs are not regulated.
TRUE
Most countermeasure controls are preventative controls.
TRUE
Most databases are relational databases.
TRUE
Most message-by-message authentication methods provide message integrity as a by-products.
TRUE
Most traditional external hackers do not cause extensive damage or commit theft for money.
TRUE
NAT adds latency to VoIP packets.
TRUE
Nearly all encryption for confidentiality uses symmetric key encryption ciphers.
TRUE
Federal jurisdiction typically does not extend to computer crimes that are committed entirely within a state and that do not have a bearing on interstate commerce.
TRUE
Firewall appliances need little or no hardening before they are installed.
TRUE
Firewall port openings are required for SIP/H.323 messages.
TRUE
Flooding the frequency of a wireless network is one method attackers use to affect the network.
TRUE
Focusing electronic attacks on specific high-value targets is known as whaling.
TRUE
For message-by-message authentication, each message must contain an electronic signature.
TRUE
From a legal standpoint, loss of encrypted data comes with negligible risk from the loss private information.
TRUE
H.323 uses Ports 1719 and 1720
TRUE
Half-open TCP SYN attacks can be stopped by many border firewalls.
TRUE
Having a permanent business continuity staff is necessary.
TRUE
If a hacker takes over an application program, he or she receives the permissions with which the program runs.
TRUE
In 802.11i, EAP outer authentication takes place before inner authentication.
TRUE
Nearly all wireless access points can support 802.11i.
TRUE
Nonmobile malware can be on webpages that users download.
TRUE
On a compromised computer, if you mistype the name of a URL, you may be taken to a malicious website even if you set your browser security to high.
TRUE
Once established, botnets can be leased to other criminals for DoS attacks.
TRUE
One of the most often overlooked mechanisms used to reduce data loss is employee training.
TRUE
One problem with ARP requests and replies is that they do not require authentication of verification.
TRUE
Only an expert witness is allowed to interpret facts for juries.
TRUE
Operating system account passwords provide limited protection.
TRUE
PEAP is a popular extended EAP protocol.
TRUE
Password hashes are created when a password is passed from a user to a hashing function.
TRUE
In Windows, a user's effective permissions are all those inherited from its parent directory plus any specifically allowed permission, minus those denied.
TRUE
In a P2P attack, there is a change in traffic pattern but the overall volume of traffic is the same.
TRUE
In a SQL injection attack, attackers may use lookup commands to obtain unauthorized information.
TRUE
In a firewall policy database, the source field and destination field are fairly explanatory.
TRUE
In a man-in-the-middle attack, an evil twin sends own attacks, impersonating the victim.
TRUE
In a reflected DoS attack, attackers send spoofed requests to legitimate servers. The servers then send all responses to the victim.
TRUE
In a replay attack, the attacker cannot read the contents of the replayed message.
TRUE
In benefits, costs and benefits are expressed on a per-year basis.
TRUE
In fraud, the attacker deceives the victim into doing something against the victim's financial self-interest.
TRUE
In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet arrives that attempts to open a connection.
TRUE
In ingress filtering, the firewall examines packets entering the network from the outside, typically from the Internet.
TRUE
In normal ARP traffic, every host can make ARP requests.
TRUE
In normal ARP traffic, generally an attacker on the same network cannot see traffic between two hosts.
TRUE
In pretexting, an attacker calls claiming to be a certain person in order to ask for private information about that person.
TRUE
In relational database, a row is the same as a tuple or record.
TRUE
In response to a chain of attack, victims can often trace the attack back to the final attack computer.
TRUE
In the long term, backup media should be stored at a different site.
TRUE
Incident response is defined as reacting to incidents according to plan.
TRUE
Incremental and full backups must be restored in the order in which they were created.
TRUE
Incremental backups are usually discarded after the next full backup.
TRUE
Ingress ACL rules typically permit a specific type of externally originated connection to network resources.
TRUE
Interactive log file analysis can filter out irrelevant entries.
TRUE
Internal corporate attackers often have a history of overt unacceptable behavior.
TRUE
It generally is a good idea from a security point of view to upgrade to a new version of an operating system.
TRUE
It is OK for a verifier to receive digital certificates from the sender.
TRUE
It is better to have an ACL that permits access to a single internal webserver than one that allows access to all internal webservers.
TRUE
Placing IT auditing in an existing auditing department would give independence from IT security.
TRUE
Pre-shared key mode was created for homes and small businesses with a single access point.
TRUE
Preventative countermeasures keep attacks from succeeding.
TRUE
Properly hardened hosts and securely coded applications can help protect data while it is processed.
TRUE
RTS frames tell other wireless clients that you want to transmit for a given amount of time.
TRUE
Rainbow tables contain lists of pre-computed password hashes that are indexed to expedite the password cracking process.
TRUE
Rehearsing IT disaster recovery procedures is essential to improve response speed and accuracy.
TRUE
Restoration from backup tapes is one way to move files to the backup site.
TRUE
Retaining data can create negative consequences.
TRUE
Rogue access points are unauthorized access points set up by individuals or departments.
TRUE
SPI filtering for packets that are part of ongoing communications is usually simple.
TRUE
SPI firewalls can handle both ICMP and UDP.
TRUE
SYN-ACK can be best described as the second part of a three-way TCP handshake sent in response to a SYN.
TRUE
Sanitation can protect against SQL injection attacks.
TRUE
Security metrics allow a company to know if it is improving in its implementation of policies.
TRUE
Security professionals should minimize burdens on functional departments.
TRUE
Security tends to impede functionality.
TRUE
Senior officers often have an additional code of ethics.
TRUE
Shredding is the best approach to destroying media.
TRUE
Similar to a direct attack, an indirect attack occurs when an attacker spoofs his/her IP address.
TRUE
Since Windows Server 2003, servers can be programmed to check for updates automatically
TRUE
Site-to-site VPNs typically decrypt messages when they arrive from the outside.
TRUE
Skype can decrypt and read user traffic.
TRUE
Skype's file transfer generally does not work with antivirus programs.
TRUE
Some writers prefer to turn off SSID broadcasting.
TRUE
Spammers are one reason that some companies have outsourced e-mail filtering.
TRUE
Stealing the password file from a computer is safer than attempting to log in remotely.
TRUE
Strong security can be an enabler, allowing a company to do things it could not do otherwise.
TRUE
Symmetric session key exchange can be done with public key encryption.
TRUE
Systems administrators generally do not manage the network.
TRUE
The 802.11 standards were developed by the IEEE 802.11 Working Group.
TRUE
The FTC can act against companies that fail to take reasonable precautions to protect privacy information.
TRUE
The act of taking over a super user account is called hacking root.
TRUE
The combination of high safety and low cost makes SPI firewalls extremely popular.
TRUE
The definition of hacking is "intentionally accessing a computer resource without authorization or in excess of authorization."
TRUE
The definition of spam is "unsolicited commercial e-mail."
TRUE
The factors that require a firm to change its security planning, protection, and response are called driving forces.
TRUE
The firewall should go through vulnerability testing after each change.
TRUE
The first task in establishing a cryptographic system is selecting a cryptographic system standard for the dialogue.
TRUE
The first task in security is to understand the environment to be protected.
TRUE
The goal of IT security is reasonable risk reduction.
TRUE
The growing number of compliance laws and regulations is driving firms to use formal governance frameworks to guide their security processes.
TRUE
The hash size in SHA-1 is 160 bits.
TRUE
The most common form of deletion in Windows-based systems is nominal deletion.
TRUE
The most popular public key cipher is RSA.
TRUE
The person the supplicant claims to be is the true party.
TRUE
The term sanitizing has lost its distinct meaning as special laboratory methods become ineffective.
TRUE
There is a legitimate reason for systems administrators to crack user passwords.
TRUE
Threat environment consists of the types of attackers and attacks that companies face.
TRUE
To take advantage of user typing errors, attackers register site names that are similar to those of legitimate domain names.
TRUE
To use an access point, you must know its SSID.
TRUE
Trade secret theft can occur through interception, hacking, and other traditional cybercrimes.
TRUE
Traditionally, Ethernet LANs offered no access security.
TRUE
Traffic in a honeypot usually indicates an attack.
TRUE
Training users what not to put into e-mail messages is the most effective method of avoiding problems during the legal discovery process.
TRUE
Typically, having enough shadow backup space for a few days is sufficient.
TRUE
Under current U.S. federal laws, if a company allows personal information to be stolen, it may be subject to government fines.
TRUE
Users usually must click on malicious links in order to execute them.
TRUE
Using a secure cryptographic system can prevent attacks while data is being processed.
TRUE
Using a secure cryptographic system can prevent attacks while data is being transmitted.
TRUE
Validation can protect against SQL injection attacks.
TRUE
Vulnerability patches can result in a loss of functionality in the patched host.
TRUE
WEP encrypts each frame with a per-frame key that consists of the shared RC4 key plus a 24-bit initialization vector that is different for each frame.
TRUE
WEP mandates shared keys.
TRUE
WEP uses RC4 for fast and therefore cheap encryption.
TRUE
When a computer attempts to connect to a network, NAC queries the PC for information present in the Windows Security Center to determine if all updates are current and AV is working.
TRUE
When a hashing algorithm is applied, the hash will ALWAYS have a fixed length.
TRUE
When companies studied where they stored private information, they found that much of this information was stored inside spreadsheets and word processing documents.
TRUE
When considering penalties for hacking, motivation is irrelevant.
TRUE
When performing trend analysis, decreasing granularity in queries is desirable.
TRUE
When you use your mobile firm to surf the Internet, it is a host.
TRUE
When you wish to create a specific firewall, you should create a security policy for that firewall specifically.
TRUE
Windows GPOs can restrict PCs from changing standard configurations.
TRUE
Wireless IDSs get their data from the company's access points.
TRUE
With Active-X controls, active scripting is enabled by default.
TRUE
With CDP, each location backs up the other in real time.
TRUE
With CDP, the backup site already has the proper equipment, and data and recovery is instantaneous.
TRUE
With image backup, even if the entire hard drive is lost, its content can be restored onto the same machine or a different machine.
TRUE
Writing data to an array of hard drives has several advantages over writing to a single drive.
TRUE
You accidentally find someone's password and use it to get into a system. This is hacking.
TRUE
You can quickly assess the general security posture of your Windows Vista PC by using the status check in the Windows Security Center.
TRUE
You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else's files. You spend just a few minutes looking around. This is hacking.
TRUE
Which of the following is transmitted across a network?
The ciphertext
What is missing from the definition of response as "recovery?"
The phrase "according to plan" must be added to "recovery."
Which of the following are ways that trade secret espionage occur?
Theft through interception, By bribing an employee, None of the above
________ thwart replay attacks by ensuring "freshness" using cutoff values.
Time stamps
In a stack overflow attack, to where does the return address point?
To the beginning of the stack entry's data area
________ ciphers move letters around within a message but characters are not substituted.
Transposition
VoIP traffic and data traffic tend to be segregated from each other on a network for added security.
True.
Precedents can be created by ________.
U.S. Circuit Courts of Appeal.
Which of the following is not one of the three levels of U.S. federal courts?
U.S. State Courts
________ is a family of operating systems that share interoperability at the kernel level.
UNIX
Which of the following is an example of a wireless attack?
Unauthorized network access, Man-in-the-middle attack using an evil twin, Wireless DOS attacks
Which of the following is not one of the three rules for apologies?
Use wording aimed at reducing lawsuits.
________ eliminates the problem of having to re-baseline the system to proper security levels.
Using a disk image
Which version of SNMP allows the manager to have a different shared secret with each agent?
Version 3
Which of the following is not one of the four security levels of incidents?
Virus epidemics
________ are programs that attach themselves to legitimate programs.
Viruses
________ can spread through e-mail attachments.
Viruses, Worms
The original 802.11 core security protocol, ________, was deeply flawed.
WEP
Using a shared initial key is dangerous in ________.
WEP
What was the first core wireless security standard?
WEP
In ________, users authenticate themselves to the access point via the use of a single, shared initial key.
WEP, 802.11i pre-shared key mode, WPA pre-shared key mode
________ security uses the RC4 cipher in encryption for confidentiality and the Temporal Key Integrity Protocol for keying and rekeying.
WPA
The Wi-Fi Alliance calls 802.11i ________.
WPA2
Which of the following are examples of opportunity?
Weak security controls, Insufficient oversight from management, An unlocked safe
________ is a single countermeasure composed of multiple interdependent components in series that require all components to succeed if the countermeasure is to succeed.
Weakest link
Which of the following are examples of social engineering?
Wearing a uniform to give the appearance that you work at a business Gaining unauthorized access by following an authorized individual in to a business
________ allows many different groups to be assigned different permissions.
Windows
Microsoft's server operating system is called ________.
Windows Server
In a(n) ________ attack, information that a user enters is sent back to the user in a webpage.
XSS
To obtain IP addresses through reconnaissance, an attacker can use ________.
a chain of attack computers
An EAP response message may contain ________.
a negative acknowledgement
To satisfy legal retention and other compliance regulations, companies should use ________ in IM.
a relay server
The business continuity team should be headed by ________.
a senior business manager
In regards to network security, ________ is the policy-driven control of access to systems, data, and dialogues.
access control
The ________ collects event data and stores them in log files on the monitoring devices.
agent
Integrated log files are ________ event logs from multiple IDSs.
aggregated
A technical security architecture includes ________.
all of a firm's countermeasures, how countermeasures are organized
To how many accounts and groups can different permissions be applied in Windows?
almost an unlimited number
Restoration of data files from tape ________.
always results in data loss
In a man-in-the-middle attack, ________.
an evil twin must have a stronger signal than the legitimate AP, an evil twin sends own attacks, impersonating the victim
Someone who pretends to be someone else is ________.
an impostor
Zero-day attacks might be stopped by ________ detection.
anomaly
Central security consoles ________.
are dangerous, allow policies to be applied consistently
Companies transmit over the wireless LANs because WLANs ________.
are secure
A Windows systems administrator should use the Administrator account ________.
as little as possible, and only when needed
The first step in developing an IT security plan is to ________.
assess the current state of the company's security
Proving your identity to a communication partner is ________.
authentication
An EAP failure message is sent to the ________.
authenticator
When a new EAP authentication is added, software does not have to be changed on the ________.
authenticator
Updating should be done on client PCs ________.
automatically
Ensuring network ________ means that authorized users have access to information, services, and network resources.
availability
WLAN DoS attacks are designed to affect the ________ of the network.
availability
Firms still choose to use WPA in order to ________.
avoid configuration expenses for access points, avoid configuration expenses for wireless clients
In ________ transfers, the agent waits until it has several minutes or several hours of data and then sends a block of log file data to the manager.
batch
A technical security architecture should be created ________.
before a firm creates individual countermeasures
Countries would engage in cyberwar ________.
before a physical attack, after a physical attack
Mobile computers should be backed up ________.
before being taken off site
SSL/TLS provides security ________.
between the sender and his or her e-mail server
Dropping all future packets from a particular IP address is called ________.
black holing
When a threat succeeds in causing harm to a business, this is called a
breach, compromise, incident
An attacker types more data in a field than the programmer expected. This is a(n) ________ attack.
buffer overflow
The most popular way for hackers to take over hosts today is ________.
by taking over an application
Stealing credit card numbers is also known as ________.
carding
The dominant type of attacker today is the ________.
career criminal
Past judicial precedents constitute ________.
case law
The ultimate goal of a DoS attack is to ________.
cause harm
After gaining wireless access to the private network, the attach can ________.
cause harm to internal clients, steal data,launch external attacks
When a new EAP authentication is added, software has to be changed on the ________.
central authentication server
In FISMA, ________ is done internally by the organization.
certification, accreditation
Both A and B Assigning security measures to groups is ________ than assigning security measures to individuals within groups.
cheaper
A ________ is a mathematical process used in encryption and decryption.
cipher
In SSL/TLS, a ________ is a specific set of security methods and options.
cipher suite
In SSL/TLS, a specific set of protocols that a particular cryptographic system will use to provide protection is called a ________.
cipher suite
Plaintiffs initiate legal proceedings in ________ cases.
civil
The normal standard for deciding a case in ________ trials is a preponderance of the evidence.
civil
Once a company's resources are enumerated, the next step is to ________.
classify them according to sensitivity
The Microsoft Windows Server interface looks like the interface in ________.
client versions of Microsoft Windows
Nonces can be used in ________.
client/server applications
IDS false alarms cause ________.
companies to ignore IDS alerts
In codes, code symbols may represent ________.
complete words, complete phrases, individual letters
Long passwords that use several types of keyboard characters are called ________ passwords.
complex
Public key encryption is ________.
complex, slow,expensive
Audits place special attention on ________.
compliance avoidance
Closing all routes of attack into an organization's system(s) is called ________.
comprehensive security
A(n) ________ is a professional who is trained to collect and evaluate computer evidence in ways that are likely to be admissible in court.
computer forensics expert
Whisker is a popular tool for ________.
conducting vulnerability testing on webservers
In regards to network security, ________ means preventing unauthorized users from gaining information about the network structure, data flowing across the network, network protocols used, or packet header values.
confidentiality
The three common core goals of security are
confidentiality, integrity, and availability
A ________ is a persistent conversation between different programs on different computers.
connection
In COSO, a company's overall control culture is called its ________.
control environment
CobiT focuses on ________.
controlling entire IT function
COSO focuses on ________.
corporate internal and financial controls
Policies should be written by ________.
corporate teams involving people from multiple departments
A benefit of using MSSPs is that they provide ________.
cost savings, independence
Another name for safeguard is
countermeasure
Compliance laws and regulations ________.
create requirements to which security must respond, can be expensive for IT security
Quantum key cracking ________.
creates a major threat to many traditional cryptographic methods
Mens Rea usually is important is ________ trials.
criminal
Prosecutors initiate legal proceedings in ________ cases.
criminal
The normal standard for deciding a case in ________ trials is guilt beyond a reasonable
criminal
Someone who breaks encryption is called a ________.
cryptanalyst
Packaged sets of cryptographic countermeasures for protecting data transmission are ________.
cryptographic systems
A ________ is law dealing with information technology.
cyberlaw
File/directory data backup copies ________.
data
This book focuses on ________.
defense
Using both a firewall and host hardening to protect a host is ________.
defense in depth
Terrorists can use IT to ________.
destroy utilities, finance their terrorism
An IDS is a ________ control.
detective
The purpose(s) of auditing is(are) to ________.
develop opinions on the health of controls
Developers have permissions on the ________.
development server
Attacks in which a user reaches a directory outside of the WWW root directory and its subdirectories is called a(n) ________ attack.
directory traversal
A ________ IDS sends data from many devices at a central management console.
distributed
One of the two characterizations of expert hackers is ________.
dogged persistence
If an IDS cannot process all of the packets it receives, it will ________ packets it cannot process.
drop
If a firewall cannot keep up with traffic volume, it will ________.
drop packets it cannot process
In public key encryption, "signing" is the act of ________.
encrypting the message digest with its own private key
The supplicant creates a digital signature by ________.
encrypting the message digest with its own private key
In order to demonstrate support for security, top management must ________.
ensure that security has an adequate budget, support security when there are conflicts between the needs of security and the needs of other business functions, follow security procedures themselves
SIP Identity protocols ________.
ensure that traffic is authenticated between two companies holding public/private keys
The analysis of multi-event patterns is called ________.
event correlation
SLE times APO gives the ________.
expected annual loss
A(n) ________ is a program that takes advantage of a(n) ________.
exploit, vulnerability
In ________, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.
extortion
The prevention of sensitive information from being sent out of a company is called ________.
extrusion prevention
Stateful packet inspection firewalls are ________.
fairly safe in practice
False alarms in an IDS are known as ________.
false positives
UNIX offers ________ directory and file permissions than (as) Windows.
fewer
In cryptographic systems, the negotiation of security methods and options takes place during the ________ handshaking stage.
first
A botmaster can remotely ________.
fix a bug in the bots, update bots with new functionality
In 802.11i pre-shared key mode, the initial key is generated ________.
from a passphrase
Ensuring appropriate network ________ means preventing attackers from altering the capabilities or operation of the network.
functionality
Rerouting traffic using ARP poisoning is an attack on ________ of a network.
functionality, confidentiality
The key to security being an enabler is ________.
getting it involved early within the project
A digital certificate ________.
gives the subject's public key
A DoS attack that uses TCP flags is called a ________ attack.
half-open
Firms can address the increasing ability of attackers to bypass the border firewalls by ________.
hardening hosts
Disconnection ________.
harms legitimate users
In checking the digital signature, the verifier ________.
hashes the plaintext message with the same algorithm used by the sender to get the message digest
The supplicant creates a message digest by ________.
hashing the plaintext message
Before doing a vulnerability test, a security employee must ensure that ________.
he or she has a specific contract to do a specific test
Having realistic goals for reducing vulnerabilities ________.
helps to focus on the most critical threats
A ________ is a fake network segment with multiple clients and servers.
honeypot
Any device with an IP address is a ________.
host
SSL/TLS was developed for ________ VPNs.
host-to-host
SSL/TLS is used for ________ VPNs.
host-to-host, remote access
SIP identity protocols are common on IP telephones.
identity protocols are common on IP telephones. Answer: TRUE
Regarding retention policies, firms need to ________.
implement strong and clear backup policies
Policies drive ________.
implementation, oversight
The FTC can ________.
impose fines,require annual audits by external auditing firms for many years
In VoIP, encryption may ________.
increase latency
In VoIP, firewalls are a problem because they tend to ________.
increase latency
In ________ filtering, the firewall examines packets entering the network from the outside.
ingress
In ________ filtering, the firewall filters packets when they are leaving the network
ingress
MS-CHAP is used for ________ authentication.
initial
Static packet filtering firewalls are limited to ________.
inspecting packets in isolation from their context
If an attacker breaks into a corporate database and deletes critical files, this is a attack against the ________ security goal.
integrity
IPsec operates at the ________ layer.
internet
Penalties for hacking are ________.
irrelevant of the amount stolen
Quantum key distribution ________.
is a way to deliver enormously long keys to communication partners
In a crisis, human cognition ________.
is degraded
IPsec tunnel mode ________.
is firewall-friendly
Companies transmit over the Internet because the Internet ________.
is inexpensive
Placing security within IT ________.
is likely to give security stronger backing from the IT department
The 56-bit key size ________.
is sufficient for most residential consumer applications
Image backup is attractive because ________.
it requires minimal additional work to restore a fully functioning PC
A ________ is a random string of 40 to 4,000 bits (ones and zeros) used to encrypt messages.
key
Companies address the risk of losing a security key by using ________.
key escrow
If a firewall receives a provable attack packet, the firewall will ________.
log the packet drop the packet
The user reaches a webpage before logging in. This is a(n) ________ attack.
login screen bypass
The ________ is responsible for integrating the information from the multiple agents that run on multiple monitoring devices.
manager
Software vendors typically release ________ patches per product in a typical year.
many
A ________ is a material deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement in the annual or interim financial statements will not be prevented or detected.
material control deficiency
The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial.
mens rea
Digital signatures provide ________.
message authentication, message integrity
HMACs provide the cryptographic protection of ________.
message authentication, message integrity
Digital signatures are used for ________ authentication.
message-by-message
Electronic signatures usually provide ________.
message-by-message authentication, message integrity
WEP typically takes ________ to crack today.
minutes
Code on a webpage that is executed on the client PC is ________.
mobile code
Live tests are ________.
more effective than walkthroughs
Compared to full programming languages, scripts are ________ in what they can do.
more limited
In a URL, ".." (without the quotes) means ________.
move one directory up
When both parties prove their identities to the other, this is called ________.
mutual authentication
Cyberwar consists of computer-based attacks conducted by ________.
national governments
Data destruction is ________.
necessary
For all applications, a basic rule is ________.
never trust user input
In MMCs, the tree pane lists ________.
objects on which actions can be taken
Employees are very dangerous because they
often have access to sensitive parts of the system, are trusted by companies
In 802.11i, ________ authentication always uses SSL/TLS.
outer
A ________ can be used to gather network information or user data.
packet sniffer
A connection between two programs on different computers is represented by its ________.
pair of sockets
In a firm, codes of ethics apply to ________.
part-time employees, senior managers
In a virus, the code that does damage is called the ________.
payload
In a relational database, examples of entities include ________.
persons
You receive an e-mail that seems to come from your bank. Clicking on a link in the message takes you to a website that seems to be your bank's website. However, the website is fake. This is called a ________ attack.
phishing
Following someone through a secure door for access without using an authorized ID card or pass code is called ________.
piggybacking
A ________ is an older attack that uses an illegally large IP packet to crash an operating system.
ping of death
A governance framework specifies how to do ________.
planning, implementation, oversight
A(n) ________ is a statement of what should be done under specific circumstances.
policy
802.11i works in ________ mode.
pre-shared key, enterprise
In an IDS, ________ means that the IDS should report all attacks events and report as few false alarms as possible.
precision
In IM, ________ servers allow two users to locate each other.
presence
The steps required to issue a new employee a password should be specified in a ________.
procedure
A planned series of actions in a corporation is a(n) ________.
process
DML triggers are used to ________.
produce automatic responses if the data of the database has been altered.
DDL triggers are used to ________.
produce automatic responses if the structure of the database has been altered.
The stage of the plan-protect response cycle that consumes the most time is ________.
protection
Firewalls will drop ________.
provable attack packets
HIDSs ________.
provide highly specific information about what happened on a particular host
Evil twin access point attacks are most common in ________.
public hotspots
The sender the uses public key of the recipient in ________.
public key encryption for confidentiality
To be strong, ________ keys need to be longer than ________ keys.
public, symmetric
The cost of ________ LINUX is definitely far less than the cost of commercial operating systems such as Windows.
purchasing
Conducting stings on employees ________.
raises awareness, raises resentment
The most time-consuming part of firewall management is ________.
reading firewall logs
In ________ transfers, each event's data goes to the manager immediately.
real-time
If a company wishes to prosecute people or companies that steal its trade secrets, it must take ________ precautions to protect those trade secrets.
reasonable
Inheritance ________ labor costs in assigning permissions.
reduces
In manual procedures, the segregation of duties ________.
reduces risk
If a PC fails its initial NAC health assessment, it may be ________.
refused access
In IM, all messages pass through a ________ server.
relay
If it can be applied, the least-damaging recovery option is ________.
repair during continuing server operation
Hashing is ________.
repeatable
An attack where an adversary intercepts an encrypted message and transmits it again later is called a ________.
replay attack
Data breach notification laws typically ________.
require companies to notify affected people if sensitive personally identifiable information is stolen or even lost, have caused companies to think more about security
If an attacker takes over a router, he or she will be able to ________.
reroute traffic to cause a local DoS
After wiping/clearing, data is ________.
reusable
An unauthorized access point set up by individuals or departments is called a(n) ________ access point.
rogue
The super user account in UNIX is called ________.
root
Sophisticated attacks often are difficult to identify amid the "noise" of many ________ attacks.
script kiddie
Successful attacks are commonly called ________.
security incidents
To check a certificate's revocation status, the verifier can ________.
send an OCSP message to the CA
The decision to let an attack continue should be made by ________.
senior business executives
RTP adds ________ to UDP.
sequence numbers
There is(are) ________ NAT traversal method(s).
several
The process of keeping a backup copy of each file being worked on by backing it up every few minutes is called ________.
shadowing
UNIX command line interfaces are called ________.
shells
Watching someone type their password in order to learn the password is called ________.
shoulder surfing
SIP proxy servers are used in ________.
signaling transmissions
A ________ is an individual application on the tree pane of an MMC that can be added or dropped from the tree list easily.
snap-in
You receive an e-mail that seems to come from a frequent customer. It contains specific information about your relationship with the customer. Clicking on a link in the message takes you to a website that seems to be your customer's website. However, the website is fake. This is ________.
spear fishing
Nearly all main border walls today use ________ filtering.
stateful packet inspection
DoS attacks can cause harm by ________.
stopping a critical service, slowly degrading services over a period of time
To get to the super user account in UNIX, the administrator should use the ________ command.
su
In MS-CHAP, the ________ creates the response message.
supplicant
Nearly all encryption for confidentiality uses ________ encryption ciphers.
symmetric key
A walkthrough is also called a ________.
table-top exercise
Testers have permissions on the ________.
testing server
When a system runs out of storage space, ________.
the IDS will start a new log file
Companies achieve time synchronization for integrated log files by using ________.
the Network Time Protocol
The manager of the security department often is called ________.
the chief security officer (CSO), the chief information security officer (CISO)
To ensure that a digital certificate is valid, the receiver of the certificate must check ________.
the digital signature, the valid period
18 U.S.C. § 2511 prohibits ________.
the interception of electronic messages
The core part of the LINUX operating system is called ________.
the kernel
The party that is ultimately held accountable for a resource or control is ________.
the owner
The only person who should speak on behalf of a firm should be ________.
the public relations director
Walkthroughs are ________ table-top exercises.
the same thing as
In public key encryption for authentication, the supplicant uses ________ to encrypt.
the supplicant's private key
Most traditional external attackers were heavily motivated by ________.
the thrill of breaking in
In public key encryption for authentication, the supplicant must prove that it knows ________, which nobody else should be able to know.
the true party's private key
The owner can delegate ________ to the trustee.
the work of implementation of a resource or control
In mutual authentication between two parties, ________.
there are two verifiers and two supplicants
Traditional hackers are motivated by ________.
thrill, validation of power, doing damage as a by-product
Replay attacks can be thwarted by using ________.
time stamps, sequence numbers, nonces
The best way to thwart exhaustive searches by cryptanalysts is ________.
to make the key very long
Today, application proxy firewalls are commonly used ________.
to protect internal clients from malicious external servers
Mandatory vacations should be enforced ________.
to reduce the possibility of collusion between employees
Someone breaks into a corporate VoIP system to place free long-distance and international toll calls. This is referred to by security professionals as ________.
toll fraud
The super user account has ________ control over the computer.
total or nearly total
RTP is used in ________.
transport
SSL/TLS operates at the ________ layer.
transport
Many e-commerce companies will not ship to certain countries because of a high rate of consumer fraud. To get around this, attackers use ________.
transshippers
The most common attack against a wireless network is a ________.
unauthorized network access
A ________ firewall handling all traditional firewall functions (SPI, ACLs, etc.) as well as additional security functions such as antivirus filtering, spam filtering, application proxy filtering, and so forth.
unified threat management
To prevent eavesdropping, applications should ________.
use encryption for confidentiality
Attackers can exploit WEPs weaknesses by ________.
using WEP cracking software, reading two messages encrypted with the same key
3DES is ________.
very slow, strong enough for communication in corporations, expensive in terms of processing cost
A ________ is a cryptographic system that provides secure communication over an untrusted network.
virtual private network
A(n) ________ is a security weakness that makes a program vulnerable to attack.
vulnerability
Adding invisible information to a file that can be used to identify its source is called ________.
watermarking
To find out who is sending trade secrets out of the firm, you can use ________.
watermarking
The worst problem with classic risk analysis is that ________.
we cannot estimate the annualized rate of occurrence
A ________ occur(s) when a single security element failure defeats the overall security of a system.
weakest link failure
Mobile code usually is delivered through ________.
webpages
A commonly SSL/TLS-aware application is ________.
webservice
Companies usually conduct full backups on a ________ basis.
weekly
A ________ port number designates a specific application running on a server.
well-known
WEP stands for ________.
wired equivalent privacy
Eavesdropping usually is more of a concern for ________ LANs than for ________ LANs.
wireless, wired
The authenticator is the ________.
workgroup switch
Some ________ can jump directly between computers without human intervention.
worms
The fastest propagation occurs with some types of ________.
worms
In UNIX, the ________ permission allows the user to make changes.
write
A ________ attack is an attack that is made before attack signatures for the threat are defined.
zero-day
A(n) ________ is defined as an attack that comes before fixes are released.
zero-day attack
18 U.S.C. § 1030 protects ________.
"protected computers" such as government computers
What were the approximate dollar losses for the series of data breaches against Sony Corp?
$171 million
When two parties communicate with each other using symmetric key encryption, how many keys are used in total to encrypt and decrypt?
1
Strong RSA keys are at least ________ bits long.
1,024
Wireless 802.11 networks generally have a range of ________.
10 to 30 meters
In order to be considered strong today, a symmetric encryption key must be at least ________ bits long.
100
Which of the following is one of the effective key lengths in 3DES?
112 bits
If a key is 43 bits long, how much longer will it take to crack it by exhaustive search if it is extended to 50 bits?
128 times as long
Which of the following is one of the key lengths offered by AES?
192 bits
When two parties in an IPsec connection communicate back and forth, there are ________ security associations.
2
In pre-shared key mode, a passphrase should be at least ________ characters long?
20
What is the hash size of SHA-256?
256 bits
About how long was the Sony PlayStation Network offline as a result of the cyber attacks?
3 weeks
If you will proxy four different applications, how many proxy programs will you need?
4
To meet national export limitation in many countries, RC4 often uses a key length of ________ bits.
40
development server ________ errors may indicate that an attacker is trying to send invalid data to the server.
500
SIP requires port ________ to be open.
5060
A DES key is ________ bits long.
56
A dual-layer DVD can hold up to about ________ GB.
8
If you will proxy 8 different applications, you will need ________ proxy programs.
8
The book recommends that passwords be at least ________ characters long.
8
What standard did the 802.11 Working Group create to extend 802.1X operation to WLANs with security for EAP?
802.11i
________ security uses 128-bit AES encryption for confidentiality and AES-CCMP for automatic rekeying.
802.11i
________ is called Port-Based Access Control.
802.1X
Which of the following can be a type of spyware?
A cookie, A keystroke logger
________ is a password-cracking method wherein the attacker compares passwords to lists of common words.
A dictionary attack
Who should head the CSIRT?
A senior manager
________ is a password-cracking method wherein the attacker tries all possible passwords, starting with single-character passwords.
Brute-force guessing
________ is concerned with the restarting of the day-to-day revenue generating operations of the firm.
Business continuity planning
________ specify how a company will maintain or restore core business operations after disasters.
Business continuity plans
Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt to open connections?
Permit all attempts to open a connection from an internal host to an external host
A ________ attack is when a victim is flooded with ICMP packets that appear to be normal supervisory traffic.
Ping flood
What security function(s) usually is(are) not outsourced?
Planning
Why is creating firewall policies desirable compared to just creating a list of ACL rules?
Policies are easier to understand.
Which of the following is an example of a conflict of interest?
Preferential dealings with relatives Investing in competitors Competing with the company while still employed by the company
Which of the following are types of countermeasures?
Preventative, Detective, Corrective
Under what Internet Options tabs are cookies controlled?
Privacy
________ specify the low-level detailed actions that must be taken by specific employees.
Procedures
________ is the plan-based creation and operation of countermeasures.
Protection
Which of the following can be used as a keying method?
Public key encryption for confidentiality
Which of the following fields are contained on a digital certificate?
Public key, Digital signature, Serial number
Most central authentication servers are governed by the ________ standard.
RADIUS
A program that gives the attacker remote access control of your computer is specifically called a ________.
RAT
Which of the following statements accurately describes RC4?
RC4 can use a broad range of key lengths.
Which of the following statements accurately describes RC4?
RC4 is extremely fast.
Eavesdropping can be thwarted by encrypting ________.
Both A and B
Example of DBMSs include ________.
Both A and B
Firewall policies should govern ________.
Both A and B
Host operating system monitors look at ________.
Both A and B
If an IPS identifies an attack, it can ________.
Both A and B
Inheritance can be modified from the ________ box in the security tab.
Both A and B
Integrated log files ________.
Both A and B
NAT is able to stop ________.
Both A and B
Properly backed up data includes ________.
Both A and B
Rehearsals improve ________.
Both A and B
Repair during ongoing server operation is ________.
Both A and B
Retaining data can be ________.
Both A and B
SPI firewalls can conduct ________ inspection.
Both A and B
Standard configurations ________.
Both A and B
Static packet filtering is sometimes used ________.
Both A and B
In a MITM attack, access to the local network is not required in order to work.
FALSE
A router that connects to three subnets is called a ________ router.
None of the above
What is the name for a small program that fixes a particular vulnerability?
Patch
________ can greatly reduce patching costs.
Patch management servers
Wal-Mart was able to respond to hurricane Katrina so quickly because it had ________.
Both A and B
What information should alarms give the security staff?
Both A and B
What protection can a firm provide for people in the event of an emergency?
Both A and B
What type of host may be placed in the DMZ?
Both A and B
Which of the following security protections are provided by recent version of Windows Server?
Both A and B
Which type of analysis do IDSs usually do?
Both A and B
Who should be involved in the creation of retention policies?
Both A and B
With basic file deletion, data is ________.
Both A and B
________ of response is critical.
Both A and B
________ punishments may result in fines.
Both A and B
With nominal deletion, data is ________.
Both A and B.
________ are compromised hosts running malware controlled by the hacker.
Bots
________ are monetary gifts to induce an employee to favor a supplier or other party.
Bribes
In a P2P attack, there is a change in the overall volume of traffic but the traffic pattern is the same.
FALSE
In a crisis, rigid adherence to plans and processes for recovery is critical.
FALSE
In a large organization, WEP rekeying is inexpensive.
FALSE
Technology is the most effective method of avoiding problems during the legal discovery process.
FALSE
The 802.1X protocol created for wired LANs can work in wireless LANs without significant modification.
FALSE
The Skype protocol is relatively easy for corporate firewalls to filter.
FALSE
The basic strategy of log file reading is to determine what traffic is usual.
FALSE
The book recommends hard-headed thinking about security ROI analysis.
FALSE
The definition of hacking is "accessing a computer resource without authorization or in excess of authorization."
FALSE
The goal of IT security is risk elimination.
FALSE
The hash size in MD-5 is 160 bits.
FALSE
The last egress ACL rule in a border firewall is DENY ALL.
FALSE
The main access threat to 802.11 wireless LANs is an attacker plugging into a wall jack.
FALSE
The most common attack against a wireless network is a wireless DoS attack.
FALSE
The password SeAtTle can be broken by a dictionary attack.
FALSE
The primary purpose for attackers to send port scanning probes to hosts is to identify which ports are open.
FALSE
The purpose of egress firewall filtering is to stop attack packets from entering the firm's internal network.
FALSE
The super user account in Windows is called root.
FALSE
The terms "intellectual property" and "trade secret" are synonymous.
FALSE
To get to the super user account in UNIX, the administrator can use the RunAs command.
FALSE
To outsource some security functions, a firm can use an MISP.
FALSE
To test the digital signature, the verifier will use sender's public key.
FALSE
Total software reinstallation effectively addresses data loss.
FALSE
Transport consists of communication to manage the network.
FALSE
Triggers are damaging code that attackers use to destroy databases.
FALSE
Which of the following are elements of host hardening?
Both A and B
Which of the following is a danger created by notebook computer loss or theft?
Both A and B
Which of the following is one of the four steps in business process analysis?
Both A and B
Allowing an attacker to continue working in a system after the attack has been discovered ________.
Both A and B
Assigning security measures to groups is better than assigning security measures to individuals within groups because ________.
Both A and B
Automatic protections for application proxy firewalls include ________.
Both A and B
________ is efficient enough in processing power and RAM requirements to be used on small devices, such as PDAs and cell phones.
AES
________ consists of activities that violate a company's IT use policies or ethics policies.
Abuse
Which of the following is the most dangerous because it can do more on a computer when it is executed?
Active-X
The super user account in Windows is called the ________.
Administrator
Which of the following is not a standard Windows privilege?
All
18 U.S.C. § 1030 prohibits ________.
All of the above
After an antivirus server performs filtering, it may ________.
All of the above
Antivirus servers can look for ________.
All of the above
Data can be lost by ________.
All of the above
E-mail filtering can be done at which of the following?
All of the above
Full backups are ________.
All of the above
If an attacker takes over a firewall, he or she will be able to ________.
All of the above
The policies for protecting sensitive information should be applied to all mobile data on ________.
All of the above
Trusting users to do key escrow is risky because ________.
All of the above
UNIX allows permissions to be assigned to ________.
All of the above
Which of the following are reasons to ensure WWW Service and E-Commerce security?
All of the above
Which of the following database events should be regularly audited?
All of the above
Which of the following should the CSIRT include?
All of the above
With RAID 5, the following is achieved ________.
All of the above
Which of the following is not a common problem with antivirus protections?
All of the above are common problems with antivirus protections.
Which of the following is not a type of fix for vulnerabilities?
All of the above are types of fixes for vulnerabilities
Profiling uses ________ to find patterns in a dataset which uniquely identify an individual.
All of the above.
________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery.
Analysis
Which of the following is a formal process?
Annual corporate planning, Planning and developing individual countermeasures
________ detection looks at traffic patterns for deviations from set norms.
Anomaly
What time of filtering do UTM firewalls provide?
Antivirus filtering
Any device with an IP address is a host.
Any device with an IP address is a host.
________ firewalls always examine application messages in depth.
Application proxy
Overall for firms, which is more time consuming to patch?
Applications
Which of the following is a function of IDSs?
Automated analysis
Backup creation policies should specify ________.
Both A and B
Communication between IDS ________ must be secure.
Both A and B
Compared to local backup, centralized backup ________.
Both A and B
Configuring multiple hard drives as an array within a single system is ________.
Both A and B
________ are check lists of what should be done in a specific procedure.
Baselines
Why did hackers attack Sony Corp?
Because Sony was suing a fellow hacker
________ are descriptions of what the best firms in the industry are doing about security.
Best practices
________ is one method of thwarting DoS attacks by dropping all IP packets from an attacker.
Black holing
When Carol sends a message to Bob, Bob will use ________ to decrypt the message.
Bob's private key
A PSTN gateway translates between a VoIP network's ________ protocols and those of the public switched telephone network.
Both A and B
A ________ is a type of fix for vulnerabilities.
Both A and B
A systems administrator may manage ________.
Both A and B
Cookies are dangerous because they ________.
Both A and B
Databases are ________.
Both A and B
In a smurf flood DoS attack, attackers can benefit from a multiplier effect because a single ICMP request is responded to by multiple hosts.
FALSE
In a smurf flood DoS attack, attackers can benefit from a multiplier effect because multiple ICMP requests are responded to by a single host.
FALSE
In authentication, the party trying to provide its identity to the other party is called the applicant.
FALSE
In cryptographic systems, keying takes place during the second handshaking stage.
FALSE
Two computer systems each back up the other in real time in ________.
CDP
Which of the following is the most effective alternative for disaster recovery backup?
CDP
A major security incident is generally handled by the ________.
CSIRT
________ deals with interpretations of rights and duties that companies or individuals have relative to each other.
Civil law
________ is form of online fraud when bogus clicks are performed to charge the advertiser without creating potential new customers.
Click fraud
________ is preferred by U.S. auditors.
CobiT
Which companies do PCI-DSS affect?
Companies that accept credit card payments
________ may engage in commercial espionage against a firm.
Competitors, National governments
The Local Users and Groups snap-in is available on the ________ MMC.
Computer Management
________ is the security guarantee that people who intercept messages cannot read them.
Confidentiality
________ is the act of actually stopping an incident's damage.
Containment
________ are proofs of identity.
Credentials
________ punishments may result in jail time.
Criminal
________ deals with the violation of criminal statutes.
Criminal law
________ is the use of mathematical operations to protect messages travelling between parties or stored on a computer.
Cryptography
In fraud, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.
FALSE
In hacking, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.
FALSE
In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet arrives that does not attempt to open a connection.
FALSE
In public key encryption for authentication, the receiver decrypts with the public key of the sender.
FALSE
A patch is a labor-intensive process of manual steps that a firm must do to address a vulnerability.
FALSE
An attacker controlling bots in a coordinated attack against a victim is known as a ________.
DDoS attack
DNS, DHCP, and LDAP are examples of supervisory protocols in TCP/IP.
DNS, DHCP, and LDAP are examples of supervisory protocols in TCP/IP.
________ is the process of obscuring data such that it cannot identify a specific person, but remains practically useful.
Data masking
What type of filtering do IDSs do?
Deep packet inspection
________ requires multiple countermeasures to be defeated for an attack to succeed.
Defense in depth
Which CobiT domain has the most control objectives?
Delivery & Support
Which of the following is a type of countermeasure?
Detective,Corrective
Another name for RAID 5 is ________.
Distributed Parity
A(n) ________ attack attempts to make a server or network unavailable to serve legitimate users by flooding it with attack packets.
DoS
A network administrator notices extensive damage to wireless packets. This might indicate a ________ attack.
DoS flood attack
A ________ is a small program that, after installed, downloads a larger attack program.
Downloader
Which IPS response to an attack can do the most damage?
Dropping packets
Which IPS response to an attack is the most effective in stopping attacks?
Dropping packets
________ entails investigating the IT security of external companies and the implications of close IT partnerships before implementing interconnectivity.
Due diligence
An EAP message begins with an ________ message.
EAP start
________ is used by ________ for authentication.
EAP, RADUS
________ is the act of passing an incident to the CSIRT or business continuity team.
Escalation
________ threaten to do at least temporary harm to the victim company's IT infrastructure unless the victim pays the attacker.
Extortionists
"Breadth of the perimeter" is a phrase used by network administrators to convey that creating a 100% secure network is possible.
FALSE
A CSIRT should not include members from the legal department.
FALSE
A DES key is 40 bits long.
FALSE
A LINUX distribution consists only of the LINUX kernel.
FALSE
A company should decide upon a single security baseline for use with its client PCs.
FALSE
A company should not replace default passwords during configuration.
FALSE
A connection designates a specific program designated by a port number on a specific computer's IP address.
FALSE
A shoulder surfing attack will not be successful unless the attacker can read the entire password.
FALSE
ARP is used to resolve 48-bit IP addresses into 32-bit local MAC addresses.
FALSE
Access control is more of a problem for wired LANs than for wireless LANs.
FALSE
According to the author, information assurance is a good name for IT security.
FALSE
According to the book, r%Dv$ is a strong password.
FALSE
An attack that comes before fixes are released is called a vulnerability attack.
FALSE
An attacker who captures the keying information in Diffie-Hellman key agreement can compute the symmetric session key.
FALSE
An example of "pressure" from the fraud triangle would include paying back embezzled money.
FALSE
An indirect attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer.
FALSE
An internal firewall sits at the boundary between the corporate site and the Internet.
FALSE
Antivirus servers can only find viruses, not other types of malware.
FALSE
Assigning security measures to individuals within groups is cheaper than assigning security measures to groups.
FALSE
In public key encryption for authentication, the verifier decrypts the ciphertext with the supplicant's public key.
FALSE
In public key encryption for authentication, the verifier decrypts the ciphertext with the verifier's public key.
FALSE
In relational database, a row is different from a record.
FALSE
In relational database, an attribute is the same as a tuple or record.
FALSE
Incident response is defined as reacting to incidents impromptu.
FALSE
Incremental Differential backups only back up data that has changed since the most recent full backup.
FALSE
Incremental and full backups may be restored out of order in which they were created.
FALSE
Independence is best provided for IT security by placing it within the IT department.
FALSE
Informing employees that monitoring will be done is a bad idea.
FALSE
Ingress ACL rules typically permit a specific type of internally originated connection to outside resources.
FALSE
International laws about cybercrime are fairly uniform.
FALSE
Typically, the shadow storage space is nearly unlimited.
FALSE
UNIX offers more directory and file permissions than Windows.
FALSE
Attackers rarely use IP address spoofing to conceal their identities.
FALSE
Backup onto another hard drive is a very slow method of backup.
FALSE
Backup policies should be audited regularly and include tracing what happens in samples of data.
FALSE
Black holing is an effective long-term containment solution.
FALSE
CDP is inexpensive to use.
FALSE
CLI shells use more system resources than GUIs.
FALSE
CLIs usually are easier to learn than GUIs.
FALSE
CTS frames tell other wireless clients that you want to transmit for a given amount of time.
FALSE
Carding is more serious than identity theft.
FALSE
Companies can nearly always stop DoS attacks without assistance from ISPs and other upstream agencies.
FALSE
Companies should replace their legacy security technologies immediately.
FALSE
Compared to non-computer crime, computer crime is very small.
FALSE
Computer recover software reports its physical location to a recovery company that works with the local police to recover the notebook.
FALSE
Confidentiality means that attackers cannot change or destroy information.
FALSE
Courts will often admit unreliable evidence if judges believe that juries can be trusted to evaluate it properly.
FALSE
Creating ACLs is the most time-consuming part of firewall management.
FALSE
Custom programs generally are safe because attackers do not know the code.
FALSE
Cybercriminals avoid black market forums.
FALSE
Detective countermeasures keep attacks from succeeding.
FALSE
DoS network attacks are fairly uncommon.
FALSE
E-commerce software is not complex and has few subsystems.
FALSE
EAP uses RADIUS for authentication.
FALSE
Each media access control (MAC) address has a network interface card (NIC).
FALSE
Electronic employee monitoring is rare.
FALSE
Encryption is heavily used in commercial e-mail.
FALSE
Exceptions in policies and procedures should be forbidden.
FALSE
Experts advise firms to turn on most or all applications and then harden them.
FALSE
File/directory backup is slower and takes up more storage space than image backup.
FALSE
File/directory data backup copies data, programs, configurations, and registry settings.
FALSE
Firewalls do not stop provable attack packets
FALSE
Focusing electronic attacks on specific high-value targets is known as promiscuous attacks.
FALSE
Generally speaking, script kiddies have high levels of technical skills.
FALSE
Generally speaking, vendors use similar mechanisms for downloading and installing patches.
FALSE
Guidelines are appropriate in simple and highly certain circumstances.
FALSE
Hashing is a reversible process.
FALSE
Hotlines for reporting improper behavior are required by law to be non-anonymous.
FALSE
ICMP can be best described as the second part of a three-way TCP handshake sent in response to a SYN.
FALSE
IDSs drop packets that are merely suspicious.
FALSE
IDSs need to filter individual packets rather than packet streams.
FALSE
IDSs tend to issue many false negatives.
FALSE
IT security people should maintain a negative view of users.
FALSE
Identity theft is stealing credit card numbers.
FALSE
If NAT changes the Layer 3 IP destination addresses, the protocol will still work properly.
FALSE
If a PC user has full-disk encryption, a weak password is not as great a danger as it would be if the disk were not encrypted.
FALSE
If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial.
FALSE
If a firewall receives a packet that is suspicious, it will drop and log the packet.
FALSE
Image backup is a fast form of backups.
FALSE
In Internet Explorer, the Security tab controls the website's pop-up blocker.
FALSE
In UNIX, the Execute permission gives the permission to make changes.
FALSE
It is a good idea to view the security function as a police force or military organization.
FALSE
Java applets are large Java programs.
FALSE
JavaScript is a scripted form of Java.
FALSE
Julia encrypts a message to David using public key encryption for confidentiality. After encrypting the message, can Julia decrypt it?
FALSE
Like the public switched telephone network, VoIP technology is a closed system.
FALSE
Losing an encryption key is not a serious danger.
FALSE
MS-CHAP provides mutual authentication.
FALSE
Main border firewalls rarely use stateful packet inspection.
FALSE
Many companies continue to use WEP to avoid the cost of reconfiguring all of their access points and clients to 802.11i and because WEP has not been fully cracked yet.
FALSE
Most DoS attacks are difficult to detect.
FALSE
Most IT security analysts recommend placing IT security functions within the IT department.
FALSE
Most companies are quick to enforce strict data management policies.
FALSE
Most companies conduct full backups on a daily basis.
FALSE
Most cookies are dangerous.
FALSE
Most countermeasure controls are detective controls.
FALSE
Most firewall database policies include less than 5 rules.
FALSE
Most firms do a satisfactory job overseeing the deployment of custom programs used to supplement packaged software.
FALSE
Most traditional external hackers cause extensive damage or commit theft for money.
FALSE
Nearly all applications can be proxied effectively.
FALSE
Normally, there is no limit on how long shadowing may maintain backed up files.
FALSE
Once an attack has begun, a company should never allow the attacker to continue.
FALSE
Open networks can be legally accessed by anyone and are frequently posted as such.
FALSE
Operating system hardening is more total work than application hardening.
FALSE
Optical disks can safely hold data for decades.
FALSE
PKI uses circles of trust.
FALSE
Planning, protection, and response follow a fairly strict sequence from one stage to another.
FALSE
Policies should not require that backup data be encrypted.
FALSE
Policies should specify implementation in detail.
FALSE
Policies should specify the details of how protections are to be applied.
FALSE
Preventative countermeasures identify when a threat is attacking and especially when it is succeeding.
FALSE
Programmers can trust user input if the person is strongly authenticated.
FALSE
Properly hardened hosts and securely coded applications can help protect data while it is transmitted.
FALSE
Prosecuting attackers in other countries is relatively straightforward under existing computer crime laws.
FALSE
RC4 uses WEP for fast and therefore cheap encryption.
FALSE
Reading firewall logs requires limited time in firewall administration.
FALSE
Responding to risk through risk avoidance is likely to be acceptable to other units of the firm.
FALSE
Restrictions on removable media should be enforced by relying on user behavior, rather than technological restrictions.
FALSE
Rogue access points are authorized access points set up by individuals or departments.
FALSE
Rootkits replace legitimate programs and are considered a deeper threat than a set of programs called Trojan horses.
FALSE
SPI firewalls cannot handle UDP communications because UDP is connectionless.
FALSE
SPIT is where the attacker uses the corporate VoIP network to place free calls.
FALSE
SSL/TLS protection is transparent to applications.
FALSE
SSL/TLS was developed for remote access VPNs.
FALSE
Scripts do not have the ability to permanently change your computer registry.
FALSE
Secure wireless networks can be legally accessed by anyone and are frequently posted as such.
FALSE
Signaling does not consist of communication to manage the network.
FALSE
Signaling is the carriage of voice between two parties.
FALSE
Signing a message digest means encrypting it with the sender's public key.
FALSE
Skype's security protocols have been publicly studied and approved.
FALSE
Social engineering is rarely used in hacking.
FALSE
Someone sends you a "game." When you run it, it logs you into an IRS server. This is hacking.
FALSE
Spammers use sticky spam, which presents their message as a graphical image.
FALSE
Spreadsheets are rarely the subject of compliance regulations.
FALSE
Stateful packet inspection firewalls use relay operation with two connections per client/server pair.
FALSE
Systems administrators manage individual hosts but not groups of hosts.
FALSE
Using new and proprietary encryption ciphers is a good idea because cryptanalysts will not know them.
FALSE
Using the delete key prevents data from being easily recovered.
FALSE
VoIP security can easily be implemented even if the company's basic security is weak.
FALSE
Vulnerability testing typically is not outsourced
FALSE
WEP mandates private keys.
FALSE
Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests may miss.
FALSE
Website defacement occurs when attackers take over a computer and produce false web pages.
FALSE
When Emma sends a message to Lucy, Emma will use the public key to encrypt it.
FALSE
When a company visits a website to collect public information about a competitor, this is a form of trade secret espionage.
FALSE
When executing attack code, if the attacker has skillfully overwritten the return address, the return address will not point back to "data" in the buffer.
FALSE
When performing trend analysis, increasing granularity in queries is desirable.
FALSE
When securing application configuration settings, default password settings should not be changed.
FALSE
Windows offers only 3 directory permissions.
FALSE
Wiped data can be read.
FALSE
Wiping/clearing is the best approach to destroying media.
FALSE
Wire speed is the maximum speed at which a firewall can filter packets.
FALSE
Wireless attacks avoid the access points to limit detection.
FALSE
With centralized backup, each location backs up the other in real time.
FALSE
With good planning and protection, a company can eliminate security incidents.
FALSE
With local backup processes, policies are easily enforced.
FALSE
several
FALSE
________ are failures to report true attack activities.
False negatives
________ examines financial processes for efficiency, effectiveness, and adequate controls.
Financial auditing
________ drop packets.
Firewalls
________ evidence is evidence that is acceptable for court proceedings.
Forensic
________ specifically addresses data protection requirements at financial institutions.
GLBA
What type of organization is subject to FISMA?
Government organizations
________ are discretionary.
Guidelines
________ specifically addresses data protection requirements at health care institutions.
HIPAA
A ________ attack is when a webserver is flooded with application layer web requests.
HTTP flood
________ are an additional layer of compromised hosts that are used to manage large groups of bots.
Handlers
Which of the following measures do HMACs use?
Hashing
________ is necessary to protect the host against attacks.
Host hardening
Which of the following is a type of VPN?
Host-to-host, Remote access
________ do not drop packets.
IDSs
Almost all main border firewalls use ________ filtering as their primary filtering mechanism.
None of the above
Computer recover software reports its ________ to a recovery company that works with local police to recover the notebook.
IP address
ICMP Echo messages are often used in ________.
IP address scanning
Sending packets with false IP source addresses is called ________.
IP address spoofing
________ drop packets.
IPSs
________ offers transparent protection.
IPsec
Companies can enforce policies for ________.
IPsec security associations
Which of the following specifies how to do certification by external parties?
ISO/IEC 27000
________ examines IT processes for efficiency, effectiveness, and adequate controls.
IT auditing
Getting a firm's IT back into operation is ________.
IT disaster recovery
________ specify how a company will restore IT functions after a disaster.
IT disaster recovery plans
The ISO/IEC 2700 family focuses on ________.
IT security governance
What type of employee is the most dangerous when it comes to internal IT attacks?
IT security professionals
________ backups only back up data that has changed since the most recent full backup.
Incremental
________ audits are done by an organization on itself.
Internal
________ firewalls filter traffic passing between different parts of a site's network.
Internal
________ firewalls may be able to stop attacks by employees within the firm against internal site resources.
Internal
________ examines organizational units for efficiency, effectiveness, and adequate controls.
Internal auditing
What security functions typically are outsourced?
Intrusion detection, Vulnerability testing
________ are areas of responsibility within which different government bodies can make and enforce laws but beyond which they cannot.
Jurisdictions
________ are payments made by a supplier to a corporate buyer when a purchase is made
Kickbacks
________ is a version of ________ for PCs.
LINUX, UNIX
When Joshua sends a message to Larry, Joshua will use ________ to encrypt the message.
Larry's public key
When someone requests to take an action that is potentially dangerous, what protection should be put into place?
Limit the number of people that may request an approval
Which is not one of the three UNIX permissions?
List folder contents
________ investigate(s) most violations of local and state computer laws.
Local police
Which hacker group was likely involved in the Sony data breaches?
LulzSec
Cryptanalysts have found weaknesses in ________.
MD5
Which of the following statements is not an accurate description of MMCs?
MMCs are located under the Start / Management menu choice.
What mistake did the 802.11i Working Group make when creating IVs?
Making the IV too short
________ is a generic term for "evil software."
Malware
What protection do cryptographic systems provide on a message-by-message basis?
Message authentication, Message integrity,Message confidentiality
It is acceptable for an employee to reveal ________.
None of the above
The ________ is a subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world.
None of the above
Which of the following measures offers strong security?
None of the above
What usually is the longest stage in a cryptographic system dialogue?
Ongoing communication
Which of the following is a good rule for handling exceptions?
Only some people should be allowed to request exceptions, The requestor and approver should be different people, The exception should be documented.
Listing your friend's home in the local classifieds at a low price is equivalent to a ________.
P2P redirect
What type of filtering do IDSs do?
Packet stream analysis
What is the SPI firewall rule for packets that do not attempt to open connections?
Pass the packet if it is part of a previously approved connection
MMCs are administrative used to manage ________ servers.
Microsoft
Which of the following are elements of host hardening?
Minimizing applications on the host
Another name for RAID 1 is ________.
Mirroring
When risk analysis deals with costs and benefits that vary by year, the computations should use ________.
NPV, IRR
A NIDS can ________.
Neither A nor B
A digital ________, by itself, provides authentication.
Neither A nor B
After destroying, data is ________.
Neither A nor B
Border management ________.
Neither A nor B
Checkouts of backup media for restoration ________.
Neither A nor B
DLL triggers are used to ________.
Neither A nor B
DML triggers are used to ________.
Neither A nor B
Hot sites ________.
Neither A nor B
If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________.
Neither A nor B
If a firewall receives a suspicious packet, the firewall will ________.
Neither A nor B
In 802.1X, the heavy authentication work is done on ________.
Neither A nor B
Magnetic tape is ________.
Neither A nor B
Most packets are part of the ________ state.
Neither A nor B
NIDs look at ________.
Neither A nor B
Stateful packet inspection firewalls ________.
Neither A nor B
Which encryption method does MS-CHAP use?
Neither A nor B
Which of the following layers does IPsec protect?
Neither of the above
A VoIP caller wishing to contact another sends an INVITE message to ________.
None of the above
What is the SPI firewall rule for packets that only have their TCP ACK bits set but no other flags set?
Pass the packet if it is part of a previously approved connection