click below
click below
Normal Size Small Size show me how
RiskMGMT_final mult
Multiple choice from chapters 6-10
Question | Answer |
---|---|
A DoS attack that uses TCP flags is called a ________ attack. | half-open |
A ________ attack is an attack that is made before attack signatures for the threat are defined. | zero-day |
A ________ is a persistent conversation between different programs on different computers. | connection |
A ________ port number designates a specific application running on a server. | well-known |
A connection between two programs on different computers is represented by its ________. | pair of sockets |
Almost all main border firewalls use ________ filtering as their primary filtering mechanism. | None of the above |
Automatic protections for application proxy firewalls include ________. | Both A and B |
Firewall policies should govern ________. | Both A and B |
Firewalls will drop ________. | provable attack packets |
Firms can address the increasing ability of attackers to bypass the border firewalls by ________. | hardening hosts |
If a firewall cannot keep up with traffic volume, it will ________. | drop packets it cannot process |
If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________. | Both A and B |
If a firewall receives a provable attack packet, the firewall will ________. | Both A and B |
If a firewall receives a suspicious packet, the firewall will ________. | Neither A nor B |
If an IPS identifies an attack, it can ________. | Both A and B |
If you will proxy 8 different applications, you will need ________ proxy programs. | 8 |
In ________ filtering, the firewall examines packets entering the network from the outside. | ingress |
NAT is able to stop ________. | Both A and B |
Nearly all main border walls today use ________ filtering. | stateful packet inspection |
SPI firewalls can conduct ________ inspection. | Both A and B |
Stateful packet inspection firewalls are ________. | fairly safe in practice |
Static packet filtering is sometimes used ________. | Both A and B |
The ________ is a subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world. | None of the above |
The most time-consuming part of firewall management is ________. | reading firewall logs |
There is(are) ________ NAT traversal method(s). | several |
Today, application proxy firewalls are commonly used ________. | to protect internal clients from malicious external servers |
What is the SPI firewall rule for packets that do not attempt to open connections? | pass the packet if it is part of a previously approved connection |
What is the SPI firewall rule for packets that only have their TCP ACK bits set but no other flags set? | pass the packet if it is part of a previously approved connection |
What type of filtering do IDSs do? | packet stream analysis |
What type of filtering do IDSs do? | deep packet inspection |
What type of host may be placed in the DMZ? | Both A and B |
Which IPS response to an attack can do the most damage? | dropping packets |
Which IPS response to an attack is the most effective in stopping attacks? | dropping packets |
Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt to open connections? | permit all attempts to open a connection from an internal host to an external host |
Zero-day attacks might be stopped by ________ detection. | anomaly |
________ detection looks for specific patterns in the network traffic to identify a threat. | Signature |
________ do not drop packets. | IDSs |
________ drop packets. | IPSs |
________ firewalls filter traffic passing between different parts of a site's network. | Internal |
________ firewalls may be able to stop attacks by employees within the firm against internal site resources. | Internal |
A Windows systems administrator should use the Administrator account ________. | as little as possible, and only when needed |
A ________ is a type of fix for vulnerabilities. | Both A and B |
A systems administrator may manage ________. | Both A and B |
A(n) ________ is an individual application on the tree pane of an MMC that can be added or dropped from the tree list easily. | snap-in |
A(n) ________ is defined as an attack that comes before fixes are released. | zero-day attack |
Any device with an IP address is a ________. | host |
Assigning security measures to groups is ________ than assigning security measures to individuals within groups. | cheaper |
Assigning security measures to groups is better than assigning security measures to individuals within groups because ________. | Both A and B |
If a PC fails its initial NAC health assessment, it may be ________. | refused access |
If an attacker takes over a firewall, he or she will be able to ________. | All of the above |
If an attacker takes over a router, he or she will be able to ________. | reroute traffic to cause a local DoS |
In MMCs, the tree pane lists ________. | objects on which actions can be taken |
Inheritance ________ labor costs in assigning permissions. | reduces |
Inheritance can be modified from the ________ box in the security tab. | Both A and B |
Microsoft's server operating system is called ________. | Windows Server |
Mobile computers should be backed up ________. | before being taken off site |
The Local Users and Groups snap-in is available on the ________ MMC. | Computer Management |
The Microsoft Windows Server interface looks like the interface in ________. | client versions of Microsoft Windows |
The book recommends that passwords be at least ________ characters long. | 8 |
The policies for protecting sensitive information should be applied to all mobile data on ________. | All of the above |
The super user account in UNIX is called ________. | root |
To get to the super user account in UNIX, the administrator should use the ________ command. | su |
To get to the super user account in Windows, the administrator can use the ________ command. | RunAs |
To how many accounts and groups can different permissions be applied in Windows? | almost an unlimited number |
UNIX command line interfaces are called ________. | shells |
UNIX offers ________ directory and file permissions than (as) Windows. | fewer |
Updating should be done on client PCs ________. | automatically |
Which of the following are elements of host hardening? | Both A and B |
Which of the following are elements of host hardening? | minimizing applications on the host |
Which of the following is a danger created by notebook computer loss or theft? | Both A and B |
Which of the following is not a common problem with antivirus protections? | All of the above are common problems with antivirus protections. |
Which of the following is not a type of fix for vulnerabilities? | All of the above are types of fixes for vulnerabilities |
Which of the following security protections are provided by recent version of Windows Server? | Both A and B |
Which of the following statements is not an accurate description of MMCs? | MMCs are located under the Start / Management menu choice. |
________ can greatly reduce patching costs. | Patch management servers |
________ is a family of operating systems that share interoperability at the kernel level. | UNIX |
________ is a password-cracking method wherein the attacker compares passwords to lists of common words. | A dictionary attack |
________ is a password-cracking method wherein the attacker tries all possible passwords, starting with single-character passwords. | Brute-force guessing |
________ is a version of ________ for PCs. | LINUX, UNIX |
________ is necessary to protect the host against attacks. | Host hardening |
A PSTN gateway translates between a VoIP network's ________ protocols and those of the public switched telephone network. | Both A and B |
A VoIP caller wishing to contact another sends an INVITE message to ________. | None of the above |
An attacker types more data in a field than the programmer expected. This is a(n) ________ attack. | buffer overflow |
Attacks in which a user reaches a directory outside of the WWW root directory and its subdirectories is called a(n) ________ attack. | directory traversal |
Code on a webpage that is executed on the client PC is ________. | mobile code |
Compared to full programming languages, scripts are ________ in what they can do. | more limited |
Cookies are dangerous because they ________. | Both A and B |
Developers have permissions on the ________. | development server |
E-mail filtering can be done at which of the following? | All of the above |
For all applications, a basic rule is ________. | never trust user input |
In IM, ________ servers allow two users to locate each other. | presence |
In IM, all messages pass through a ________ server. | relay |
In VoIP, encryption may ________. | increase latency |
In VoIP, firewalls are a problem because they tend to ________. | increase latency |
In a URL, ".." (without the quotes) means ________. | move one directory up |
In a stack overflow attack, to where does the return address point? | to the beginning of the stack entry's data area |
In a(n) ________ attack, information that a user enters is sent back to the user in a webpage. | XSS |
In a(n) ________ attack, the user enters part of a database query instead of giving the expected input. | SQL injection |
RTP adds ________ to UDP. | sequence numbers |
RTP is used in ________. | transport |
SIP Identity protocols ________. | ensure that traffic is authenticated between two companies holding public/private keys |
SIP requires port ________ to be open. | 5060 |
Someone breaks into a corporate VoIP system to place free long-distance and international toll calls. This is referred to by security professionals as ________. | toll fraud |
Spam over VoIP is called ________. | SPIT |
Testers have permissions on the ________. | testing server |
The most popular way for hackers to take over hosts today is ________. | by taking over an application |
The prevention of sensitive information from being sent out of a company is called ________. | extrusion prevention |
The user reaches a webpage before logging in. This is a(n) ________ attack. | login screen bypass |
To prevent eavesdropping, applications should ________. | use encryption for confidentiality |
To satisfy legal retention and other compliance regulations, companies should use ________ in IM. | a relay server |
VoIP traffic and data traffic tend to be segregated from each other on a network for added security. | true |
What e-mail standard provides end-to-end security? | S/MIME |
Which comes third in a VoIP packet? | RTP header |
Which of the following are reasons to ensure WWW Service and E-Commerce security? | All of the above |
Which of the following is NOT a signaling protocol? | RTP |
Which version of SNMP allows the manager to have a different shared secret with each agent? | Version 3 |
Whisker is a popular tool for ________. | conducting vulnerability testing on webservers |
________ errors may indicate that an attacker is trying to send invalid data to the server. | 500 |
________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers. | Skype |
________ offers no security at all. | SNMP V1 |
A dual-layer DVD can hold up to about ________ GB. | 8 |
Adding invisible information to a file that can be used to identify its source is called ________. | watermarking |
After destroying, data is ________. | Neither A nor B |
After wiping/clearing, data is ________. | reusable |
Another name for RAID 0 is ________. | striping |
Another name for RAID 1 is ________. | mirroring |
Another name for RAID 5 is ________. | distributed parity |
Backup creation policies should specify ________. | Both A and B |
Checkouts of backup media for restoration ________. | Neither A nor B |
Companies address the risk of losing a security key by using ________. | key escrow |
Companies usually conduct full backups on a ________ basis. | weekly |
Compared to local backup, centralized backup ________. | Both A and B |
Configuring multiple hard drives as an array within a single system is ________. | Both A and B |
DDL triggers are used to ________. | produce automatic responses if the structure of the database has been altered. |
DLL triggers are used to ________. | Neither A nor B |
DML triggers are used to ________. | produce automatic responses if the data of the database has been altered |
DML triggers are used to ________. | Neither A nor B |
Data can be lost by ________. | All of the above |
Data destruction is ________. | necessary |
Databases are ________. | Both A and B |
Example of DBMSs include ________. | Both A and B |
File/directory data backup copies ________. | data |
Full backups are ________. | All of the above |
Image backup is attractive because ________. | it requires minimal additional work to restore a fully functioning PC |
Magnetic tape is ________. | Neither A nor B |
Profiling uses ________ to find patterns in a dataset which uniquely identify an individual. | All of the above |
Properly backed up data includes ________. | Both A and B |
Regarding retention policies, firms need to ________. | implement strong and clear backup policies |
To find out who is sending trade secrets out of the firm, you can use ________. | watermarking |
Trusting users to do key escrow is risky because ________. | All of the above |
Two computer systems each back up the other in real time in ________. | CDP |
Which of the following database events should be regularly audited? | All of the above |
Who should be involved in the creation of retention policies? | Both A and B |
With RAID 1, the following is achieved: | redundancy |
With RAID 5, the following is achieved: | All of the above |
With basic file deletion, data is ________. | Both A and B |
With nominal deletion, data is ________. | Both A and B. |
________ backups only back up data that has changed since the most recent full backup. | Incremental |
________ is an example of PII. | Social Security number |
________ is the process of obscuring data such that it cannot identify a specific person, but remains practically useful. | Data masking |
18 U.S.C. ยง 1030 protects ________. | "protected computers" such as government computers |
A ________ is a fake network segment with multiple clients and servers. | honeypot |
A ________ is a law dealing with information technology. | cyberlaw |
A walkthrough is also called a ________. | table-top exercise |
Allowing an attacker to continue working in a system after the attack has been discovered ________. | Both A and B |
An IDS is a ________ control. | detective |
Dropping all future packets from a particular IP address is called ________. | black holing |
False alarms in an IDS are known as ________. | false positives |
HIDSs ________. | provide highly specific information about what happened on a particular host |
Hot sites ________. | Neither A nor B |
If an IDS cannot process all of the packets it receives, it will ________ packets it cannot process. | drop |
In a crisis, human cognition ________. | is degraded |
Integrated log files ________. | Both A and B |
Integrated log files are ________ event logs from multiple IDS's. | aggregated |
Live tests are ________. | more effective than walkthroughs |
Plaintiffs initiate legal proceedings in ________ cases. | civil |
Repair during ongoing server operation is ________. | Both A and B |
The ________ collects event data and stores them in log files on the monitoring devices. | agent |
The business continuity team should be headed by ________. | a senior business manager |
The decision to let an attack continue should be made by ________. | senior business executives |
The normal standard for deciding a case in ________ trials is guilt beyond a reasonable doubt. | criminal |
The only person who should speak on behalf of a firm should be ________. | the public relations director |
The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial. | mens rea |
Wal-Mart was able to respond to hurricane Katrina so quickly because it had ________. | Both A and B |
Walkthroughs are ________ table-top exercises | the same thing as |
What protection can a firm provide for people in the event of an emergency? | Both A and B |
When a system runs out of storage space, ________. | the IDS will start a new log file |
Which of the following is a function of IDSs? | automated analysis |
Which of the following is not one of the three rules for apologies? | Use wording aimed at reducing lawsuits |
Who should head the CSIRT? | A senior manager |
________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery. | Analysis |
________ deals with the violation of criminal statutes. | Criminal law |
________ eliminates the problem of having to re-baseline the system to proper security levels. | Using a disk image |
________ evidence is evidence that is acceptable for court proceedings | Forensic |
________ investigate(s) most violations of local and state computer laws. | Local police |
________ is the act of actually stopping an incident's damage. | Containment |
________ punishments may result in fines. | Both A and B |
________ specify how a company will maintain or restore core business operations after disasters. | Business continuity plans |
________ specify how a company will restore IT functions after a disaster. | IT disaster recovery plans |