ITN 261 final review

Ace your homework & exams now with Quizwiz!

The __________ contains abundant information about common software vulnerabilities and exploits

CVE listing database

In which phase of the incident response process do you control the event as much as possible in order to stop the threat

Containment

Which of the following refers to the malicious insertion of scripting code to extract data or modify a Web site's code, application, or content?

Cross-site scripting (XSS)

Which of the following statements is true regarding information security breaches?

Cyber laws act as a broad deterrent but they do not secure networks from malicious activity

Which of the following is an approach to identifying viruses in which the program uses a signatures database to identify a virus?

Dictionary-based detection

Which phase of the incident response process includes collecting evidence without destroying or altering it, as well as removing the threat?

Eradication

Which of the following statements is true regarding ethical hacking?

Ethical hackers follow the same approach that hackers use to compromise remote systems and networks

What distinguishes ethical hackers from other intruders?

Ethical hackers obtain written permission to run security tools within the organization's network

Which of the following terms is used to describe a correctly formatted document that appears to be malware to an antivirus program?

False positive

Which of the following statements is true regarding security countermeasures on your wireless access point (WAP)?

Hashing should be used for data transmissions and e-mails through WLANs.

In which phase of the incident response process do you establish just what has actually occurred

Identification

Which of the following statements is true regarding intrusion detection systems (IDS)?

Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly

Which of the following block IP traffic based on the filtering criteria that the information systems security practitioner configures?

Intrusion prevention systems (IPS)

Metasploit is part of the __________ security distribution for Linux

Kali

Which phase of the incident response process is used to determine what went right during the incident response, what went wrong, and how to make the process better?

Lesson Learned

Which of the following terms refers to anything developed for the purpose of doing harm?

Malware

Which of the following statements is true regarding building a baseline definition?

Network engineers use baseline analysis to identify anomalies that could indicate problems

Zenmap is a graphical interface for __________, a port scanning tool that can quickly identify hosts and detect what operating system and services are running on them, and all without privileged access.

Nmap

Which of the following statements is true regarding external intrusion detection system (IDS) and intrusion prevention system (IPS) devices?

Normal hacking applications and tools that generate ICMP, IP, UDP, and TCP should be identified and blocked on these devices.

In Wireshark, which statistical feature can identify the packet size distribution of the capture

Packet Lengths

Which of the following are used to help reveal multiple layers of defense, help reveal application layer security protocols, and help validate network layer security settings by ensuring demilitarized and other isolated zones function as expected?

Penetration tests

Which phase of the incident response process ensures that there is a plan in place for handling incidents, a team responsible for investigating, and procedures for consistency?

Preparation

In Wireshark, which statistical feature identifies what protocols were on the LAN segment and which ones were permitted to be on the LAN segment?

Protocol Hierarchy

Which of the following is an encrypted footprint key that is faster at validation (but slower at signature generation) and is used for encrypting and signatures?

RSA—Rivest, Shamir and Adelman

In which phase of the incident response process is the affected system tested, restored, and returned to service?

Recovery

Which of the following checkbox options would you use to ensure that a scan will run on startup if the computer were off at the scheduled time?

Run when computer starts up if task has been missed

In general, which of the following is accomplished by appending a valid SQL command to the input that is being passed through a Web form into the database behind it?

SQL injection

Which of the following are used by data gatherers to find a large amount of information about a company, using not only the officially released information, but also information in publications and other Web sites?

Search engines

Which of the following refers to an event in an organization that can include accidental actions or malicious actions that result in a problem?

Security incident

Database administrators should monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as __________ alerts

Simple Network Management Protocol (SNMP)

Which of the following can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes?

Snort

Which of the following is a connection-oriented protocol that is used by applications that require this type of behavior?

TCP

What step in the hacking attack process identifies known vulnerabilities?

The enumeration phase

Which of the following can a hacker derive from the IP address of a target server?

The physical location of the server's data center

Which of the following do you need to decrypt encrypted messages and files from a trusted sender?

The sender's public key

Which of the following is an encryption method that has only 40-bits of encryption?

WEP (Wired Equivalent Privacy)

Which of the following is an encryption method that has 128-bits of encryption and is a subset of IEEE 802.11i?

WPA (WiFi Protected Access)

Which of the following is an encryption method that has 256-bits of encryption and is the full implementation of IEEE 802.11i?

WPA2 (WiFi Protected Access 2)

Which of the following statements is true regarding wireless networks (WLANs)?

Wireless networks open the company to risks not found in a wired network

Which of the following tools does not have a limitation on the size of the capture file, which makes it better suited to protocol capture?

Wireshark

A slow response opening applications or browsing the Internet, applications not working as they normally would, and the operating system not booting up correctly are all symptoms of:

a malware infection

Vulnerability checks can be run

against specific ports to find additional vulnerabilities that might need to be addressed

Which of the following commands is a scripting function used to generate a pop-up window with the message "Here is proof of a vulnerability"?

alert

Creating a baseline definition is done by

analyzing network traffic

During the XSS test, the fact that the Web form was able to correctly process the simple alert script indicated that there was a good chance that

any type of malicious script could be run

It is critical to use encryption techniques on a wireless LAN because the data payload within IP packets, including logons, passwords, and privacy data, would otherwise

appear in cleartext

DSA (Digital Signature Algorithm) and RSA (Rivest-Shamir-Adleman) are common __________ algorithms that can be used to successfully encrypt data and decrypt data

asymmetric encryption

In __________, a key pair is generated, one key is kept private and the other is shared

asymmetric encryption

Knowing and understanding what protocols and what size of Ethernet frames are being used for the transmission on the LAN segment is an important

baseline definition

As long as the content within a file does not change, the hash value (or checksum) will

calculate the same value every time

If e-commerce or privacy data is entered into a Web application, the company is bound by __________ to ensure the confidentiality of customer data

compliance laws and standards

Encryption is used for ensuring the __________ of the message

confidentiality

The -O switch in the Nmap commands you ran in this lab (for example, nmap -O -v 10.20.100.50) instructed Nmap to

detect the operating system of the machine

The purpose of __________ within an organization is to proactively locate vulnerabilities in an organization's defenses, and correct them to strengthen overall security

ethical hacking

Monitoring __________ allows information systems security practitioners to see who and what is attempting to infiltrate the IP network

external network traffic

The goal of a cross-site scripting (XSS) attack is usually to:

gain administrator or some other elevated level of user privileges

The more bits in the hash sum, the

greater the integrity checking of each bit that is transmitted from the source to its destination

For security reasons, it is important to __________ and to conduct regular site surveys and audits

have a wireless access policy

Hackers often use __________ instead of cleartext to make the scripts harder to detect

hexadecimal character strings

Often, programmers forget to __________, which then makes an application vulnerable to SQL injection

include script handling for special characters like apostrophes in their data input forms

The information you gathered in the lab's tests, along with the ability to write to a file, indicates that you have found a(n)

injectable database

Hashes are used for ensuring the __________ of the message

integrity

Prevention and detection are the two major categories of

internal controls

Monitoring __________ allows network analysts to see exactly which hosts may be compromised and what destination IP addresses employees are accessing

internal network traffic

When Snort captures and examines IP packets, it

looks for specific IP packet traffic patterns and abnormal traffic attempting to enter a network

A network baseline definition is a record of

normal network performance

Network and system engineers and information systems security professionals can help ensure Web application security through regular

penetration testing

Penetration testers

prioritize any findings and recommended policy and control changes.

A message digest, or hash, algorithm takes a string of text (the contents of your file or message) and:

produces a fixed-length set of hexadecimal characters

By its nature, WHOIS information must be

publicly available

An ethical hacker

recommends specific countermeasures for remediating the vulnerabilities and eliminating the exploits

The first phase of hacking is __________ phase, which is designed to gain as much information about a target organization and its systems as possible

reconnaissance

In the lab, Metasploit was able to connect to the victim system with __________ access, and without requiring a password

root-level

The following command line syntax (nmap --script=smb-check-vulns -p445 192.168.3.25) was used to

run a vulnerability check on port 445

The following command line syntax (nmap --script=smb-check-vulns -p445 10.20.100.50) was used for

running an SMB vulnerability scan against 10.20.100.50

It is the responsibility of the organization's __________ to know their networks and remove any possible point of entry before that happens

security and administration team

At the end of the lab, you drafted a WLAN __________ to mitigate the risk, threats, and vulnerabilities identified by the lab.

security implementation plan

An organization's __________ identifies the incident response team roles, responsibilities, and processes for performing an incident response

security policy

Cross-site scripting (XSS) vulnerabilities are generally found in Web forms that

send and retrieve data to databases via HTML

Antivirus vendors usually update their antivirus signature files

several times per week

Isolation, firewalls, and even IDS/IPS devices

should be considered as part of a WLAN layered security strategy

The -v switch in the Nmap commands you ran in this lab (for example, nmap -O -v 10.20.100.50) instructed Nmap to

show a great deal of detail

To establish a connection-oriented connection, a(n) __________ (SYN > SYN-ACK > ACK) is performed between the IP source and IP destination

three-way handshake

Which of the following is used to identify the network path that must be followed to reach one system from another?

traceroute

Penetration testing should be performed whenever the Web application or service is:

updated or modified

There is little point in hardening a system if it is already compromised. Therefore, a __________ is an important first step in locking down any system

virus scan

Penetration tests are also called

vulnerability scans


Related study sets

Immunology Unit 3 - Chapter 10 T-Cell Activation, Helper Subset Differentiation, and Memory

View Set

Psychology Final Test Ch. 9 - Ch. 16

View Set

Econ 102 Quiz Week 15 - Public Goods and Externalities

View Set

Biology Final Exam & Student Questions

View Set

лекція 2 Вікова Ф й А

View Set