Final
(p. 602) Which port is used by SSMTP?
C. TCP port 465
(p. 546-547) Which term refers to a type of an attack where an attacker spoofs addresses and imposes their packets in the middle of an existing connection?
>A. Spoofing
(p. 571) Which TCP port does SMTP use by default?
A. 25
(p. 426) What does a host-based IDS monitor?
A. Activity on an individual system
(p. 634) Which term refers to the process by which application programs manipulate strings to a base form, creating a foundational representation of the input?
A. Canonicalization
(p. 439) What is an advantage of a host-based IDS?
A. It can reduce false-positive rates.
(p. 464-465) Which protection ring has the highest privilege level and acts directly with the physical hardware?
A. Ring 0
(p. 533) Which term refers to a form of malware that is specifically designed to modify the operation of the operating system in some fashion to facilitate nonstandard functionality?
A. Rootkit
(p. 571) Which of the following is a primary e-mail protocol?
A. SMTP
(p. 547) The process of taking control of an already existing session between a client and a server is known as __________.
A. TCP/IP hijacking
(p. 644) A(n) __________ outlines the proper settings and configurations for an application or set of applications.
A. application configuration baseline
(p. 582) The two main places to filter spam are at the __________.
A. host itself and the server
(p. 554) DNS __________ is a variant of a larger attack class referred to as DNS spoofing, in which an attacker changes a DNS record through any of a multitude of means.
A. poisoning
(p. 541) The term __________ refers the unauthorized scanning for and connecting to wireless access points, frequently done while driving near a facility.
A. war-driving
(p. 625) What does the term spiral method refer to?
B. A software engineering process category
(p. 615) Which term describes a piece of code that is distributed to allow additional functionality to be added to an existing program?
B. Add-on
(p. 434) What is an advantage of a network-based IDS?he difference between misuse and anomaly IDS models is
B. An IDS coverage requires fewer systems.
(p. 426) Which component of an IDS examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database?
B. Analysis engine
(p. 564) What term refers to the process of assessing the state of an organization's security compared against an established standard?
B. Auditing
(p. 461) What term refers to the process of establishing a system's operational state?
B. Baselining
(p. 618) Which attack is a code injection attack in which an attacker sends code in response to an input request?
B. Cross-site scripting attack
(p. 628) Which phase of the secure development lifecycle model is concerned with minimizing the attack surface area?
B. Design phase
(p. 597) Which cryptographic protocols can be used by SSL/TLS?
B. Diffie-Hellman and RSA
(p. 601) Which protocol is used for the transfer of hyperlinked data over the Internet, from web servers to browsers?
B. HTTP
(p. 479) What command stops a service in UNIX?
B. Kill
(p. 661) Which strategy has the goal of defining the requirements for business continuity?
B. Recovery time objective (RTO)
(p. 604) When using Secure FTP (SFTP) for confidential transfer, what protocol is combined with FTP to accomplish this task?
B. Secure Shell (SSH)
(p. 435) Which tool has been the de facto standard IDS engine since its creation in 1998?
B. Snort
(p. 669) substitutions in the event that the primary person is not available to fulfill their assigned duties?
B. Succession planning
(p. 516) __________ technologies involve the miniaturization of the various circuits needed for a working computer system.
B. System on a Chip (SoC)
(p. 601) Which port does HTTP traffic travel over by default?
B. TCP port 80
(p. 538) SYN flooding is an example of a __________.
B. denial-of-service attack
(p. 589) Few instant messaging programs currently support __________.
B. encryption
(p. 582) One of the steps that the majority of system administrators running Internet e-mail servers have taken to reduce spam is to shut down __________.
B. mail relaying
(p. 542) A __________ is a software or hardware device that is used to observe traffic as it passes through a network on shared broadcast media.
B. network sniffer
(p. 465) The security kernel is also known as a __________.
B. reference monitor
(p. 558) An attack that takes advantage of bugs or weaknesses in the software is referred to as __________.
B. software exploitation
(p. 571) . Which TCP port does IMAP use by default?
C. 143
(p. 442) How does an IPS differ from an IDS?
C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert.
(p. 484) Which product filters out junk e-mail?
C. Antispam
(p. 577) What was the primary reason for the spread of the ILOVEYOU worm?
C. Automatic execution, such as Microsoft Outlook's preview pane.
(p. 602) Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present?
C. HTTPS Everywhere
(p. 574) Which protocol allows the exchange of different kinds of data across text-based e-mail systems?
C. MIME
(p. 451) Which tool is designed to probe a system for open ports?
C. Port scanner
(p. 640) Which type of attack can be used to execute arbitrary commands in a database?
C. SQL injection
(p. 575) Unsolicited commercial e-mail is known as __________.
C. Spam
(p. 473) Windows Server 2016 replaced the traditional ROM-BIOS with the __________.
C. Unified Extensible Firmware Interface (UEFI)
(p. 456) Which advanced malware tool assists security engineers in hunting down malware infections based on artifacts that the malware leaves behind in memory?
C. Yara
(p. 444) A honeypot is sometimes called a(n) __________.
C. digital sandbox
(p. 587) In PGP, the content is encrypted with the generated __________ key.
C. shared key
(p. 478) In a UNIX operating system, which runlevel reboots the machine?
D. 6
(p. 609) Which term is a means of signing an ActiveX control so that a user can judge trust based on the control's creator?
D. Authenticode
(p. 662) Which backup requires a small amount of space and is considered to have a complex restoration process?
D. Delta
(p. 657) Which plan defines the data and resources necessary and the steps required to restore critical organizational processes?
D. Disaster recovery plan (DRP)
(p. 604) Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection?
D. FTP
(p. 595) What application is associated with TCP Ports 989 and 990?
D. FTPS
(p. 662) Which backup technique requires a large amount of space and is considered to have a simple restoration process?
D. Full
(p. 649) Which type of testing involves running the system under a controlled speed environment?
D. Load testing
(p. 470) Which term refers to the quarantine or isolation of a system from its surroundings?
D. Sandboxing
(p. 446) __________ systems are a combination of hardware and software designed to classify and analyze security data from numerous sources.
D. Security information and event management (SIEM)
(p. 632) In which phase of the secure development lifecycle model would you employ use cases?
D. Testing phase
(p. 649) Which term refers to the process of checking whether the program specification captures the requirements from the customer?
D. Validation
(p. 450) Which of the following is a popular, open source protocol analyzer?
D. Wireshark
(p. 511) The process of attempting to break a cryptographic system is called __________.
D. cryptanalysis
(p. 528) The term __________ refers to software that has been designed for some nefarious purpose.
D. malware
(Pg 596) TLS is dead and SSL is the path forward.
False
(Pg 598) Certificates vouch for code security.
False
(Pg 604) FTP encrypts traffic by default.
False
(Pg 608) JavaScript is part of the Java environment.
False
(Pg 661) Backups can prevent a security event from occurring.
False
(Pg 663) The archive bit is cleared in a differential backup.
False
(p. 426) Network-based IDS (NIDS) examines activity on a system, such as a mail server or web server.
False
(p. 430) Hostile activity that does not match an IDS signature and goes undetected is called a false positive.
False
(p. 448) Performing cloud-based data loss prevention (DLP) is as simple as moving the enterprise edge methodology to the cloud.
False
(pg 467-468) Service pack is the term given to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks.
False
(pg 527) Defense against attack begins by eliminating threats.
False
(pg 531) A worm is malicious code that has to attach itself to something else to survive.
False
(pg 558) . A birthday attack is a type of logic bomb virus that releases its payload on some famous person's birthday, such as Michelangelo.
False
(pg 582) With the availability of DNS blacklisting, pattern matching is no longer utilized for filtering spam.
False
(pg 584) Sender Policy Framework (SPF) validates the receiving address of the e-mail.
False
(pg 625) The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.
False
(pg 629) Least privilege refers to removing all controls from a system.
False
(pg 631) The generation of a real random number is a trivial task.
False
(pg 637) Buffer overflow is one of the most common web attack methodologies.
False
(pg 650) Compilers create runtime code that can be executed via an interpreter engine, like a Java virtual machine (JVM), on a computer system.
False
(Pg 668) A major focus of the disaster recovery plan (DRP) is the protection of human life.
True
(Pg 672) The interruption of power is a common issue during a disaster.
True
(Pg 678) RAID increases reliability through the use of redundancy.
True
(p. 442) Traffic that is encrypted will typically pass by an intrusion prevention system untouched.
True
(pg 477) General UNIX baselining follows similar concepts as baselining for Windows OSs.
True
(pg 485) Windows Defender is now standard with all versions of the Windows desktop operating systems.
True
(pg 501) Protecting data while in use is a much trickier proposition than protecting it in transit or in storage.
True
(pg 506) Snapshots are instantaneous save points in time on virtual machines.
True
(pg 527) Perpetrating some sort of electronic fraud is one reason a specific system might be targeted for attack.
True
(pg 562) Shimming is the process of putting a layer of code between the driver and the operating system.
True
(pg 571) Most e-mail is sent in plaintext, providing no privacy in its default form.
True
(pg 585) S/MIME uses the X.509 format for certificates
True
(pg 578) Hoax e-mails can have a real impact on bandwidth
True
(p. 429) Context-based signatures match a pattern of activity based on the other activity around it, such as a port
True
(Pg 616) A signed applet can be hijacked.
True
