CNIT123-Quiz CH.09

What programming languages are vulnerable to buffer overflow attacks? a. Assembly and C++ b. C and Python c. Perl and Python d. C and C++

d. C and C++

T/F? Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have.

True

When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share? a. CIF level security b. Share-level security c. User-level security d. NT level security

b. Share-level security

Which of the following systems should be used when equipment monitoring and automation is critical? a. GUI b. VoIP c. CAD d. SCADA

d. SCADA

What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system? a. no SUS support b. no Linux support c. no SMTP support d. no ACL support

d. no ACL support

When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource? a. NT level security b. User-level security c. CIF level security d. Share-level security

b. User-level security

Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources? a. router b. rootkit c. host d. driver

b. rootkit

What is the current file system that Windows utilizes that has strong security features? a. ADS b. FAT c. FAT32 d. NTFS

d. NTFS

A device that performs more than one function, such as printing and faxing is called which of the following? a. ASA b. RTOS c. MFD d. MILS

c. MFD

Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users? a. Mandatory Control b. Access Control c. Mandatory Access Control d. SE Access Control

c. Mandatory Access Control

Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack? a. USB port b. RAM c. Web server d. PCB

c. Web server

Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS? a. VxWorks b. Windows 10 IoT c. Windows CE d. Windows Embedded 8

c. Windows CE

SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following? a. router b. Vlan c. air gap d. firewall

c. air gap - physical separation

Ubuntu and Debian Linux use what command to update and manage their RPM packages? a. yum b. get c. apt-get d. dir

c. apt-get

Which of the following is considered to be the most critical SQL vulnerability? a. SQL scanning b. SQL password c. null SA password d. null SA hash

c. null SA password

What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS? a. Perl b. C++ c. Python d. Java-based

d. Java-based

What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date? a. BIOS-based rootkit b. patch c. embedded browser d. unclassified kernel

a. BIOS-based rootkit

Which of the following is a common Linux rootkit? a. Linux Rootkit 5 b. Packet Storm Security c. Back Orifice d. Kill Trojans

a. Linux Rootkit 5

Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device? a. firmware b. testware c. middleware d. fireware

a. firmware