Mid-Term Study Guide

Ace your homework & exams now with Quizwiz!

In DNS, what is the maximum number of sub-levels that is allowed

127

From 2011 to 2013, probes and intrusions into computer networks of critical infrastructure in the United States increased by what percentage?

1700

An asymmetric cryptographic digital system uses how many sets of keys?

2

What technology provides processor extensions as a chip-level solutions that allow virtualization to issue privileged x86 instructions VMMs can not virtualize

AMD's AMD-V Intel's Virtualization Technology (VT)

Examples of contactless smart cards (CSC) are,..

Access Control Badges U.S. Electronic Passport VISA, MasterCard, and American Express

The primary types of RFID tags when categorized by power source are,...

Active Passive Battery-assisted passive

What does APT stand for?

Advanced Persistent Threat

Which type of firewall would provision for web and e-mail filtering?

Application Gateway

On Window, an API stands for an,...

Application Programming Interface

For which events was TOR used?

Arab Spring Green Revolution

Shellcode is written in what language, which is passed through an assembler to create the binary machine code that the central processing unit (CPU) can execute.

Assembly Language

Which element of the CIA Triad concerns itself with attacks that try to prevent access to a network

Availbility

One common system level vulnerability and attack that uses computer memory is what type of attack?

Buffer Overflow

Exploit kits such as Death Pack and Neosploit are written in what language(s)

C PHP

Why do attackers use proxies?

Capture Traffic Mask IP Make traffic look legitimate

A trusted third party used to produce digital certificates that explicitly tie an entity to a public key is known as a

Certificate Authority

Which is not a Host-based firewalls solution?

Cisco iptables

PPC has resulted in what type of fraud?

Click Fraud

Which element of the CIA Triad concerns itself with attacks used to gain entry into computer networks to monitor activities

Confidentiality

The most pervasive type of cybercrime is

Credential Crime

Stuxnet required which type of individuals to develop the malware

Cyber Experts Engineers familiar with Siemens equipment Nuclear Physics

The use of digital tools by criminals to steal or otherwise carry out illegal activities is called?

Cybercrime

The global domain within the information environment consisting of the independent network of of information technology infrastructure, including the Internet, telecommunication networks, computers systems and embedded processors and controllers is

Cyberspace

Which type of attack is based on the principle that responding to incoming queries or request consume computer resources and network bandwidth?

DOS

Which is an example of loss of data availability? (select all that apply)

DOS Attack DDOS Attack

The National Research Council defined cyber attacks as which of the following

Deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or information

The impact of a successful SQL injection attack can include which of the following

Destruction of the entire database Sensitive Data Leakage Website Defacement

Antivirus vendors can not detect a modification to the firewall settings of Windows Firewall

False

Attacker proxies never handle or use the User Datagram Protocol (UDP).

False

Block ciphers are less common in symmetric encryption algorithms

False

Competitors cannot benefit from click fraud

False

Default passwords are generally not a problem with dealing with network security

False

Digital signatures are easy to steal

False

For information assurance, the concerns for protecting confidentiality only consider the electronic world.

False

In malware, the payload is used to exploit a well known or zero day vulnerability

False

Most Web exploit tools are so very complex and require the operator to perform difficult task to prepare the executable virus for installation.

False

Once the initial exploitation and exfiltration is over, an APT is no longer an concern

False

Paravirtualization does not require modification to the virtual machine's operating system

False

Shellcode IS NOT operating system specific

False

Shellcodes ports well between Linux, UNIX, and Windows platforms

False

The "phone home" phase of an APT attack is very difficult to detect

False

The HTTP protocol can not be used for tunneling because of the limited space for content (or payload) in the request or reply message.

False

There is no "quality assurance" involved in APTs during development

False

Using IDS iodine signatures available for Snort, it is impossible to "hack" tunnels to foil the defenses offered

False

Most smishing attacks target what institution?

Financial

Which is the core protocol for which the Internet "rides on".

HTTP

Asprox used which type of "flux" strategy?

Hydra-Flux

Botnets use which type of communication channel to manage infected machines

IRC

Which organizations provide access to the Internet to the common household?

ISP

Which are valid Windows scheduling priority classes

Idle Below Normal Above Normal High Real-Time

Which element of the CIA Triad concerns itself with attacks used to change data rather than extract information.

Integrity

What does impersonation do when used within a service

It impersonates a client while accessing requested resources on the server

When authentication requires more than one piece of information (factor), we call this,...

Multifactor Authentication

NIAG stands for

National Information Assurance Glossary

What features below describe the operations of a firewall?

Network Devices or Software Separates one trusted network from an untrusted network Uses rule-based filtering of network traffic

The Windows library function to create a process is

NtCreateProcessEx

Which are commercial PHP obfuscation commonly used by Web exploit tool authors

NuSphere's NuCoder Zend Guard

Decentralized botnets use what type of communication to send commands between bots?

P2P

The Internet is a _______ network

Packet-Switched

A unique identifier given to a new process by the system during initiation is

Process Identifier (PID)

RFID stands for,...

Radio Frequency Identification

What two categories do DNS resolvers fall into two categories:

Recursive Non-Recursive

The name RAT used within Shady RAT stands for

Remote Administration Tool

Double-flux involves

Rotating Host IPs Rotating DNS IPs

For an adversary, fast-flux solves which of the following problems

Routing Issues Firewall Filtering Infection Remediation

The TCP port 1080 is used by,...

SOCKS Proxy

Which is an example of loss of data integrity?

SQL Attack

Which is one of the most common tunneling implementations? Researchers cannot help but think of when hearing the word tunneling

Secure Shell (SSH)

Traditional antivirus software relies on what for malware detection?

Signatures

Which best describes APTs

Specific Target Work of a team Combine organization, intelligence, complexity, and patience to develop

Encryption using Exclusive OR (XOR) is what form of encryption?

Symmetric

What technology aids users in evading government surveillance and censorship

TOR

The "control plane" is used for,...

The dynamic sharing of router information

What company hosted the Taliban website that kept a running tally of suicide bombing and other attacks against the US troops in Afghanistan

ThePlanet

Administrators can detect the use of proxies through by which of the following,

Track Configuration Changes Use IDS Use tools like decloak.net

Rogue anti-virus uses what type of malware technique

Trojan

Buffer overflows are a common exploit technique using shellcode as a payload to execute code within the targeted process

True

Click Fraud occurs when an ad network charges an advertiser for a click when there is no opportunity for a legitimate "conversion"

True

Metadata is data about data, information that describes the nature of communication, rather than the content.

True

One technique for detecting Click Fraud is to record IP addresses and only count multiple "clicks" as one "click" when they occur from the same IP within a predetermined time frame, such as 30 minutes

True

PPC is based on the premises that ad publishers get paid by the number of potential customer who click on an ad on the publishers website

True

Performing an XOR operation on the same data twice with the same key will always result in the same ciphertext.

True

Shady RAT was a state-related (sponsored) campaign

True

Shellcode is binary code

True

Software flaws can lead to loss of data integrity

True

The registry key at HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings, entry named "ProxyServer", controls the proxy settings for Internet Explorer.

True

To instruct the PDF viewer to execute the JavaScript code upon opening the file, the malware author must also assign an action to the object

True

To prevent overflow attacks, a program can validate data received for both size and content

True

Web browsers load PDF files automatically, so a malicious PDF file can exploit a user's computer without any interaction once the user visits a malicious website.

True

With virtualization, each virtual machine is capable of running its operating system independent of the other virtual machines running on the same physical machine.

True

Virtualization systems consist of key components

VMM Physical Hardware Virtual Hardware Virtual Operating System Host Operating System

"doxing" is

an attacked focuses on revealing personal information to the public

When an attacker tricks a DNS server into accepting data from a nonauthoritative server and returns them to other resolvers it is called,..

cache poisoning

Exploit tools analyze the referrer HTTP header to determine

if the victim originates from an infected page, avoid sending malicious content to malware researchers who may try to analyze a website

On Linux, to perform a system call, the shellcode issues an

interrupt

Authorization relates to

permissions

A PRNG algorithm is,...

pseudo-random number generation

Which below DOES NOT describes when a binary executable becomes an actual program.

the OS reserves all resource required by the executable

An access control lists describes

the access that identities may request when accessing the token.

In PPC, an "Impression" is

the number of times a viewer sees an ad


Related study sets

Live Virtual Machine Lab 5.4: Module 05 Troubleshooting Cable Connectivity

View Set

PrepU Chap 46: Assessment and Mgmt of a Patients with Diabetes

View Set