ITN 266 Final Exam

Ace your homework & exams now with Quizwiz!

Which of the following is considered the least satisfactory as a fix to a vulnerability?

A work-around

Which of the following is NOT an element of host hardening?

Allowing an unlimited amount of applications on the host.

________ refers to storing backed-up data for extended periods of time.

ArchIt is a relatively slow backup method.iving

________ refers to ensuring that copies of data files are stored safely and securely and will survive even if data is lost or damaged

Backup

________ is concerned with the restarting of the day-to-day revenue generating operations of the firm.

Business continuity planning

A major security incident is generally handled by the ________.

CSIRT

________ is the act of actually stopping an incident's damage.

Containment

________ can be used to track users at a website

Cookies

Which of the following is NOT a DBMS?

DBAN

It is important that data stored in a database not be cryptographically protected.

False

Once an attack has begun, a company should never allow the attacker to continue.

False

Total software reinstallation effectively addresses data loss.

False

Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests may miss.

False

With good planning and protection, a company can eliminate security incidents.

False

______ backups only back up data that has changed since the most recent full backup.

Incremental

Which of the following is FALSE about configuring multiple hard drives as an array within a single system?

It is a relatively slow backup method.

What is the problem with image spam?

It takes up more bandwidth than traditional text spam.

________ are small programs and are probably the safest because many attack-related actions are disabled

Java applets

________ uses statistical methods, algorithms, and mathematics to find patterns in a data set that uniquely identify an individual

Profiling

A good way to get both reliability and fast data transfer speeds it to use a(n) ________ configuration

RAID 5

________ offers no security at all.

SNMP V1

________ is an attack that involves sending modified SQL statements to a web application that will, in turn, modify a database

SQL injection

________ are sets of specific actions to be taken to harden all hosts of a particular type and of particular versions within each type.

Security baselines

A CSIRT should include members from the public relations department.

True

A RAID 5 configuration can recover from a single-drive failure, but not a multidrive failure

True

Backup management and good policies begin with an understanding of the current system and future needs

True

Encryption is desirable, but it makes sharing more difficult.

True

False positives are legitimate activities that are flagged as suspicious.

True

Incident response is defined as reacting to incidents according to plan.

True

It is easier to punish employees than to prosecute outside attackers.

True

One of the most often overlooked mechanisms used to reduce data loss is employee training.

True

________ allows multiple operating systems to run independently on a single physical machine.

Virtualization

Which of the following is FALSE about virtualization?

Virtualization typically increases labor costs.

Which of the following is not one of the four security levels of incidents?

Virus epidemics

________ is logically and physically erasing data so that it is unrecoverable.

Wiping

A danger of website programming is accidentally allowing ________

XSS

The business continuity team should be headed by ________.

a senior business manager

Restoration of data files from tape ________.

always results in data loss

E-mail filtering can be done at all of the following EXCEPT ________.

an authentication server

Compared to full programming languages, scripts ________.

are easier to use than full programming languages

UNIX tends to be interoperable ________.

at the kernel level

Company policies should mandate that all backup media should ________.

be encrypted

SSL/TLS provides security ________.

between an e-mail client and its mail server

Temporary areas in RAM are known as ________

buffers

VoIP is ________.

calling someone over the Internet

The prevention of sensitive information from being sent out of a company is called ________.

extrusion prevention

Any device with an IP address is a(n) ________.

host

In VoIP, firewalls are a problem because they tend to ________.

increase latency

A simple yet effective way of discouraging attackers from accessing a database is to change the default ________.

listening port

With RAID 5, reliability is provided by ________

parity bits

In IM, all messages pass through a(n) ________ server.

relay

If it can be applied, the least-damaging recovery option is ________.

repair during continuing server operation

Assigning security measures to a group tends to ________ than assigning security measures to individuals.

require less labor time

Successful attacks are commonly called ________.

security incidents

Checkouts of backup media for restoration ________.

should require written permission of the manager of the person wishing to access the backup

RAID 0, writing data across multiple disks, is known as ________.

striping

When a hacker is able to take over control of a host, nearly or completely, this indicates the hacker has ________.

super user privileges

A walkthrough is also called a ________.

table-top exercise

Relations in a database are commonly called

tables

After program or application creation, a program is moved to a(n) ________.

testing server

The only person who should speak on behalf of a firm should be ________.

the public relations director

To find out who is sending trade secrets out of the firm, you can use a ________.

watermark

A ________ is defined as an attack that comes before fixes are released.

zero-day attack


Related study sets

CH 23 Saunders Care of Older Client

View Set

HBY 554: 2/27: Synaptic Plasticity

View Set

Art 157 Ch. 2.10: Alternate Media and Processes Study Guide

View Set

Part 1: Text Details and Context Clues in an Informational Text

View Set

Intro to Business (Chapters 7-10) Test #3

View Set