CNG 133 Final

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of the following methods is available as an add-in for most email clients? A) PGP B) DES C) RSA D) Caesar cipher

A) PGP

Sending an email that claims to come from a different sender, and asking for sensitive data is an example of ___________. A) Social engineering B) None of these C) Phishing D) Key logging

A) Social engineering

Which U.S. government agency created the distributed network that formed the basis for the Internet? A) Central Intelligence Agency B) Advanced Research Projects Agency C) Department of Energy D) NASA

B) Advanced Research Projects Agency

Which of these is a repository of security-related documentation and also sponsors a number of security research projects? A) Microsoft Security Advisor B) SANS Institute C) F-Secure D) Computer Emergency Response Team

B) SANS Institute

Where would you go to find various state sex offender registries? A) The national sex offender online database B) The FBI website C) The special victims' unit website D) The interstate online sex offender database

B) The FBI website

One tool used for a denial-of-service attack is ______________. A) Linux B) Tribal Flood Network C) UDP D) None of these

B) Tribal Flood Network

With _____, an attacker injects client-side script into web pages viewed by other users. A- SQL injection B- Cross-Site Scripting C- Scanning D- Port detection

B- Cross-Site Scripting

What is being configured in the browser settings in the following figure? Figure A A- Harassment settings B- Privacy settings C- Phishing settings D- Safe browsing settings

B- Privacy settings

Copies of __________ virus are created in the Windows System directory as #_up.exe. A- Stuxnet B- Sasser C- TrojanAB D- MiMail

B- Sasser

In Windows the log that contains events collected from remote computers is the ____________ log. A) Application B) Applications and services C) ForwardedEvents D) System

C) ForwardedEvents

If you experience a denial-of-service attack, you can use firewall logs to determine the _______ from which the attack originated. A) Computer operating system B) Computer manufacturer C) IP address D) None of these

C) IP address

_______ theft and _______ fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception. A) Cyber B) None of these C) Identity D) Neutral

C) Identity

Why do you not want too much personal data about you on the Internet? A) There is no reason to worry about personal information on the Internet. B) It might be used by a potential employer to find out more about you. C) It might be used by an identity thief to impersonate you. D) It might reveal embarrassing facts about you.

C) It might be used by an identity thief to impersonate you.

The simplest form of firewall is a(n) ____________ firewall. A) Circuit-level gateway B) Domain gateway C) Packet Filtering D) Application gateway

C) Packet Filtering

Although the Cyberterrorism Preparedness Act of 2002 was not passed, many of its goals were addressed by the ___________. A) CIA B) Pentagon C) Patriot Act D)None of these

C) Patriot Act

Question 16 :Firewall ______ is a tool that can provide information after an incident has occurred. A) Scanning B) Port detection C) None of these D) Logging

D) Logging

The virus/worm that specifically targets Macintosh computers is ________. A) None of these B) W32/Netsky-P C) Troj/Invo-Zip D) MacDefender

D) MacDefender

With a(n) _________ scan, if the port is closed, the response is an RST. If the port is open, the response is a SYN/ACK. A) ACK B) FIN C) XMAS D) SYN

D) SYN

Micro blocks, SYN cookies, RST cookies, and stack tweaking are defenses against ______. A) None of these B) Viruses C) Phishing D) TCP SYN flood attacks

D) TCP SYN flood attacks

What is most important to learn about a person listed in a sex offender registry? A) The extent of his punishment B) How old she was when she committed her crime C) How long he has been out of prison D) The nature of her specific crime

D) The nature of her specific crime

Which of the following is not an example of financial loss due to cyber terrorism? A) Damage to facilities including computers B) Computer fraud C) Lost data D) Transferring money from accounts

D) Transferring money from accounts

One way to protect yourself on auction sites is? A) None of these. B) Bid early in the process. C) Bid late in the process. D) Use a separate credit card with a low limit.

D) Use a separate credit card with a low limit.

The most common way for a virus to spread is by __________. A) None of these B) Locating Linux machines C) Scanning your computer for network connections and copying itself to other machines on the network D) Use of your email contacts

D) Use of your email contacts

VI (value of information) = C (cost to produce) + ___________. A) VL (value lost) B) MU (markup) C) GM (gross margin) D) VG (value gained)

D) VG (value gained)

McAfee and Norton are examples of ________. A) Trojan horses B) Worms C) Viruses D) Virus scanners

D) Virus scanners

What search engine can be used to find details about someone in the US? A) Infobel B) The National Center for State Courts Website C) Google Groups D) Yahoo! People Search

D) Yahoo! People Search

What is the name of the Standard Linux command that is also available as a Windows application that can be used to create bitstream images and make a forensic copy? A) mcopy B) image C) MD5 D) dd

D) dd

Which of the following would be most important to know about a potential business partner? A- Past bankruptcies B- A lawsuit from a former business partner C- A recent DUI D- All of these

D- All of these

Which of the following agencies has allegedly had one of its cyber spies caught? A- NSA B- KGB C- FBI D- CIA

D- CIA

Scanning bulletin boards, making phony phone calls, and visiting websites by a hacker are examples of _________. A- Phreaking B- Scouring C- Active scanning D- Passive scanning

D- Passive scanning

Which of the following is the process to try to induce someone to provide you with personal information? A- Licensing B-Cyberstalking C- Looping D- Phishing

D- Phishing

________ refers to unencrypted text. A- Key B- Cipher text C- Algorithm D- Plain text

D- Plain text

A ____________ hides the internal network's IP address and presents a single IP address to the outside world. A- Intrusion detection system B- Network Monitor C- Firewall D- Proxy server

D- Proxy server

The virus that infected Iranian nuclear facilities was exploiting a vulnerability in SCADA systems. A- Persian B- None of these C- MyDoom D- Stuxnet

D- Stuxnet

A ________ invites attackers and lures them into breaking into a system, while deviating their attention from target systems. A) Cloud drive B) Sandbox C) Honeypot D) Deep box

B) Sandbox

A file that stays in memory after it executes is a(n) _____________. A) Bug B) Terminate and Stay Resident program C) Executable D) Text file

B) Terminate and Stay Resident program

Internet addresses of the form www.google.com is known as what? A) User-friendly web addresses B) Uniform resource locators C) User-accessible web addresses D) Uniform address identifiers

B) Uniform resource locators

At a minimum, a security audit should________________. A- Check security logs and personnel records of those in secure positions B- All of these C- Review system patching and security policies D- Probe ports for flaws

B- All of these

Using the _________ cipher you select multiple numbers by which to shift letters. A- Multi-alphabet substitution B- ASCII C- DC4 D- Caesar

A- Multi-alphabet substitution

Which defensive technique involves altering the TCP stack on the server so that it will take less time to timeout when a SYN connection is left incomplete? A- Stack tweaking B- None of these C- SYN cookies D- RST cookies

A- Stack tweaking

What encryption algorithms are used by WEP and WPA? A) RC4 and DES B) RC4 and 3DES C) RC4 and AES D) RC3 and AES

C) RC4 and AES

The command-line command to instruct the ping utility to send packets until explicitly told to stop is ping ____. A) -s B) -t C) -u D) None of these

B) -t

Which country is described by experts as having the strictest cybercrime laws? A) None of these B) United States C) Russia D) France

A) None of these

Which of the following is the most accurate description of Usenet? A) A global collection of bulletin boards B) A large-scale chat room C) A repository of computer security information D) A nationwide bulletin board

A) A global collection of bulletin boards

_______ is a free tool that can be used to recover Windows files. A) DiskDigger B) FileRecover C) None of these D) SearchIt

A) DiskDigger

Which of the following is one way to protect yourself against identity theft? A) Do not provide personal information to anyone unless it is absolutely necessary. B) None of these. C) Use Windows as your operating system. D) Use Firefox as your web browse

A) Do not provide personal information to anyone unless it is absolutely necessary.

Nmap enables you to set ________ such as -sP, -sS, and -oA. A) Flags B) Parameters C) None of these D) Switches

A) Flags

The process to make a system as secure as it can be without adding on specialized software or equipment is _______________ A) Hardening B) Routing C) None of these D) Securitizing

A) Hardening

In 1996 a hacker allegedly associated with the white supremacist movement temporarily disabled a ___________ ISP. A) Massachusetts B) None of these C) Sri Lankan D) New York

A) Massachusetts

The virus/worm that collected email addresses from your address book and from other documents on your machine was the ________ virus. A) Mimail B) None of these C) Nonvirus D) Bagle

A) Mimail

The company whose chief executive officer was indicted for copyright infringement of allegedly stealing technology from D-Link, which was one of its own customers, was _________. A) None of these B) VIA C) Interactive Television Technologies, Inc. D) General Motors

A) None of these

Which would you use to begin a search for information on a United States court case? A) The National Center for State Courts Website B) Google Groups C) Yahoo! People Search D) Infobel

A) The National Center for State Courts Website

The TCP protocol operates at what layer of the OSI model? A) Transport B) Data link C) Network D) Application

A) Transport

The joint task force representing components of all four U.S armed services is the ____________. A) U.S. Cyber Command B) Patriot Command C) Cyber Terror Association D) None of these

A) U.S. Cyber Command

It would be advisable to obtain __________ before running a background check on any person. A) Written permission B) None of these C) A Social Security number D) An IP address

A) Written permission

Using Linux to wipe the target drive, the command-line command would be ___ A) dd B) cc C) md5sum D) nd

A) dd

During the ___________ War, Western democracies invested time and money for radio broadcasts into communist nations. A- Cold B- Vietnam C- Korean D -None of these

A- Cold

A good password has at least ______ characters. A) 6 B) 8 C) 10 D) 15

B) 8

What is the rule about ports? A) Block ICMP packets. B) Block all unused ports. C) Block all nonstandard ports. D) Block all incoming ports.

B) Block all unused ports.

A propaganda agent can manage multiple online personalities, posting to many different _____________. A) Discussion groups and email accounts B) Bulletin boards and discussion groups C) Bulletin boards and email accounts D) None of these

B) Bulletin boards and discussion groups

Which web search approach is best when checking criminal backgrounds? A) Check as many places as might have information. B) Check the current and previous state of residence. C) Check primarily federal records. D) Check primarily the person's state of residence.

B) Check the current and previous state of residence.

_________ can include logs, portable storage, emails, tablets, and cell phones. A) None of these B) Computer evidence C) Ancillary hardware D) Network devices

B) Computer evidence

A black hat hacker is also called a ___________. A) Sneaker B) Cracker C) Thief D) None of these

B) Cracker

Which TCP/IP protocol operates on port 53 and translates URLs into Web addresses? A) FTP B) DNS C) HTTP D) SMTP

B) DNS

Which of the following is a cyber-attack that would likely cause imminent loss of life? A) Disruption of security systems B) Disruption of chemical plant control systems C) Disruption of banking system D) Disruption of water

B) Disruption of chemical plant control systems

______________ is the process to scramble a message or other information so that it cannot be easily read. A) Cryptography B) Encryption C) Decryption D) Keying

B) Encryption

A(n) ______ is a basic security device that filters traffic and is a barrier between a network and the outside world or between a system and other systems. A) Network Monitor B) Firewall C) Proxy server D) Intrusion detection system

B) Firewall

Which of these is NOT one of the two basic types of cryptography? A) All of these B) Forward C) Symmetric D) Asymmetric

B) Forward

Question 22 :Giving personnel access to only data that they absolutely need to perform their jobs is referred to as _________. A) Job rotation B) Least privilege C) None of these D) Business continuation planning

B) Least privilege

When an employee leaves, all _______ should be terminated. A) Desktops B) Logins C) Web histories D) Passwords

B) Logins

_________ is a popular tool for cracking Windows passwords. A) Sid2User B) OphCrack C) Netcat D) Cheops

B) OphCrack

Testing an organization's security is known as ________ testing. A) Location B) Penetration C) None of these D) Virus

B) Penetration

Which Nmap flag can be used for Xmas tree scan? A) -O B) None of these C) -sX D) -sL

C) -sX

The conflict between the user's goal for unfettered access to data and the security administrator's goal to protect that data is an issue of ______________. A) Social engineering B) System administration C) Access control D) Password protection

C) Access control

What is APT? A) Advanced Persistent Trojan B) Always Possible Threat C) Advanced Persistent Threats D) Advanced Permanent Theory

C) Advanced Persistent Threats

Question 19 :The process to list assets that you believe support your organization is called ________. A) Organizational charting B) Business planning C) Asset identification D) Making a balance sheet

C) Asset identification

Why may protecting against Trojan horse attacks reduce DoS attacks? A) Because a Trojan horse will often open ports allowing a DoS attack B) Because a Trojan horse attacks in much the same way as a DoS attack C) Because many denial of service attacks are conducted by using a Trojan horse to get an unsuspecting machine to execute the DoS D) Because if you can stop a Trojan horse attack, you will also stop DoS attacks

C) Because many denial of service attacks are conducted by using a Trojan horse to get an unsuspecting machine to execute the DoS

Which layer of the OSI model is divided into two sublayers? A) Presentation B) Session C) Data link D) Network

C) Data link

What attack is in progress in the following figure? A) Flooding attack B) None of these C) DoS attack D) UDP attack

C) DoS attack

In which firewall configuration is the firewall running on a server with at least two network interfaces? A) Screened host B) Network host-based C) Dual-homed host D) Router-based

C) Dual-homed host

Investing with well-known, reputable brokers protects against what? A) Identity theft B) Online fraud C) Investment fraud D) Phishing

C) Investment fraud

Someone who calls himself a hacker but lacks the expertise is a ________. A) White hat hacker B) Black hat hacker C) Script kiddy D) Sneaker

C) Script kiddy

There have been cases of mistaken identity with _________lists. A) None of these B) Computer hardware C) Sex offender D) Voter registration

C) Sex offender

Firefox and Internet Explorer are examples of ____________. A) Proxy servers B) Cookies C) Web browsers D) Websites

C) Web browsers

Someone who abides the law but can turn into a malicious actor to gain access to a system to cause harm is known as a __________? A- White hat hacker B- Black hat hacker C- Gray hat hacker D- Red hat hacker

C- Gray hat hacker

CIA explains the three pillars of security. What does 'I' stand for in CIA? A- Intermission B- Information C- Integrity D- Intermittent

C- Integrity

What are the six Ps of security? A- Ports, patch, probe, physical, privacy, policies B- Patch, ports, personnel, privacy, protect, policies C- Patch, ports, protect, policies, probe, physical D- Physical, privacy, patch, ports, probe, protect

C- Patch, ports, protect, policies, probe, physical

Any legitimate security professional will not mind giving? A- References, Permission to check house condition, and criminal background B- References, Permission to check credit history, and car plate C- References, Permission to check credit history, and criminal background D- All of these

C- References, Permission to check credit history, and criminal background

The rule that packets not originating from inside your LAN should not be forwarded relates to ___________. A- Servers B- Workstations C- Routers D- Web servers

C- Routers

The Linux log file that can reveal attempts to break into the system is ___________. A) /var/log/apport.log B) /var/log/lighttpd/* C) /var/log/apache2/* D) /var/log/faillog

D) /var/log/faillog

The Linux log file that can reveal attempts to compromise the web server is ______________. A) /var/log/apache2/* B) /var/log/kern.log C) /var/log/apport.log D) /var/log/lighttpd/*

D) /var/log/lighttpd/*

What is BCP? A) Business Completion Plan B) Business and Continuity Processes C) Business Continuity Practice D) Business Continuity Plan

D) Business Continuity Plan

Using the __________ cipher you choose some number by which to shift each letter of a text. A) Multi-alphabet substitution B) DES C) DC4 D) Caesar

D) Caesar

Which TCP/IP protocol operates on port 80 and displays web pages? A) SMTP B) FTP C) DNS D) HTTP

D) HTTP

Which of these could be considered a course of conduct directed at a specific person that causes substantial emotional distress in such person and serves no legitimate purpose? A) Browsing B) Phishing C) None of these D) Harassment

D) Harassment

The principal that users have access to only network resources when an administrator explicitly grants them is called ___________. A) Least privilege B) Separation of duty C) Job rotation D) Implicit deny

D) Implicit deny

The I Love You virus caused harm because ________. A) None of these. B) It had a negative payload. C) It erased data on computers. D) It generated large numbers of emails that bogged down many networks.

D) It generated large numbers of emails that bogged down many networks.

If you fail to handle evidence properly ___________. A) Law enforcement may not look at it. B) None of these. C) You may damage the hard drive. D) It may be unusable in court.

D) It may be unusable in court.

The virus scanning technique that means you have a separate area isolated from the operating system in which a file is run, so it won't infect the system is ________. A) Heuristic B) Updates C) Signatures D) Sandbox

D) Sandbox

Quick Stego and Invisible Secrets are two software tools that can be used for __________. A) Port scanning B) None of these C) Key logging D) Steganography

D) Steganography


Set pelajaran terkait

Chapter 11 Implementing Policies to Mitigate Risks

View Set

Psychology 103 - Motivation/Emotion

View Set