Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Emerg Issues Final

Chapter 6-12 Multiple Choice

In NetWare 5.0, TCP/IP replaced ____ as the default protocol. IPX/SPX
In ____, instead of peer-to-peer networks, a client/server model was created in which a server was responsible for authenticating users and giving them access to resources on a network. Windows NT 3.51
LDAP (port ____) is the protocol used to access Novell’s eDirectory, Microsoft Active Directory, and Apple Open Directory. 389
NetBIOS names have a limit of ____ characters 16
NetWare’s ____ is a graphical Java utility for centralized network administration. ConsoleOne
One of the biggest vulnerabilities of NetBIOS systems is a(n) ____, which is an unauthenticated connection to a Windows computer using no logon and password values. null session
The ____ command gives you a quick way to see whether there are any shared resources on a computer or server. Net view
The ____ command is a powerful enumeration tool included with Windows. Nbtstat
The computer names you assign to Windows systems are called ____ names. NetBIOS
The most popular enumeration tool for security testers and hackers alike is the ____ utility, which enables you to find out who is logged in to a *nix system with one simple command. Finger
The most recent version of Novell OS is called ____. Novell Open Enterprise Server
The open-source descendant of Nessus is called ____. OpenVAS
Windows 95 uses the ____ file system. FAT16
Windows 98 introduced the ____ file system. FAT32
Windows NT 3.51 uses the ____ file system. NTFS
With ____, you can have your desktop computer or laptop start in both Windows and Linux. Grand Unified Bootloader
____ implemented Windows File Protection to prevent core system files from being overwritten. Windows XP Professional
____ is a system process that runs on Windows OSs to facilitate the exchange of network data. NetDDE
____ is an enhancement to NDS (NetWare Directory Services). eDirectory
____ is an excellent GUI tool for managing Windows OSs and is capable of displaying graphical representations of several areas. Hyena
A common Linux rootkit is ____. Linux Rootkit 5
Complete instructions for MBSA are available from the MBSA Help interface or the ____ site. Microsoft Security Tools Web
Early Windows OSs communicated with each other by using ____. NetBIOS
For a Windows computer to be able to access a *nix resource, ____ must be enabled on both systems. CIFS
If the LRK5 rootkit is installed on a Linux computer, entering the Trojaned ____ command allows the attacker’s processes to continue running, even though the Linux administrator thinks all processes were killed. Killall
MBSA has its origins in the ____ scanner. HFNetChk
NetBIOS is not a protocol; it usually works with ____, a fast, efficient protocol that requires little configuration. NetBEUI
NetBIOS over TCP/IP is called ____ in Windows 2000 Server. NBT
NetBIOS over TCP/IP is called ____ in Windows Server 2003. NetBT
Red Hat and Fedora Linux use the ____ command to update and manage RPM packages. yum
SELinux contains several features and modules that use ____, an OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users. Mandatory Access Control (MAC)
SMB usually runs on top of NetBIOS, NetBEUI, or ____. TCP/IP
The Conficker worm took advantage of a vulnerability in ____ to run arbitrary code on susceptible hosts. RPC
The Trojan program called Sheepshank makes HTTP GET requests over port ____. 80
The best way to protect a network from SMB attacks is to make sure routers filter out ports 137 to 139 and ____. 445
To determine whether a system is vulnerable to an RPC-related issue, the best tool is ____. MBSA
Trusted Computer Solutions____ program is used to tighten Linux system security configuration by using templates. Security Blanket
Windows Server 2003 and 2008 ____ are used to authenticate user accounts, so they contain much of the information that attackers want to access. domain controllers
____ is a client/server technology designed to manage patching and updating systems software from the network. Software Update Services (SUS)
____ is an interprocess communication mechanism that allows a program running on one host to run code on a remote host. RPC
____ is an open-source implementation of CIFS. Samba
A device that performs more than one function (e.g., printing and faxing) is called a(n) ____. MFD
A(n) ____ operating system can be a small program developed specifically for use with embedded systems, or it can be a stripped-down version of an OS commonly used on general-purpose computers. embedded
A(n) ____ system may be used when automation is critical. SCADA
An embedded OS certified to run multiple levels of classification (such as unclassified, secret, and top secret) on the same CPU without leakage between levels is called ____. MILS
Disgruntled employees might install a(n) ____ in company computers’ flash memory before they leave a company and later use it to gain access to the corporate network. BIOS-based rootkit
Embedded Linux is an example of a(n) ____ OS used in a multitude of industrial, medical, and consumer items. monolithic
For sensitive embedded systems that need only a fraction of the features offered by other kernels, the risk of vulnerabilities might outweigh the benefits, and a(n) ____ kernel might be most suitable. proprietary
If a(n) ____ is compromised, attackers might be able to gain complete access to network resources. router
Many viruses, worms, Trojans, and other attack vectors take advantage of ____code. shared
OSs that use a(n) ____ sacrifice flexibility for simplicity and fewer hardware resources. microkernel
One reason that some vendors of embedded OSs are using ____ software more is that the cost of developing and patching an OS is shared by the entire community. open-source
One type of specialized embedded OS is a(n) ____, typically used in devices such as programmable thermostats, appliance controls, and even spacecraft. RTOS
Originally, ____ were used to perform routing and switching. general purpose computers
Rootkits that pose the biggest threat to any OS are those that infect a device’s ____. firmware
Software residing on a chip is commonly referred to as ____. firmware
The ____ Linux kernel was designed to offer the most flexibility and support for sophisticated features. monolithic
The ____ worm spread by exploiting outdated or poorly configured router OSs that contained easy-to-guess passwords. psyb0t
What is the collective name for embedded versions of Windows Enterprise OSs, such as XP Professional, Windows Vista Business and Ultimate, and Windows 7 Ultimate and Professional? Windows Embedded Enterprise
Which of the following could be considered the biggest security threat for an organization? employees
Which of the following is a software flaw that would cause the system to suddenly stop or fail when the clock struck midnight on the eve of the past millennium? Y2K
Wind River produces an open-source Linux OS for embedded systems and an OS microkernel extension called ____. RTLinux
All CFML tags begin with “____”. CF
ColdFusion uses its own proprietary tags written in ____. CFML
Connecting to a Microsoft Active Directory Service database with OLE DB requires using ____ as the provider. ADSDSOOBJECT
Connecting to a MySQL database with OLE DB requires using ____ as the provider. MySQLProv
Connecting to a VSAM database with OLE DB requires using ____ as the provider. SNAOLEDB
Connecting to an MS SQL Server database with OLE DB requires using ____ as the provider. SQLOLEDB
In a(n) ____ flaw, a Web browser might carry out code sent from a Web site. cross-site scripting
One of the best Web sites to find tools for hacking Web applications is ____. http://packetstormsecurity.org
SQL ____ involves the attacker supplying SQL commands when prompted to fill in a Web application field. injection
The JavaScript getElementByld() function is a method defined by the ____ Document Object Model (DOM). W3C
The ____ Search page is an excellent starting point when investigating VBScript vulnerabilities. Microsoft Security Bulletin
The column tag in CFML is ____. "<CFCOL>"
To check whether a CGI program works, you should save the program to the ____ directory of your Web server, and then enter the URL in your Web browser. cgi-bin
Visual Basic Script (VBScript) is a scripting language developed by ____. Microsoft
Web servers use the ____ element in an HTML document to allow customers to submit information to the Web server. <form>
____ is a standard database access method developed by the SQLAccess Group. ODBC
____ is one of the best tools for scanning the Web for systems with CGI vulnerabilities. Cgiscan.c
____ is the interface that describes how a Web server passes data to a Web browser. CGI
____ represent(s) a comment in SQL. Double hyphens (--)
____ was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows. PHP
____, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system. OLE DB
A(n) ____ is a transceiver that connects to a network via an Ethernet cable; it bridges the wireless LAN with the wired network. access point (AP)
Each frequency band contains ____; if they overlap, interference could occur. channels
In 802.11, an addressable unit is called a ____. station (STA)
In 802.1X, a(n) ____ is the wireless user attempting access to a WLAN. supplicant
In a WPAN, the maximum distance allowed between each device is usually ____ meters. 10
One of the default SSIDs used by D-Link is ____. default
One of the default SSIDs used by Linksys is ____. linksys
The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of the ____. Data Link layer
The ____ band is used by commercial AM radio stations. medium frequency (MF)
The ____ standard can achieve a throughput of 54 Mbps. 802.11g
The ____ standard has improvements to address the problem of interference. 802.11e
The ____ standard, also referred to as Wi-Fi, operates in the 2.4 GHz range with an increased throughput from 1 or 2 Mbps to 11 Mbps. 802.11b
The default SSID used by Cisco is ____. Tsunami
WPA improves encryption by using ____. TKIP
____ Project 802 was developed to create LAN and WAN standards. IEEE
____ defines how data is placed on a carrier signal. Modulation
____ is a freeware tool written for Windows that enables you to detect WLANs using 802.11a, 802.11b, and 802.11g. NetStumbler
____ is a product for conducting wardriving attacks written by Mike Kershaw. This product is free and runs on Linux, BSD, Mac OS X, and even Linux PDAs. Kismet
____ is an enhancement to PPP. EAP
____ is the most popular type of WLAN technology. Spread spectrum
____ is the tool most hackers wanting to access WEP-enabled WLANs use. AirCrack NG
____ uses TLS to authenticate the server to the client but not the client to the server. PEAP
____ is a scripting language for Windows and Linux that performs repetitive tasks, such as password cracking. EXPECT
____ is the original password-cracking program now used by many government agencies to test for password strength. L0phtcrack
A certificate contains a unique serial number and must follow the ____ standard that describes the makings of a certificate. X.509
A famous encryption device was the ____ machine developed by Arthur Scherbius and used by the Germans during World War II. Enigma
After DES was in service for many years, NIST decided that a new standard was in order: ____. Advanced Encryption Standard (AES)
Even though DEA uses 64-bit encryption, only ____ bits are effectively being used. 56
In a ____ attack, after an attacker has access to a password file, he or she can run a password-cracking program that uses a dictionary of known words or passwords as an input file. dictionary
In a ____ attack, an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters. brute force
In a ____ attack, the attacker has access to plaintext and ciphertext and the ability to choose which messages to encrypt. chosen-plaintext
In a ____ attack, the attacker has access to the ciphertext to be decrypted and to the resulting plaintext. chosen-ciphertext
In a ____ attack, the attacker has messages in both encrypted form and decrypted forms. known plaintext
In a ____ attack, the attacker has the ciphertext of several messages that were encrypted with the same encryption algorithm but has no access to the plaintext, so he or she must try to figure out the key used to encrypt the data. ciphertext-only
RSA was developed by three MIT professors:Ronald L.Rivest, ____, and Leonard M. Adleman. Adi Shamir
The Book of Jeremiah was written using a cipher, or key, known as ____. atbash
The Purple Machine code was broken by ____, a cryptanalyst for the U.S. government and known as the “Father of U.S. Cryptanalysis.” William Frederick Friedman
The ____ algorithm does not provide encryption but is used to establish the secret key between two parties. Diffie-Hellman
The program ____ is one of the best programs available today for cracking password files. John the Ripper
____ is a hashing algorithm developed by Rivest in 1991. MD5
____ is an asymmetrical algorithm that can be used to encrypt data, create a digital signature, and exchange secret keys. ElGamal
____ is used for encryption as well as digital signatures and key exchange. ECC
____ means that a user can’t deny he or she sent a message to a recipient, and the receiver of a message can’t deny ever receiving the message. Nonrepudiation
____ refers to verifying the sender or receiver (or both) is who he or she claims to be. Authentication
____ was developed by Phil Zimmerman as a free e-mail encryption program that allowed typical users to encrypt e-mail messages. PGP
____, developed by Bruce Schneier, is a block cipher that operates on 64-bit blocks of plaintext. Blowfish
____, developed by Xuejia Lai and James Massey, is a block cipher that operates on 64-bit blocks of plaintext. International Data Encryption Algorithm (IDEA)
Created by: ITSec_guy