CISS 120 Final
In the Perl programming language, comment lines begin with the which of the following character(s)? Select one: a. % b. // c. # d. $
#
Which of the following is an alternative term used when referring to Application Security? Select one: a. SecAPP b. Apps c. AppSec d. SQLSec
AppSec
d. Perl and Python
C and C
What type of Windows Server is the most likely server to be targeted by a computer hacker? Select one: a. File Server b. DNS Server c. DHCP Server d. Domain Controller
Domain Controller
Technology is restricted to a single room or line of sight because this light spectrum cannot penetrate walls
Infrared (IR)
An embedded OS certified to run multiple levels of classification on the same CPU without leakage between levels
MILS
Which of the following EAP methods uses TLS to authenticate the server to the client, but not the client to the server? Select one: a. PPP b. EAP c. EAP-TLS d. PEAP
PEAP
A structure consisting of programs, protocols, and security policies for encrypting data and uses public key cryptography to protect data transmitted over the Internet
PKI
The name used to identify a WLAN
SSID
A cryptographic firmware boot-check processor installed on many new computer systems
Trusted Platform Module
What wireless hacking tool can perform scans for wireless access points and can set up fake APs to social-engineer users or confuse attackers using airbase-ng? Select one: a. WiFi Scan b. WiFi Pineapple c. Fake AP d. AP Pineapple
WiFi Pineapple
An independent WLAN without an AP
ad-hoc network
Ubuntu and Debian Linux use what command to update and manage their RPM packages? Select one: a. yum b. get c. dir d. apt-get
apt-get
Used to find the same hash value for two different inputs and reveal any mathematical weaknesses in a hashing algorithm
birthday attacks
In the C programming language, which of the following show where a block of code begins and ends? Select one: a. braces Correct b. parenthesis c. brackets d. dashes
braces
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers? Select one: a. security tools b. scan tools c. developer tools d. SQL tools
developer tools
A small program developed specifically for use with embedded systems
embedded operating system
Software residing on a chip
firmware
A sequence of random bits generated from a range of allowable values
key
In object-oriented programming, a function contained in a class is called which of the following? Select one: a. variable function b. label function c. test function d. member function
member function
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system? Select one: a. no ACL support b. no SUS support c. no SMTP support d. no Linux support
no ACL support
Operate on plaintext one bit at a time
stream cipher
Which type of symmetric algorithm operates on plaintext one bit at a time? Select one: a. open ciphers b. plain ciphers c. stream ciphers d. block ciphers
stream ciphers
What standard specifically defines the process of authenticating and authorizing users on a network? Select one: a. 802.11 b. 802.1 c. 802.1X d. WEP
802.1X
A standard that addresses the issue of authentication
802.1x
Encryption algorithm used for the Data Encryption Standard
DEA
Data packets are spread simultaneously over multiple frequencies instead of hopping to other frequencies
DSSS
The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of which OSI model layer? Select one: a. Network Link layer b. Data Link layer c. transport layer d. session layer
Data Link layer
An enhancement to PPP, that was designed to allow a company to select its authentication method
EAP
What specific type of spread spectrum modulation allows data to hop to other frequencies to avoid interference that might occur over a frequency band? Select one: a. HSSS b. DSSS c. FHSS d. OFSS
FHSS
What configuration mode allows a Cisco administrator to configure router settings that affect the overall operations of the router? Select one: a. Security configuration mode b. Admin configuration mode c. Global configuration mode d. Interface configuration mode
Global configuration mode
Which of the following is a utility that is a wireless network detector, sniffer, and an intrusion detection system? Select one: a. Kismet b. Clonezilla c. Vistumbler d. Firefox
Kismet
What application is considered the original password-cracking program and is now used by many government agencies to test for password strength? Select one: a. John the Ripper b. Hydra (THC) c. Pwdump3v2 d. L0phtcrack
L0phtcrack
Which of the following is a common Linux rootkit? Select one: a. Back Orifice b. Kill Trojans c. Packet Storm Security d. Linux Rootkit 5
Linux Rootkit 5
A device that performs more than one function, such as printing and faxing is called which of the following? Select one: a. MILS b. ASA c. RTOS d. MFD
MFD
Visual Basic Script (VBScript) is a scripting language developed by which of the following companies? Select one: a. Sun Microsystems b. Symantec c. Macromedia d. Microsoft
Microsoft
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities? Select one: a. CVE Web site b. CERT c. Microsoft Security Bulletin d. Macromedia security
Microsoft Security Bulletin
Which type of wireless technology uses microwave radio waves to transmit data? Select one: a. Wideband b. Narrowband c. Infrared d. Mediumband
Narrowband
What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce? Select one: a. ECC b. RSA c. DES d. AES
RSA
An open-source embedded OS used in space systems because it supports processors designed specifically to operate in space
RTEMS
What type of attack is being performed when an attacker intercepts the initial communications between a Web server and a Web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher? Select one: a. Cross Server attack b. SSL/TLS downgrade attack c. Hydra attack d. TCP/IP attack
SSL/TLS downgrade attack
Which type of Cisco access lists can restrict IP traffic entering or leaving a router's interface based only on the source IP address? Select one: a. Standard IP Correct b. Extended IP c. IP restrict d. ACL IP
Standard IP
What type of packet filtering records session-specific information about a network connection, including the ports a client uses? Select one: a. Stateful b. Stateless c. Static d. Dynamic
Stateful
What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does? Select one: a. DMZ firewall b. stateless firewall c. upper-layer firewall d. application-aware firewall Correct
application-aware firewall
Uses two keys: one to encrypt data and one to decrypt data
asymmetric algorithm
Any computer system that is not a general-purpose PC or server
embedded system
In HTML, each tag has a matching closing tag that is written with which of the following characters? Select one: a. forward slash (/) b. backward slash (\) c. bang (!) d. ampersand (&) Feedback
forward slash (/)
Defines how data is placed on a carrier signal
modulation
The use of random data alongside plaintext as an input to a hashing function so that the output is unique
salt
What type of encryption is currently used to secure WPA2? Select one: a. Radius b. TKIP c. WEP d. AES
AES
Which of the following protocols is an enhancement to PPP, and was designed to allow a company to select its authentication method? Select one: a. EAP b. WEP c. WPA d. 802.1X
EAP
Data hops to other frequencies to avoid interference that might occur over a frequency band
FHSS
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers? Select one: a. ADSDSOOBJECT b. MySQLProv c. SQLOLEDB d. SNAOLEDB
SQLOLEDB
A digital document that verifies the two parties exchanging data over the Internet are really who they claim to be
certificate
Which of the following is a computer placed on the network perimeter with the main goal of distracting hackers from attacking legitimate network resources? Select one: a. IDS b. router c. honeypot d. firewall
honeypot
Which of the following is a range of allowable values that is used to generate an encryption key? Select one: a. algorithm area b. key range c. keyspace d. keyarea Feedback
keyspace
What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms? Select one: a. chosen-ciphertext b. chosen-plaintext c. known plaintext d. ciphertext-only
known plaintext
Devices on an organization's network performing more than one function, such as printers, scanners, and copiers
multifunction devices
A technology that uses microwave radio band frequencies to transmit data
narrowband
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL? Select one: a. reflected b. injected c. unvalidated d. Stored
reflected
Data is spread across a large-frequency bandwidth instead of traveling across just one frequency band
spread spectrum
Uses a single key to encrypt and decrypt data
symmetric algorithm
Which frequency band is used by commercial AM radio stations? Select one: a. extremely low frequency (ELF) b. very low frequency (VLF) c. medium frequency (MF) d. high frequency (HF)
(MF)
In 802.11, which of the following is an addressable unit? Select one: a. host b. Data Terminal Equipment (DTE) c. station (STA) d. wireless NIC (WNIC)
(STA)
Which IDS system uses a baseline of normal activity and then sends an alert if the activity deviates significantly from this baseline? Select one: a. System-based IDS b. Anomaly-based IDS c. Host-based IDS d. Network-based IDS
Anomaly-based IDS
What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date? Select one: a. BIOS-based rootkit b. embedded browser c. unclassified kernel d. patch
BIOS-based rootkit
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages? Select one: a. XML b. DHTML c. PHP d. CFML
CFML
An OS microkernel extension developed for Linux
RTLinux
A specialized embedded OS used in devices such as programmable thermostats, appliance controls, and even spacecraft
RTOS
Systems used for equipment monitoring in large industries, such as public works and utilities, power generators and dams
SCADA
What specific type of tools can assist teams by identifying attacks and indicators of compromise by collecting, aggregating, and correlating log and alert data from routers, firewalls, IDS/IPS, endpoint logs, Web filtering devices, and other security tools? Select one: a. IOS b. DMZ c. IDS d. SIEM
SIEM
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available? Select one: a. Static Application Security Testing b. Fast Application Security Testing c. Dynamic Application Security Testing d. Executable Application Security Testing
Static Application Security Testing
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application? Select one: a. reflected b. injected c. unvalidated d. Stored
Stored
A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate? Select one: a. NIST b. IEEE 802 c. PKI d. X.509
X.509
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following? Select one: a. firewall b. air gap c. router d. Vlan
air gap
What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does? Select one: a. DMZ firewall b. stateless firewall c. upper-layer firewall d. application-aware firewall
application-aware firewall
Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal? Select one: a. error handling b. delay logic c. client flow d. business logic
business logic
What type of attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt? Select one: a. chosen-ciphertext b. chosen-plaintext c. known plaintext d. ciphertext-only
chosen-plaintext
Cryptography is the process of converting plaintext, which is readable text, into unreadable or encrypted text called which if the following? Select one: a. ciphertext b. cleartext c. maskedtext d. subtext
ciphertext
In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data? Select one: a. chosen-ciphertext b. chosen-plaintext c. known plaintext d. ciphertext-only
ciphertext-only
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device? Select one: a. firmware b. testware c. middleware d. fireware
firmware
Used for verification, takes a variable-length input and converts it to a fixed-length output string
hashing algorithm
Red Hat and Fedora Linux use what command to update and manage their RPM packages? Select one: a. yum b. get c. dir d. apt-get
yum
