Chapter quiz Cyber Security
Terms in this set (140)
What term below is used to describe a means of gathering information for an attack by relying on the weaknesses of individuals?
The two types of malware that require user intervention to spread are:
Viruses and trojans
Which of the following is malicious computer code that reproduces itself on the same computer?
One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique?
What type of malware is heavily dependent on a user in order to spread?
A virus that infects an executable program file is known as?
How many different Microsoft Windows file types can be infected with a virus?
A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as:
Select below the type of malware that appears to have a legitimate use, but actually contains or does something malicious:
What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?
Computer code that is typically added to a legitimate program but lies dormant until it is triggered by a specific logical event is known as a?
What type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks, and was no longer included in Microsoft software after the start of their Trustworthy Computing initiative?
What kind of software program delivers advertising content in a manner that is unexpected and unwanted by the user, and is typically included in malware?
What is the term used to describe unsolicited messages received on instant messaging software?
Of the three types of mutating malware, what type changes its internal code to one of a set number of predefined mutations whenever it is executed?
Which of the following is not one of the four methods for classifying the various types of malware?
What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company?
The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as?
What type of system security malware allows for access to a computer, program, or service without authorization?
Malware that locks or prevents a device from functioning properly until a fee has been paid is known as:
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?
whatever' AND email IS NULL; --
Which SQL injection statement example below could be used to discover the name of the table?
whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
Choose the SQL injection statement example below that could be used to find specific users:
whatever' OR full_name LIKE '%Mia%'
Which SQL injection statement can be used to erase an entire database table?
whatever'; DROP TABLE members; --
HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?
What language below is designed to display data, with a primary focus on how the data looks?
What language below is for the transport and storage of data, with the focus on what the data is?
To what specific directory are users generally restricted to on a web server?
The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?
Select below the string of characters that can be used to traverse up one directory level from the root directory:
Attacks that take place against web based services are considered to be what type of attack?
A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?
What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:
Which type of attack below is similar to a passive man-in-the-middle attack?
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?
The exchange of information among DNS servers regarding configured zones is known as:
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?
What language below is used to view and manipulate data that is stored in a relational database?
Cipher locks are sometimes combined with what type of sensor, which uses infrared beams that are aimed across a doorway?
Instead of using a key or entering a code to open a door, a user can use an object, such as an ID badge, to identify themselves in order to gain access to a secure area. What term describes this type of object?
Proximity readers utilize a special type of tag that can be affixed to the inside of an ID badge. What is the name for this type of tag?
Radio Frequency Identification tag (RFID)
What is the maximum effective range of a typical passive RFID tag?
How can an area be made secure from a non-secured area via two interlocking doors to a small room?
What type of video surveillance is typically used by banks, casinos, airports, and military installations, and commonly employs guards who actively monitor the surveillance?
Most portable devices, and some computer monitors, have a special steel bracket security slot built into the case, which can be used in conjunction with a:
A spiked collar that extends horizontally for up to 3 feet from the pole is an example of what kind of technology?
An independently rotating large cup affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it. What is the name for this technology?
What is the name for a standard or checklist against which systems can be evaluated and audited for their level of security (security posture)?
Which of the following is not one of the types of settings that would be included in a Microsoft Windows security template?
What is the name for a cumulative package of all patches and hotfixes as well as additional features up to a given point?
Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristics of a virus. What is the name for this technique?
What type of device, sometimes called a packet filter, is designed to prevent malicious network packets from entering or leaving computers or networks?
Select the tool below that consists of a system of security tools that is used to recognize and identify data that is critical to an organization and ensure that it is protected:
Data Loss Prevention
Most DLP systems make use of what method of security analysis below?
Anti-virus products typically utilize what type of virus scanning analysis?
What type of filtering utilizes a an analysis of the content of spam messages in comparison to neutral / non-spam messages in order to make intelligent decisions as to what should be considered spam?
A system such as a printer, smart TV, or HVAC controller, typically uses an operating system on what is called a
What is the best way to prevent data input by a user from having potentially malicious effects on software?
Escaping user responses
The SHA-1 hashing algorithm creates a digest that is how many bits in length?
What is the name of the open source asymmetric cryptography system that runs on Windows, UNIX, and Linux systems, and is compatible with PGP?
The NTRUEncrypt cryptographic algorithm makes use of which of the following cryptographic techniques?
Cryptography that attempts to use the microscopic behaviors of objects to develop and share keys while also detecting eavesdropping is known as what type of cryptography?
What cryptographic method, first proposed in the mid-1980s, makes use of sloping curves instead of large prime numbers?
The asymmetric cryptography algorithm most commonly used is:
Which of the following is not one of the functions of a digital signature?
Protect the public key
What type of cryptography uses two keys instead of just one, generating both a private and a public key?
What is the block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits known as?
Select below the standard that is based on the Rijndael algorithm, and was approved by NIST in late 2000 as a replacement for DES:
After the DES cipher was broken and no longer considered secure, what encryption algorithm was made as its successor?
Which type of cryptographic algorithm takes an input string of any length, and returns a string of any requested variable length?
The simplest type of stream cipher, one in which one letter or character is exchanged for another, is known as what?
A key that is generated by a symmetric cryptographic algorithm is said to be a:
What is the name of the cryptographic hash function that has international recognition and has been adopted by standards organizations such as the ISO, that creates a digest of 512 bits and will not be subject to patents?
If using the MD5 hashing algorithm, what is the length to which each message is padded?
What type of cryptographic algorithm is considered to be a one-way algorithm, in that its contents can't be used to reveal the original set of data?
In cryptography, which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data?
Data that is in an unencrypted form is referred to as which of the following?
On what principle did Julius Caesar's cyptographic messages function?
Each alphabetic letter was shifted three places down in the alphabet
What type of cryptographic algorithm can be used to ensure the integrity of a file's contents?
Using what mechanism below can the non-repudiation of an e-mail and it's content be enforced?
Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:
What is the name for an organization that receives, authenticates, and processes certificate revocation requests?
What kind of certificate is typically used by an individual to secure e-mail transmissions?
Select below the type of certificate that is often issued from a server to a client, with the purpose of ensuring the authenticity of the server:
A sensitive connection between a client and a web server uses what class of certificate?
A framework for all of the entities involved in digital certificates for digital certificate management is known as:
Public key infrastructure
When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established?
Because of the limitations of a hierarchical trust model, what type of trust model is used for CAs on the Internet?
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as?
Certificate practice statement (CPS)
At what stage can a certificate no longer be used for any type of authentication?
The process by which keys are managed by a third party, such as a trusted CA, is known as?
What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?
What cryptographic transport algorithm is considered to be significantly more secure than SSL?
What protocol below supports two encryption modes: transport and tunnel?
Why is IPsec considered to be a transparent security protocol?
IPsec is designed to not require modifications of programs, or additional training, or additional client setup
Select below the secure alternative to the telnet protocol:
SSL and TLS keys of what length are generally considered to be strong?
What information security position reports to the CISO and supervises technicians, administrators, and security staff?
According to the U.S. Bureau of Labor Statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade?
Which position below is considered an entry-level position for a person who has the necessary technical skills?
What country is now the number one source of attack traffic?
What kind of server connects a remote system through the Internet to local serial ports using TCP/IP?
In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network?
Which term below is frequently used to describe the tasks of securing information that is in a digital format?
Which of the three protections ensures that only authorized parties can view information?
Select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.
The security protection item that ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter is known as?
In information security, what constitutes a loss?
theft of information,
a delay in transmitting information that results in a financial penalty,the loss of good will or a reputation
In information security, an example of a threat agent can be ____.
A person attempting to break into a secure computer network,a virus that attacks a computer network,force of nature such as a tornado that could destroy computer equipment
What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?
Under which law are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?
Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year?
The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack?
What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters?
Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so
Script kiddies acquire which item below from other attackers to easily craft an attack:
What layer of the OSI model is responsible for permitting two parties on a network to hold ongoing communications across the network?
Select below the layer of the OSI model at which the route a packet is to take is determined, and the addressing of the packet is performed.
An early networking device that functioned at layer 1 of the OSI model and added devices to a single segment is known as which of the following choices?
What kind of networking device forwards packets across different computer networks by reading destination addresses?
An administrator has two servers that host the same web content, but only one server is utilized at a given time. What can be configured to make use of both servers in a manner that is transparent to the end users?
A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below?
Stateful packet filtering
What is the name for a computer or application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user?
A server that routes incoming requests to a specific destination server, and acts as the final destination IP for all client access, is known as a:
What technology enables authorized users to use an unsecured public network, such as the Internet, as if were a secure private network?
Select below the technology that can be used to examine content through application-level filtering:
Web security gateway
What type of monitoring compares network traffic, activities, transactions, or behavior against a database of known attack patterns?
What is the name for an instruction that interrupts a program being executed and requests a service from the operating system?
When a private network uses a single public IP address, and each outgoing TCP packet uses a different port to allow for proper translation, what networking technology is in use?
Which network address below is not a private IP address network?
A web server must be accessible to untrusted outside users. What can be done to isolate this host and any additional hosts with similar requirements from more secured hosts on a network?
Create a DMZ, add necessary hosts.
The standard TCP/IP protocol uses IP addresses which are how many bytes in length?
What vendor neutral protocol implements support for VLAN tagging?
The management in your corporate office want to group users on the network together logically even though they are attached to separate network switches. How can this be done?
Create a VLAN and add the users' computers / ports to the VLAN.
Which of the following is not a component of an IP packet that a firewall rule can use for filtering purposes?
A load balancer that works with the File Transfer Protocol is operating at what layer of the OSI model?