cist2611 quizzes
Which of the following describes a banner?
A message sent by a service in response to a valid or invalid query. Its function is to confirm communication is functioning properly or to announce an error.
Which of the following describes optical carrier (OC)?
A network carrier line—often leased or dedicated—which uses fiber optic cables for high-speed connections
Which of the following describes a BYOD?
A policy allowing or encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks
Which of the following describes dynamic packet filtering?
A process that automatically creates temporary filters. In most cases, the filters allow inbound responses to previous outbound requests.
Which of the following describes write-once read-many (WORM)?
A storage device that can be written to once, but once written cannot be electronically altered
Which of the following describes a blacklist?
A type of filtering in which all activities or entities are permitted except those identified
Which of the following is a form of threat that takes some type of initiative to seek out a target to compromise?
Active threat
Which term is used to describe a feature added to the NTFS file system to support files from POSIX, OS/2, and Macintosh?
Alternate data stream (ADS)
Which of the following describes separation of duties?
An administrative rule whereby no single individual possesses sufficient rights to perform certain actions
Which of the following characteristics relates to a distributed Denial of Service (DDoS) attack?
An attack that uses multiple remotely controlled software agents disseminated across the Internet
Which of the following refers to a type of firewall that filters on a specific application's content and session information?
Application firewall
Which name is given to an exploit that allows a hacker to run any command-line function on a compromised system?
Arbitrary code execution
Which term describes portions of a software system that unauthenticated users can run?
Attack surface
Which of the following describes awareness?
Basic security training that focuses on common or basic security elements that all employees must know and abide by
Hackers can be deterred by defense methods that detect and evade. All of the following are defense methods, except which one?
Botnet army
Which term is used to describe a firewall that is implemented via software?
Bump-in-the-stack
Which of the following is an element of infrastructure design that takes into account the likelihood of a security breach by malicious code or some other intruder?
Compartmentalization
Which of the following is a form of exploitation in which the data on a DNS server is falsified so that subsequent responses to DNS resolution queries are incorrect?
DNS poisoning
Which term is a form of exploitation in which an unauthorized or rogue DNS server responds to DNS queries with false resolutions?
DNS spoofing
Which of the following refers to a form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on stored in a database of known malicious traffic and events? All traffic or events that match an item in the database are considered abnormal and potentially malicious.
Database-based detection
Which of the following refers to a form of attack that attempts to compromise availability?
Denial of service (DoS)
Which term describes a security stance that prevents all communications except those enabled by specific allow exceptions?
Deny by default/Allow by exception
Which of the following is similar to defense in depth and supports multiple layers of security?
Diversity of defense
Which term is used to describe the process of encasing one protocol or packet inside another protocol or packet?
Encapsulation
Which of the following is not a step in an incident response solution?
Evasion
A WAN domain refers to the authorized and authenticated remote access procedures for users to remotely access the organization's IT infrastructure, systems, and data.
False
A dual-homed firewall describes a firewall that has three network interfaces. Each network interface is located in a unique network segment. This allows for true isolation of the segments and forces the firewall to filter all traffic traversing from one segment to another.
False
A fail-open grants all users the minimum level of access and permission required to perform an assigned job task or responsibility.
False
A false negative is an event that triggers an alarm when the traffic or event is abnormal and/or malicious.
False
A hacker uses a valid IP address of an internal host, and then from an external system, the hacker attempts to establish a communication session with the internal host over a multitude of different ports. This is called internal code planting.
False
A passive threat seeks out vulnerable targets.
False
A personal firewall is an appliance firewall placed on the border or edge of an organization's network.
False
A public network is a very secure network.
False
An encrypted VPN link guarantees that the other end of the VPN connection is secure.
False
Denial of service (DoS) attacks cannot be detected by a firewall.
False
Deploy firewalls as quickly as possible.
False
Port forwarding supports caching, encryption endpoint, and load balancing.
False
Software firewalls cannot be bastion hosts.
False
The act of containment should not interrupt or interfere with the continued spread or operation of the unwanted event.
False
You should not keep ports 465 and 995 open.
False
You should wait at least a month before applying a patch or update from the vendor.
False
Your security strategy should never support encrypted communications across your network.
False
Which protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, is unencrypted and performs authentication and data transfer in plaintext?
File Transfer Protocol (FTP)
Which name is given to an entrance or exit point to a controlled space?
Gateway
Which term describes a VPN created between two individual hosts across a local or intermediary network?
Host-to-host VPN
Which of the following uses ICMP as a tunneling protocol?
Loki
Which of the following is a network mapper, port scanner, and OS fingerprinting tool that checks the state of ports, identifies targets, and probes services?
Nmap
Which of the following outbound ports is for HTTPS?
Port 443
Which of the following outbound ports is for DNS?
Port 53
Which term refers to a type of business telephone network?
Private Branch Exchange (PBX)
Which of the following steps of an incident response plan returns to the operation to normal?
Recovery
Which of the following is defined as the act of avoiding single points of failure by building in multiple elements, pathways, or methods of accomplishing each mission-critical task?
Redundancy
Which of the following describes caching?
Retention of Internet content by a proxy server
Which of the following is a technique for storing or copying log events to a centralized logging server?
Syslog
Which term describes the act of working from a home, remote, or mobile location while connecting into the employer's private network, often using a VPN?
Telecommuting
Which of the following is a double-blind encapsulation system that enables anonymous but not encrypted Internet communications?
The Onion Router (TOR)
Which of the following describes authentication?
The process of confirming the identity of a user
Which of the following is not a characteristic of a private address?
They are leased.
Which of the following is not true of VLANs?
They require a change of IP address or re-cabling.
Which of the following refers to a form of encryption also known as point-to-point or host-to-host encryption?
Transport mode encryption
A Security Technical Implementation Guide (STIGS) is a guideline, procedure, or recommendation manual.
True
A chokepoint is a form of bottleneck and is a single, controlled pathway between two different levels of network trust where a firewall or other filtering devices block or allow traffic based on a set of rules.
True
A circuit is a logical connection between a client and a resource server.
True
A digital envelope is a secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient.
True
A firewall can perform only the operations for which it is programmed, and the specifics of and the order of the rules that result in less access rather than greater access are: List specific Deny rules first, then the Allow exceptions, and always keep the default-deny rule last.
True
A firewall is a filtering device that enforces network security policy and protects the network against external attacks.
True
A firewall's vulnerability to DoS flooding is a limitation or weakness that you can't fix, improve, or repair by either upgrading the firewall or applying a patch.
True
A honeynet is a collection of multiple honeypots in a network for the purposes of luring and trapping hackers.
True
A hybrid attack combines dictionary attacks with brute force attacks.
True
A metacharacter is a character that has a special meaning assigned to it and is recognized as part of a scripting or programming language. Escaping metacharacters is a programmatic tactic to treat all characters as basic ASCII rather than as something with special meaning or purpose.
True
A private key is kept secret and used only by the intended entity.
True
A public IP address is any address that is valid for use on the Internet.
True
A software firewalls is a host firewall installed on a client or server.
True
Allowing every communication is a bad idea from a security standpoint as well as a productivity one.
True
Cost/benefit analysis is the final equation of risk analysis to assess the relative benefit of a counter-measure against the potential annual loss of a given asset exposed to a specific threat.
True
Encrypted data cannot be filtered by a firewall.
True
Hashing verifies data integrity by using algorithms to produce unique numbers from datasets known as hash values.
True
IPv4 can be encrypted using IP Security (IPSec) or other virtual private network (VPN) protocols.
True
If your home router is a wireless device, you should change the service set identifier (SSID) from the default setting.
True
Intrusion Detection System (IDS) is a security mechanism that detects unauthorized user activities, attacks, and network compromises.
True
Node security focuses on the tasks for each type of networking device to improve its security; it takes the generic recommendations of system hardening and expands them with additional node/host specific improvements.
True
Port 53 is one you should consider forwarding.
True
Redundant array of independent disks (RAID) is a disk set management technology that gains speed and fault tolerance.
True
Rule-set ordering is critical to the successful operation of firewall security.
True
SMTP is an Application Layer protocol used by e-mail clients to send messages to an e-mail server and is also used to relay messages between e-mail servers.
True
Simulator tests are secure by design.
True
Snort is an open-source, rule-based IDS that can detect firewall breaches.
True
Social engineering is the craft of manipulating people into performing tasks or releasing information that violates security.
True
The Containment phase of an incident response plan restrains further escalation of the incident.
True
To write a comprehensive security policy, you should first inventory and examine the components of the IT infrastructure.
True
Tunneling is the act of transmitting a protocol across an intermediary network by encapsulating it in another protocol.
True
Windows Firewall is a native operating system firewall.
True
Wireshark can be used in the absence of a firewall, with a firewall set to allow all traffic, or even in the presence of a firewall to inventory all traffic on the network.
True
Wireshark is a free packet capture, protocol analyzer, and sniffer that can analyze packets and frames as they enter or leave a firewall.
True
You should immediately terminate any communication found to take place without firewall filtering.
True
You should not automatically purchase the product your cost/benefit analysis says is the best option.
True
You should spend security funds somewhat evenly to secure the overall organization, rather than over-securing one area and neglecting another.
True
Which term describes encryption that protects the entire original IP packet's header and payload?
Tunnel mode encryption
Which of the following is not a firewall type?
Universal
Which of the following is not an ISP connection?
pfSense