Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

RiskMGMT_final mult

Multiple choice from chapters 6-10

A DoS attack that uses TCP flags is called a ________ attack. half-open
A ________ attack is an attack that is made before attack signatures for the threat are defined. zero-day
A ________ is a persistent conversation between different programs on different computers. connection
A ________ port number designates a specific application running on a server. well-known
A connection between two programs on different computers is represented by its ________. pair of sockets
Almost all main border firewalls use ________ filtering as their primary filtering mechanism. None of the above
Automatic protections for application proxy firewalls include ________. Both A and B
Firewall policies should govern ________. Both A and B
Firewalls will drop ________. provable attack packets
Firms can address the increasing ability of attackers to bypass the border firewalls by ________. hardening hosts
If a firewall cannot keep up with traffic volume, it will ________. drop packets it cannot process
If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________. Both A and B
If a firewall receives a provable attack packet, the firewall will ________. Both A and B
If a firewall receives a suspicious packet, the firewall will ________. Neither A nor B
If an IPS identifies an attack, it can ________. Both A and B
If you will proxy 8 different applications, you will need ________ proxy programs. 8
In ________ filtering, the firewall examines packets entering the network from the outside. ingress
NAT is able to stop ________. Both A and B
Nearly all main border walls today use ________ filtering. stateful packet inspection
SPI firewalls can conduct ________ inspection. Both A and B
Stateful packet inspection firewalls are ________. fairly safe in practice
Static packet filtering is sometimes used ________. Both A and B
The ________ is a subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world. None of the above
The most time-consuming part of firewall management is ________. reading firewall logs
There is(are) ________ NAT traversal method(s). several
Today, application proxy firewalls are commonly used ________. to protect internal clients from malicious external servers
What is the SPI firewall rule for packets that do not attempt to open connections? pass the packet if it is part of a previously approved connection
What is the SPI firewall rule for packets that only have their TCP ACK bits set but no other flags set? pass the packet if it is part of a previously approved connection
What type of filtering do IDSs do? packet stream analysis
What type of filtering do IDSs do? deep packet inspection
What type of host may be placed in the DMZ? Both A and B
Which IPS response to an attack can do the most damage? dropping packets
Which IPS response to an attack is the most effective in stopping attacks? dropping packets
Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt to open connections? permit all attempts to open a connection from an internal host to an external host
Zero-day attacks might be stopped by ________ detection. anomaly
________ detection looks for specific patterns in the network traffic to identify a threat. Signature
________ do not drop packets. IDSs
________ drop packets. IPSs
________ firewalls filter traffic passing between different parts of a site's network. Internal
________ firewalls may be able to stop attacks by employees within the firm against internal site resources. Internal
A Windows systems administrator should use the Administrator account ________. as little as possible, and only when needed
A ________ is a type of fix for vulnerabilities. Both A and B
A systems administrator may manage ________. Both A and B
A(n) ________ is an individual application on the tree pane of an MMC that can be added or dropped from the tree list easily. snap-in
A(n) ________ is defined as an attack that comes before fixes are released. zero-day attack
Any device with an IP address is a ________. host
Assigning security measures to groups is ________ than assigning security measures to individuals within groups. cheaper
Assigning security measures to groups is better than assigning security measures to individuals within groups because ________. Both A and B
If a PC fails its initial NAC health assessment, it may be ________. refused access
If an attacker takes over a firewall, he or she will be able to ________. All of the above
If an attacker takes over a router, he or she will be able to ________. reroute traffic to cause a local DoS
In MMCs, the tree pane lists ________. objects on which actions can be taken
Inheritance ________ labor costs in assigning permissions. reduces
Inheritance can be modified from the ________ box in the security tab. Both A and B
Microsoft's server operating system is called ________. Windows Server
Mobile computers should be backed up ________. before being taken off site
The Local Users and Groups snap-in is available on the ________ MMC. Computer Management
The Microsoft Windows Server interface looks like the interface in ________. client versions of Microsoft Windows
The book recommends that passwords be at least ________ characters long. 8
The policies for protecting sensitive information should be applied to all mobile data on ________. All of the above
The super user account in UNIX is called ________. root
To get to the super user account in UNIX, the administrator should use the ________ command. su
To get to the super user account in Windows, the administrator can use the ________ command. RunAs
To how many accounts and groups can different permissions be applied in Windows? almost an unlimited number
UNIX command line interfaces are called ________. shells
UNIX offers ________ directory and file permissions than (as) Windows. fewer
Updating should be done on client PCs ________. automatically
Which of the following are elements of host hardening? Both A and B
Which of the following are elements of host hardening? minimizing applications on the host
Which of the following is a danger created by notebook computer loss or theft? Both A and B
Which of the following is not a common problem with antivirus protections? All of the above are common problems with antivirus protections.
Which of the following is not a type of fix for vulnerabilities? All of the above are types of fixes for vulnerabilities
Which of the following security protections are provided by recent version of Windows Server? Both A and B
Which of the following statements is not an accurate description of MMCs? MMCs are located under the Start / Management menu choice.
________ can greatly reduce patching costs. Patch management servers
________ is a family of operating systems that share interoperability at the kernel level. UNIX
________ is a password-cracking method wherein the attacker compares passwords to lists of common words. A dictionary attack
________ is a password-cracking method wherein the attacker tries all possible passwords, starting with single-character passwords. Brute-force guessing
________ is a version of ________ for PCs. LINUX, UNIX
________ is necessary to protect the host against attacks. Host hardening
A PSTN gateway translates between a VoIP network's ________ protocols and those of the public switched telephone network. Both A and B
A VoIP caller wishing to contact another sends an INVITE message to ________. None of the above
An attacker types more data in a field than the programmer expected. This is a(n) ________ attack. buffer overflow
Attacks in which a user reaches a directory outside of the WWW root directory and its subdirectories is called a(n) ________ attack. directory traversal
Code on a webpage that is executed on the client PC is ________. mobile code
Compared to full programming languages, scripts are ________ in what they can do. more limited
Cookies are dangerous because they ________. Both A and B
Developers have permissions on the ________. development server
E-mail filtering can be done at which of the following? All of the above
For all applications, a basic rule is ________. never trust user input
In IM, ________ servers allow two users to locate each other. presence
In IM, all messages pass through a ________ server. relay
In VoIP, encryption may ________. increase latency
In VoIP, firewalls are a problem because they tend to ________. increase latency
In a URL, ".." (without the quotes) means ________. move one directory up
In a stack overflow attack, to where does the return address point? to the beginning of the stack entry's data area
In a(n) ________ attack, information that a user enters is sent back to the user in a webpage. XSS
In a(n) ________ attack, the user enters part of a database query instead of giving the expected input. SQL injection
RTP adds ________ to UDP. sequence numbers
RTP is used in ________. transport
SIP Identity protocols ________. ensure that traffic is authenticated between two companies holding public/private keys
SIP requires port ________ to be open. 5060
Someone breaks into a corporate VoIP system to place free long-distance and international toll calls. This is referred to by security professionals as ________. toll fraud
Spam over VoIP is called ________. SPIT
Testers have permissions on the ________. testing server
The most popular way for hackers to take over hosts today is ________. by taking over an application
The prevention of sensitive information from being sent out of a company is called ________. extrusion prevention
The user reaches a webpage before logging in. This is a(n) ________ attack. login screen bypass
To prevent eavesdropping, applications should ________. use encryption for confidentiality
To satisfy legal retention and other compliance regulations, companies should use ________ in IM. a relay server
VoIP traffic and data traffic tend to be segregated from each other on a network for added security. true
What e-mail standard provides end-to-end security? S/MIME
Which comes third in a VoIP packet? RTP header
Which of the following are reasons to ensure WWW Service and E-Commerce security? All of the above
Which of the following is NOT a signaling protocol? RTP
Which version of SNMP allows the manager to have a different shared secret with each agent? Version 3
Whisker is a popular tool for ________. conducting vulnerability testing on webservers
________ errors may indicate that an attacker is trying to send invalid data to the server. 500
________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers. Skype
________ offers no security at all. SNMP V1
A dual-layer DVD can hold up to about ________ GB. 8
Adding invisible information to a file that can be used to identify its source is called ________. watermarking
After destroying, data is ________. Neither A nor B
After wiping/clearing, data is ________. reusable
Another name for RAID 0 is ________. striping
Another name for RAID 1 is ________. mirroring
Another name for RAID 5 is ________. distributed parity
Backup creation policies should specify ________. Both A and B
Checkouts of backup media for restoration ________. Neither A nor B
Companies address the risk of losing a security key by using ________. key escrow
Companies usually conduct full backups on a ________ basis. weekly
Compared to local backup, centralized backup ________. Both A and B
Configuring multiple hard drives as an array within a single system is ________. Both A and B
DDL triggers are used to ________. produce automatic responses if the structure of the database has been altered.
DLL triggers are used to ________. Neither A nor B
DML triggers are used to ________. produce automatic responses if the data of the database has been altered
DML triggers are used to ________. Neither A nor B
Data can be lost by ________. All of the above
Data destruction is ________. necessary
Databases are ________. Both A and B
Example of DBMSs include ________. Both A and B
File/directory data backup copies ________. data
Full backups are ________. All of the above
Image backup is attractive because ________. it requires minimal additional work to restore a fully functioning PC
Magnetic tape is ________. Neither A nor B
Profiling uses ________ to find patterns in a dataset which uniquely identify an individual. All of the above
Properly backed up data includes ________. Both A and B
Regarding retention policies, firms need to ________. implement strong and clear backup policies
To find out who is sending trade secrets out of the firm, you can use ________. watermarking
Trusting users to do key escrow is risky because ________. All of the above
Two computer systems each back up the other in real time in ________. CDP
Which of the following database events should be regularly audited? All of the above
Who should be involved in the creation of retention policies? Both A and B
With RAID 1, the following is achieved: redundancy
With RAID 5, the following is achieved: All of the above
With basic file deletion, data is ________. Both A and B
With nominal deletion, data is ________. Both A and B.
________ backups only back up data that has changed since the most recent full backup. Incremental
________ is an example of PII. Social Security number
________ is the process of obscuring data such that it cannot identify a specific person, but remains practically useful. Data masking
18 U.S.C. ยง 1030 protects ________. "protected computers" such as government computers
A ________ is a fake network segment with multiple clients and servers. honeypot
A ________ is a law dealing with information technology. cyberlaw
A walkthrough is also called a ________. table-top exercise
Allowing an attacker to continue working in a system after the attack has been discovered ________. Both A and B
An IDS is a ________ control. detective
Dropping all future packets from a particular IP address is called ________. black holing
False alarms in an IDS are known as ________. false positives
HIDSs ________. provide highly specific information about what happened on a particular host
Hot sites ________. Neither A nor B
If an IDS cannot process all of the packets it receives, it will ________ packets it cannot process. drop
In a crisis, human cognition ________. is degraded
Integrated log files ________. Both A and B
Integrated log files are ________ event logs from multiple IDS's. aggregated
Live tests are ________. more effective than walkthroughs
Plaintiffs initiate legal proceedings in ________ cases. civil
Repair during ongoing server operation is ________. Both A and B
The ________ collects event data and stores them in log files on the monitoring devices. agent
The business continuity team should be headed by ________. a senior business manager
The decision to let an attack continue should be made by ________. senior business executives
The normal standard for deciding a case in ________ trials is guilt beyond a reasonable doubt. criminal
The only person who should speak on behalf of a firm should be ________. the public relations director
The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial. mens rea
Wal-Mart was able to respond to hurricane Katrina so quickly because it had ________. Both A and B
Walkthroughs are ________ table-top exercises the same thing as
What protection can a firm provide for people in the event of an emergency? Both A and B
When a system runs out of storage space, ________. the IDS will start a new log file
Which of the following is a function of IDSs? automated analysis
Which of the following is not one of the three rules for apologies? Use wording aimed at reducing lawsuits
Who should head the CSIRT? A senior manager
________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery. Analysis
________ deals with the violation of criminal statutes. Criminal law
________ eliminates the problem of having to re-baseline the system to proper security levels. Using a disk image
________ evidence is evidence that is acceptable for court proceedings Forensic
________ investigate(s) most violations of local and state computer laws. Local police
________ is the act of actually stopping an incident's damage. Containment
________ punishments may result in fines. Both A and B
________ specify how a company will maintain or restore core business operations after disasters. Business continuity plans
________ specify how a company will restore IT functions after a disaster. IT disaster recovery plans
Created by: ITSec_guy