CIS2337 - Final (Ch. 12-23, 25) Study Quiz ?'s

What does a host-based IDS monitor? activity on a specific host activity on the network itself a honeynet a digital sandbox

activity on a specific host

Which component of an HIDS must decide what activity is "okay" and what activity is "bad"? traffic collector analysis engine signature database examination collector

analysis engine

Which testing technique requires that the testers have no knowledge of the internal workings of the software being tested? black box testing gray box testing white box testing red box testing

black box testing

What is Point-to-point (P2P) connection?

communications with one endpoint on each end

Which term refers to a unique alphanumeric identifier for a user of a computer system? password username group policy object token

username

Which protection ring has the highest privilege level and acts directly with the physical hardware? 0 1 2 3

0

WiFi uses which frequency spectrum?

2.4 GHz and 5 GHz

WiFi series refers to:

802.11 standard

If the root CA's private key were compromised, what would happen? Entities within the hierarchical trust model and end users would be unaffected. Entities within the hierarchical trust model would also be compromised, but users would be unaffected. All entities within the hierarchical trust model would be drastically affected. Only the root CA would be affected.

All entities within the hierarchical trust model would be drastically affected.

BIOS stands for: Biological input output standard Basic input output system Basic integrated operating system Basic information operating system

Basic input output system

The _______________ is a list of known vulnerabilities in software systems. Authority Revocation List (ARL) Common Vulnerabilities and Exposures (CVE) enumeration Certificate Revocation List (CRL) Filesystem Access Control List (FACL)

Common Vulnerabilities and Exposures (CVE) enumeration

Backups can prevent a security event from occurring. True False

False

From a forensics perspective, Linux systems have the same artifacts as Windows systems. True False

False

TCP is a connectionless protocol. True False

False

TPM is: Hardware security solution on the motherboard Hardening system self-encrypting drives full drive encryption

Hardware security solution on the motherboard

What is an advantage of a host-based IDS? It can reduce false-positive rates. Its signatures are broader. It can examine data before it is decrypted. It is inexpensive to maintain in the enterprise.

It can reduce false-positive rates.

Which action is an example of transferring risk? Management purchases insurance for the occurrence of an attack. Management applies controls that reduce the impact of an attack. Management decides to accept responsibility for the risk if it does happen. Management decides against deploying a module that increases risk.

Management purchases insurance for the occurrence of an attack.

Which type of attack can be used to execute arbitrary commands in a database? DB manipulation DB injection SQL injection XML injection

SQL injection

The _______________ is a set of tools that can be used to target attacks at the people using systems; it has applets that can be used to create phishing e-mails, Java attack code, and other social engineering-type attacks. WireShark Toolkit Metasploit Suite Social-Engineering Toolkit Burp Suite

Social-Engineering Toolkit

Which cloud computing service model involves the offering of software to end users from within the cloud? Platform as a Service (PaaS) Software as a Service (SaaS) Infrastructure as a Service (IaaS) Security as a Service (SaaS)

Software as a Service (SaaS)

Which statement describes the main difference between TCP and UDP? UDP is a more widely used protocol. TCP packets are smaller and thus more efficient to use. TCP is connection oriented, whereas UDP is connectionless. UDP is considered to be more reliable because it performs error checking.

TCP is connection oriented, whereas UDP is connectionless.

What is an advantage of a network-based IDS? This type of IDS can examine data after it has been decrypted. This type of IDS coverage requires fewer systems. This type of IDS can be very application specific. This type of IDS can determine whether or not an alarm may impact a specific system.

This type of IDS coverage requires fewer systems.

A physical hard disk drive will persist data longer than a cache. True False

True

NIDSs are typically deployed so that they can monitor traffic in and out of an organization's major links. True False

True

Which document outlines what the loss of any critical functions will mean to the organization? business continuity plan (BCP) disaster recovery plan (DRP) business impact analysis (BIA) succession plan

business impact analysis (BIA)

What is a method of establishing the authenticity of specific objects, such as an individual's public key or downloaded software? tokens multifactor authentication mutual authentication certificates

certificates

(same) Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure? qualitative risk assessment quantitative risk assessment configuration management change management

change management

Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure? qualitative risk assessment quantitative risk assessment configuration management change management

change management

Which cloud system is defined as one where several organizations with a common interest share a cloud environment for the specific purposes of the shared endeavor? private hybrid community public

community

Evidence that is both legally qualified and reliable is known as __________. sufficient evidence competent evidence relevant evidence real evidence

competent evidence

Which process involves implementing security tools and policies to ensure your container is running as intended? container security log aggregation secret management edge computing

container security

SYN flooding is an example of a __________. viral attack denial-of-service attack logic bomb trojan horse

denial-of-service attack

Business records, printouts, and manuals are which type of evidence? direct evidence real evidence documentary evidence demonstrative evidence

documentary evidence

Which type of computing brings processing closer to the edge of the network, which optimizes web applications and IoT devices? implicit edge recovery hybrid

edge

The movement to an account that enables root or higher-level privilege is known as: escalation of privilege encryption layered tunneling hashing

escalation of privilege

Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution? best evidence rule exclusionary rule hearsay rule evidentary rule

exclusionary rule

Backups can prevent a security event from occurring. True False

false

Cryptography is the universal solution to all security problems. True False

false

During penetration testing, zero-day vulnerabilities will be established. True False

false

Least privilege refers to removing all controls from a system. True False

false

Service pack is the term for a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks. True False

false

Tail is a utility designed to return the first lines of a file. True False

false

If you test something and it comes back negative, but it was in fact positive, then the result is a false positive. True False

false (false negative)

Clusters on a hard disk that are marked by the operating system as usable when needed are referred to as __________. free space slack space open space unused space

free space

Which backup technique requires a large amount of space and is considered to have a simple restoration process? delta differential incremental full

full

A(n) _______________ is a low-level program that allows multiple operating systems to run concurrently on a single host computer. cipher hypervisor subnet escrow

hypervisor

SSID (service set identifier )is:

name of the wireless network

Tangible objects that prove or disprove facts are what type of evidence? direct evidence real evidence documentary evidence demonstrative evidence

real evidence

Which term is used to describe the target time that is set for resuming operations after an incident? business continuity plan (BCP) recovery time objective (RTO) disaster recovery plan (DRP) recovery point objective (RPO)

recovery time objective (RTO)

Which term is used to describe the target time that is set for resuming operations after an incident? \ business continuity plan (BCP) recovery time objective (RTO) disaster recovery plan (DRP) recovery point objective (RPO)

recovery time objective (RTO)

What is malware? Always being cautious about executing programs Relies on lies and misrepresentation, which an attacker uses to trick an authorized user into providing information A network sniffer refers to software that has been designed for some nefarious purpose

refers to software that has been designed for some nefarious purpose

Which term refers to the possibility of suffering harm or loss? Risk Hazard Threat vector Threat actor

risk

Evidence that is convincing or measures up without question is known as __________. sufficient evidence competent evidence relevant evidence real evidence

sufficient evidence

Which component of an HIDS pulls in the information that the other components, such as the analysis engine, need to examine? traffic collector signature database expert knowledge database user interface and reporting

traffic collector

A computer system is attacked for one of two general reasons: it is specifically targeted by the attacker or it is a target of opportunity. True False

true

A qualitative risk assessment relies on judgment and experience. True False

true

All input validation that is essential for business reasons or for security should be performed on the server side of the client-server relationship, where it is free from outside influence and change. True False

true

Both ipconfig and ifconfig are command-line tools to manipulate the network interfaces on a system. True False

true

Rainbow tables include precomputed tables or hash values associated with passwords True False

true

Shimming attack is the process of putting a layer of code between the driver and the OS True False

true

The goal of the delta backup is to back up as little information as possible each time you perform a backup. True False

true

The presence of risks in a system is an absolute—they cannot be removed or eliminated. True False

true

WEP stands for Wired Equivalent Privacy (T/F)

true

Which term refers to characteristics of resources that can be exploited by a threat to cause harm? vulnerabilities preventive controls tangible impacts threat vectors

vulnerabilities

Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on? blacklisting penetration testing auditing white box testing

white box testing

Which term is used to define vulnerabilities that are newly discovered and not yet addressed by a patch? exposure factor least privileged intangible asset zero day

zero day

What is operating system? Basic software that handles things such as input, output, display, memory management, and all the other highly detailed tasks Process used to maintain systems in an up-to-date fashion Prevents their use by unauthorized users, improves system throughput, and increases security Configuring extra security measures

Basic software that handles things such as input, output, display, memory management, and all the other highly detailed tasks