Beruflich Dokumente
Kultur Dokumente
1. Each of the following is a reason why it is difficult to defend against today’s attackers except
_____________ .
C. complexity of attack tools
2. A(n) _____ attack takes advantage of vulnerabilities that have not been previously revealed.
A. zero day
3. _____ ensures that only authorized parties can view the information.
C. Confidentiality
4. Each of the following is a successive layer in which information security is achieved except
_________________.
D. Intrusion Wormhole Defense (IWD)
5. A(n) _____ is a person or thing that has the power to carry out a threat.
B. threat agent
7. The _____ requires that enterprises must guard protected health information and implement policies
and procedures to safeguard it.
A. Health Insurance Portability and Accountability Act (HIPAA)
8. Utility companies, telecommunications, and financial services are considered prime targets of _____
because attackers can significantly disrupt business and personal activities by destroying a few
targets.
A. cyberterrorists
9. After an attacker probed a computer or network for information she would next ________.
B. penetrate any defenses
10. An organization that purchased security products from different vendors in case an attacker
circumvented the Brand A device, yet would have more difficulty trying to break through a Brand B
device because they are different, is an example of ________.
D. diversity
11. _____ is a superset of information security and includes security issues that do not involve
computers.
C. Information assurance (IA)
12. _____ attacks come from multiple sources instead of a single source.
A. Distributed
13. _____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.
A. Cybercriminals
16. An example of a(n) _____ is a software defect in an operating system that allows an unauthorized
user to gain access to a computer without a password
A. vulnerability
17. _____ requires banks and financial institutions to alert customers of their policies and practices in
disclosing customer information and to protect all electronic and paper containing personally
identifiable financial information.
D. Gramm-Leach-Bliley Act (GLBA)
18. The term _____ is commonly used in a generic sense to identify anyone who illegally breaks into a
computer system.
A. hacker
19. An example of _____would be not revealing the type of computer, operating system, software, and
network connection a computer uses.
C. obscurity
20. The _____ is primarily responsible for assessment, management, and implementation of security.
A. Chief Information Security Officer (CISO)
Chapter 2 Review Questions
1. A(n) _____ is a program that secretly attaches itself to a carrier such as a document or program and
then executes when that document is opened or program is launched.
A. virus
4. A computer program that pretends to clean up a hard drive but actually performs a malicious activity
is known as a(n)
A. Trojan
7. _____ is a technique used by spammers to horizontally separate words so they are not trapped by a
filter yet can still be read by the human eye.
A. Word splitting
8. _____ is an image spam that is divided into multiple images and each piece of the message is
divided and then layered to create a complete and legible message.
A. GIF layering
9. _____ is a general term used for describing software that violates a user’s personal security.
D. Spyware
10. A(n) _____ is either a small hardware device or a program that monitors each keystroke a user types
on the computer's keyboard.
A. keylogger
14. _____ is a single, dedicated hard disk-based file storage device that provides centralized and
consolidated disk storage that is available to users through a standard network connection.
B. Network Attached Storage (NAS)
15. Each of the following is an attack that can be used against cell phones except
D. Turn off the cell phone
16. The ability to move a virtual machine from one physical computer to another with no impact on
users is called ____.
D. live migration
17. The _____ is the software that runs on a physical computer and manages multiple virtual machine
operating systems.
B. hypervisor
18. _____ is exploiting a vulnerability in the software to gain access to resources that the user would
normally be restricted from obtaining.
D. Privilege escalation
19. Each of the following is the reason why adware is scorned except
D. It displays the attackers programming skills
4. The Windows application _____ will not allow code in the memory area to be executed.
D. Data Execution Prevention (DEP)
5. Each of the following is a step that most security organizations take to configure operating system
protection except
D. Deploy nX randomization
6. A cookie that was not created by the Web site that attempts to access it is called a(n)
C. third-party cookie
8. A Java applet _____ is a barrier that surrounds the applet to keep it away from resources on the local
computer.
B. sandbox
9. Address Space Layout Randomization (ASLR) randomly assigns _____ to one of several possible
locations in memory.
A. executable operating system code
12. With a(n) _____ network users do not search for a file but download advertised files.
A. BitTorrent
13. Another name for antivirus definition files is
A. signature files
15. A(n) _____ is a list of pre-approved e-mail addresses that the user will accept mail from.
C. whitelist
17. A(n) _____ works on the principle of comparing new behavior against normal behavior.
A. Host Intrusion Detection System (HIDS)
18. A(n) _____ is a cumulative package of all security updates plus additional features.
A. service pack
19. A(n) _____ is a method to configure a suite of configuration baseline security settings.
A. security template
20. A(n) _____ is a program that does not come from a trusted source.
D. unsigned Java applet
Chapter 4 Review Questions
1. A network tap____________________.
B. is a separate device that can be installed between other network devices to
monitor traffic
3. A(n) _____ is an account on a device that is created automatically to aid in installation and should be
deleted once that is completed.
A. default account
4. A(n) _____ attack attempts to consume network resources so that the devices cannot respond to
legitimate requests.
B. Denial of service
5. Wireless denial of service attacks are successful because wireless LANs use the protocol ________.
A. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
6. A man-in-the-middle attack_________________.
B. intercepts legitimate communication and forges a fictitious response
8. An example of an antiquated protocol that has been replaced by a more secure version is ________.
A. Simple Network Management Protocol (SNMP) Version 2
9. Where does the TCP/IP host table name system for a local device store a symbolic name to Internet
Protocol address mappings?
B. In a local hosts file
10. Attackers take advantage of Domain Name System _____ to send fraudulent DNS entries.
D. zone transfers
11. A more secure version of the Berkeley Internet Name Domain software is______.
D. DNSSEC
12. _____ is used for Ethernet local area networks to resolve Internet Protocol addresses.
A. ARP
13. An attack that takes advantage of the order of arrival of TCP packets is_______.
D. TCP/IP hijacking
14. War driving exploits _____, which is the wireless access point sending out information about its
presence and configuration settings.
B. beaconing
15. A group of Bluetooth piconets in which connections exist between different piconets is called
a(n)__________.
A. scatternet
16. _____ is the unauthorized access of information from a wireless device through a Bluetooth
connection.
D. Blue snarfing
17. In a(n) _____ attack the attacker overflows a switch’s address table with fake media access control
(MAC) addresses and makes the switch act like a hub, sending packets to all devices.
A. switch flooding
19. Using _____, an attacker attempts to gather information to map the entire internal network of the
organization supporting the DNS server.
A. DNS transfer
20. Each of the following could be the result of an ARP poisoning attack except________.
A. change entries in a DNS zone transfer table
Chapter 5 Review Questions
1. Subnetting ____________________.
B. is also called subnet addressing
7. Each of the following is a variation available in network access control (NAC) implementations
except ____________.
C. Network or local
10. A(n) _____ intercepts internal user requests and then processes that request on behalf of the user.
A. proxy server
13. A(n) _____ watches for attacks but only takes limited action when one occurs.
A. network intrusion detection system (NIDS)
14. A multipurpose security appliance integrated into a router is known as a(n) _______.
B. integrated network security hardware device
15. Each of the following can be used to hide information about the internal network except ______.
D. protocol analyzer
16. The difference between a network intrusion detection system (NIDS) and a network intrusion
prevention system (NIPS) is ___________.
C. a NIPS can take extended actions to combat the attack
18. If a device is determined to have an out-of-date virus signature file then Network Access Control
(NAC) can redirect that device to a network by _______.
A. Address Resolution Protocol (ARP) poisoning
19. Each of the following is an option in a firewall rule base except _______.
A. delay
6. The optional authentication method that forces the wireless device to encrypt challenge text using its
WEP encryption key is known as _____ .
B. shared key authentication
9. The two models for personal wireless security developed by the Wi-Fi Alliance are Wi-Fi Protected
Access (WPA) and _____ .
D. Wi-Fi Protected Access 2 (WPA2)
10. The _____ replaces the cyclic redundancy check (CRC) and is designed to prevent an attacker from
capturing, altering, and resending a data packet.
A. Message Integrity Check (MIC)
12. A(n) _____ is designed to verify the authentication of wireless devices using IEEE 802.1x.
D. authentication server
13. Wireless switches are used in conjunction with _____ for increased security by moving security
features to the switch.
D. thin access points
14. Separate _____ can be used to support low-security guest Internet access and high-security
administrators on the same access point.
A. wireless virtual local area networks (VLANs)
15. Each of the following can be used to monitor airwaves for traffic except a(n) _____.
C. resource monitor probe
17. For a SOHO the best security model would be the _____
D. Wi-Fi Protected Access 2 Personal Security model
18. Preshared key (PSK) authentication requires that the encryption key _____.
A. must be entered on all devices prior to wireless communication occurring
19. _____ stores information from a device on the network so if a user roams away from a wireless
access point and later returns, he does not need to re-enter all of the credentials.
A. Key-caching
20. The _____ model is designed for medium to large-size organizations in which an authentication
server is available.
C. WPA 2 Enterprise Security
Chapter 7 Review Questions
1. A user entering her username would correspond to the _____ action in access control.
A. identification
3. A process functioning on behalf of the user that attempts to access a file is known as a(n) _______.
B. subject
4. The individual who periodically reviews security settings and maintains records of access by users is
called the _____.
B. custodian
5. In the _____ model, the end user cannot change any security settings.
B. Mandatory Access Control
8. _____ in access control means that if a condition is not explicitly met then it is to be rejected.
A. Implicit deny
10. _____ is a Microsoft Windows feature that provides centralized management and configuration of
computers and remote users who are using Active Directory.
D. Group Policy
12. _____ create a large pre-generated data set of hashes from nearly every possible password
combination.
D. Rainbow tables
13. Which of the following is NOT a password policy defense against an attacker stealing a Windows
password file?
C. Disable all necessary accounts.
14. The Domain password policy _____ determines the number of unique new passwords a user must
use before an old password can be reused.
D. enforce password history
15. A(n) _____ extends a solid metal bar into the door frame for extra security.
D. deadbolt lock
16. A(n) _____ uses buttons that must be pushed in the proper sequence to open the door.
D. cipher lock
17. An ID badge fitted with _____ makes it unnecessary to swipe or scan the badge for entry.
A. radio frequency (RFID) tags
18. Using video cameras to transmit a signal to a specific and limited set of receivers is called _____.
C. closed circuit television (CCTV)
20. The principle known as _____ in access control means that each user should only be given the
minimal amount of privileges necessary for that person to perform their job function.
A. least privilege
Chapter 8 Review Questions
1. Determining what a user did on a system is called _____.
D. accounting
3. One-time passwords that utilize a token with an algorithm and synchronized time setting is known as
a(n) __________.
C. time-synchronized OTP
6. Creating a pattern of when and from where a user accesses a remote Web account is an example of
________.
A. computer footprinting
7. _____ is a decentralized open source FIM that does not require specific software to be installed on
the desktop.
B. OpenID
8. A RADIUS authentication server requires that the _____ must be authenticated first.
A. supplicant
9. Each of the following make up the AAA elements in network security except _______.
A. determining user need (analyzing)
10. Each of the following human characteristics can be used for biometric identification except ______.
A. weight
11. _____ biometrics is related to the perception, thought processes, and understanding of the user.
C. Cognitive
12. Using one authentication to access multiple accounts or applications is known as _______.
D. single sign-on
13. With the development of IEEE 802.1x port security, the authentication server _____ has seen even
greater usage.
B. RADIUS
15. _____ is an authentication protocol available as a free download and runs on Microsoft Windows
Vista, Windows Server 2008, Apple Mac OS X, and Linux.
C. Kerberos
16. The version of the X.500 standard that runs on a personal computer over TCP/IP is_____.
B. LDAP
17. The management protocol of IEEE 802.1x that governs the interaction between the system,
authenticator, and RADIUS server is known as _____.
D. Extensible Authentication Protocol (EAP)
19. A user-to-LAN virtual private network connection used by remote users is called a(n) _____.
B. remote –access VPN
20. Endpoints that provide _____ capability require that a separate VPN client application be installed
on each device that connects to a VPN server.
C. pass-through VPN
Chapter 9 Review Questions
1. In information security a(n) _____ is the likelihood that a threat agent will exploit a vulnerability.
C. risk
2. _____ is a systematic and structured approach to managing the potential for loss that is related to a
threat.
D. Risk management
6. _____ constructs scenarios of the types of threats that assets can face in order to learn who the
attackers are, why they attack, and what types of attacks may occur
D. Threat modeling
8. The _____ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.
D. Exposure Factor (EF)
11. Each of the following is a state of a port that can be returned by a port scanner except _____.
A. busy
12. Each of the following is true regarding TCP SYN port scanning except ______.
C. it uses FIN messages that can pass through firewalls and avoid detection.
16. Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)?
D. It attempts to standardize vulnerability assessments.
17. A UNIX and Linux defense that does not store password hashes in a world-readable file is known as
a _________.
A. shadow password
18. _____ is a method of evaluating the security of a computer system or network by simulating a
malicious attack.
D. Penetration testing
2. _____ is the process of assigning and revoking privileges to objects and covers the procedures of
managing object authorizations.
A. Privilege management
4. The individual elements or settings within group policies are known as ______.
A. Group Policy Objects (GPOs)
5. _____ is a set of strategies for administering, maintaining, and managing computer storage systems
in order to retain data.
D. Information lifecycle management (ILM)
6. _____ assigns a level of business importance, availability, sensitivity, security and regulation
requirements to data.
C. Data classification
7. When grouping data into categories, which of the following is NOT a question that is asked of users
regarding their use of data?
D. How was it first created?
8. _____ typically involves an examination of which subjects are accessing specific objects and how
frequently.
A. Usage auditing
9. When permissions are assigned to a folder, any current subfolders and files within that folder _____.
A. inherit the same permissions
10. GPOs that are inherited from parent containers are processed first followed by _____.
A. the order that policies were linked to a container object
11. Each of the following has contributed to an increase in the number of logs generated except ______.
A. faster network access
12. Each of the following is an example of a security application log except ______,
B. Domain Name System (DNS) servers
13. If a firewall log reveals a high number of probes to ports that have no application services running
on them, this could indicate ______.
A. attackers are trying to determine if the ports and corresponding
applications are already in use
14. A(n) _____ is an occurrence within a software system that is communicated to users or other
programs outside the operating system.
C. event
15. Client request and server responses are found in which type of logs?
A. System event logs
18. ___ refers to a methodology for making changes and keeping track of those changes, often manually.
A. Change management
3. Each of the following is a basic security protection over information that cryptography can provide
except ______.
B. stop loss
5. A(n) _____ is never intended to be decrypted but is only used for comparison purposes.
D. digest
8. The data added to a section of text when using the Message Digest (MD) algorithm is called ______.
C. padding
11. Monoalphabetic substitution ciphers and homoalphabetic substitution ciphers are examples of
______.
A. symmetric stream ciphers
13. When Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm,
which key does he use to encrypt the message?
B. Alice's public key
14. A digital signature can provide each of the following benefits except ______.
A. verify the receiver
15. Which of the following asymmetric cryptographic algorithms is the most secure?
A. RSA
16. _____ uses the Windows NTFS file system to automatically encrypt all files.
A. Encrypting File System (EFS)
17. The Microsoft Windows BitLocker whole disk encryption cryptography technology can protect each
of the following except ______.
D. Domain name system files
19. Most security experts recommend that _____ be replaced with a more secure algorithm.
A. DES
5. Digital certificates can be used for each of the following except ________.
C. Verify the authenticity of the Registration Authorizer
6. In order to ensure a secure cryptographic connection between a Web browser and a Web server a
_____ digital certificate would be used.
D. server digital certificate
7. A digital certificate that turns the address bar green is a(n) ________.
A. Extended Validation SSL Certificate
8. Digital certificates that are split into two parts are known as _____ certificates.
C. dual-sided
14. A(n) _____ is a published set of rules that govern the operation of a PKI.
D. certificate policy (CP)
15. Each of the following is a part of the certificate life cycle except ________.
C. Authorization
17. _____ refers to a situation in which keys are managed by a third-party, such as a trusted CA.
A. Key escrow
19. What is the cryptographic transport protocol that is used most often to secure Web transactions?
A. HTTPS
2. An electrical fire like that which would be found in a computer data center is known as what type of
fire?
C. Class C
6. A standby server exists only to take over for another server in the event of its failure is known as
a(n) _______.
D. asymmetric server cluster
10. A(n) _____ is always running off its battery while the main power runs the battery charger.
A. on-line UPS
12. A(n) _____ is essentially a duplicate of the production site and has all the equipment needed for an
organization to continue running.
B. hot site
13. Which of the following is NOT a characteristic of a disaster recovery plan (DRP)?
A. It is a private document only used by top-level administrators for planning.
14. Each of the following is a basic question to be asked regarding creating a data backup except _____.
C. how long will it take to finish the backup?
15. Any time the contents of that file are changed, the archive bit is changed to _____ meaning that this
modified file now needs to be backed up.
B. 1
17. In a grandfather-father-son backup system the weekly backup is called the _____.
B. father
18. _____ is the maximum length of time that an organization can tolerate between data backups.
A. Recovery point objective (RPO)
19. A data backup solution that uses the magnetic disk as a temporary storage area is _____ .
D. disk to disk to tape (D2D2T)
20. When an unauthorized event occurs, the first duty of the computer forensics response should be to
_____.
B. secure the crime scene
Chapter 14 Review Questions
1. Which of the following is not an approach to trust?
A. Trust authorized individuals only.
2. Which of the following characterizes the attitude that system support personnel generally have
toward security?
B. They are concerned about the ease of managing systems under tight
security controls.
5. Each of the following is a step in the risk management study except _____.
B. threat appraisal
7. Each of the following should serve on a security policy development team except ______.
C. representative from an antivirus vendor
8. _____ is defined as the obligations that are imposed on owners and operators of assets to exercise
reasonable care of the assets and take necessary precautions to protect them.
D. Due care
9. Each of the following is a guideline for developing a security policy except ______.
D. require all users to approve the policy before it is implemented
10. A(n) _____ defines the actions users may perform while accessing systems and networking
equipment.
D. acceptable use policy
11. A password management and complexity policy will encourage users to avoid weak passwords by
recommending each of the following except _______.
C. do not use alphabetic characters
14. Each of the following is usually contained in a service level agreement except ______.
C. requirements for PII
16. _____ may be defined as the study of what people understand to be good and right behavior and how
people make those judgments.
A. Ethics
17. For adult learners a(n) _____ approach (the art of helping an adult learn) is often preferred.
D. andragogical
20. Watching an individual enter a security code on a keypad without her permission is known as
_______.
A. shoulder surfing