Network and Defense Security Final

Which of the following refers to a type of firewall that filters on a specific application's content and session information? A. Circuit firewall B. Hardware firewall C. Application firewall D. Stateful inspection

C. Application firewall

Which of the following refers to a host on a network that supports user interaction with the network? A. Server B. Role C. Trust D. Client

D. Client

Which of the following is a detailed and thorough review of the deployed security infrastructure compared with the organization's security policy and any applicable laws and regulations? A. Incident response plan B. Compliance audit C. Disaster recovery plan D. Business continuity plan

B. Compliance audit

Which of the following is given to a software interface with a system that allows code execution? A. Intentional Electromagnetic Interference (IEMI) B. National Institute of Standards and Technology (NIST) C. Proxy D. Command shell

D. Command shell

Which of the following describes fair queuing? A. A technique of load balancing that operates by sending the next transaction to the firewall with the least current workload. B. An event that triggers an alarm but should not have because the traffic or event actually is benign. C. A form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on. D. A written expression of an item of concern (protocol, port, service, application, user, and IP address) and one or more actions to take when the item of concern appears in traffic.

A. A technique of load balancing that operates by sending the next transaction to the firewall with the least current workload.

Which of the following describes a banner? A. A message sent by a service in response to a valid or invalid query. Its function is to confirm communication is functioning properly or to announce an error. B. A form of unauthorized access to a system. C. Persistent public messaging forums accessed over the Network News Transfer Protocol (NNTP). D. A variant of the UNIX operating system that is supported by Windows NT 4.0, but not subsequent version of Windows.

A. A message sent by a service in response to a valid or invalid query. Its function is to confirm communication is functioning properly or to announce an error.

Which of the following describes advanced persistent threat (APT)? A. A network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The purpose of such an attack is to steal data, not to damage the network or organization. B. A rogue program that automatically dials a modem to a pre-defined number. Sometimes this is to download additional malware to the victim or to upload stolen data from the victim. In other cases, the dialer calls premium rate telephone numbers to rack up massive long distance charges. C. The act of a hacker changing the MAC address of the network interface. D. The unused portion of the last cluster allocated to a stored file. It may contain remnants of prior files stored in that location.

A. A network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The purpose of such an attack is to steal data, not to damage the network or organization.

Which of the following refers to a software firewall installed on a client or server? A. Host firewall B. Hardware firewall C. Transport Layer (Layer 4) D. Client

A. Host firewall

Which of the following describes the state or condition of an asset or process vitally important to the long-term existence and stability of an organization? A. Mission-critical B. Fail-secure C. Fail-open D. Compliance audit

A. Mission-critical

Which of the following describes awareness? A. A dedicated microchip found on some motherboards that host and protect the encryption key for whole hard drive encryption B. The third and highest level of obtaining security knowledge that leads to career advancement C. A security guideline, procedure, or recommendation manual D. Basic security training that focuses on common or basic security elements that all employees must know and abide by

D. Basic security training that focuses on common or basic security elements that all employees must know and abide by

Which of the following refers to a form of IDS/IPS detection based on a recording of real-world traffic as a baseline for normal? A. Knowledge-based detection B. Signature-based detection C. Anomaly-based detection D. Behavioral-based detection

D. Behavioral-based detection

Hackers can be deterred by defense methods that detect and evade. All of the following are defense methods, except which one? A. Honeypots B. Firewalls C. IDSs D. Botnet army

D. Botnet army

Which of the following refers to a communication pathway, circuit, or frequency dedicated or reserved for a specific transmission? A. Hardware VPN B. Host-to-site VPN C. Asymmetric cryptography D. Channel

D. Channel

Which term describes a network, network link, or channel located between the endpoints of a VPN? A. One-way function B. Host-to-host network C. Site-to-site network D. Intermediary network

D. Intermediary network

Which of the following is the name given to unauthorized access to a system? A. Hijacking B. Backdoor C. Tunneling D. Exploit

B. Backdoor

Which term is used to describe a firewall that is implemented via software? A. Risk assessment B. Bump-in-the-stack C. Hardware firewall D. Screening router

B. Bump-in-the-stack

Which term describes a network device that forwards traffic between networks based on the MAC address of the Ethernet frame? A. Domain B. Bottleneck C. Bridge D. Node

C. Bridge

Which of the following is not a type of malware? A. Virus B. Worm C. Chip creep D. Trojan horse

C. Chip creep

Which of the following refers to a failure response resulting in open and unrestricted access or communication? A. Fail-open B. Mission-critical C. Default allow D. Fail-secure

A. Fail-open

Which of the following characteristics describes an edge router? A. The last device owned and controlled by an organization before an ISP or telco connection B. A form of VPN establishing a secure VPN over trusted VPN connections C. A form of cryptography in which each encryption key is used once before being discarded D. A security service that ensures that a sender cannot deny sending a message

A. The last device owned and controlled by an organization before an ISP or telco connection

Which of the following describes authentication? A. The process of confirming the identity of a user B. Confidence in the expectation that others will act in your best interest or that a resource is authentic C. A small network, workgroup, or client/server, deployed by a small business, a home-based business, or just a family network in a home D. A stated purpose or target for network security activity

A. The process of confirming the identity of a user

Which of the following describes AppleTalk? A. A legacy protocol used in networks hosting mainly Macintosh computers B. A policy that allows employees, contractors, and others to connect their own computers, smartphones, and other devices to their organizations' networks C. An application-programming interface (API) developed by IBM in 1985 to emulate NetBIOS on a token ring network D. An Application Layer protocol used by e-mail clients to receive messages from an e-mail server

A. A legacy protocol used in networks hosting mainly Macintosh computers

Which of the following describes an access control list (ACL)? A. A mechanism that defines traffic or an event to apply an authorization control of allow or deny against B. An intrusion detection system/intrusion prevention system (IDS/ IPS) based on a defined normal, often defined using rules similar to firewall rules C. An event that does not trigger an alarm but should have, due to the traffic or event actually being abnormal and/or malicious D. A form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on

A. A mechanism that defines traffic or an event to apply an authorization control of allow or deny against

Which of the following characteristics relates to access control? A. The feature of network design that ensures the existence of multiple pathways of communication. B. An attack that occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters C. The process or mechanism of granting or denying use of resources; typically applied to users or generic network traffic D. The process of confirming the identity of a use

C. The process or mechanism of granting or denying use of resources; typically applied to users or generic network traffic

Which term describes the calculation of the total loss potential across a year for a given asset and a specific threat? A. Annualized loss expectancy (ALE) B. Annualized rate of occurrence (ARO) C. User Datagram Protocol (UDP) D. Cost-benefit analysis

A. Annualized loss expectancy (ALE)

2. Which term describes an object, computer, program, piece of data, or other logical or physical component you use in a business process to accomplish a business task? A. Asset B. Client C. Appliance D. Trust

A. Asset

Which term describes the cumulative value of an asset based on both tangible and intangible values? A. Asset value (AV) B. Exposure factor (EF) C. Single loss expectancy (SLE) D. Packet

A. Asset value (AV)

What attack cracks a password or encryption key by trying all possible valid combinations from a defined set of possibilities (a set of characters or hex values)? A. Brute-force attack B. Hybrid attack C. Dictionary password attack D. Modeling

A. Brute-force attack

What term is used to describe a tactic of pursuing and extracting information for the purpose of making a sale or performing a social engineering attack? A. Cold calling B. Privilege escalation C. Proxy manipulation D. Recreational hacker

A. Cold calling

Which name is given to the security service of preventing access to resources by unauthorized users while supporting access to authorized users? A. Confidentiality B. Authentication C. Demilitarized zone (dmz) D. Defense in Depth

A. Confidentiality

Which of the following describes identity and access management (IAM)? A. The security discipline that enables the right individuals to access the right resources at the right times consistent with organizational policy B. Portions of a software system that unauthenticated users can run C. A form of security based on hiding details of a system or creating convolutions that are difficult to understand to overcome the obscure methodology D. A policy of allowing or even encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks

A. The security discipline that enables the right individuals to access the right resources at the right times consistent with organizational policy

Which of the following refers to a form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on stored in a database of known malicious traffic and events? All traffic or events that match an item in the database are considered abnormal and potentially malicious. A. Database-based detection B. Firewalking C. Anomaly-based detection D. False Positive

A. Database-based detection

Which term describes the process of converting ciphertext back into plain text? A. Decryption B. Hashing C. Avalanche effect D. Symmetric cryptography

A. Decryption

Which term is used to describe a network service that maintains a searchable index or database of network hosts and shared resources? A. Directory Service B. Open systems interconnection (OSI) reference model C. Denial of Service (DoS) D. DNS service

A. Directory Service

Ingress and egress filtering can expand beyond protection against spoofing and include a variety of investigations on inbound and outbound traffic. Which of the following is not one of the ways ingress and egress filtering expand beyond protection against spoofing? A. Dynamic packet filtering B. Blacklist and whitelist filtering C. Protocol and port blocking D. Confirmation of authentication or authorization before communications continue

A. Dynamic packet filtering

Which term refers to a type of business telephone network? A. Private Branch Exchange (PBX) B. Host-to-site VPN C. Rekeying D. Virtual private network (VPN)

A. Private Branch Exchange (PBX)

Which of the following is a technique for storing or copying log events to a centralized logging server? A. Syslog B. Write-once read-many (WORM) storage C. Unified Threat Management (UTM) D. Firewall logging

A. Syslog

Which of the following is not a characteristic of a private address? A. They are leased. B. They require translation. C. They can be mixed with public addresses. D. They are isolated from the Internet.

A. They are leased.

What prevents a hard drive from being read by another system if it is stolen? A. Whole hard drive encryption B. Host firewall C. Antivirus scanner D. Intrusion detection system (IDS)

A. Whole hard drive encryption

Which of the following describes an appliance firewall? A. The process of automatically creating temporary filters. In most cases, the filters allow inbound responses to previous outbound requests. B. A hardened hardware firewall C. The second layer of the OSI model responsible for physical addressing (MAC addresses) and supporting the network topology, such as Ethernet D. A type of firewall that filters on a specific application's content and session information

B. A hardened hardware firewall

Which of the following describes a BYOD? A. An application-programming interface (API) developed by IBM in 1985 to emulate NetBIOS on a token ring network B. A policy allowing or encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks C. A legacy protocol developed by Novell for its NetWare networking product D. A security feature that blocks DDoS attacks

B. A policy allowing or encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks

Which of the following describes a blacklist? A. A security mechanism to detect and prevent attempts to breach security B. A type of filtering in which all activities or entities are permitted except those identified C. A list of the hosts and servers on the network D. A list that describes the steps to lock down a host against threats and attacks

B. A type of filtering in which all activities or entities are permitted except those identified

Which of the following characteristics relates to a demilitarized zone (DMZ)? A. Confidence in the expectation that others will act in your best interest or that a resource is authentic B. A type of perimeter network used to host resources designated as accessible by the public from the Internet C. A form of networking where each computer is a peer D. A host on a network

B. A type of perimeter network used to host resources designated as accessible by the public from the Internet

Which of the following refers to encoding and decoding information using related but different keys for each process? A. Digital certificate B. Asymmetric cryptography C. Ciphertext D. Algorithm

B. Asymmetric cryptography

Which of the following is a portion of a software system that unauthenticated users can run? A. Bring Your Own Device (BYOD) B. Attack surface C. Post Office Protocol (POP) D. Modeling

B. Attack surface

Which term describes the seemingly random and unusable output from a cryptographic function applied to original data? A. Dedicated leased line B. Ciphertext C. Identity proofing D. Host VPN

B. Ciphertext

Which of the following refers to a type of software product that is pre-compiled and whose source code is undisclosed? A. Circuit B. Closed source C. Bots D. Physical address

B. Closed source

Which of the following refers to a logical division of data composed of one or more sectors on a hard drive? A. Boot sector B. Cluster C. Buffer D. Honeypot

B. Cluster

Which name is given to a probability prediction based on statistics and historical occurrences on the likelihood of how many times in the next year a threat is going to cause harm? A. Tunnel mode encryption B. Physical address C. Annualized rate of occurrence (ARO) D. Rule

C. Annualized rate of occurrence (ARO)

All of the following are advantages of a defense-in-depth security design except which one? A. Defense in depth avoids single points of failure. B. Defense in depth keeps senior management out of the activities of the security department. C. Defense in depth divides and conquers, which separates projects into smaller pieces. D. Defense in depth filters user interactions.

B. Defense in depth keeps senior management out of the activities of the security department.

Which term describes a security stance that prevents all communications except those enabled by specific allow exceptions? A. Syslog B. Deny by default/Allow by exception C. Behavioral-based detection D. Signature-based detection

B. Deny by default/Allow by exception

Which attack uses a pre-constructed list of potential passwords or encryption keys? A. Piloting B. Dictionary password attack C. Brute-force attack D. Hybrid attack

B. Dictionary password attack

Which of the following refers to filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations? A. Router B. Egress filtering C. Auditing D. Whitelist

B. Egress filtering

Which of the following is a written expression of an item of concern (protocol, port, service, application, user, IP address) and one or more actions to take when the item of concern appears in traffic? A. Management interface B. Filter C. Wirespeed D. Round robin

B. Filter

Which term describes a VPN created between two individual hosts across a local or intermediary network? A. VPN appliance B. Host-to-host VPN C. Hash D. Site-to-site VPN

B. Host-to-host VPN

Which name is given to an exploit that allows a hacker to run any command-line function on a compromised system? A. Command shell B. Whois C. Arbitrary code execution D. ARP spoofing

C. Arbitrary code execution

Which term describes programs used to control access to computer resources, enforce policies, audit usage, and provide billing information? A. Traffic congestion B. Certificate authority (CA) C. Authentication, authorization, and accounting (AAA) services D. Trusted roots list

C. Authentication, authorization, and accounting (AAA) services

Which of the following describes a predefined procedure that will limit damage, contain the spread of malicious content, stop the compromise of information, and promptly restore the environment to a normal state? A. Separation of duties B. Incident response plan C. Business continuity plan D. Disaster recovery plan

B. Incident response plan

Which of the following is not a characteristic of security education? A. Its purpose is to obtain knowledge that leads to career advancement. B. It is usually obtained inside of the organization. C. It is broad and not necessarily focused on specific job tasks or assignments. D. It is more rigorous than awareness or training.

B. It is usually obtained inside of the organization.

Which of the following refers to the process of simulating and testing a new concept, design, programming technique, and so on before deployment into a production environment? A. Eavesdropping B. Modeling C. AppleTalk D. Piloting

B. Modeling

Which of the following refers to a specialized host used to place an attacker into a system where the intruder cannot do any harm? A. Incident response plan B. Padded cell C. Principle of least privilege D. Default allow

B. Padded cell

Which of the following describes caching? A. A network service that acts as a "middle man" between a client and server B. Retention of Internet content by a proxy server C. Filtering traffic as it attempts to enter a network D. A mechanism to establish a secure remote access connection across an intermediary network

B. Retention of Internet content by a proxy server

Which of the following creates copies of data on other storage media? A. Fail-Open B. Honeynets C. Backups D. Security Technical Implementation Guide (STIGS)

C. Backups

Which of the following characteristics describes the application layer? A. The sixth layer of the OSI model, which translates the data received from the host software into a format acceptable to the network B. The top or seventh layer of the OSI model, which is responsible for enabling communications with host software, including the operating system C. An entrance or exit point to a controlled space D. The fifth layer of the OSI model, which manages the communication channel

B. The top or seventh layer of the OSI model, which is responsible for enabling communications with host software, including the operating system

Gathering through eavesdropping on communications, whether encrypted or not, is known as what? A. Encryption B. Traffic and trend analysis C. Eavesdropping D. Filtering

B. Traffic and trend analysis

Which of the following refers to the end user's desktop devices such as a desktop computer, laptop, VoIP telephone, or other endpoint device? A. LAN Domain B. Workstation Domain C. WAN Domain D. Remote Access Domain

B. Workstation Domain

What is a business continuity plan? A. A plan explaining the use of only a single element of validation or verification to prove the identity of a subject. B. A plan outlining the failure response that results in open and unrestricted access or communication. C. A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline. D. A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event.

C. A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline.

Which of the following is given to a notification from a firewall that a specific event or packet was detected? A. Management interface B. Behavioral-based detection C. Alert D. Anomaly-based Detection

C. Alert

Which malicious software program is distributed by hackers to take control of victims' computers? A. Hardware firewalls B. Viruses C. Bots D. Bastion host

C. Bots

Which of the following terms describes hiding information from unauthorized third parties? A. Virtual Private Network (VPN) B. Split tunnel C. Cryptography D. Authentication, Authorization, and Accounting (AAA) Services

C. Cryptography

A security stance that blocks access to all resources until a valid authorized explicit exception is defined? A. Fail-secure B. Fail-open C. Default deny D. Default allow

C. Default deny

Which of the following refers to a form of attack that attempts to compromise availability? A. Zero day exploits B. Man-in-the-middle (mitm) C. Denial of service (DoS) D. Sniffer

C. Denial of service (DoS)

Which term describes a form of security defense that focuses on discouraging a perpetrator with physical harm, social disgrace, and legal consequences? A. Buffer overflow B. Firewall C. Deterrent D. Dumpster diving

C. Deterrent

Which firewall has a network interface located in a unique network segment that allows for true isolation of the segments and forces the firewall to filter all traffic moving from one segment to another? A. Appliance firewall B. Software firewall C. Dual-homed firewall D. Triple-homed firewall

C. Dual-homed firewall

Which of the following refers to an event that does not trigger an alarm but should have, due to the traffic or event actually being abnormal and/or malicious? A. False positive B. Round robin C. False negative D. Deny by default/Allow by exception

C. False negative

Which protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, is unencrypted and performs authentication and data transfer in plaintext? A. Post Office Protocol (POP) B. AppleTalk C. File Transfer Protocol (FTP) D. Hyper Text Transfer Protocol (HTTP)

C. File Transfer Protocol (FTP)

Which of the following is a form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties? A. Default allow B. Separation of duties C. File encryption D. Fail-secure

C. File encryption

Which of the following us an intentional discharge made to damage or destroy electronic equipment ranging from cell phones to computers and servers? A. Session hijacking B. Virus C. Intentional electromagnetic interference (IEMI) D. Chip creep

C. Intentional electromagnetic interference (IEMI)

Which of the following refers to the entity responsible for global coordination of IP addressing, DNS root, and other Internet protocol resources? A. AppleTalk B. Bring Your Own Device (BYOD) C. Internet Assigned Numbers Authority (IANA) D. NetBIOS Extended User Interface (NetBEUI)

C. Internet Assigned Numbers Authority (IANA)

Which term describes the act of working from a home, remote, or mobile location while connecting into the employer's private network, often using a VPN? A. Public key cryptography B. Host-to-site VPN C. Telecommuting D. Scalability

C. Telecommuting

Contract workers place a higher risk on the organization for all of the following reasons, except which one? A. They are not full-time regular employees and might lack loyalty. B. They are more likely to compromise the organization. C. They see the company as worthy of protection. D. They might not be accountable after a project ends.

C. They see the company as worthy of protection.

Which of the following refers to a form of encryption also known as point-to-point or host-to-host encryption? A. Hardware firewall B. Circuit firewall C. Transport mode encryption D. Tunnel mode encryption

C. Transport mode encryption

Which form of investigation aims at checking whether or not a target system is subject to attack based on a database of tests, scripts, and simulated exploits? A. Incident response plan B. Fail-open C. Vulnerability scanning D. Separation of duties

C. Vulnerability scanning

3. When conducting an audit, the auditor should be which of the following? A. An internal employee who can be trusted B. An external person capable of hacking C. An internal employee capable of enclosing or encasing one protocol or packet inside another protocol or packet D. An external person who is independent of the organization under audit

D. An external person who is independent of the organization under audit

Which of the following describes covert channel? A. A criminal whose objective is to compromise IT infrastructures. B. A method of discovering wireless networks by moving around a geographic area with a detection device. C. A tactic of pursuing and extracting information for the purpose of making a sale or performing a social engineering attack. D. An unknown, secret pathway of communication.

D. An unknown, secret pathway of communication.

Which term describes when a system is usable for its intended purpose? A. Authorization B. Auditing C. Encryption D. Availability

D. Availability

What is anomaly-based detection? A. An event that does not trigger an alarm but should have because the traffic or event is abnormal and/or malicious. B. An event that triggers an alarm but should not have because the traffic or event is benign. C. A notification from a firewall that a specific event or packet was detected. D. A form of intrusion detection system/intrusion prevention system (IDS/ IPS) based on a defined normal, often defined using rules similar to firewall rules.

D. A form of intrusion detection system/intrusion prevention system (IDS/ IPS) based on a defined normal, often defined using rules similar to firewall rules.

Which of the following characteristics relates to the term algorithm? A. A hardware VPN device B. A VPN created between two individual hosts across a local or intermediary network C. Used to connect a remote or mobile host to a networked office workstation D. A set of rules and procedures—usually mathematical in nature—that can define how the encryption and decryption processes operate

D. A set of rules and procedures—usually mathematical in nature—that can define how the encryption and decryption processes operate

Which of the following is a malicious software program distributed by a hacker to take control of a victim's computers? A. Sacrificial host B. Client C. Server D. Agent

D. Agent

Which term is used to describe a feature added to the NTFS file system to support files from POSIX, OS/2, and Macintosh? A. Deterrent B. Adware C. Hierarchical file system (HFS) D. Alternate data stream (ADS)

D. Alternate data stream (ADS)

Which of the following describes separation of duties? A. A security stance that allows all communications except those prohibited by specific deny exceptions B. A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event C. A security guideline, procedure, or recommendation manual D. An administrative rule whereby no single individual possesses sufficient rights to perform certain actions

D. An administrative rule whereby no single individual possesses sufficient rights to perform certain actions

Which of the following refers to the malicious insertion of scripting code onto a vulnerable Web site? A. Insertion attack B. Upstream filtering C. Keystroke logger D. Cross-site scripting (XSS)

D. Cross-site scripting (XSS)

Which name is given to a rogue program that automatically dials a modem to a pre-defined number to auto-download additional malware to the victim or to upload stolen data from the victim? A. Adware B. Sector C. Spyware D. Dialer

D. Dialer

Which term is used to describe a public-key, cryptography-based mechanism for proving the source (and possibly integrity) of a dataset or message? A. Trusted third party B. Symmetric cryptography C. Algorithm D. Digital signature

D. Digital signature

What is compression? A. A VPN used to grant outside entities access into a perimeter network; used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public B. A subset of asymmetric cryptography based on the use of key pair sets C. The art and science of hiding information from unauthorized third parties D. Removal of redundant or superfluous data or space to reduce the size of a data set

D. Removal of redundant or superfluous data or space to reduce the size of a data set

Which term describes a form of security based on hiding details of a system, or creating convolutions that are difficult to understand? A. Firewall B. Bring Your Own Device (BYOD) C. Modeling D. Security through obscurity

D. Security through obscurity

As an organization stretches beyond its capacity to support, sell, create, maintain, respond, produce, and so on, small problems quickly become big problems. Which of the following does not ensure long-term viability and stability for the business and network security design? A. Steady growth B. Controlled growth C. Planned growth D. Unlimited growth

D. Unlimited growth

Which of the following does not protect against fragmentation attacks? A. Using IDS B. Performing sender fragmentation C. Using firewall filtering D. Using firewalking

D. Using firewalking

Which one of the following is not a cause of a configuration error? A. Physical damage B. Updates C. Human error D. Vulnerability scanning

D. Vulnerability scanning

Which of the following is not a consideration when placing firewalls on the network? A. Structure of the network B. Traffic patterns C. Most likely access pathways D. Where hackers are located

D. Where hackers are located