quizzes (2) 5320
Which protocol is a short-range wireless protocol typically used on small devices such as mobile phones?
Bluetooth
Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection?
FTP
________________ is an application-level protocol that operates over a wide range of lower-level protocols.
File Transfer Protocol
Which authentication standard supports port-based authentication services between a user and an authorization device, such as an edge router?
IEEE 802.1X
How do most advanced persistent threats (APTs) begin?
Most APTs begin through a phishing or spear phishing attack.
What tool is the protocol/standard for the collection of network metadata on the flows of network traffic?
NetFlow
Which browser plug-in allows the user to determine which domains have trusted scripts?
NoScript
Which indicator of compromise (IOC) standard is an open source initiative established by Mandiant that is designed to facilitate rapid communication of specific threat information associated with known threats?
OpenIOC
Which RAID configuration, known as byte-striped with error check, spreads the data across multiple disks at the byte level with one disk dedicated to parity bits?
RAID 3
Which RAID configuration, known as block-striped with error check, is a commonly used method that stripes the data at the block level and spreads the parity data across the drives?
RAID 5
Which attack works on both SSL and TLS by transparently converting the secure HTTPS connection into a plain HTTP connection, removing the transport layer encryption protections?
SSL stripping attack
What are the three types of accounting records in TACACS+?
START, STOP & UPDATE
Which statement describes the primary purpose of JavaScript?
The primary purpose of JavaScript is to enable features such as validation of forms before they are submitted to the server.
What is the goal of TCP?
To send an unauthenticated, error-free stream of information between two computers.
______ is a standardized schema for the communication of observed data from the operational domain.
cyber observable eXpression
Which backup requires a small amount of space and is considered to have a complex restoration process?
delta
What type of evidence is used to aid a jury and may be in the form of a model, experiment, chart, and so on, to indicate that an event occurred?
demonstrative evidence
A(n) ____________________ attack is an attack designed to prevent a system or service from functioning normally.
denial-of-service attack
A honeypot is sometimes called a(n) __________.
digital sandbox
Which plan defines the data and resources necessary and the steps required to restore critical organizational processes?
disaster recovery plan (DRP)
Clusters that are marked by the operating system as usable when needed are referred to as __________.
freespace
Which backup technique requires a large amount of space and is considered to have a simple restoration process?
full
The hashing algorithm applies mathematical operations to a data stream (or file) to calculate some number, the ____________________, that is unique based on the information contained in the data stream (or file).
hash
Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, falls under which rule of evidence?
hearsay rule
A(n) ____________________ is an artificial environment where attackers can be contained and observed, without putting real systems at risk.
honeypot
___________ is a term used to describe the steps an organization performs in response to any situation determined to be abnormal in the operation of a computer system.
incident response
A(n) __________ of an encryption system finds weaknesses in the mechanisms surrounding the cryptography.
indirect attack
Which term refers to a key measure used to prioritize actions throughout the incident response process?
information criticality
What is a disadvantage of a host-based IDS?
it can have high cost of ownership & maintenance
Which term refers to a process by which the user escalates their privilege level, bypassing the operating system's controls and limitations?
jailbreaking
Which term refers to a type of an attack where an attacker spoofs addresses and imposes their packets in the middle of an existing connection?
man-in-middle attack
Which term refers to the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions?
network security monitoring
Physical memory storage devices can be divided into a series of containers; each of these containers is called a(n) ____________________.
parition
What name is given to a logical storage unit that is subsequently used by an operating system?
parition
Bob gets an e-mail addressed from his bank, asking for his user ID and password. He then notices that the e-mail has poor grammar and incorrect spelling. He calls up his bank to ask if they sent the e-mail, and they promptly tell him they did not and would not ask for that kind of information. What is this type of attack called?
phishing
If the characteristics of an incident include a large number of packets destined for different services on a machine, a(n) ____________________ is occurring.
port scan
A(n) ____________________ is a tool designed to probe a system or systems for open ports.
port scanner
________________ is a process of isolating an object from its surroundings, preventing normal access methods.
quarantine
Which strategy is focused on backup frequency?
recovery point objective (RPO)
Which strategy has the goal of defining the requirements for business continuity?
recovery time objective
Remote authentication usually takes the common form of an end user submitting his credentials via an established protocol to a(n) ____________________, which acts upon those credentials, either granting or denying access.
remote access server
Which type of attack occurs when the attacker captures a portion of a communication between two parties and retransmits it at a later time?
replay
__________ systems are a combination of hardware and software designed to classify and analyze security data from numerous sources.
security information & event management
TCP/IP hijacking and ____________________ are terms used to refer to the process of taking control of an already existing session between a client and a server.
session hijacking
Which term refers to a critical operation in the organization upon which many other operations rely and which itself relies on a single item that, if lost, would halt this critical operation?
single point of failure
Which tool has been the de facto standard IDS engine since its creation in 1998?
snort
Evidence that is convincing or measures up without question is known as __________.
sufficient evidence
Which service is typically used to allow a user access to a corporate data network from a home PC across the Internet?
VPN
What does WAP use for its encryption scheme?
WTLS
The process of taking control of an already existing session between a client and a server is known as __________.
tcp/ip hijacking
What is the primary vulnerability associated with many methods of remote access?
the passing of critical data in cleartext
Which item should be available for short-term interruptions, such as what might occur as the result of an electrical storm?
uninterruptible power supply (UPS)
What term refers to an attacker's attempt to discover unprotected modem connections to computer systems and networks?
war-dialing
The term __________ refers the unauthorized scanning for and connecting to wireless access points, frequently done while driving near a facility.
war-driving
The Wireless Access Protocol (WAP) uses the ____________________ encryption scheme, which encrypts the plaintext data and then sends it over the airwaves as ciphertext.
wireless transport layer security
When analyzing computer storage components, a system specially designed for forensic examination, known as a forensic____________________, can be used.
workstation
802.11a operates in the __________ spectrum using orthogonal frequency division multiplexing (OFDM)
5-GHz
One standard for sending packetized data traffic over radio waves in the unlicensed 2.4 GHz band is __________.
802.11b
____________ is the act of gathering information specifically targeting the strategic intelligence effort of another entity.
Counterintelligence gathering
_________________ is the name given to a broad collection of application programming interfaces (APIs), protocols, and programs developed by Microsoft to download and execute code automatically over an Internet-based channel.
ActiveX
What is one security issue associated with WTLS?
Clients with low memory or CPU capabilities cannot support encryption.
A person registers a domain name, relinquishes it in less than five days, and then gets the same name again. She repeats this cycle over and over again. What term describes this practice?
DNS kiting
What are the two components comprising information criticality?
Data classification and the quantity of data involved
Which statement correctly describes SSL v3 and TLS authentication?
In SSL v3/TLS, mutual authentication of both client and server is possible.
What are the three states of the data lifecycle in which data requires protection?
In storage, in transit, and during processing
Which access control type allows a company to restrict employee logon hours?
Rule-based access control
Which port is used to establish the Layer 2 Tunneling Protocol (L2TP)?
UDP port 1701
Which ports are used by Remote Authentication Dial-In User Service (RADIUS) for authentication and accounting?
UDP port 1812 for authentication and UDP port 1813 for accounting
To enable interoperability, the ____________________ standard was created as a standard for directory services.
X.500
What is an advantage of a network-based IDS?
an IDS coverage requires fewer systems
Which attack technique uses Bluetooth to establish a serial connection to a device that allows access to the full AT command set?
bluebugging
What is a method of establishing authenticity of specific objects, such as an individual's public key or downloaded software?
certificates
The term Switched Port Analyzer (SPAN) is usually associated with _________
cisco switches
Evidence that must be legally qualified and reliable is known as __________
competent evidence
________________ are small chunks of ASCII text passed within an HTTP stream to store data temporarily in a Web browser instance.
cookies
___________________ refers to the processes, services, and software used to store, manage, and log the use of user credentials.
credential management
