Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
RiskMGMT_final mult
Multiple choice from chapters 6-10
| Question | Answer |
|---|---|
| A DoS attack that uses TCP flags is called a ________ attack. | half-open |
| A ________ attack is an attack that is made before attack signatures for the threat are defined. | zero-day |
| A ________ is a persistent conversation between different programs on different computers. | connection |
| A ________ port number designates a specific application running on a server. | well-known |
| A connection between two programs on different computers is represented by its ________. | pair of sockets |
| Almost all main border firewalls use ________ filtering as their primary filtering mechanism. | None of the above |
| Automatic protections for application proxy firewalls include ________. | Both A and B |
| Firewall policies should govern ________. | Both A and B |
| Firewalls will drop ________. | provable attack packets |
| Firms can address the increasing ability of attackers to bypass the border firewalls by ________. | hardening hosts |
| If a firewall cannot keep up with traffic volume, it will ________. | drop packets it cannot process |
| If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________. | Both A and B |
| If a firewall receives a provable attack packet, the firewall will ________. | Both A and B |
| If a firewall receives a suspicious packet, the firewall will ________. | Neither A nor B |
| If an IPS identifies an attack, it can ________. | Both A and B |
| If you will proxy 8 different applications, you will need ________ proxy programs. | 8 |
| In ________ filtering, the firewall examines packets entering the network from the outside. | ingress |
| NAT is able to stop ________. | Both A and B |
| Nearly all main border walls today use ________ filtering. | stateful packet inspection |
| SPI firewalls can conduct ________ inspection. | Both A and B |
| Stateful packet inspection firewalls are ________. | fairly safe in practice |
| Static packet filtering is sometimes used ________. | Both A and B |
| The ________ is a subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world. | None of the above |
| The most time-consuming part of firewall management is ________. | reading firewall logs |
| There is(are) ________ NAT traversal method(s). | several |
| Today, application proxy firewalls are commonly used ________. | to protect internal clients from malicious external servers |
| What is the SPI firewall rule for packets that do not attempt to open connections? | pass the packet if it is part of a previously approved connection |
| What is the SPI firewall rule for packets that only have their TCP ACK bits set but no other flags set? | pass the packet if it is part of a previously approved connection |
| What type of filtering do IDSs do? | packet stream analysis |
| What type of filtering do IDSs do? | deep packet inspection |
| What type of host may be placed in the DMZ? | Both A and B |
| Which IPS response to an attack can do the most damage? | dropping packets |
| Which IPS response to an attack is the most effective in stopping attacks? | dropping packets |
| Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt to open connections? | permit all attempts to open a connection from an internal host to an external host |
| Zero-day attacks might be stopped by ________ detection. | anomaly |
| ________ detection looks for specific patterns in the network traffic to identify a threat. | Signature |
| ________ do not drop packets. | IDSs |
| ________ drop packets. | IPSs |
| ________ firewalls filter traffic passing between different parts of a site's network. | Internal |
| ________ firewalls may be able to stop attacks by employees within the firm against internal site resources. | Internal |
| A Windows systems administrator should use the Administrator account ________. | as little as possible, and only when needed |
| A ________ is a type of fix for vulnerabilities. | Both A and B |
| A systems administrator may manage ________. | Both A and B |
| A(n) ________ is an individual application on the tree pane of an MMC that can be added or dropped from the tree list easily. | snap-in |
| A(n) ________ is defined as an attack that comes before fixes are released. | zero-day attack |
| Any device with an IP address is a ________. | host |
| Assigning security measures to groups is ________ than assigning security measures to individuals within groups. | cheaper |
| Assigning security measures to groups is better than assigning security measures to individuals within groups because ________. | Both A and B |
| If a PC fails its initial NAC health assessment, it may be ________. | refused access |
| If an attacker takes over a firewall, he or she will be able to ________. | All of the above |
| If an attacker takes over a router, he or she will be able to ________. | reroute traffic to cause a local DoS |
| In MMCs, the tree pane lists ________. | objects on which actions can be taken |
| Inheritance ________ labor costs in assigning permissions. | reduces |
| Inheritance can be modified from the ________ box in the security tab. | Both A and B |
| Microsoft's server operating system is called ________. | Windows Server |
| Mobile computers should be backed up ________. | before being taken off site |
| The Local Users and Groups snap-in is available on the ________ MMC. | Computer Management |
| The Microsoft Windows Server interface looks like the interface in ________. | client versions of Microsoft Windows |
| The book recommends that passwords be at least ________ characters long. | 8 |
| The policies for protecting sensitive information should be applied to all mobile data on ________. | All of the above |
| The super user account in UNIX is called ________. | root |
| To get to the super user account in UNIX, the administrator should use the ________ command. | su |
| To get to the super user account in Windows, the administrator can use the ________ command. | RunAs |
| To how many accounts and groups can different permissions be applied in Windows? | almost an unlimited number |
| UNIX command line interfaces are called ________. | shells |
| UNIX offers ________ directory and file permissions than (as) Windows. | fewer |
| Updating should be done on client PCs ________. | automatically |
| Which of the following are elements of host hardening? | Both A and B |
| Which of the following are elements of host hardening? | minimizing applications on the host |
| Which of the following is a danger created by notebook computer loss or theft? | Both A and B |
| Which of the following is not a common problem with antivirus protections? | All of the above are common problems with antivirus protections. |
| Which of the following is not a type of fix for vulnerabilities? | All of the above are types of fixes for vulnerabilities |
| Which of the following security protections are provided by recent version of Windows Server? | Both A and B |
| Which of the following statements is not an accurate description of MMCs? | MMCs are located under the Start / Management menu choice. |
| ________ can greatly reduce patching costs. | Patch management servers |
| ________ is a family of operating systems that share interoperability at the kernel level. | UNIX |
| ________ is a password-cracking method wherein the attacker compares passwords to lists of common words. | A dictionary attack |
| ________ is a password-cracking method wherein the attacker tries all possible passwords, starting with single-character passwords. | Brute-force guessing |
| ________ is a version of ________ for PCs. | LINUX, UNIX |
| ________ is necessary to protect the host against attacks. | Host hardening |
| A PSTN gateway translates between a VoIP network's ________ protocols and those of the public switched telephone network. | Both A and B |
| A VoIP caller wishing to contact another sends an INVITE message to ________. | None of the above |
| An attacker types more data in a field than the programmer expected. This is a(n) ________ attack. | buffer overflow |
| Attacks in which a user reaches a directory outside of the WWW root directory and its subdirectories is called a(n) ________ attack. | directory traversal |
| Code on a webpage that is executed on the client PC is ________. | mobile code |
| Compared to full programming languages, scripts are ________ in what they can do. | more limited |
| Cookies are dangerous because they ________. | Both A and B |
| Developers have permissions on the ________. | development server |
| E-mail filtering can be done at which of the following? | All of the above |
| For all applications, a basic rule is ________. | never trust user input |
| In IM, ________ servers allow two users to locate each other. | presence |
| In IM, all messages pass through a ________ server. | relay |
| In VoIP, encryption may ________. | increase latency |
| In VoIP, firewalls are a problem because they tend to ________. | increase latency |
| In a URL, ".." (without the quotes) means ________. | move one directory up |
| In a stack overflow attack, to where does the return address point? | to the beginning of the stack entry's data area |
| In a(n) ________ attack, information that a user enters is sent back to the user in a webpage. | XSS |
| In a(n) ________ attack, the user enters part of a database query instead of giving the expected input. | SQL injection |
| RTP adds ________ to UDP. | sequence numbers |
| RTP is used in ________. | transport |
| SIP Identity protocols ________. | ensure that traffic is authenticated between two companies holding public/private keys |
| SIP requires port ________ to be open. | 5060 |
| Someone breaks into a corporate VoIP system to place free long-distance and international toll calls. This is referred to by security professionals as ________. | toll fraud |
| Spam over VoIP is called ________. | SPIT |
| Testers have permissions on the ________. | testing server |
| The most popular way for hackers to take over hosts today is ________. | by taking over an application |
| The prevention of sensitive information from being sent out of a company is called ________. | extrusion prevention |
| The user reaches a webpage before logging in. This is a(n) ________ attack. | login screen bypass |
| To prevent eavesdropping, applications should ________. | use encryption for confidentiality |
| To satisfy legal retention and other compliance regulations, companies should use ________ in IM. | a relay server |
| VoIP traffic and data traffic tend to be segregated from each other on a network for added security. | true |
| What e-mail standard provides end-to-end security? | S/MIME |
| Which comes third in a VoIP packet? | RTP header |
| Which of the following are reasons to ensure WWW Service and E-Commerce security? | All of the above |
| Which of the following is NOT a signaling protocol? | RTP |
| Which version of SNMP allows the manager to have a different shared secret with each agent? | Version 3 |
| Whisker is a popular tool for ________. | conducting vulnerability testing on webservers |
| ________ errors may indicate that an attacker is trying to send invalid data to the server. | 500 |
| ________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers. | Skype |
| ________ offers no security at all. | SNMP V1 |
| A dual-layer DVD can hold up to about ________ GB. | 8 |
| Adding invisible information to a file that can be used to identify its source is called ________. | watermarking |
| After destroying, data is ________. | Neither A nor B |
| After wiping/clearing, data is ________. | reusable |
| Another name for RAID 0 is ________. | striping |
| Another name for RAID 1 is ________. | mirroring |
| Another name for RAID 5 is ________. | distributed parity |
| Backup creation policies should specify ________. | Both A and B |
| Checkouts of backup media for restoration ________. | Neither A nor B |
| Companies address the risk of losing a security key by using ________. | key escrow |
| Companies usually conduct full backups on a ________ basis. | weekly |
| Compared to local backup, centralized backup ________. | Both A and B |
| Configuring multiple hard drives as an array within a single system is ________. | Both A and B |
| DDL triggers are used to ________. | produce automatic responses if the structure of the database has been altered. |
| DLL triggers are used to ________. | Neither A nor B |
| DML triggers are used to ________. | produce automatic responses if the data of the database has been altered |
| DML triggers are used to ________. | Neither A nor B |
| Data can be lost by ________. | All of the above |
| Data destruction is ________. | necessary |
| Databases are ________. | Both A and B |
| Example of DBMSs include ________. | Both A and B |
| File/directory data backup copies ________. | data |
| Full backups are ________. | All of the above |
| Image backup is attractive because ________. | it requires minimal additional work to restore a fully functioning PC |
| Magnetic tape is ________. | Neither A nor B |
| Profiling uses ________ to find patterns in a dataset which uniquely identify an individual. | All of the above |
| Properly backed up data includes ________. | Both A and B |
| Regarding retention policies, firms need to ________. | implement strong and clear backup policies |
| To find out who is sending trade secrets out of the firm, you can use ________. | watermarking |
| Trusting users to do key escrow is risky because ________. | All of the above |
| Two computer systems each back up the other in real time in ________. | CDP |
| Which of the following database events should be regularly audited? | All of the above |
| Who should be involved in the creation of retention policies? | Both A and B |
| With RAID 1, the following is achieved: | redundancy |
| With RAID 5, the following is achieved: | All of the above |
| With basic file deletion, data is ________. | Both A and B |
| With nominal deletion, data is ________. | Both A and B. |
| ________ backups only back up data that has changed since the most recent full backup. | Incremental |
| ________ is an example of PII. | Social Security number |
| ________ is the process of obscuring data such that it cannot identify a specific person, but remains practically useful. | Data masking |
| 18 U.S.C. ยง 1030 protects ________. | "protected computers" such as government computers |
| A ________ is a fake network segment with multiple clients and servers. | honeypot |
| A ________ is a law dealing with information technology. | cyberlaw |
| A walkthrough is also called a ________. | table-top exercise |
| Allowing an attacker to continue working in a system after the attack has been discovered ________. | Both A and B |
| An IDS is a ________ control. | detective |
| Dropping all future packets from a particular IP address is called ________. | black holing |
| False alarms in an IDS are known as ________. | false positives |
| HIDSs ________. | provide highly specific information about what happened on a particular host |
| Hot sites ________. | Neither A nor B |
| If an IDS cannot process all of the packets it receives, it will ________ packets it cannot process. | drop |
| In a crisis, human cognition ________. | is degraded |
| Integrated log files ________. | Both A and B |
| Integrated log files are ________ event logs from multiple IDS's. | aggregated |
| Live tests are ________. | more effective than walkthroughs |
| Plaintiffs initiate legal proceedings in ________ cases. | civil |
| Repair during ongoing server operation is ________. | Both A and B |
| The ________ collects event data and stores them in log files on the monitoring devices. | agent |
| The business continuity team should be headed by ________. | a senior business manager |
| The decision to let an attack continue should be made by ________. | senior business executives |
| The normal standard for deciding a case in ________ trials is guilt beyond a reasonable doubt. | criminal |
| The only person who should speak on behalf of a firm should be ________. | the public relations director |
| The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial. | mens rea |
| Wal-Mart was able to respond to hurricane Katrina so quickly because it had ________. | Both A and B |
| Walkthroughs are ________ table-top exercises | the same thing as |
| What protection can a firm provide for people in the event of an emergency? | Both A and B |
| When a system runs out of storage space, ________. | the IDS will start a new log file |
| Which of the following is a function of IDSs? | automated analysis |
| Which of the following is not one of the three rules for apologies? | Use wording aimed at reducing lawsuits |
| Who should head the CSIRT? | A senior manager |
| ________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery. | Analysis |
| ________ deals with the violation of criminal statutes. | Criminal law |
| ________ eliminates the problem of having to re-baseline the system to proper security levels. | Using a disk image |
| ________ evidence is evidence that is acceptable for court proceedings | Forensic |
| ________ investigate(s) most violations of local and state computer laws. | Local police |
| ________ is the act of actually stopping an incident's damage. | Containment |
| ________ punishments may result in fines. | Both A and B |
| ________ specify how a company will maintain or restore core business operations after disasters. | Business continuity plans |
| ________ specify how a company will restore IT functions after a disaster. | IT disaster recovery plans |
Created by:
ITSec_guy
Popular Computers sets