Security+ Chapter 3
baseline
A reference set of data against which operational data is compared.
Trojan
Executable program advertised as performing one activity, but actually does something else.
Privilege escalation
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
deadbolt locks
Extends a small metal bar into the door frame for extra security.
Store entry double cylinder locks
Include a keyed cylinder in both the outside and inside knobs so that a key in either knob locks or unlocks both at the same time.
Cross site scripting (XSS) attack
Injects scripts into a web application server that will then direct attacks at clients.
distributed
In a ____ attack, attackers can use hundreds or thousands of computers in an attack against a single computer or network.
Swiss Cheese
In a ____ infection, a virus injects itself into the programs executable code instead of at the end of the file.
False
Workgroup switches must work faster than core switches.
hacker
A person who uses computer skills to attack computers.
10 to 14
A Study by Foote Partners showed that Security certifications earn employees ____ percent more than their uncertified counterparts.
HTTP
All web traffic is based on ____ protocol.
False
Because of the minor role it plays, DNS is never the focus of attacks
False
Because the XSS is a widely known attack, the number of web sites that are vulnerable are very small.
First-party cookie
Created from the web site that a user is currently viewing.
True
Data, once restricted to papers in office filing cabinets, now flows freely both in and out of organizations, among employees, customers, contractors, and business partners.
DMZ
Functions as a separate network that rests outside the secure network perimeter.
(B) test report
The end product of a penetration test is the penetration _____.
(B) VPN
A ___ encrypts all data that is transmitted between the remote device and the network.
(D) VLAN
A ____ allows scattered users to be logically grouped together even though they may be attached to different switches.
replay
A ____ attack is similar to a passive Man-in-the-middle- attack.
gray
A ____ box test is one in which some limited information has been provided to the tester.
(D) cable lock
A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or other immobile object.
(C) Web security gateway
A ____ can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site.
(C) honeypot
A ____ computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.
session
A ____ cookie is stored in random access memory (RAM) instead of on the hard drive, and only lasts for the duration of visiting the web site.
(D) reverse proxy
A ____ does not serve clients, but instead routes incoming requests to the correct server.
(D) Vulnerability scan
A ____ examines the current security in a passive method.
(B) Vulnerability appraisal
A ____ in effect takes a snapshot of the current security of the organization.
(D) closed port
A ____ indicates that no process is listening at this port.
(A) proxy server
A ____ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.
logic bomb
A ____ is a computer program or part of a program that lies dormant until it is triggered by a specific logical event.
markup language
A ____ is a method for adding annotations to the text so that the additions can be distinguished form the text itself.
(B) router
A ____ is a network device that can forward packets across computer networks.
(A) honeynet
A ____ is a network set up with intentional vulnerabilities.
Trojan
A ____ is a program advertised as performing one activity but performing something else.
access list
A ____ is a record or list of individuals who have permission to enter a secured area, the time that they entered and the time that they left the area.
macro
A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or repeated series of tasks.
rootkit
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms.
(D) hub
A ____ is a standard network device for connecting multiple ethernet devices together using twisted pair copper or fiber- optic cables in order for them to function as a single network segment.
(C) Roller barrier
A ____ is an independently rotating large cups affixed to the top of a fence to prevent the hands of intruders from gripping the top of a fence to climb over it.
(B) mantrap
A ____ is designed to separate a non secured area from a secured area.
keylogger
A ____ is either a small hardware device or a program that monitors each keystroke a user types on the computers keyboard.
(B) protocol analyzer
A ____ is hardware or software that captures packets to decode and analyze its contents.
(C) firewall
A ____ is hardware or software that is designed to prevent malicious packets from entering or leaving the computer.
(C) service pack
A ____ is software that is a cumulative package of all security updates.
(A) endpoint
A ____ is the end of the tunnel between VPN devices.
(A) open port
A ____ means that the application or service assigned to that port is listening for any instructions.
(B) baseline
A ____ outlines the major security considerations for a system and becomes the starting point for solid security.
(D) baseline
A ____ outlines the major security considerations for a system and becomes the starting point for solid security.
stealth
A ____ scan uses various techniques to avoid detection .
(A) white box
A ____ tester has an in-depth knowledge of the network being tested, including network diagrams, IP addresses, and even the source code of custom applications.
companion
A ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program.
program
A ____ virus infects program executable files.
boot
A ____ virus infects the master boot record of a hard disk drive
resident
A ____ virus is loaded into the Random Access Memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.
True
A basic level of security can be achieved through using the security features found in network hardware.
drive-by-download
A client-side attack that results in a user's computer becoming compromised just by viewing a web page and not even clicking on any content is known as a ____.
virus
A computer ___ is a malicious computer code that reproduces itself on the same computer.
True
A healthy security posture results from a sound and workable strategy toward managing risks.
trust
A macro takes advantage of the "____" relationship between the application and the software system.
threat agent
A person or thing that has power to carry out a threat.
computer spy
A person who has been hired to break into a computer and steal information.
worm
A program designed to take advantage of a vulnerability in an application or an operating system in order to enter a system.
(B) vulnerability
A security weakness is known as a ____.
HIDS
A software application that runs on a local host computer that can detect an attack when it occurs.
Vulnerability assessment
A systematic and methodical evaluation of the exposure of assets to attackers such as forces of nature, or any other entity that is potentially harmful.
vulnerability
A weakness that allows a threat agent to bypass security.
Easter egg
A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations or mouse clicks.
False
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies
Subnet addressing
Allows an ip address to be split anywhere within its 32 bits.
True
Although traditional network security devices can block traditional network attacks, they cannot always block web application attacks.
(B) spiked collar
An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing.
Vulnerability scan
An automated software search through a system for any known security weaknesses.
threat
An event or action that might defeat security measures in place and result in a loss.
vulnerability
An example of a ____ that information security must deal with is a software defect in an operating system that allows an unauthorized user to gain access to a computer without the user's knowledge or permission.
Manager
An information security ____ position focuses on the administration and management of plans, policies, and people.
80
Approximately ____ percent of households in the united states use the internet for managing their finances.
False
Approximately two out of three malicious web attacks have been developed using one of four popular attack toolkits.
False
Attack toolkits range in price from only $400 to as much as $8000.
True
Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.
data
Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that a competitor is eager to acquire.
False
Cipher locks are the same as combination padlocks.
Penetration testing
Designed to actually exploit any weaknesses in the system that are valuable.
(c) DLP agent
Each host (desktop, wireless laptop, smartphone, gateway server) runs a local application called a ____, which is sent over the network to the devices and runs as an OS service.
(A) system call
Each operation in a computing environment starts with a ____.
NAT
Each outgoing packet is given a different IP address.
PAT
Each packet is given the same IP address but a different TCP port.
Hardening
Eliminating as many security risks as possible and make the system more secure.
(D) signature
Examining network traffic, activity, transactions or behavior and looking for well known patterns is known as ____-based monitoring.
Zero day attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
/var/www
For a web server's Linux system, the default root directory is typically ____.
spyware
General term used to describe software that violates a user's personal security.
tags
HTML is a markup language that uses specific ____ embedded in brackets.
(D) RFID
ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags.
(D) 32
IP addresses are ____-bit addresses.
Risk assessment
Identify what damages could result form the threats.
Asset identification
Identify what needs to be protected.
threat evaluation
Identify what the pressures are against the company.
Risk mitigation
Identify what to do about threats.
True
If port 20 is available than an attacker can assume that ftp is being used.
(D) security template
In Microsoft Windows, a ---- is a collection of security configuration settings.
(A) heuristic detection
In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer.
False
In a general sense assurance may be defined as the necessary steps to protect a person or property from harm.
Security
In a general sense, ____ may be defined as the necessary steps to protect a person from property or harm.
False
In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested.
All of the above : (theft of information, a delay in transmitting information, loss of good will or reputation)
In information security a loss can be____.
Both a and b (A force of nature, a virus that attacks a computer network)
In information security, an example of a threat agent can be ____.
(C) DMZ
In order to allow untrusted outside users access to resources such as web servers, most networks employ a ____.
split infection
In the ____ technique, the virus is divided into several parts and placed at random positions throughout the host program, overwriting the original contents of the host.
(C) physical token
Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself.
cyberterriorism
Intended to cause panic, provoke violence, or result in a financial catastrophe.
content
Internet ____ filters monitor internet traffic and block access to pre-selected websites and files.
Transitive access attack
Involving using a third party to gain access rights.
False
Keyed entry locks are much more difficult to defeat than deadbolt locks.
passage locks
Latch a door closed but do not lock; typically used on hall and closet doors.
(A) network
Layer 3 of the OSI model is the ____layer.
(C) Session
Layer 5 of the OSI model is ____ layer.
False
Like a virus a worm needs the user to perform an action such as starting a program or opening an email attachment to start the infection.
Privacy locks
Lock the door but have access to unlock from the outside via a small hole.
Patio locks
Lock the door from the inside but cannot be unlocked from the outside.
malware
Malicious software, or ____ , silently infiltrate computers with the intent to do harm.
Standard keyed entry locks
Most common type of door lock for keeping out intruders, but its security is minimal
database
Most vulnerability scanners maintain a ____ that categorizes and describes the vulnerabilities that it can detect.
public
NAT replaces a private IP address with a ___ ip address.
switches
Networks are usually segmented by using ____ to divide the network into a hierarchy.
(C) 19
Passive tags have ranges from 1/3 inch to ____ feet>
Script Kiddies
Persons who want to break into computers and cause damage having no real computer skills.
Procedures
Plans and policies established by an organization to ensure that people correctly use the products.
Access rights
Privileges that are granted to users to access hardware and software resources.
True
Recent employment trends indicate that employees with security certifications are in high demand
Remote access
Refers to any combination of hardware and software that enables remote users to to access a local internal network.
(C) SATAN
Released in 1995, one of the first tools that was widely used for penetration testing was ____.
True
Removing a rootkit from an infected computer is extremely difficult.
(c) Fencing
Securing a restricted area by erecting a barrier is called ____.
True
Securing the host involves protecting the physical device itself, securing the operating system, using security based software applications, and monitoring logs.
True
Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate hosts into groups.
administrators
Security____ have both technical knowledge and managerial skills and analyze and design security solutions within a specific entity.
VLAN
Segmenting a network by separating devices into logical groups.
True
Software key loggers are programs that silently capture all keystrokes including passwords and sensitive information.
asset
Something that has value.
Directory transversal attack
Takes advantage of vulnerability in the web application, program, or the web server software so that a user can move from the root directory to other restricted directories.
cybercrime
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.
Client-side attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data.
True
The "omnipresence" of access from any computer with only an internet connection and a web browser has made applications an essential element of organizations today.
DNS poisioning
The Chinese government uses ____ to prevent internet content that it considers unfavorable from reaching its citizenry.
True
The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security.
False
The OSI model breaks down networking steps into a series of six layers.
(D) whatever' AND email IS NULL; --
The SQL injection statement ____ determines the names of different fields in a database.
(B) whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
The SQL injection statement ____ discovers the name of a table.
(C) whatever' OR full_name LIKE '%MIA%'
The SQL injection statement ____ finds specific users.
(a) whatever' DROP TABLE members; --
The SQL injection statement____ that erases the database table.
Master Boot Record (MBR)
The ____ contains the program necessary for the computer to start up and a description of how the hard drive is organized.
root
The ____ directory is a specific directory on a web server's file system.
(D) Attack surface
The ____ for software is the code that can be executed by unauthorized users.
HTTP header
The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.
(A) SLE
The ____ is the expected monetary loss every time a risk occurs.
Gramm-Leach-Bliley
The ____Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
Command Injection
The ability to move to another directory, could allow an unauthorized user to view confidential files or even enter commands.
(B) C:\Inetpub\wwwroot
The default root directory of the Microsoft Internet Information Services (IIS) web server is ____.
False
The demand for IT professionals who know how to secure networks is at an all time low.
(D) ../ traverses
The expression ____ up one directory level.
True
The first step in a vulnerability assessment is to determine the assets that need to be protected.
(D) Threat modeling
The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
layers
The key to the OSI reference model is ____.
risk
The likelihood that a threat agent will exploit a vulnerability.
MPack
The most popular attack toolkit, which has almost half of the attacker toolkit market is ____.
Classroom locks
The outside can be locked or unlocked, and the inside lever is always unlocked.
storeroom locks
The outside is always locked, entry is by key only, and the inside lever is always unlocked.
security technician
The position of ____ is generally an entry level position.
ARPAnet
The predecessor of today's internet was a network called ____.
(A) proximity reader
The signal form an id badge is detected as the owner moves near a ____.
Love Bug
The single most expensive malicious attack was the 2000____, which cost an estimated $8.7 billion.
information security
The term ____ is frequently used to describe the tasks of securing information that is in digital format.
viruses and worms
The two types of malware that has the primary objective of spreading is___.
70
There are almost ____ different Microsoft Windows file extensions that could contain a virus.
exploit
To take advantage of a vulnerability.
HIPAA
Under____health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be paper or electronic.
virus
Unlike other malware, a ____ is heavily dependent on the user for its survival.
Keyed entry locks
Use a key to open the lock from the outside.
(C) Tailgate sensors
Use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated.
OSI model
Used to classify standard network devices based on their function.
root
Users who access a web server are usually restricted to the ___ directory.
Image spam
Uses graphical images of text in order to circumvent text based filters.
(A) CCTV
Using video cameras to transmit a signal to a specific and limited set of receivers is called ____.
replicating
Viruses and worms are said to be self-____.
False
Vulnerability scans are usually performed from outside the security perimeter.
True
Weakness in software can be more quickly uncovered and exploited with new software tools and techniques.
server-side
Web application attacks are considered ___ attacks.
spam
What is another name for unsolicited email messages?
$250,000
What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?
zone transfer
When DNS servers exchange information among themselves it is known as a ____.
DNS
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as ____.
(C) port scanner
When performing a vulnerability assessment, many organizations use ____.
social engineering
When using a black box test, many testers use ____ tricks to learn about the network infrastructure from inside employees.
(B) code review
While the code for a program is being written, it is being analyzed by a ____.
(B) Private
____ IP addresses that are not assigned to any specific user or organization>
Cybercriminals
____ are a loose knit network of attackers, identity thieves, and financial fraudsters.
(B) Cipher locks
____ are combination locks that use buttons which must be pushed in the proper sequence to open the door.
Fake anti-virus
____ are responsible for half of all malware delivered by the web.
(a) Locking cabinets
____ can be pre-wired for electrical power as well as wired network connections.
Vulnerability scanners
____ for organizations are intended to identify vulnerabilities and alert network administrators to these probelms
Word splitting
____ involves horizontally separating words, although it is still readable by the human eye.
Identity theft
____ involves stealing another person's personal information such as a social security number, and then using the information to impersonate the victim, generally for financial gain.
(A) Baseline reporting
____ is a comparison of the present state of a system compared to its baseline.
SQL
____ is a language used to view and manipulate data that is stored in a relational database.
(B) Outsourcing
____ is a means by which an organization can transfer risk to a third party who can demonstrate a higher capability at managing or reducing risks.
Adware
____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
(D) DLP
____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.
(D) NAT
____ is a technique that allows private IP addresses to be used on the public internet.
(B) Load balancing
____ is a technology that can help to evenly distribute work across a network.
Session hijacking
____ is an attack in which an attacker attempts to impersonate the user.
Gif Layering
____ is an image spam that is divided into multiple images.
HTML
____ is designed to display data, with the primary focus on how the data looks.
(C) ARO
____ is the probability that a risk will occur in a particular year.
(C) EF
____ is the proportion of an asset's value that is likely to be destroyed by a particular risk.
XML
____ is the transport of data, with the focus on what the data is.
(A) PAT
____ is typically used on home routers that allow multiple users to share one IP address received from an internet service provider (ISP).
Social engineering
____ is when an attacker tricks users into giving out information or performing a compromising action.
(C) Stateful packet filtering
____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
Cipher
____ locks keep a record of when the door was opened and by which code.
anti-climb
____ paint is a non-toxic petroleum gel-based paint that is thickly applied and does not harden, making any coated surface very difficult to climb.
(B) remote access
____ provides remote users with the same access and functionality as local users through a VPN or dial-up connection.
Accounting
____ provides tracking of events.
physical
____ security involves restricting access to the areas in which equipment is located.
Hardware
____ security is the physical security that specifically involves protecting the hardware of the host system, particularly laptops , netbooks, and tablet computers that can easily be stolen.
DNS poisioning
____ substitutes DNS addresses so that the computer is automatically redirected to another device.
(A) workgroup
____ switches are connected directly to the devices on a network.
Geometric variance
____ uses "speckling" and different colors so that no two spam e-mails appear to be the same.
telecommuters
____ work occasionally or regularly from a home office.
Confidentiality
_____ insures that only authorized parties can view information.
(B) Content inspection
_____ is defined as security analysis of the transaction within its approved context.
Information Security
_____is focused on protecting the valuable electronic information of organizations and users.
Integrity
____ensures that information is correct and that no unauthorized person or malicious software has altered the data.
Authentication
____ensures that the individual is who they claim to be (the authentic or genuine person) and not an impostor.
companion virus
adds a program to the operating system that is a malicious copycat version to a legitimate program.
hoax
false warning, often contained in an e-mail message claiming to come from the IT department.
malware
general term that refers to a wide variety of damaging or annoying software programs.
rootkit
hides or removes traces of log-in records, log entries and related processes.
macro virus
series of instructions that can be grouped together as a single command.