C12, C11, C10, C9, C8, C7, C6, C5, C4, C3, C2, C1

Ace your homework & exams now with Quizwiz!

Cryptography is the process of converting plaintext, which is readable text, into unreadable or encrypted text called which if the following? ciphertext cleartext subtext maskedtext

ciphertext

In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data? known plaintext chosen-ciphertext chosen-plaintext ciphertext-only

ciphertext-only

Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device? program strings connection strings string interfaces SQL strings

connection strings

If a security expert decides to study the process of breaking encryption algorithms, they are performing which of the following? cryptography ciphering substitution analysis cryptanalysis

cryptanalysis

What type of system converts between plaintext and ciphertext? cryptokey keyedsystem opensystem cryptosystem

cryptosystem

Which of the following is the process of converting ciphertext back into plaintext? ciphering encryption decoding decryption

decryption

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers? security tools developer tools scan tools SQL tools

developer tools

When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing? ciphertext-only brute force dictionary replay

dictionary

Which of the following is a mathematical function or program that works with a key? encryption algorithm generated algorithm key algorithm key

encryption algorithm

Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device? middleware fireware firmware testware

firmware

Which of the following terms is the rate at which a sound wave repeat? link channel frequency amplitude

frequency

Which JavaScript function is a "method" or sequence of statements that perform a routine or task? getElementById() document.write() CFLOCATION()

getElementById()

Which of the following is a function that takes a variable-length string or message and produces a fixed-length message digest? hashing algorithm RSA algorithm data algorithm VLS algorithm

hashing algorithm

Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input? injection spoofing insertion redirection

injection

What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it? authorization discovery input auditing input validation

input validation

Which of the following is a range of allowable values that is used to generate an encryption key? keyarea key range algorithm area keyspace

keyspace

What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms? known plaintext chosen-plaintext chosen-ciphertext ciphertext-only

known plaintext

Which frequency band is used by commercial AM radio stations? high frequency (HF) extremely low frequency (ELF) medium frequency (MF) very low frequency (VLF)

medium frequency (MF)

What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system? no ACL support no Linux support no SMTP support no SUS support

no ACL support

Which of the following is considered to be the most critical SQL vulnerability? SQL password SQL scanning null SA password null SA hash

null SA password

Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL? unvalidated reflected injected Stored

reflected

Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources? router host driver rootkit

router

Which of the following results from poorly configured technologies that a Web application runs on top of? reflected corruption stored misconfigurations security misconfigurations reflected misconfigurations

security misconfigurations

In 802.11, which of the following is an addressable unit? Data Terminal Equipment (DTE) wireless NIC (WNIC) host station (STA)

station (STA)

Which type of symmetric algorithm operates on plaintext one bit at a time? stream ciphers block ciphers open ciphers plain ciphers

stream ciphers

What type of cryptography is demonstrated by reversing the alphabet so A becomes Z, B becomes Y, and so on? alphabet cipher roman cipher complete cipher substitution cipher

substitution cipher

In 802.1X, what component refers specifically to the wireless user attempting access to a WLAN? authentication server host supplicant authenticator

supplicant

Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm? symmetric ciphered single asymmetric

symmetric

What type of encryption is currently used to secure WPA2? TKIP Radius WEP AES

AES

Which of the following encryption standards is part of the NSA's suite B cryptographic algorithms and is validated strong enough to protect classified data? IDEA DES Triple DES AES-256

AES-256

What programming languages are vulnerable to buffer overflow attacks? Assembly and C++ Perl and Python C and C++ C and Python

C and C++

Which specific type of tag do All CFML tags begin with? # CF % CFML

CF

Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages? CFML XML PHP DHTML

CFML

Which of the following is the interface that determines how a Web server passes data to a Web browser? ASP CGI Perl PHP

CGI

The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of which OSI model layer? Network Link layer transport layer session layer Data Link layer

Data Link layer

Which of the following application tests analyzes a running application for vulnerabilities? Executable Application Security Testing Static Application Security Testing Fast Application Security Testing Dynamic Application Security Testing

Dynamic Application Security Testing

Which of the following protocols is an enhancement to PPP, and was designed to allow a company to select its authentication method? WEP WPA 802.1X EAP

EAP

What encryption algorithm is efficient requiring few resources, and is based on complex algebra and calculations on curves? DES ECC RSA IDEA

ECC

Which of the following is a scripting language for Windows and Linux that performs repetitive tasks, such as password cracking? EXPECT Pwdump3v2 Hydra (THC) John the Ripper

EXPECT

What specific type of spread spectrum modulation allows data to hop to other frequencies to avoid interference that might occur over a frequency band? FHSS DSSS HSSS OFSS

FHSS

A user can view the source code of a PHP file by using their Web browser's tools. True False

False

AES uses a 128-bit key and is used in PGP encryption software. True False

False

CSMA/CD is implemented at the data link layer on wireless networks. True False

False

JavaScript is a server-side scripting language that is embedded in an HTML Web page. True False

False

Routers are the bridge between wired and wireless networks. True False

False

Symmetric algorithms use two keys that are mathematically related. True False

False

What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS? Python Perl C++ Java-based

Java-based

Which of the following is a utility that is a wireless network detector, sniffer, and an intrusion detection system? Kismet Firefox Vistumbler Clonezilla

Kismet

What application is considered the original password-cracking program and is now used by many government agencies to test for password strength? John the Ripper L0phtcrack Hydra (THC) Pwdump3v2

L0phtcrack

Which of the following is a common Linux rootkit? Back Orifice Kill Trojans Packet Storm Security Linux Rootkit 5

Linux Rootkit 5

A device that performs more than one function, such as printing and faxing is called which of the following? MILS ASA RTOS MFD

MFD

Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users? Mandatory Access Control Mandatory Control Access Control SE Access Control

Mandatory Access Control

Visual Basic Script (VBScript) is a scripting language developed by which of the following companies? Macromedia Symantec Sun Microsystems Microsoft

Microsoft

Which of the following defines how data is placed on a carrier signal? Digitization Modulation Adaptation Multiplexing

Modulation

What is the current file system that Windows utilizes that has strong security features? ADS FAT32 FAT NTFS

NTFS

Which type of wireless technology uses microwave radio waves to transmit data? Infrared Mediumband Wideband Narrowband

Narrowband

Which function ensures that a sender and receiver cannot deny sending or receiving a specific message? Nonrepudiation Availability Integrity Authentication

Nonrepudiation

Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)? ADO JDBC OLE DB ODBC

OLE DB

When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share? NT level security User-level security CIF level security Share-level security

Share-level security

What type of modulation spreads data across a large-frequency bandwidth instead of traveling across just one frequency band? Spread spectrum Narrowband Microwave Infrared (IR)

Spread spectrum

Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application? injected unvalidated Stored reflected

Stored

Asymmetric algorithms are more scalable than symmetric algorithms. True False

True

CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN. True False

True

ECC is an efficient algorithm requiring few hardware resources, so it's a perfect candidate for wireless devices and cell phones. True False

True

Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have. True False

True

It is possible to have a wireless network that does not connect to a wired network. True False

True

Symmetric algorithms support confidentiality, but not authentication and nonrepudiation. True False

True

The 802.11b standard introduced Wired Equivalent Privacy (WEP), which gave many users a false sense of security that data traversing the WLAN was protected. True False

True

There are measures for preventing radio waves from leaving or entering a building so that wireless technology can be used only by people located in the facility. True False

True

When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource? NT level security User-level security CIF level security Share-level security

User-level security

What is the IEEE 802 standards name for a wireless network that is limited to one person's workspace? WAN WPAN PAN WSAN

WPAN

Which of the following is a flawed wireless authentication standard created to allow users to easily add devices to a wireless network securely? WEP AES WSS WPS

WPS

Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack? RAM PCB Web server USB port

Web server

What wireless hacking tool can perform scans for wireless access points and can set up fake APs to social-engineer users or confuse attackers using airbase-ng? WiFi Pineapple AP Pineapple Fake AP WiFi Scan

WiFi Pineapple

Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS? VxWorks Windows 10 IoT Windows Embedded 8 Windows CE

Windows CE

A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate? IEEE 802 PKI NIST X.509

X.509

When hackers drive around or investigate an area with an antenna, they are usually looking for which component of a wireless network? access point firewall switch router

access point

Which of the following is a transceiver that connects to a network via an Ethernet cable and bridges a wireless LAN with a wired network? switch wireless network interface card (WNIC) router access point (AP)

access point (AP)

SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following? firewall router air gap Vlan

air gap

Ubuntu and Debian Linux use what command to update and manage their RPM packages? yum dir apt-get get

apt-get

What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters? replay ciphertext-only dictionary brute force

brute force

To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser? scripts cgi-bin bin cgi

cgi-bin

Which of the following is contained in a wireless frequency band and breaks up the band into smaller frequency ranges? cycles channels guard bands SSIDs

channels

In what type of attack does the attacker need access to the cryptosystem, and the ciphertext to be decrypted to yield the desired plaintext results? known plaintext ciphertext-only chosen-ciphertext chosen-plaintext

chosen-ciphertext

What type of attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt? known plaintext chosen-ciphertext chosen-plaintext ciphertext-only

chosen-plaintext

Which of the following IEEE projects was developed to create LAN and WAN standards? EIA/TIA 802 ISO 801

802

Which IEEE standard can achieve a throughput of 54 Mbps? 802.11a 802.11e 802.11g 802.11b

802.11g

What standard specifically defines the process of authenticating and authorizing users on a network? 802.1 802.1X 802.11 WEP

802.1X

Which of the following refers to verifying the sender or receiver (or both) is who they claim to be? Authorization Authentication Availability Nonrepudiation

Authentication

What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date? embedded browser unclassified kernel BIOS-based rootkit patch

BIOS-based rootkit

Which of the following EAP methods uses TLS to authenticate the server to the client, but not the client to the server? PPP EAP PEAP EAP-TLS

PEAP

Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows? HTML VBScript PHP JScript

PHP

If an organization does not want to rely on a wireless device to authenticate users, which of the following is a secure alternative? Proxy server WPA2 Certificate server RADIUS server

RADIUS server

What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce? ECC RSA AES DES

RSA

Which of the following systems should be used when equipment monitoring and automation is critical? CAD VoIP SCADA GUI

SCADA

Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers? ADSDSOOBJECT MySQLProv SNAOLEDB SQLOLEDB

SQLOLEDB

What is the 1 to 32 character configurable name used to identify a WLAN? LAN SSID WEP WiFi

SSID

What type of attack is being performed when an attacker intercepts the initial communications between a Web server and a Web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher? Hydra attack TCP/IP attack SSL/TLS downgrade attack Cross Server attack

SSL/TLS downgrade attack

SMB is used to share files and usually runs on top of NetBIOS, NetBEUI, or which of the following? TCP/IP IPX/SPX Winsock CIFS

TCP/IP

What protocol improves WPA encryption by adding Message Integrity Checks, Extended Initialization Vectors, Per-packet key mixing, and a Re-keying mechanism to improve encryption? WEP TKIP 802.1X RADIUS

TKIP


Related study sets

MSA622 EXAM 2 (CH 10) STUDY GUIDE

View Set

Ch. 21 Cooling System "Test" Auto Tech

View Set

Chapter 32- Skin Integrity and Wound Care

View Set

NET300-1:Lesson Review 1: DoS/DDoS (2 videos)

View Set