INFO SEC CHAPTER 10 - 15

Ace your homework & exams now with Quizwiz!

Role-based access control (RBAC) uses labels to determine the type and extent of access to a resource and the permission, or security, level granted to each user.

False

Safe browsing practices have little to do with whether individuals become victims online.

False

Scareware is software specifically designed to display advertisements on a system in the form of pop-ups or nag screens.

False

Sniffers are fundamentally dangerous because they are used to steal information.

False

The Linux cd command displays all the files and subdirectories in a given location.

False

The netstat command-line tool is effective in detecting viruses and worms.

False

The rise of services such as Facebook, LinkedIn, and Twitter has made the loss of personal information or loss of control of that information through social media less of a concern.

False

Using the telephone is a common way for a social engineer to gather information.

False

Whenever possible, security practitioners should encourage people to use their social network for both their professional activities and their personal activities.

False

Which of the following provides the ability to monitor a network, host, or application, and report back when suspicious activity is detected?

Intrusion detection system (IDS)

Which incident response phase involves collecting evidence?

Investigation

Even if a disaster recovery plan (DRP) is properly evaluated and tested, it must be reviewed regularly because times change and the plan must adapt.

True

Firewalls separate networks and organizations into different zones of trust.

True

For many businesses, a social media presence is a key part of the corporate communications strategy.

True

Hardware-based keystroke loggers can be plugged into a universal serial bus (USB) port on a system and monitor the passing signals for keystrokes.

True

If a computer must be removed from a crime scene, chain-of-custody requirements come into play.

True

In Linux, a Live CD or DVD contains a fully featured, fully functional operating system.

True

In Linux, the /boot directory contains all the files required to start up and boot a Linux operating system.

True

In Linux, the command line is the only way to do more advanced operations.

True

In Windows, directories are referenced with the familiar "\", but in Linux, the directories are referenced with "/."

True

In some cases, spyware creators have stated their intentions outright by presenting End-User License Agreements (EULAs) to the victim.

True

Intrusion detection is the process of detecting potential misuse or attacks and the ability to respond based on the alert that is provided.

True

It is worthwhile to conduct an Internet search on yourself in order to see what personal information is available about you online.

True

MAC flooding involves overwhelming or flooding a switch with a high volume of requests.

True

Malware can be used to turn a system into a server hosting any type of content, such as illegal music or movies, pirated software, pornography, and financial data.

True

Malware can steal passwords and personal information from an unsuspecting user.

True

Many social networking sites have grown so large so fast that they have not taken appropriate security measures to secure the information they are entrusted with.

True

Most Internet of Things (IoT) devices have little or no security controls configured.

True

Most intrusion detection systems (IDSs) are based on signature analysis.

True

No evidence, regardless of type, is necessarily admissible in court.

True

Security tokens are devices used to authenticate a user to a system or application.

True

Social engineering is a type of information security attack that depends primarily on human weakness.

True

Social engineering relies on most people's ignorance of the value of their personal information or authority.

True

Some commands provide the ability to specify a series of arguments; in these situations, each argument should be separated with a space or tab.

True

Special-purpose Live CDs/DVDs include firewall applications and rescue disks.

True

The Linux kernel, unlike that of Windows, can be configured by anyone with the time and knowledge required.

True

The Payment Card Industry Data Security Standard (PCI DSS) has specific requirements for organizations' incident response plans.

True

The language and images you share with friends and family on social media may be inappropriate on the professional side of your life.

True

The majority of Linux commands are case sensitive.

True

There is typically only one version of a Linux kernel for a specific Linux operating system.

True

Wireshark, tcpdump, WinDump, and Omnipeek are popular sniffing tools.

True

With stateful packet inspection (SPI) in a firewall, the attributes of each connection describe the state of the connection.

True

You can run Kali Linux in a virtual machine.

True

You can run a live Linux distribution on a USB flash drive.

True

Christine investigated an alert generated by her intrusion detection system (IDS) and determined that the reported activity did actually take place. How should she classify this alert?

True positive

Greg is educating users about social media concerns in the corporate setting. Which of the following risks is most likely associated with an employee who has recently been terminated?

Tweet rage

________ is an immediate, angry response to something a person disagrees with online.

Tweet rage

A ________ defines how an organization will maintain what is accepted as normal day-to-day business in the event of a security incident or other events disruptive to the business.

business continuity plan

Botnets are used to perform all of the following attacks except ________.

passive session hijacking

Software that helps organize and track various usernames and passwords is called a ________.

password manager

The process of investigating any and all security incidents and related issues pertaining to a particular situation is called ________.

due diligence

An attacker using friendliness, trust, impersonation, and empathy to get a victim to do what they want him or her to do is participating in ________.

persuasion/coercion

Dean believes that a Trojan may have affected his system. Which command can he use to query for open connections and help to determine if a Trojan is using a specific port?

netstat

An attacker who sets up a realistic persona from which the victim seeks assistance is participating in ________.

reverse social engineering

Media Access Control (MAC) flooding and Address Resolution Protocol (ARP) poisoning are ________.

methods of bypassing a switch to perform sniffing

The term ________ is defined as the improper use of privileges or resources within an organization.

misuse

Which command creates new directories in Linux?

mkdir

Which Linux command moves files from one location to a new location?

mv

Wendy is an attacker who recently gained access to a vulnerable web server running Microsoft Windows. What command can she use to create a command prompt and redirect it to her local computer?

nc

A device used to break a network into multiple logical network segments known as collision domains is called a ________.

switch

Which of the following types of malware is a piece of code or software that spreads from system to system by attaching itself to other files, and is activated when the file is accessed?

Virus

Spokeo and Intellius are ________.

websites that contain personal information about people

Which of the following statements is NOT true about firewall policy?

A policy is unnecessary if the firewall is configured properly.

Caitlyn would like to use a single, multi-homed firewall to create a traditional demilitarized zone (DMZ) network. How many network interfaces does this firewall need?

3

Which of the following statements is NOT true about firewalls?

A firewall does not provide the ability to segment a network internally or within the organization itself.

Which of the following controls fit in the area of policy and procedure?

Administrative

In what type of attack does the attacker take over an established session between two parties and then interacts with the remaining party as if the attacker were the party that has been disconnected?

Active session hijacking

What type of sniffing takes place on networks that have connectivity hardware that is "smarter" or more advanced, such as those with a switch?

Active sniffing

Which of the following is an intrusion detection system with additional abilities that make it possible to protect systems from attack by using different methods of access control?

An intrusion prevention system

Which of the following is a detection method that uses a known model of activity in an environment and reports deviations from established normal behavior?

Anomaly detection

Dave would like to use a firewall that is able to intercept user connection requests and perform those connections on behalf of end users. What type of firewall does he want?

Application proxying, stateful inspection, honeypot

Which of the following specifies filenames or other targets that fine-tune the action of a Linux command?

Argument

Which of the following covers the potential risks uncovered following an incident and their potential impact on the organization?

Business impact analysis

________ is the process of tracking evidence from collection to trial and after, when it is returned to its owner or destroyed.

Chain of custody

Ursula would like to ensure that her local servers are protected against the failure of a single disk. What technology best provides this type of fault tolerance?

Cloud services

Which of the following is a type of alternate site that does not include backed-up copies of data and configuration data from the primary location?

Cold site

Which of the following statements is true regarding social networking in a corporate setting?

Company policies may discuss proper usage of social media and networking sites at work.

Jake just determined that an attacker controls a system on his network. What stage of the incident response process should he move to next?

Containment

Many attackers gain access to a target system through something known as a window.

False

Over the past few years, the use of denial of service (DoS) attacks to commit crimes such as extortion has decreased.

False

A business continuity plan (BCP) dictates how the entire business will be brought back to an operational state.

False

A denial of service (DoS) attack is typically the first action an advanced hacker will take in an attempt to access a system.

False

Over the past several years, social networking sites have become less of a target for cybercriminals.

False

Pop-up blockers clutter up a web browser and make it weaker.

False

A distributed denial of service (DDoS) attack can be performed using only a software component; no hardware component is necessary.

False

A host-based intrusion detection system (HIDS) monitors activity on a network.

False

A packet-filtering firewall is a type of firewall that functions as a gateway for requests arriving from clients.

False

A safe computing practice is to use one password for all online accounts.

False

Private information on Facebook is truly private.

False

A single computer configured to attract attackers to it and act as a decoy is a honeynet.

False

Accumulating as many connections as possible on social media (seeking quantity over quality) makes it less likely you will link or "friend" a scam artist or an identity thief.

False

Action session hijacking is functionally no different from sniffing.

False

Adware is a type of virus.

False

All Linux distributions are free.

False

All evidence, no matter the type, is admissible in court.

False

An intrusion detection system (IDS) is a single piece of software, as opposed to a series of components.

False

An intrusion detection system (IDS) prevents attacks from occurring.

False

An intrusion detection system (IDS) provides a way of both detecting an attack and dealing with it.

False

As soon as a security incident is discovered, it is important to disconnect any devices, wires, and peripherals, and shut down the system.

False

Regarding Linux, the terms "free" and "open source" are interchangeable.

False

Corroborative evidence is considered so strong that it directly overrides all other evidence types by its existence.

False

Documentation about chain of custody does not need to include how the evidence was collected.

False

Guidelines on how to use equipment safely fall under the banner of due diligence.

False

Honeypots are illegal.

False

Replacing a Windows computer with an Apple computer is the only way to stay safe online.

False

In Linux, the files that dictate access between hardware and the operating system reside in /home.

False

In Linux, the name of a command generally consists of uppercase letters.

False

In the context of a network, misuse is always malicious in nature.

False

It is possible to eliminate the chance of a security incident.

False

Kali Linux is designed to be used as a desktop replacement operating system.

False

Like Windows, Linux refers to drives and partitions by letters of the alphabet.

False

Xavier is developing a file system in which users will have the ability to grant editing permissions to their colleagues. What type of access control model is this approach using?

DAC

Linux can be operated only from the command line.

False

Which of the following is a region of a network or zone that is located between two firewalls?

Demilitarized zone (DMZ)

Logic bombs are relatively easy to detect.

False

Which of the following types of evidence is received as the result of testimony or interview of an individual regarding something he or she directly experienced?

Direct

What is the best way to ensure that Facebook privacy settings are well-managed?

Disable all options and enable them one by one.

Carla's business recently suffered an attack that shut down operations. What planning document describes how her business should recover from this disruption?

Disaster recovery plan

Which of the following documents states how personnel and assets will be safeguarded in the event of a disaster?

Disaster recovery plan

Which disaster recovery plan test closely simulates a disaster, including interrupting services and the organization itself?

Full interruption

Which of the following is NOT considered a safe computing practice?

Have shopping websites save your address and credit card information so you don't have to reenter it each time.

In which incident response phase do team members determine how seriously the incident has affected critical systems or data?

Incident identification

Which incident response phase has the goal of determining what was done right, what was done wrong, and how to improve?

Lessons learned

Which of the following types of viruses infects and operates through the use of a macro language built into applications, such as Visual Basic for Applications (VBA) in Microsoft Office?

Macro virus

Which of the following is a general term for software that is inherently hostile, intrusive, or annoying in its operation?

Malware

Countermeasures that can be used to defeat sniffing include all of the following except ________.

Media Access Control (MAC) flooding

Which of the following is a firewall best able to control?

Network traffic

Which of the following is not a common use of a live distribution of Linux?

Office productivity applications

Which of the following statements is NOT true regarding oversharing of company activities?

Oversharing of company activities typically is conducted by disgruntled employees who are intentionally trying to harm their company.

Which of the following statements is NOT true regarding passive sniffing?

Passive sniffing works only when the traffic you wish to observe and the station that will do the sniffing are in different collision domains.

Which of the following is true regarding account passwords?

Passwords should have at least one number and one special character.

Camila is educating users about social media risks. What is the primary risk of using the same password for more than one account?

Reuse of passwords leads to tweet rage; Passwords that are compromised on one site may be reused on other sites; Reuse of passwords is against the law.

Tom is preparing to testify in court in a criminal case. He plans to bring with him an image of a drive involved in the criminal activity. What term best describes this type of evidence?

Secondary evidence

Darcy is investigating the hacking of a system that contained customer records. She discovers the attacker stole some of those records. What term best describes this situation?

Security incident

Which of the following is NOT considered a sensible guideline to follow when using social networking sites?

Set up an email account that uses your real name.

Brynn discovered that her company's accounts receivable department is discarding customer payment checks without shredding them. What is the primary social engineering risk associated with this activity?

Shoulder surfing, impersonation, dumpster diving

Which Facebook protection practice enables you to "friend" work associates with whom you feel uncomfortable sharing personal information?

Show "limited friends" a cutdown version of your profile.

Frances recently installed a system that analyzes the content of network packets for signs of malicious activity. What type of technology is this system using?

Signature analysis

Which of the following refers to an intrusion detection system (IDS) that is programmed to identify known attacks occurring in an information system or network by comparing sniffed traffic or other activity with that stored in a database?

Signature analysis

Which of the following is commonly known as misuse detection because it attempts to detect activities that may be indicative of misuse or intrusions?

Signature recognition

Which disaster recovery plan test involves practicing backup and restore operations, incident response, communication and coordination of efforts, and alternative site usage in such a way that normal business operations are not adversely affected?

Simulation

Which of the following statements is NOT true regarding social engineering?

Social engineering has different goals and objectives than other types of hacking.

Which disaster recovery plan test involves members of the disaster recovery team reading through the plan together to uncover potential gaps and bottlenecks in the response?

Structured walkthrough

Content addressable memory (CAM) is the memory present on a switch, which is used to build a lookup table.

True

Vic is analyzing the LinkedIn profiles of his company's employees. He discovers that one of them is labeled with the keyword LION. What risk does this pose?

Trigger finger

Because the operating system of a live Linux distribution is run from physical memory, performance is slower than if it were installed on the hard drive.

True

Biometrics is a type of access control mechanism.

True

Education is key to stopping both worms and viruses.

True

A business that is part of the health care industry should expect regulations to come into play that dictate data protection needs and other requirements.

True

A hot alternate site typically has a high degree of synchronization with the primary site up to the point of completely duplicating it.

True

A multi-homed device has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces.

True

A password manager uses a single password to access all other passwords.

True

A persuasion/coercion attack is considered psychological.

True

A screened host is a setup where the network is protected by a device that combines the features of proxy servers with packet filtering.

True

A security control is a technical or nontechnical mechanism that enforces an organization's security policy.

True

A security incident is an event that results in a violation of or poses an imminent threat to the security policy.

True

A security incident report should include a risk assessment of the state of the system before and after the security incident occurred.

True

A security incident that is investigated improperly can result in substantial legal problems for a company.

True

A security information and event management (SIEM) monitors log files for security events.

True

A service level agreement (SLA) is a legal contract that lays out what a service provider will provide and at what performance level.

True

A web browser is safer if it is the latest version and it is kept up to date.

True

An alternate site is where all operations will be moved if the primary or normal site is no longer able to provide those services.

True

An important component of damage assessment is to determine whether the attack is over or ongoing.

True

An intrusion detection system (IDS) captures traffic and compares the intercepted traffic to known good or bad behavior.

True

Attacks that involve social networks have been made easier by the fact that their users often willingly share information.

True

Barriers, guards, cameras, and locks are examples of physical controls.

True

The capacity of a system to keep functioning in the face of hardware or software failure is called ________.

fault tolerance

A group of computers or a network configured to attract attackers is called a ________.

honeynet

A detailed plan that describes how to deal with a security incident when it occurs is called a(n) ________.

incident response plan

The term ________ is defined as an unauthorized use or access of a system by an individual, a party, or a service.

intrusion

The principle that individuals will be given only the level of access that is appropriate for their specific job role or function is called ________.

least privilege

Attackers observing victims as they enter codes at a bank cash machine or a gas pump are participating in ________.

shoulder surfing

Tricking or coercing people into revealing information or violating normal security practices is referred to as ________.

social engineering

Facebook, Twitter, and LinkedIn are examples of ________.

social networking sites

The primary components of a network-based intrusion detection system (NIDS) are ________.

the command console and the network sensor

Which Linux directory contains executables used by the operating system and administrators but not typically by ordinary users?

/sbin

Gary is investigating an attack against his web server and would like to inspect the HTTP logs. Which top-level directory would contain these logs?

/var

All executables in the Linux ________ directory are accessible and usable by all system users.

/bin

Kaiden would like to find the list of physical disk drives that are connected to a Linux system. Which directory contains a subdirectory for each drive?

/dev

Which directory contains vital information about processes running on the Linux system?

/proc

Which of the following is a next-generation Trojan tool designed to accept customized, specially designed plug-ins?

Back Orifice (BO2K)

It is easy for a session hijacker to predict the sequence numbers of packets in order to hijack a session successfully.

False

Modern antivirus software is not equipped to deal with the problems polymorphic viruses pose.

False

Most networks and protocols are inherently secure, making them difficult to sniff.

False

Session hijacking is the process of assisting two parties in establishing a new session.

False

The drawback of planting a backdoor on a system is that an attacker will likely trigger a defense mechanism when trying to access the system in the future.

False

Typically, a computer system can see all communications, whether they are addressed to the listening station or not.

False

Worms require user intervention for their infection to take place; viruses do not.

False

Chris is concerned that attackers might engage in sniffing attacks against traffic on his network. Which of the following protocols is most susceptible to sniffing attacks?

Hypertext Transfer Protocol (HTTP)

Which of the following statements is NOT true regarding passive session hijacking?

In passive session hijacking, the attacker assumes the role of the party he has displaced.

Which of the following is NOT a common use of live Linux distributions?

Increasing random access memory (RAM) on a system

Which of the following is the first step an attacker must perform to conduct a successful session hijacking?

Insert himself/herself between Party A and Party B.

Which of the following statements is NOT true regarding Address Resolution Protocol (ARP) poisoning?

It cannot be used to tap Voice over IP (VoIP) phone calls.

Ron is building a system that he will use in a penetration test and would like to choose a Linux distribution well-suited to that purpose. Which of the following Linux distributions would be his best choice?

Kali

Which statement is NOT true of Kali Linux?

Kali is designed to be used as a desktop replacement operating system.

Which of the following statements is true of Linux?

Linux runs on a limited range of hardware.

Jane's organization recently experienced a security incident that occurred when malware set to trigger on the chief executive officer's (CEO's) birthday deleted all of the company's customer records. What type of malware was used in this attack?

Logic bomb

Which of the following types of viruses is a piece of code or software designed to lie in wait on a system until a specified event occurs?

Logic bomb

Harold is performing a penetration test and would like to force a switch to fall back to forwarding mode. Which of the following attacks would be most helpful to Harold in meeting his goal?

MAC flooding

Which of the following types of viruses infects using multiple attack vectors, including the boot sector and executable files on a hard drive?

Multipartite virus

Which of the following is a distributed denial of service (DDoS) attack in which the attacker sends a large number of ping packets with the intent of overwhelming a victim?

Ping flood

Which of the following types of viruses is designed to change its code and "shape" to avoid detection by virus scanners?

Polymorphic virus

Maria recently discovered that an attacker placed malware on a system used by her company's chief financial officer (CFO) that allowed the attacker to remotely control the system. What type of malware was used in this case?

RAT

Which of the following is a type of malware designed to hold your data hostage?

Ransomware

Barry is investigating the unauthorized access to his chief executive officer's (CEO's) email account. Barry discovers the tools Ettercap and Hunt on a nearby workstation. Which of the following attacks is the most likely cause of the breach?

Session hijacking

Yolanda discovered that a botnet infected several systems on her network. Which of the following activities is not a likely use of the botnet?

Social engineering

Helen would like to sniff network traffic for troubleshooting purposes and is looking for a command-line utility that will allow her to analyze network traffic. Which one of the following tools best meets her need?

Tcpdump

Which of the following laws was originally passed to address federal computer-related offenses and the cracking of computer systems?

The Computer Fraud and Abuse Act of 1986

Which of the following statements is NOT true regarding distributed denial of service (DDoS) attacks?

The attack is easily tracked back to its true source.

Which of the following will happen after using a Linux Live CD/DVD, ejecting the media, and rebooting the system from the hard drive?

The system will be just like it was before using the Live CD/DVD.

Joon believes that a worm infected several systems on his network. Which of the following statements is NOT true about worms?

They require user action to spread.

Which of the following statements is NOT true about dictionary-based virus detection?

This method can detect viruses that it knows about and those it does not know about.

Which of the following is malware that looks legitimate but hides a payload that does something unwanted?

Trojan

A software development kit specifically designed to facilitate the design and development of Trojans is called a ________.

Trojan construction kit

A denial of service (DoS) attack is designed to deny legitimate users the use of a system or service through the systematic overloading of its resources.

True

A lookup table is used to track which Media Access Control (MAC) addresses are present on which ports on a switch.

True

Active sniffing introduces traffic onto a network, which means the sniffer's presence is detectable on the network.

True

An attacker can use a keystroke logger to monitor activity on a system and have it reported back to the attacker.

True

Antivirus programs can use the suspicious behavior method to monitor the behavior of applications on a system.

True

Both denial of service (DoS) and distributed denial of service (DDoS) attacks seek to overwhelm a victim with requests designed to lock up, slow down, or crash a system.

True

Click fraud is a type of botnet attack in which infected systems are used to click on ads, generating revenue for the attacker.

True

Hoax viruses are those designed to make the user take action even though no infection or threat exists.

True

If any part of a multipartite virus is not eradicated from the infected system, it can re-infect the system.

True

In the first wave of a distributed denial of service (DDoS) attack, the targets that will be the "foot soldiers" are infected with the implements that will be used to attack the ultimate victim.

True

One of the main characteristics of worms is that they do not need a host program to function.

True

Promiscuous mode is a special mode that a network card can be switched to that will allow the card to observe all traffic that passes by on the network.

True

When a covert channel is in use, information is typically transferred in the open, but hidden within that information is the information the sender and receiver wish to keep confidential.

True

Wrappers can be used to merge an attacker's intended payload with a harmless executable to create a single executable from the two.

True

Which of the following is a malware program designed to replicate without attaching to or infecting other files on a host system?

Worm

Hajar needs to copy files on a Linux system. What command can she use to create a new copy of a file in a different location while preserving the original file?

cp

Which of the following Linux commands copies files from location to location?

cp

Consumption of bandwidth, consumption of resources, and exploitation of programming defects are the three broad categories of ________.

denial of service (DoS) attacks

All of the following actions can be helpful in thwarting session hijacking attacks except ________.

employing operating systems that create predictable sets of sequence numbers

Denial of service (DoS) and distributed denial of service (DDoS) attacks have the same effect. However, a DDoS attack ________.

is launched from large numbers of hosts that have been compromised

The core component of the Linux operating system, which has control over all low-level system functions such as resource management, input and output operations, and central processing unit (CPU), is called the ________.

kernel

A process where communications are redirected to different ports than they would normally be destined for is called ________.

port redirection

Which command displays the current location of the user within the Linux directory structure?

pwd

Trojans perform the following operations except ________.

replicating

Which command removes or deletes empty directories from the Linux filesystem?

rmdir

Which of the following is NOT one of the more common distributions of Linux?

Cinnamon


Related study sets

Complete Emergency Med Objectives

View Set

Physics fall semester final review - questions

View Set

Social Psychology: Willpower and Ego Depletion

View Set

CSS 331 - Exam II Review: Chapter 10

View Set

Cell division Homework #1 - Mrs.Brya

View Set

Chapter 7 A&P in class assignment

View Set