Security Chapters 8-12

Ace your homework & exams now with Quizwiz!

What can be used to increase the strength of hashed passwords?​

Salt

​A __________________ is an in-depth examination and analysis of a wireless LAN site.

site survey

When using AES-CCMP, the AES-256 bit key requires how many rounds?​

13

What PC Card type is typically used for memory?​

​Type I

​Searching for wireless signals from an automobile or on foot using a portable computing device

​War driving

​Select below the type of computing device that uses a limited version of the Linux operating system and uses a web browser with an integrated media player:

​Web-based

APs use antennas that radiate a signal in all directions.

True

​What PIN is considered to be the most commonly used PIN?

​1234

​How can an administrator manage applications on mobile devices using a technique called "app wrapping?"

​Mobile Application Management

What type of management system below can help facilitate asset tracking?

​Mobile Device Management (MDM)

The tools and services responsible for distributing and controlling access to apps.​

​Mobile application management (MAM)

​A hash used by modern Microsoft Windows operating systems for creating password digests.

​NTLM (New Technology LAN Manager) hash

​A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity

​Near field communication (NFC)

​What federated identity management (FIM) relies on token credentials?

​OAuth

​Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop:

​OpenID

The ability to remote erase sensitive data stored on a mobile device​

​Remote wiping

​An older TCP/IP protocol and an application used for text-based commmunication

Telnet

The action that is taken by a subject over an object is called a(n):

operation

An administrator needs to examine FTP commands being passed to a server. What port should the administrator be monitoring?

21

What is the maximum number of characters that can exist within an SSID name?

32

What is the maximum range of most Bluetooth devices?

33 ft

The Temporal Key Integrity Protocol (TKIP) encryption technology increases IVs to what length?

48 bits

Broadcast storms can be prevented by using loop prevention technology. Which item below can be used to help prevent loops?

802.1d

A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):

ACL

Which encryption protocol below is used in the WPA2 standard?

AES-CCMP

What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks?

Access Point

To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?

Account expiration

Slave devices that are connected to a piconet and are sending transmissions are known as what?

Active slave

DNS poisoning can be prevented using the latest edition of what software below?

BIND

A popular key stretching password hash algorithm​

Bcrypt

What term below is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices?

Bluejacking

​An attack that sends unsolicited messages to Bluetooth-enabled devices

Bluejacking

A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as?

Bluesnarfing

An attack that accesses unauthorized information from a wireless device through a Bluetooth connection​

Bluesnarfing

____________________ technology enables users to connect wirelessly to a wide range of computing and telecommunications devices.

Bluetooth

The IEEE 802.15.1-2005 standard is based on what version of the Bluetooth specifications?

Bluetooth v1.2

What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?

Brute force

How can an administrator force wireless clients to use a standard web browser to provide information, and require a user to agree to a use policy or present valid login credentials?

Captive portal access point

____________________ computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cloud

In what type of cloud computing does the customer have the highest level of control?

Cloud Infrastructure as a Service

Which of the three Cloud computing service models allows a customer to access software provided by a vendor using a web browser, without any installation, configuration, upgrading, or management from the user?

Cloud Software as a Service

Which type of biometrics is based on the perception, thought process, and understanding of the user?

Cognitive biometrics

Entries within a Directory Information Base are arranged in a tree structure called the:

DIT

Select below the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree.

DNS

A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.​

Dictionary attack​

Which access control model is considered to be the least restrictive?

Discretionary Access Control

The least restrictive access control model in which the owner of the object has total control over it.​

Discretionary access control (DAC)​

Select the EAP protocol supported by WPA2 Enterprise that securely tunnels any credential form for authentication using TLS:

EAP-FAST

Which of the following choices is not one of the four types of packets used by EAP?

Error

​Log that documents any unsuccessful events and the most significant successful events.

Event log​

Authorization and access are viewed as synonymous and in access control, they are the same step.

False

Because PEAP can be vulnerable to specific types of attacks, Cisco now recommends that users migrate to a more secure EAP than PEAP.

False

Bluetooth devices are not backward compatible with previous versions.

False

Group policy is a Unix feature that allows for the centralized management and configuration of computers and remote users using Unix Active Directory.

False

IP telephony and Voice over IP (VoIP) are identical.

False

Mobile devices such as laptops are stolen on average once every 20 seconds.​

False

Passwords provide strong protection.

False

TCP is responsible for addressing packets and sending them on the correct route to the destination, while IP is responsible for reliable packet transmission.

False

TCP/IP uses its own five-layer architecture that includes Network Interface, Internet, Control, Transport, and Application.

False

The CardBus is a 64-bit bus in the PC card form factor.

False

The Google Android mobile operating system is a proprietary system, for use on only approved devices.​

False

The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.

False

Using a rainbow table to crack a password requires three steps: Creation of the table, comparing the table to known hash values, and decrypting the password.

False

The ____________ is a high-speed storage network protocol that can transmit up to 16 gigabits per second.​

Fibre channel

A feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS or DDoS attack.​

Flood guard​

​The ability to easily expand or contract resources in a virtualized environment.

Host elasticity​

Port-based authentication, in which users are authenticated on a per-switch port basis, is a function of what standard below?

IEEE 802.1x

The use of a single authentication credential that is shared across multiple networks is called:

Identity management

A 24-bit value used in WEP that changes each time a packet is encrypted.​

Initialization vector (IV)

The act of movinng individuals from one job responsibility to another.​

Job rotation​

Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:

Kerberos

A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.​

Key stretching​

The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?

LDAP

What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?

LDAP injection

What proprietary EAP method developed by Cisco requires mutual authentication for WLAN encryption using Cisco client software?

LEAP

Providing only the minimum amount of privileges necessary to perform a job or function.​

Least privilege​

Services that can identify the location of a person carrying a mobile device or a specific store or restaurant.​

Location services​

​Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code?

MD5

What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?

Mandatory Access Control

What transport protocol is used by Windows operating systems to allow applications on separate computers to communicate over a LAN?

NetBIOS

At what level of the OSI model does the IP protocol function?

Network Layer

The ability to quickly remove devices from the organization's network​

Off-boarding​

The ability to rapidly enroll new mobile devices.​

On-boarding​

____________________ is a decentralized open source FIM that does not require specific software to be installed on the desktop.

OpenID

User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?

Orphaned

Which EAP protocol creates an encrypted channel between the client authentication server and the client, and uses Microsoft Windows logins and passwords?

PEAP

Bluetooth is an example of what type of technology below?

Personal Area Network

The ____________________ Layer is omitted in the TCP/IP model.

Physical

The authentication model used in WPA that requires a secret key value to be entered into the AP and all wireless devices prior to communicating.​

Preshared key (PSK)​

A _____________ is a matrix or two-dimensional barcode first designed for the automotive industry in Japan.​

QR code

Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?

RADIUS

​Intentionally flooding the radio frequency (RF) spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occuring.

RF Jamming​

​A laptop may have multiple hardware ports. Which of the following is not a typical port included on a laptop?

RS232

The use of what item below involves the creation of a large pregenerated data set of candidate digests?

Rainbow tables

Select below the access control model that uses access based on a user's job function within an organization:

Role Based Access Control

When using Role Based Access Control (RBAC), permissions are assigned to:

Roles

Which access control model can dynamically assign roles to subjects based on a set of defined rules?

Rule Based Access Control

​A random string that is used in hash algorithms.

Salt

​A small form factor storage media of a variety of different types and sizes.

Secure digital (SD)

A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:

Separation of duties

The use of one authentication credential to access multiple accounts or applications is referred to as?

Single Sign On

What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?

Standard biometrics

What is the term used for a device that requests permission from an authenticator to join a network?​

Supplicant

What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?

TACACS

What protocol suite below is the most commonly used protocol for local area network (LAN) communication?

TCP/IP

_____________ are portable computing devices that are generally larger than smartphones and smaller than notebooks, and are focused on ease of use.​

Tablets

​Limitation imposed as to when a user can log in to a system or access resources.

Time-of-day restriction

​A small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.

Token

Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices?

Transport Layer

A QR code can store website URLs, plain text, phone numbers, e-mail addresses, or virtually any alphanumeric data up to 4296 characters.​

True

A shield icon warns users if they attempt to access any feature that requires UAC permission.

True

Because of the weaknesses of WEP, it is possible for an attacker to identify two packets derived from the same IV.

True

Despite its promise to dramatically impact IT, cloud computing raises significant security concerns.

True

Geolocation is the identification of the location of a person or object using technology, and can be used as part of an authentication method.​

True

IEEE 802.1x is commonly used on wireless networks.

True

OpenID is an example of a web-based federated identity management (FIM) system.​

True

Simply using a mobile device in a public area can be considered a risk.

True

The Bell-LaPadula (BLP) model of MAC can be used to prevent subjects from creating a new object or performing specific functions on objects that are at a lower level than their own.​

True

Token credentials can be revoked at any time by the user without affecting other token credentials issued to other sites.

True

How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to?

VLAN

A means of managing and presenting computer resources by function without regard to their physical layout or location.​

Virtualization

​An optional means of configuring security on wireless area networks primarily intended to help users who have little or no knowledge of security to quickly and easily implement security on their WLANs.

Wi-Fi Protected Setup (WPS)​

An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information, but is not considered secure due to significant vulnerabilities.​

Wired Equivalent Privacy (WEP)

____________________ is granting or denying approval to use specific resources.

access control

What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?

access control model

During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

authentication request

Which option below is responsible for the issuing of EAP request packets?

authenticator

When using SNMPv1 or SNMPv2, what piece of information is needed to view information from an agent?

community string

A(n) ____________________ attack begins with the attacker creating encrypted versions of common dictionary words, and then comparing them against those in a stolen password file.

dictionary

A(n) ____________________ is a record of events that occur.

event log

What type of access point is configured by an attacker in such a manner that it mimics an authorized access point?

evil twin

Mobile devices use _____________ for storage, which is a nonvolatile solid state electronic storage that can be electrically erased and reused.​

flash memory

The deployment of this technology below can be used as a defense against DoS and DDoS SYN flood attacks:

flood guard

_________________ uses a device's GPS to define geographical boundaries where an app can be used.​

geo-fencing

In a UAC prompt, what color is used to indicate the lowest level of risk?

gray

With operating system virtualization, a(n) ____________________ system is the native operating system to the hardware.

host

What is the center of the weakness of passwords?

human memory

What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters?

hybrid

When setting up a server virtualization environment, what component below manages the virtual machine operating systems and supports one or more guest systems?

hypervisor

The Apple _____________ operating system, developed by Apple for their mobile devices, is a closed and proprietary architecture.

iOS

​What mobile operating system below requires all applications to be reviewed and approved before they can be made available on the public store front?

iOS

A token ____________________ is a unique random string of characters that is encrypted to protect the token from being used by unauthorized parties.

identifier

What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?

offline cracking

In the DAC model, ____________________ can create and access their objects freely.

owners

On a piconet, slave devices that are connected but are not actively participating are called ____________________ slaves.

parked

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:

password

The most common type of authentication today is a(n) ____________________.

password

Passwords that are transmitted can be captured by what type of software?

protocol analyzer

An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point?

rogue

To prevent one individual from having too much control, employees can ____________ job responsibilities within their home department or across positions in other departments.

rotate

What device operates at the Network Layer (layer 3) of the OSI model and forwards packets across computer networks?

router

When a wireless device looks for beacon frames it is known as ____________________.

scanning

Piconets in which connections exist between different piconets are known as a:

scatternet

A user or a process functioning on behalf of the user that attempts to access an object is known as the:

subject

If the EAP authentication is successful, a success packet is sent to the ____________________.

supplicant

The capability to look up information by name under the X.500 standard is known as a(n) ____________________-pages service.

white

​Which of the following selections is not one of the features provided by a typical MDM?

​Track stolen devices

A QR code can't contain which of the following items directly?

​A video

​The process of setting a user's account to expire

​Account expiration

​Maintaining an accurate record of company-owned mobile devices

​Asset tracking

A log that is used to record which user performed an action and what that action was.​

​Audit log

​Five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are.

​Authentication factors

A password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.​

​Brute force attack

​A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:

​Common Access Card (CAC)

​Mobile Device Management systems that allow users to store usernames and passwords within a device are said to be using:

​Credential management

Which of the following is not a benefit that can be provided by using IP telephony?​

​Decreased network utilization

​What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password?

​Enable a lock screen

The PC Card and CardBus devices are being replaced by what technology?

​ExpressCard

The second version of the Terminal Access Control Access Control System (TACACS) authentication service.​

​Extended TACACS (XTACACS)

​Select below the option that is not one of the SD format card families:

​Extreme Capacity (SDXC)

​A TCP/IP protocol that uses Secure Sockets Layer or Transport Layer Security to encrypt commands sent over the control port (port 21) in an FTP session.

​FTP Secure (FTPS)

​An unsecure TCP/IP protocol that is commonly used for transferring files

​File Transfer Protocol (FTP)

Using a mobile device's GPS to define geographical boundaries where an app can be used.​

​Geo-fencing

Adding or allowing geographical identification data in a mobile app​

​Geo-tagging

Select below the option that represents a wearable technology:​

​Google Glass

​A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly mispelling words, or including special characters.

​Hybrid attack

​What term is used to describe the operation of stockrooms where mobile devices are stored prior to their dispersal to employees?

​Inventory control

An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.​

​LDAP injection attack

Mobile devices with global positioning system (GPS) abilities typically make use of:​

​Location services

A technology that prevents a mobile device from being used until the user enters the correct passcode.​

​Lock screen

Technique to prevent broadcast storms by using the IEEE 802.1d standard spanning-tree algorithm (STA)​

​Loop protection

​The most restrictive access control model, typically found in military settings in which security is of supreme importance.

​Mandatory access control (MAC)

​What term below describes a hand-held mobile device that was intended to replace paper systems, and typically included an appointment calendar, an address book, a "to-do" list, a calculator, and the ability to record limited notes?

​Personal digital assistant (PDA)

​Select below the item that is not considered to be a basic characteristic of mobile devices:

​Removable media storage

What SD card family can be used to transmit pictures over a wireless network to a laptop hard drive or wireless printer?​

​Secure Digital Input Output (SDIO)

​The practice of requiring that processes should be divided between two or more individuals.

​Separation of duties

Using one authentication credential to access multiple accounts or applications.​

​Single sign-on

​An instance of a particular state of a virtual machine that can be saved for later use.

​Snapshot

​An ultrabook is an example of what type of a portable computer?

​Subnotebook

The current version of the Terminal Access Control Access Control System (TACACS) authentication service.​

​TACACS+

The second generation of WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs and is currently the most secure model for Wi-Fi security.​

​Wi-Fi Protected Access 2 (WPA 2)

​A list of the available nonkeyboard characters can be seen in Windows by opening what utility?

​charmap.exe


Related study sets

CH 10 Health Insurance Underwriting

View Set

Final exam-Virginia life and Health

View Set

International Business Section G1 Test #1

View Set

Network+ Chapter 5 IPv4 and IPv6 Addresses

View Set

Social Psychology Final Exam Study Guide 9 and 10

View Set