382Quiz2ndTerm

Ace your homework & exams now with Quizwiz!

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?

800

Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs?

802.11

What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?"

National Institute of Standards and Technology (NIST)

Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?

Network

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

Nmap

What file type is least likely to be impacted by a file infector virus?

.docx

What ISO security standard can help guide the creation of an organization's security policy?

27002

What is NOT one of the four main purposes of an attack?

Data import

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Decryption

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Diffie-Hellman

Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Presentation Layer of the Open Systems Interconnection (OSI) model. Which technology is the most likely suspect?

Encryption

Which organization creates information security standards that specifically apply within the European Union?

European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)

A digitized signature is a combination of a strong hash of a message and a secret key.

False

Cryptographic key distribution is typically done by phone.

False

In a known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.

False

Product cipher is an encryption algorithm that has no corresponding decryption algorithm.

False

What is NOT a common motivation for attackers?

Fear

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?

ISO 27002

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Integrity

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?

International Organization for Standardization (ISO)

Which organization promotes technology issues as an agency of the United Nations?

International Telecommunication Union (ITU)

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?

Internet Control Message Protocol (ICMP)

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

Non-Repudiation

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic Virus

Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process?

Proposed Standard (PS)

What type of malicious software allows an attacker to remotely control a compromised computer?

Remote Access Tool (RAT)

What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?

Request For Comment (RFC)

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL injection

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Session hijacking

Which technology category would NOT likely be the subject of a standard published by the International Electrotechnical Commission (IEC)?

Solar energy

What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)?

Subject matter expertise on routing and switching

What is NOT a typical sign of virus activity on a system?

Sudden sluggishness of applications

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, stream, substitution

Which type of virus targets computer hardware and software startup functions?

System Infector

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan horse

A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.

True

Digital signatures require asymmetric key cryptography.

True

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?

Whitelisting

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

Which organization created a standard version of the widely used C programming language in 1989?

American National Standards Institute (ANSI)

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with?

Application and Session

Which information security objective allows trusted entities to endorse information?

Certification

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect?

Credit card information

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

What program, released in 2013, is an example of ransomware?

Crypt0L0cker

Which element is NOT a core component of the ISO 27002 standard?

Cryptography

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Hash

What type of system is intentionally exposed to attackers in an attempt to lure them out?

Honeypot

Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out?

IEEE 802.3

The financial industry created the ANSI X9.17 standard to define key management procedures.

True

The hash message authentication code (HMAC) is a hash function that uses a key to create a hash, or message digest.

True

Which unit of measure represents frequency and is expressed as the number of cycles per second?

Hertz

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?

Spear phishing

A salt value is a set of random characters you can combine with an actual input key to create the encryption key.

True

What is NOT an effective key distribution method for plaintext encryption keys?

Unencrypted email

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alices Private Key

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?

Chosen plaintext

The term certificate authority (CA) refers to a trusted repository of all public keys.

False

Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information?

World Wide Web Consortium (W3C)


Related study sets

Chapter 17 Test Questions: Preoperative Care

View Set

PrepU Ch 7 Pharmacology in Women's Health

View Set

Chapter 21:Carbohydrate Metabolism

View Set

UNIT 1 CHAPTER 52 SEXUALLY TRANSMITTED INFECTIONS

View Set

Ch. 18 Exam Questions (Health) - Health Insurance Underwriting

View Set