Security Chapters 8-12
What can be used to increase the strength of hashed passwords?
Salt
A __________________ is an in-depth examination and analysis of a wireless LAN site.
site survey
When using AES-CCMP, the AES-256 bit key requires how many rounds?
13
What PC Card type is typically used for memory?
Type I
Searching for wireless signals from an automobile or on foot using a portable computing device
War driving
Select below the type of computing device that uses a limited version of the Linux operating system and uses a web browser with an integrated media player:
Web-based
APs use antennas that radiate a signal in all directions.
True
What PIN is considered to be the most commonly used PIN?
1234
How can an administrator manage applications on mobile devices using a technique called "app wrapping?"
Mobile Application Management
What type of management system below can help facilitate asset tracking?
Mobile Device Management (MDM)
The tools and services responsible for distributing and controlling access to apps.
Mobile application management (MAM)
A hash used by modern Microsoft Windows operating systems for creating password digests.
NTLM (New Technology LAN Manager) hash
A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity
Near field communication (NFC)
What federated identity management (FIM) relies on token credentials?
OAuth
Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop:
OpenID
The ability to remote erase sensitive data stored on a mobile device
Remote wiping
An older TCP/IP protocol and an application used for text-based commmunication
Telnet
The action that is taken by a subject over an object is called a(n):
operation
An administrator needs to examine FTP commands being passed to a server. What port should the administrator be monitoring?
21
What is the maximum number of characters that can exist within an SSID name?
32
What is the maximum range of most Bluetooth devices?
33 ft
The Temporal Key Integrity Protocol (TKIP) encryption technology increases IVs to what length?
48 bits
Broadcast storms can be prevented by using loop prevention technology. Which item below can be used to help prevent loops?
802.1d
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
ACL
Which encryption protocol below is used in the WPA2 standard?
AES-CCMP
What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks?
Access Point
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
Account expiration
Slave devices that are connected to a piconet and are sending transmissions are known as what?
Active slave
DNS poisoning can be prevented using the latest edition of what software below?
BIND
A popular key stretching password hash algorithm
Bcrypt
What term below is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices?
Bluejacking
An attack that sends unsolicited messages to Bluetooth-enabled devices
Bluejacking
A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as?
Bluesnarfing
An attack that accesses unauthorized information from a wireless device through a Bluetooth connection
Bluesnarfing
____________________ technology enables users to connect wirelessly to a wide range of computing and telecommunications devices.
Bluetooth
The IEEE 802.15.1-2005 standard is based on what version of the Bluetooth specifications?
Bluetooth v1.2
What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?
Brute force
How can an administrator force wireless clients to use a standard web browser to provide information, and require a user to agree to a use policy or present valid login credentials?
Captive portal access point
____________________ computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cloud
In what type of cloud computing does the customer have the highest level of control?
Cloud Infrastructure as a Service
Which of the three Cloud computing service models allows a customer to access software provided by a vendor using a web browser, without any installation, configuration, upgrading, or management from the user?
Cloud Software as a Service
Which type of biometrics is based on the perception, thought process, and understanding of the user?
Cognitive biometrics
Entries within a Directory Information Base are arranged in a tree structure called the:
DIT
Select below the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree.
DNS
A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.
Dictionary attack
Which access control model is considered to be the least restrictive?
Discretionary Access Control
The least restrictive access control model in which the owner of the object has total control over it.
Discretionary access control (DAC)
Select the EAP protocol supported by WPA2 Enterprise that securely tunnels any credential form for authentication using TLS:
EAP-FAST
Which of the following choices is not one of the four types of packets used by EAP?
Error
Log that documents any unsuccessful events and the most significant successful events.
Event log
Authorization and access are viewed as synonymous and in access control, they are the same step.
False
Because PEAP can be vulnerable to specific types of attacks, Cisco now recommends that users migrate to a more secure EAP than PEAP.
False
Bluetooth devices are not backward compatible with previous versions.
False
Group policy is a Unix feature that allows for the centralized management and configuration of computers and remote users using Unix Active Directory.
False
IP telephony and Voice over IP (VoIP) are identical.
False
Mobile devices such as laptops are stolen on average once every 20 seconds.
False
Passwords provide strong protection.
False
TCP is responsible for addressing packets and sending them on the correct route to the destination, while IP is responsible for reliable packet transmission.
False
TCP/IP uses its own five-layer architecture that includes Network Interface, Internet, Control, Transport, and Application.
False
The CardBus is a 64-bit bus in the PC card form factor.
False
The Google Android mobile operating system is a proprietary system, for use on only approved devices.
False
The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.
False
Using a rainbow table to crack a password requires three steps: Creation of the table, comparing the table to known hash values, and decrypting the password.
False
The ____________ is a high-speed storage network protocol that can transmit up to 16 gigabits per second.
Fibre channel
A feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS or DDoS attack.
Flood guard
The ability to easily expand or contract resources in a virtualized environment.
Host elasticity
Port-based authentication, in which users are authenticated on a per-switch port basis, is a function of what standard below?
IEEE 802.1x
The use of a single authentication credential that is shared across multiple networks is called:
Identity management
A 24-bit value used in WEP that changes each time a packet is encrypted.
Initialization vector (IV)
The act of movinng individuals from one job responsibility to another.
Job rotation
Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:
Kerberos
A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.
Key stretching
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
LDAP
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?
LDAP injection
What proprietary EAP method developed by Cisco requires mutual authentication for WLAN encryption using Cisco client software?
LEAP
Providing only the minimum amount of privileges necessary to perform a job or function.
Least privilege
Services that can identify the location of a person carrying a mobile device or a specific store or restaurant.
Location services
Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code?
MD5
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?
Mandatory Access Control
What transport protocol is used by Windows operating systems to allow applications on separate computers to communicate over a LAN?
NetBIOS
At what level of the OSI model does the IP protocol function?
Network Layer
The ability to quickly remove devices from the organization's network
Off-boarding
The ability to rapidly enroll new mobile devices.
On-boarding
____________________ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
OpenID
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
Orphaned
Which EAP protocol creates an encrypted channel between the client authentication server and the client, and uses Microsoft Windows logins and passwords?
PEAP
Bluetooth is an example of what type of technology below?
Personal Area Network
The ____________________ Layer is omitted in the TCP/IP model.
Physical
The authentication model used in WPA that requires a secret key value to be entered into the AP and all wireless devices prior to communicating.
Preshared key (PSK)
A _____________ is a matrix or two-dimensional barcode first designed for the automotive industry in Japan.
QR code
Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?
RADIUS
Intentionally flooding the radio frequency (RF) spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occuring.
RF Jamming
A laptop may have multiple hardware ports. Which of the following is not a typical port included on a laptop?
RS232
The use of what item below involves the creation of a large pregenerated data set of candidate digests?
Rainbow tables
Select below the access control model that uses access based on a user's job function within an organization:
Role Based Access Control
When using Role Based Access Control (RBAC), permissions are assigned to:
Roles
Which access control model can dynamically assign roles to subjects based on a set of defined rules?
Rule Based Access Control
A random string that is used in hash algorithms.
Salt
A small form factor storage media of a variety of different types and sizes.
Secure digital (SD)
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:
Separation of duties
The use of one authentication credential to access multiple accounts or applications is referred to as?
Single Sign On
What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?
Standard biometrics
What is the term used for a device that requests permission from an authenticator to join a network?
Supplicant
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
TACACS
What protocol suite below is the most commonly used protocol for local area network (LAN) communication?
TCP/IP
_____________ are portable computing devices that are generally larger than smartphones and smaller than notebooks, and are focused on ease of use.
Tablets
Limitation imposed as to when a user can log in to a system or access resources.
Time-of-day restriction
A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.
Token
Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices?
Transport Layer
A QR code can store website URLs, plain text, phone numbers, e-mail addresses, or virtually any alphanumeric data up to 4296 characters.
True
A shield icon warns users if they attempt to access any feature that requires UAC permission.
True
Because of the weaknesses of WEP, it is possible for an attacker to identify two packets derived from the same IV.
True
Despite its promise to dramatically impact IT, cloud computing raises significant security concerns.
True
Geolocation is the identification of the location of a person or object using technology, and can be used as part of an authentication method.
True
IEEE 802.1x is commonly used on wireless networks.
True
OpenID is an example of a web-based federated identity management (FIM) system.
True
Simply using a mobile device in a public area can be considered a risk.
True
The Bell-LaPadula (BLP) model of MAC can be used to prevent subjects from creating a new object or performing specific functions on objects that are at a lower level than their own.
True
Token credentials can be revoked at any time by the user without affecting other token credentials issued to other sites.
True
How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to?
VLAN
A means of managing and presenting computer resources by function without regard to their physical layout or location.
Virtualization
An optional means of configuring security on wireless area networks primarily intended to help users who have little or no knowledge of security to quickly and easily implement security on their WLANs.
Wi-Fi Protected Setup (WPS)
An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information, but is not considered secure due to significant vulnerabilities.
Wired Equivalent Privacy (WEP)
____________________ is granting or denying approval to use specific resources.
access control
What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?
access control model
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
authentication request
Which option below is responsible for the issuing of EAP request packets?
authenticator
When using SNMPv1 or SNMPv2, what piece of information is needed to view information from an agent?
community string
A(n) ____________________ attack begins with the attacker creating encrypted versions of common dictionary words, and then comparing them against those in a stolen password file.
dictionary
A(n) ____________________ is a record of events that occur.
event log
What type of access point is configured by an attacker in such a manner that it mimics an authorized access point?
evil twin
Mobile devices use _____________ for storage, which is a nonvolatile solid state electronic storage that can be electrically erased and reused.
flash memory
The deployment of this technology below can be used as a defense against DoS and DDoS SYN flood attacks:
flood guard
_________________ uses a device's GPS to define geographical boundaries where an app can be used.
geo-fencing
In a UAC prompt, what color is used to indicate the lowest level of risk?
gray
With operating system virtualization, a(n) ____________________ system is the native operating system to the hardware.
host
What is the center of the weakness of passwords?
human memory
What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters?
hybrid
When setting up a server virtualization environment, what component below manages the virtual machine operating systems and supports one or more guest systems?
hypervisor
The Apple _____________ operating system, developed by Apple for their mobile devices, is a closed and proprietary architecture.
iOS
What mobile operating system below requires all applications to be reviewed and approved before they can be made available on the public store front?
iOS
A token ____________________ is a unique random string of characters that is encrypted to protect the token from being used by unauthorized parties.
identifier
What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?
offline cracking
In the DAC model, ____________________ can create and access their objects freely.
owners
On a piconet, slave devices that are connected but are not actively participating are called ____________________ slaves.
parked
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:
password
The most common type of authentication today is a(n) ____________________.
password
Passwords that are transmitted can be captured by what type of software?
protocol analyzer
An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point?
rogue
To prevent one individual from having too much control, employees can ____________ job responsibilities within their home department or across positions in other departments.
rotate
What device operates at the Network Layer (layer 3) of the OSI model and forwards packets across computer networks?
router
When a wireless device looks for beacon frames it is known as ____________________.
scanning
Piconets in which connections exist between different piconets are known as a:
scatternet
A user or a process functioning on behalf of the user that attempts to access an object is known as the:
subject
If the EAP authentication is successful, a success packet is sent to the ____________________.
supplicant
The capability to look up information by name under the X.500 standard is known as a(n) ____________________-pages service.
white
Which of the following selections is not one of the features provided by a typical MDM?
Track stolen devices
A QR code can't contain which of the following items directly?
A video
The process of setting a user's account to expire
Account expiration
Maintaining an accurate record of company-owned mobile devices
Asset tracking
A log that is used to record which user performed an action and what that action was.
Audit log
Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are.
Authentication factors
A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.
Brute force attack
A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:
Common Access Card (CAC)
Mobile Device Management systems that allow users to store usernames and passwords within a device are said to be using:
Credential management
Which of the following is not a benefit that can be provided by using IP telephony?
Decreased network utilization
What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password?
Enable a lock screen
The PC Card and CardBus devices are being replaced by what technology?
ExpressCard
The second version of the Terminal Access Control Access Control System (TACACS) authentication service.
Extended TACACS (XTACACS)
Select below the option that is not one of the SD format card families:
Extreme Capacity (SDXC)
A TCP/IP protocol that uses Secure Sockets Layer or Transport Layer Security to encrypt commands sent over the control port (port 21) in an FTP session.
FTP Secure (FTPS)
An unsecure TCP/IP protocol that is commonly used for transferring files
File Transfer Protocol (FTP)
Using a mobile device's GPS to define geographical boundaries where an app can be used.
Geo-fencing
Adding or allowing geographical identification data in a mobile app
Geo-tagging
Select below the option that represents a wearable technology:
Google Glass
A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly mispelling words, or including special characters.
Hybrid attack
What term is used to describe the operation of stockrooms where mobile devices are stored prior to their dispersal to employees?
Inventory control
An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.
LDAP injection attack
Mobile devices with global positioning system (GPS) abilities typically make use of:
Location services
A technology that prevents a mobile device from being used until the user enters the correct passcode.
Lock screen
Technique to prevent broadcast storms by using the IEEE 802.1d standard spanning-tree algorithm (STA)
Loop protection
The most restrictive access control model, typically found in military settings in which security is of supreme importance.
Mandatory access control (MAC)
What term below describes a hand-held mobile device that was intended to replace paper systems, and typically included an appointment calendar, an address book, a "to-do" list, a calculator, and the ability to record limited notes?
Personal digital assistant (PDA)
Select below the item that is not considered to be a basic characteristic of mobile devices:
Removable media storage
What SD card family can be used to transmit pictures over a wireless network to a laptop hard drive or wireless printer?
Secure Digital Input Output (SDIO)
The practice of requiring that processes should be divided between two or more individuals.
Separation of duties
Using one authentication credential to access multiple accounts or applications.
Single sign-on
An instance of a particular state of a virtual machine that can be saved for later use.
Snapshot
An ultrabook is an example of what type of a portable computer?
Subnotebook
The current version of the Terminal Access Control Access Control System (TACACS) authentication service.
TACACS+
The second generation of WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs and is currently the most secure model for Wi-Fi security.
Wi-Fi Protected Access 2 (WPA 2)
A list of the available nonkeyboard characters can be seen in Windows by opening what utility?
charmap.exe