CSCI290 Blackboard Quizzes
A list of virus definitions is generally in a file with a _____ extension.
.dat
The Linux log file that contains activity related to the web server is ______.
/var/log/apache2/
The Linux log file that can reveal attempts to compromise the system or the presence of a virus or spyware is ______________.
/var/log/apport.log
What size key does a DES system use?
56 bit
The conflict between the users' goal unfettered access to data and the security administrator's goal to protect that data is an issue of _____.
Access control
A password policy for a 90- or 180-day replacement schedule is called password ________.
Age
The process to make a system as secure as it can be without adding on specialized software or equipment is _______________
Hardening
The virus scanning technique that uses rules to determine if a program behaves like a virus is ________ scanning.
Heuristic
Which of the following is not one of the basic types of firewalls?
Heuristic firewall
What should you be most careful of when looking for an encryption method to use?
How long the algorithm has been around.
If you experience a denial-of-servicce attack, you can use firewall logs to determine the _______ from which the attack originated.
IP address
1. ______________ is the use of spying techniques to find out key information that is of economic value.
Industrial espionage
Use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for _______
Instant messaging
Why is binary mathematical encryption not secure?
It does not change letter or word frequency
What is the main problem with simple substitution?
It maintains letter and word frequency
Which of the following is a disadvantage to using an application gateway firewall?
It uses a great deal of resource.
What type of encryption uses different keys to encrypt and decrepit the message?
Public key
Which of the following is a common way to establish security between a web server and a network?
Put a firewall between the web server and the network.
The rule that packets not originating from inside your LAN should not be forwarded relates to ___________.
Routers
The virus scanning technique that means you have a separate area isolated from the operating system in which a file is run, so it won't infect the system is _______.
Sandbox
What is the term for a firewall that is simply software installed on an existing server?
Screened host
A document that defines how an organization deals with some aspect of security is a(n) _______.
Security policy
Which of the following is the most common way for a virus scanner to recognize a virus?
To compare a file to know virus attributes
Which of the following is a good reason to check dependencies before shutting down a service?
To determine whether shutting down this service will affect other services
A security policy is a document that defines how an organization deals with some aspect of security.
True
A server with fake data used to attract an attacker is a honeypot.
True
A stateful packet inspection firewall examines each packet, and denies or permits access based not only on the current packet, but also on data derived from previous packets in the conversation.
True
CNE, MCITP, CISSP, and CCNA are examples of industry certifications.
True
Cyberterrorism is the use of computers and the Internet connectivity between them to launch a terrorist attack.
True
Hactivists means individuals who work for a cause using cyberterrorism.
True
Heuristic scanning uses rules to determine whether a file or program behaves like a virus.
True
Kerberos is an authentication protocol that uses a ticket granting system that sends an encrypted ticket to the user's machine.
True
L2TP uses IPsec for its encryption
True
Many states have court records online.
True
Public key encryption is fast becoming the most widely used type of encryption because there are no issues to deal with concerning distribution of keys.
True
The U.S. Patriot Act specifically deals with cyberterrorism.
True
The Windows Registry lists USB devices that have been connected to the machine.
True
The category of intrusion detection systems that looks for patterns that don't match those of normal use is called anomaly detection.
True
The chain of custody accounts for the handling of evidence and documents that handling.
True
www.yellowpages.com, www.whowhere.com, and www.LinkedIn.com are good websites to locate a person's home address or telephone number.
True
If you determine a virus has struck a system, the first step is to _________.
Unplug the machines from the network
How might you ensure that system patches are kept up to date?
Use an automated patching system.
__________ is a global group of bulletin boards that exist on any subject you can imagine.
Usenet
Passwords, Internet use, email attachments, software installation, instant messaging, and desktop configuration are areas of _____.
User policies
Passwords, Internet use, email attachments, software installation, instant messaging, and desktop configuration are areas of ______.
User policies
The ________ War was the first modern war in which there was strong and widespread domestic opposition.
Vietnam
It would be advisable to obtain __________ before running a background check on any person.
Written permission
Typically, when you update virus definitions _______.
You are updating the virus definition file on your computer.
Using Linux to backup your hard drive, if you want to create a hash, you would use the command-line command ___________.
md5sum
The Windows command to list any shared files that are currently open is ___________.
openfiles
A website that may help locate federal prison records is ________.
www.bop.gov/
A good password should contain only letters and numbers.
False
For individual computers not running firewall software, you should directly close ports.
False
In Linux the command to set up a target forensics server to receive a copy of a drive is dd.
False
Linux and Windows typically are not shipped with firewalls.
False
The MyDoom virus was directed against the Pentagon.
False
The method to attract an intruder to a subsystem setup for the purpose of observing him is called intrusion deterrence.
False
Windows has a built in firewall, but Linux does not.
False
www.yahoo.people.com is the website for Yahoo! People Search.
False
The Windows command fc lists all active sessions to the computer.
False Ñ The command net sessions lists any active sessions connected to the computer you run it on.
Mistaking a legitimate program for a virus is a
False positive
For individual computers not running firewall software, you should directly close ports.
False. Shut down the systems using that port..
A _________ is a barrier between your network and the outside world.
Firewall
You may use Linux to make a ______________ of the hard drive.
Forensically valid copy
In Windows the log that contains events collected from remote computers is the ____________ log.
Forwarded events
The first rule of computer security is to check ___________.
Patches
Although the Cyberterrorism Preparedness Act of 2002 was not passed, many of its goals were addressed by the ___________.
Patriot Act
Any _________ you do not explicitly need should be shut down.
Ports
What are the six Ps of security?
Ports, patch, protect, probe, policies, physical
What is the term for blocking an IP address that haws been the source of suspicious activity?
Preemptive blocking
What is PGP?
Pretty Good Privacy, a public key encryption method
A propaganda agent can manage multiple online personalities, posting to many different _____________.
Bulletin boards and discussion groups
Hackers want information about a target person, organization, and _______ to assist in compromising security.
Clothing size system
Most companies perform the same _________ background check of network administrators as they do of any other person.
Cursory
___________ is the premeditated, politically motivated attack against information computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents.
Cyberterrorism
A _________ involves setting up two firewalls: an outer and an inner firewall.
DMZ (Demilitarized Zone)
Which of the following is NOT an example of industrial espionage?
Denial-of-service attack
The background, screensaver, font size, and resolution are elements of _______.
Desktop configuration
Java and ActiveX codes should be scanned before they are ________.
Downloaded to your computer
__________ is the most obvious reason for organizations to provide their users with Internet access.
Emergency Communications
In May 2007, government offices of _________ were subjected to a mass denial-of-service attack because some people opposed the government's removal of a Russian WWII memorial.
Estonia
A firewall _______ is a tool that can provide information after an incident has occurred/
Log
When an employee leaves, all _______ should be terminated.
Logins
What is one way of checking emails for virus infections?
Look for subject lines that are from known virus attacks.
On a server, you should create your own accounts with ________ that do not reflect their level of permission.
Names
For an individual machine that is not running firewall software, you do not directly close ports. You shut down the _________ using that port.
None of the above.
Probing your network for security flaws should occur once a quarter, and a complete audit of your security should be completed ________ per year.
Once
Which of the following methods is available as an add-in for most email clients?
PGP
A packet-filtering firewall is a(n) _______ firewall.
Packet Filtering.
Many states have online __________ registries.
Sex offender
There have been cases of mistaken identity with _________lists.
Sex offender
The virus that infected Iranian nuclear facilities was exploiting vulnerability in SCADA systems.
Stuxnet
Procedures for adding users, removing users, and dealing with security issues are examples of _______ policies.
System administration
Procedures for adding users, removing users, and dealing with security issues are examples of ___________ policies
System administration
What are TSR programs?
Terminate and Stay Resident programs that actually stay in memory after you shut them down.