Chapter 8
What is the most important aspect of a biometric device?
Accuracy
In the /etc/shadow file, which character in the password field indicates that a standard user account s locked?
!
What is a cookie?
A file saved on your hard drive that tracks Web site preferences and use.
Which chage option keeps a user from changing password every two weeks?
-m 33
Which of the following best describes active Directory?
A centralized database that contains user account and security information
LSO exploit
A flash cookie is used to collect information about the user's browsing habits without their permission
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
Arbitrary code execution exploit
A vulnerability in a running process allows an attacker to inject malicious instructions and run them
Which of the following advantages can single sign-on (SSO) provide?
Access to all authorized resources with a single instance of authentication The elimination of multiple user accounts and passwords for each individual
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
Access token
You manage several Windows systems. Desktop users access an in-house application that is hosted on you intranet Web server. When a user clicks a specific option in the application, they receive an error message that the popup was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?
Add the URL of the website to the local intranet zone
You manage several Windows systems. All computers are members of a domain. You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that are automatically authenticated when you connect to the website. What should you do
Add the internal website to the Local intranet zone
You want to allow e-commerce web sites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?
Allow first party cookies, but block third party cookies
Watering Hole Attack
An attacker compromises a web site, hoping that a target individual will access the site and be exposed to the exploit
Zero-day attack
An attacker exploits computer application vulnerabilities before they are known and patched by the application's developer
Which of the following is the term for the process of validating a subject's identity?
Authentication
A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?
Authentication and authorization
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
Buffer overflow
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Buffer overflow
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
Buffer overflow
To help prevent browser attacks, users of public computers should do which of the following?
Clear the browser cache
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
Client-side scripts
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?
Code review
Which of the following is a password that relates to things that people know, such as a mother's maiden name or the name of a pet?
Cognitive
Which of the following is a text file provided by a website to a client that is stored on a user's hard drive in order to track and record information about the user?
Cookie
Use of which of the following is a possible violation of privacy?
Cookies
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario?
Configuration testing
The Brewer-Nash security model is designed primarily to prevent which activity?
Conflicts of interest
The Clark-Wilson security model is primarily based on which element?
Controlled intermediary access applications
Which access control type is used to implement short-term repairs to restore basic functionality following an attack?
Corrective
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
DAC
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
DAC
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system?
Data is stored in the database in an unencrypted format The database admin user has no password assigned
Which of the following defines an object as an entity in the context of access control?
Data, applications, systems, networks, and physical space
Which of the following are subject to SQL injection attacks?
Database servers
Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is not an advantage of Active Directory's hierarchical database structure?
Decentralization
Audit trails produced by auditing activities are considered what type of security control?
Detective
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment?
Disable anonymous access Implement an application-layer protocol to encrypt data prior to saving it in the database
What should you do to a user account if the user goes on an extended vacation?
Disable the account
An administratively-defined collection of network resources that share a common directory database and security policies
Domain
A server that holds a copy of the Active Directory database that can be written to
Domain Controller
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?
Drive-by download
Which of the following enters random data to the inputs of an application?
Fuzzing
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?"
Have Marcus log off and log back in
An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit?
Implementing client-side validation
While using a web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit?
Implementing server-side validation Implementing client-side validation
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
Input validation
While using a web-based order form, an attacker enters an unusually large value in the Quantity field. The value entered is large enough to exceed the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?
Integer overflow
Which of the following is an example of a single sign-on authentication solution?
Kerberos
Which of the following are examples of single sign-on authentication solutions?
Kerberos Sesame
While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario?
Locally shared object (LSO) exploit
Which of the following best describes one-factor authentication?
Multiple authentication credentials may be required, but they are all of the same type
Which of the following is the star property of the Bell-LaPadula security model?
No write down
You are the network administrator of a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permissions to network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name. Will this strategy work?
No. Permissions are not copied when a user account is copied
A computing element that identifies resources in the active Directory database
Objects
What is another term for the type of login credentials provided by a token device?
One-time password
A folder that subdivides and organizes network resources within a domain
Organizational Unit
What type of password is maryhadalittlelamb?
Pass phrase
Which of the following is the most common form of authentication?
Password
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
Pop-up blocker
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is used?
RBAC
A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions. This an example of which kind of access control model?
RSBAC
What form of access control is based on job descriptions?
Role-based access control (RBAC)
Which access control model manages rights and permissions based on job descriptions and responsibilities?
Role-based access control (RBAC)
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?
SQL injection
What is the effect of the following command? chage -M 60 -W 10 jsmith
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires
Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages but she cannot access the performance management system. As a member of the managers group, she should have the Allow permission to access this system. What is most likely preventing her from accessing this system?
She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.
Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon?
Smart card
Fingerprint scan
Something you are
Retina scan
Something you are
voice recognition
Something you are
Typing behaviors
Something you do
Hardware token
Something you have
Smart card
Something you have
Pin
Something you know
password
Something you know
Wi-Fi triangulation
Somewhere you are
Which of the following defines the crossover error rate for evaluating biometric systems?
The point where the number of false positives matches the number of false negatives in a biometric system
Which of the following is not true regarding cookies?
They operate within a security sandbox
Which of the following is not a form of biometric?
Token device
Which of the following is stronger than any biometric authentication factor?
Two-factor authentication
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names: www.videoshare.com www.vidshar.com www.vidsshare.com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario?
Typosquatting
Which security mechanism uses a unique list that meets the following specifications: The list is embedded directly in the object itself The list defines which subjects have access to certain objects The list specifies the level or type of access allowed to certain objects
User ACL
Which of the following information is typically not included in an access token?
User account password
Which of the following is an example of a decentralized privilege management solution?
Workgroup
Which of the following is an attack that injects malicious scripts into the web pages to redirect users to fake websites or gather personal information?
XSS
What "chage" command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Enter the command as if at the command prompt.)
chage -M 60 -W 10 jsmith
You have a group named research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use?
gpasswd Research
You are the administrator for a small company. You need to add a new group of users to the system. The group's name is sales. Which command will accomplish this?
groupadd sales
You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the following commands should you use?
groupdel temp_sales
Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the following commands will accomplish this?
groupmod -n marketing sales
You want to see which primary and secondary groups the dredford user belongs to. Enter the command you would use to display group memberships for dredford.
groups dredford
You suspect that the gshant user account is locked. Enter the command you use at the command prompt to show the status of the user account.
passwd -S gshant
Pass phrase
something you know
Encryption is which type of access control?
technical
An employee named Bob Smith, whose user name is bsmith, has left the company. You have been instructed to delete his user account and his home directory. Which of the following commands would produce the required outcome?
userdel -r bsmith userdel bsmith;rm -rf/home/bsmith
A user with the account name larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage files in the system in the very near future. Which of the following commands will disable or remove the user account from the system and remove his home directory?
userdel -r larry
Which of the following utilities could you use to lock a user account?
usermod passwd
One of the users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the following commands will accomplish this?
usermod -I kjones kscott
You have performed an audit and have found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account?
usermod -L joer