cist2611 quizzes

Which of the following describes a banner?

A message sent by a service in response to a valid or invalid query. Its function is to confirm communication is functioning properly or to announce an error.

Which of the following describes optical carrier (OC)?

A network carrier line—often leased or dedicated—which uses fiber optic cables for high-speed connections

Which of the following describes a BYOD?

A policy allowing or encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks

Which of the following describes dynamic packet filtering?

A process that automatically creates temporary filters. In most cases, the filters allow inbound responses to previous outbound requests.

Which of the following describes write-once read-many (WORM)?

A storage device that can be written to once, but once written cannot be electronically altered

Which of the following describes a blacklist?

A type of filtering in which all activities or entities are permitted except those identified

Which of the following is a form of threat that takes some type of initiative to seek out a target to compromise?

Active threat

Which term is used to describe a feature added to the NTFS file system to support files from POSIX, OS/2, and Macintosh?

Alternate data stream (ADS)

Which of the following describes separation of duties?

An administrative rule whereby no single individual possesses sufficient rights to perform certain actions

Which of the following characteristics relates to a distributed Denial of Service (DDoS) attack?

An attack that uses multiple remotely controlled software agents disseminated across the Internet

Which of the following refers to a type of firewall that filters on a specific application's content and session information?

Application firewall

Which name is given to an exploit that allows a hacker to run any command-line function on a compromised system?

Arbitrary code execution

Which term describes portions of a software system that unauthenticated users can run?

Attack surface

Which of the following describes awareness?

Basic security training that focuses on common or basic security elements that all employees must know and abide by

Hackers can be deterred by defense methods that detect and evade. All of the following are defense methods, except which one?

Botnet army

Which term is used to describe a firewall that is implemented via software?

Bump-in-the-stack

Which of the following is an element of infrastructure design that takes into account the likelihood of a security breach by malicious code or some other intruder?

Compartmentalization

Which of the following is a form of exploitation in which the data on a DNS server is falsified so that subsequent responses to DNS resolution queries are incorrect?

DNS poisoning

Which term is a form of exploitation in which an unauthorized or rogue DNS server responds to DNS queries with false resolutions?

DNS spoofing

Which of the following refers to a form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on stored in a database of known malicious traffic and events? All traffic or events that match an item in the database are considered abnormal and potentially malicious.

Database-based detection

Which of the following refers to a form of attack that attempts to compromise availability?

Denial of service (DoS)

Which term describes a security stance that prevents all communications except those enabled by specific allow exceptions?

Deny by default/Allow by exception

Which of the following is similar to defense in depth and supports multiple layers of security?

Diversity of defense

Which term is used to describe the process of encasing one protocol or packet inside another protocol or packet?

Encapsulation

Which of the following is not a step in an incident response solution?

Evasion

A WAN domain refers to the authorized and authenticated remote access procedures for users to remotely access the organization's IT infrastructure, systems, and data.

False

A dual-homed firewall describes a firewall that has three network interfaces. Each network interface is located in a unique network segment. This allows for true isolation of the segments and forces the firewall to filter all traffic traversing from one segment to another.

False

A fail-open grants all users the minimum level of access and permission required to perform an assigned job task or responsibility.

False

A false negative is an event that triggers an alarm when the traffic or event is abnormal and/or malicious.

False

A hacker uses a valid IP address of an internal host, and then from an external system, the hacker attempts to establish a communication session with the internal host over a multitude of different ports. This is called internal code planting.

False

A passive threat seeks out vulnerable targets.

False

A personal firewall is an appliance firewall placed on the border or edge of an organization's network.

False

A public network is a very secure network.

False

An encrypted VPN link guarantees that the other end of the VPN connection is secure.

False

Denial of service (DoS) attacks cannot be detected by a firewall.

False

Deploy firewalls as quickly as possible.

False

Port forwarding supports caching, encryption endpoint, and load balancing.

False

Software firewalls cannot be bastion hosts.

False

The act of containment should not interrupt or interfere with the continued spread or operation of the unwanted event.

False

You should not keep ports 465 and 995 open.

False

You should wait at least a month before applying a patch or update from the vendor.

False

Your security strategy should never support encrypted communications across your network.

False

Which protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, is unencrypted and performs authentication and data transfer in plaintext?

File Transfer Protocol (FTP)

Which name is given to an entrance or exit point to a controlled space?

Gateway

Which term describes a VPN created between two individual hosts across a local or intermediary network?

Host-to-host VPN

Which of the following uses ICMP as a tunneling protocol?

Loki

Which of the following is a network mapper, port scanner, and OS fingerprinting tool that checks the state of ports, identifies targets, and probes services?

Nmap

Which of the following outbound ports is for HTTPS?

Port 443

Which of the following outbound ports is for DNS?

Port 53

Which term refers to a type of business telephone network?

Private Branch Exchange (PBX)

Which of the following steps of an incident response plan returns to the operation to normal?

Recovery

Which of the following is defined as the act of avoiding single points of failure by building in multiple elements, pathways, or methods of accomplishing each mission-critical task?

Redundancy

Which of the following describes caching?

Retention of Internet content by a proxy server

Which of the following is a technique for storing or copying log events to a centralized logging server?

Syslog

Which term describes the act of working from a home, remote, or mobile location while connecting into the employer's private network, often using a VPN?

Telecommuting

Which of the following is a double-blind encapsulation system that enables anonymous but not encrypted Internet communications?

The Onion Router (TOR)

Which of the following describes authentication?

The process of confirming the identity of a user

Which of the following is not a characteristic of a private address?

They are leased.

Which of the following is not true of VLANs?

They require a change of IP address or re-cabling.

Which of the following refers to a form of encryption also known as point-to-point or host-to-host encryption?

Transport mode encryption

A Security Technical Implementation Guide (STIGS) is a guideline, procedure, or recommendation manual.

True

A chokepoint is a form of bottleneck and is a single, controlled pathway between two different levels of network trust where a firewall or other filtering devices block or allow traffic based on a set of rules.

True

A circuit is a logical connection between a client and a resource server.

True

A digital envelope is a secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient.

True

A firewall can perform only the operations for which it is programmed, and the specifics of and the order of the rules that result in less access rather than greater access are: List specific Deny rules first, then the Allow exceptions, and always keep the default-deny rule last.

True

A firewall is a filtering device that enforces network security policy and protects the network against external attacks.

True

A firewall's vulnerability to DoS flooding is a limitation or weakness that you can't fix, improve, or repair by either upgrading the firewall or applying a patch.

True

A honeynet is a collection of multiple honeypots in a network for the purposes of luring and trapping hackers.

True

A hybrid attack combines dictionary attacks with brute force attacks.

True

A metacharacter is a character that has a special meaning assigned to it and is recognized as part of a scripting or programming language. Escaping metacharacters is a programmatic tactic to treat all characters as basic ASCII rather than as something with special meaning or purpose.

True

A private key is kept secret and used only by the intended entity.

True

A public IP address is any address that is valid for use on the Internet.

True

A software firewalls is a host firewall installed on a client or server.

True

Allowing every communication is a bad idea from a security standpoint as well as a productivity one.

True

Cost/benefit analysis is the final equation of risk analysis to assess the relative benefit of a counter-measure against the potential annual loss of a given asset exposed to a specific threat.

True

Encrypted data cannot be filtered by a firewall.

True

Hashing verifies data integrity by using algorithms to produce unique numbers from datasets known as hash values.

True

IPv4 can be encrypted using IP Security (IPSec) or other virtual private network (VPN) protocols.

True

If your home router is a wireless device, you should change the service set identifier (SSID) from the default setting.

True

Intrusion Detection System (IDS) is a security mechanism that detects unauthorized user activities, attacks, and network compromises.

True

Node security focuses on the tasks for each type of networking device to improve its security; it takes the generic recommendations of system hardening and expands them with additional node/host specific improvements.

True

Port 53 is one you should consider forwarding.

True

Redundant array of independent disks (RAID) is a disk set management technology that gains speed and fault tolerance.

True

Rule-set ordering is critical to the successful operation of firewall security.

True

SMTP is an Application Layer protocol used by e-mail clients to send messages to an e-mail server and is also used to relay messages between e-mail servers.

True

Simulator tests are secure by design.

True

Snort is an open-source, rule-based IDS that can detect firewall breaches.

True

Social engineering is the craft of manipulating people into performing tasks or releasing information that violates security.

True

The Containment phase of an incident response plan restrains further escalation of the incident.

True

To write a comprehensive security policy, you should first inventory and examine the components of the IT infrastructure.

True

Tunneling is the act of transmitting a protocol across an intermediary network by encapsulating it in another protocol.

True

Windows Firewall is a native operating system firewall.

True

Wireshark can be used in the absence of a firewall, with a firewall set to allow all traffic, or even in the presence of a firewall to inventory all traffic on the network.

True

Wireshark is a free packet capture, protocol analyzer, and sniffer that can analyze packets and frames as they enter or leave a firewall.

True

You should immediately terminate any communication found to take place without firewall filtering.

True

You should not automatically purchase the product your cost/benefit analysis says is the best option.

True

You should spend security funds somewhat evenly to secure the overall organization, rather than over-securing one area and neglecting another.

True

Which term describes encryption that protects the entire original IP packet's header and payload?

Tunnel mode encryption

Which of the following is not a firewall type?

Universal

Which of the following is not an ISP connection?

pfSense