Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Net Admin_FINAL_MC

Chapter 1-10 multiple choice

A __________ attack attempts to learn or make use of information from the system but does not affect system resources. passive
A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery. digital signature
A __________ takes place when one entity pretends to be a different entity. masquerade
A loss of _________ is the disruption of access to or use of information or an information system. availability
A possible danger that might exploit a vulnerability, a _________ is a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. threat
Active attacks can be subdivided into four categories: replay, modification of messages, denial of service, and __________ . masquerade
An intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is an __________ . attack
In the context of network security, _________ is the ability to limit and control the access to host systems and applications via communications links. access control
The __________ service addresses the security concerns raised by denial-of-service attacks. availability
The common technique for masking contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message is _________ . encryption
The prevention of unauthorized use of a resource is __________ . access control
The protection of data from unauthorized disclosure is _________ . data confidentiality
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity is _________ . accountability
Three key objectives that are at the heart of computer security are: confidentiality, availability, and _________ accountability
Three key objectives that are at the heart of computer security are: confidentiality, availability, and _________ integrity
Verifying that users are who they say they are and that each input arriving at the system came from a trusted source is _________ . authenticity
X.800 defines _________ as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers. security service
X.800 divides security services into five categories: authentication, access control, nonrepudiation, data integrity and __________ . data confidentiality
is a pro membership society with worldwide org/individual membership that provides leadership in addressing issues that confront the future of Internet and is org home for groups responsible for Internet infrastructure standards incl. IETF and the IAB. ISOC
_________ is a variety of mechanisms used to assure the integrity of a data unit or stream of data units. Data integrity
_________ is defined as "the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources". computer security
_________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Traffic padding
_________ security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. Internet
__________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. System integrity
__________ assures that systems work promptly and service is not denied to authorized users. Availability
__________ attacks attempt to alter system resources or affect their operation. Active
__________ is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the promotion of U.S. private sector innovation. NIST
__________ is the use of mathematical algorithms to transform data into a form that is not readily intelligible, in which the transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Encipherment
prevents either tx/rx from denying a transmitted message; when a message is sent the receiver can prove that alleged sender in fact sent the message and when a message is received sender can prove that alleged receiver in fact received the message. nonrepudiation
A PRNG takes as input a fixed value called the ________ and produces a sequence of output bits using a deterministic algorithm. seed
A ________ takes as input a source that is effectively random and is often referred to as an entropy source. TRNG
A _________ approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. brute-force
A _________ cipher processes the plaintext input in fixed sized blocks and produces a block of ciphertext of equal size for each plaintext block. block
A __________ processes the input elements continuously, producing output one element at a time, as it goes along. stream cipher
A symmetric block cipher processes _________ of data at a time. one block
A symmetric encryption scheme has _________ ingredients. five
All encryption algorithms are based on two general principles: _________, in which each element in the plaintext is mapped into another element, and transposition, in which elements in the plaintext are rearranged. substitution
Also referred to as conventional encryption, secret-key, or single-key encryption, _________ encryption was the only type of encryption in use prior to the development of public-key encryption in the late 1970's. symmetric
If both sender and receiver use the same key the system is referred to as _________ encryption. symmetric
If the analyst is able to get the source system to insert into the system a message chosen by the analyst, a _________ attack is possible. chosen plaintext
If the sender and receiver each use a different key the system is referred to as __________ encryption. asymmetric
In _________ mode a counter equal to the plaintext block size is used CTR
Many symmetric block encryption algorithms including DES have a structure first described by _________ of IBM in 1973. Horst Feistel
The ________ source is drawn from the physical environment of the computer and could include things such as keystroke timing patterns, disk electrical activity, mouse movements, and instantaneous values of the system clock. entropy
The _________ algorithm performs various substitutions and transformations on the plaintext. encryption
The _________ algorithm takes the ciphertext and the same secret key and produces the original plaintext. decryption
The _________ key size is used with the Data Encryption Standard algorithm. 56 bit
The most common key length in modern algorithms is ________ . 128 bits
The process of attempting to discover the plaintext or key is known as _________ . cryptanalysis
Two requirements for secure use of symmetric encryption are: sender and receiver must have obtained copies of the secret key in a secure fashion and a strong __________ is needed. encryption algorithm
With the ________ mode if there is an error in a block of the transmitted ciphertext only the corresponding plaintext block is affected. ECB
With the use of symmetric encryption, the principal security problem is maintaining the secrecy of the _________ . key
_________ is the original message or data that is fed into the algorithm as input. Plaintext
_________ mode requires only the implementation of the encryption algorithm and not the decryption algorithm. CTR
__________ is a stream cipher used in the Secure Sockets Layer/Transport Layer Security standards that have been defined for communication between Web browsers and servers and is also used in WEP and WPA protocols. RC4
"It is easy to generate a code given a message, but virtually impossible to generate a message given a code" describes the __________ hash function property. preimage resistant
A _________ is when two sides cooperate to exchange a session key. key exchange
A __________ is when the sender "signs" a message with its private key, which is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message. digital signature
As with symmetric encryption there are two approaches to attacking a secure hash function: brute-force attack and ___________ . cryptanalysis
Based on the use of a mathematical construct known as the elliptic curve and offering equal security for a far smaller bit size, __________ has begun to challenge RSA. ECC
Bob and Alice yada yada digital signature
If the message includes a _________ the receiver is assured that the message has not been delayed beyond that normally expected for network transit. timestamp
It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function with this property is referred to as __________ . collision resistant
Like the MAC, a __________ accepts a variable size message M as input and produces a fixed size message digest H(M) as output. Unlike the MAC, it does not take a secret key as input. hash function
Public key cryptography is __________ . asymmetric
Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively known as _________ . SHA-2
The __________ algorithm accepts the ciphertext and the matching key and produces the original plaintext. decryption
The __________ approach has two advantages: it provides a digital signature as well as message authentication and it does not require the distribution of keys to communicating parties. public-key
The __________ property protects against a sophisticated class of attack known as the birthday attack. collision resistant
The key algorithmic ingredients of __________ are the AES encryption algorithm, the CTR mode of operation, and the CMAC authentication algorithm. CCM
The key used in conventional encryption is typically referred to as a _________ key. secret
The most important hash function is ________ . SHA
The most widely accepted and implemented approach to public-key encryption, _________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n. RSA
The purpose of a ___________ is to produce a "fingerprint" of a file, message, or other block of data. hash function
The purpose of the _________ algorithm is to enable two users to exchange a secret key securely that then can be used for subsequent encryption of messages and depends on the difficulty of computing discrete logarithms for its effectiveness. Diffie-Hellman
The readable message or data that is fed into the algorithm as input is the __________ . plaintext
The two most widely used public key algorithms are RSA and _________ . Diffie-Hellman
________ protects against passive attack (eavesdropping). Encryption
__________ is a procedure that allows communicating parties to verify that received messages are authentic. Message authentication
A _________ is a key used between entities for the purpose of distributing session keys. permanent key
A _________ is the client's choice for an encryption key to be used to protect this specific application session. subkey
A __________ indicates the length of time for which a ticket is valid (e.g., eight hours). lifetime
A __________ is a set of managed nodes that share the same Kerberos database which resides on the Kerberos master computer system that is located in a physically secure room. Kerberos realm
A __________ server issues tickets to users who have been authenticated to the authentication server. ticket-granting
A ___________ is a service or user that is known to the Kerberos system and is identified by its principal name. Kerberos principal
A random value to be repeated to assure that the response is fresh and has not been replayed by an opponent is the __________ . nonce
An __________ manages the creation and maintenance of attributes such as passwords and biometric information. attribute service
Containing the hash code of the other fields encrypted with the CA's private key, the __________ covers all of the other fields of the certificate and includes the signature algorithm identifier. signature
Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ . PCBC
In order to prevent an opponent from capturing the login ticket and reusing it to spoof the TGS, the ticket includes a __________ indicating the date and time at which the ticket was issued. timestamp
In order to solve the problem of minimizing the number of times that a user has to enter a password and the problem of a plaintext transmission of the password a __________ server is used. ticket granting
Kerberos version 4 requires the use of ____________ . IP address
Once the authentication server accepts the user as authentic it creates an encrypted _________ which is sent back to the client. ticket
Rather than building elaborate authentication protocols at each server, _________ provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Kerberos
The _________ exentsion is used only in certificates for CAs issued by other CAs and allows an issuing CA to indicate that one or more of that issuer's policies can be considered equivalent to another policy used in the subject CAs domain. policy mappings
The _________ extension lists policies that the certificate is recognized as supporting, together with optional qualifier information. certificate policies
The __________ knows the passwords of all users and stores these in a centralized database and also shares a unique secret key with each server. authentication server
The strength of any cryptographic system rests with the _________ technique, a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key. key distribution
The technical deficiencies of Kerberos version 4 are: double encryption, PCBC encryption, session keys and __________ . password attacks
Used in most network security applications the __________ standard has become universally accepted for formatting public-key certificates. X.509
When two end systems wish to communicate they establish a logical connection and, for the duration of that logical connection, all user data are encrypted with a one-time __________ which is destroyed at the end of the session. session key
_________ are entities that obtain and employ data maintained and provided by identity and attribute providers, which are often used to support authorization decisions and to collect audit information. Data Consumers
__________ defines a framework for the provision of authentication services by the X.500 directory to its users and defines alternative authentication protocols based on the use of public-key certificates. X.509
is a centralized, auto approach to provide enterprise wide access to resources by employees & other authorized individuals with a focus of defining an ID for each user associating attributes with identity & enforcing a means by which a user can verify ID. Identity management
__________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, thereby reducing the number of authentications needed by the user. Federation
A Pseudorandom Function takes as input: all of the above
A signature is created by taking the hash of a message and encrypting it with the sender's _________ . private key
An SSL session is an association between a client and a server and is created by the ___________ . Handshake Protocol
An arbitrary byte sequence chosen by the server to identify an active or resumable session state is a _________ . session identifier
Defined as a Proposed Internet Standard in RFC 2246, _________ is an IETF standardization initiative whose goal is to produce an Internet standard version of SSL. TLS
Phase _________ of the Handshake Protocol establishes security capabilities. 1
The SSL Internet standard version is called _________ . TLS
The _________ Protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm along with cryptographic keys to be used to protect data sent in an SSL Record. handshake
The _________ is used to convey SSL-related alerts to the peer entity. Alert Protocol
The _________ takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment. SSl Record Protocol
The __________ approach is vulnerable to man-in-the-middle attacks. Anonymous Diffie-Hellman
The final message in phase 2, and one that is always required, is the ___________ message, which is sent by the server to indicate the end of the server hello and associated messages. server_done
The handshake is complete and the client and server may begin to exchange application layer data after the server sends its finished message in phase _________ of the Handshake Protocol. 4
The most complex part of SSL is the __________ . Handshake Protocol
The symmetric encryption key for data encrypted by the client and decrypted by the server is a _________ . client write key
Three higher-layer protocols defined as part of SSL and used in the management of SSL exchanges are: The Handshake Protocol, The Change Cipher Spec Protocol, and the __________ . Alert Protocol
Three standardized schemes that are becoming increasingly important as part of Web commerce and that focus on security at the transport layer are: SSL/TLS, HTTPS, and _________. SSH
Two important SSL concepts are the SSL session and the SSL _________ . connection
With each element of the list defining both a key exchange algorithm and a CipherSpec, the list that contains the combination of cryptographic algorithms supported by the client in decreasing order of preference is the __________ . CipherSuite
_________ attacks include eavesdropping on network traffic between browser and server and gaining access to information on a Web site that is supposed to be restricted. Passive
_________ attacks include impersonating another user, altering messages in transit between client and server and altering information on a Web site. Active
_________ is organized as three protocols that typically run on top of TCP for secure network communications and are designed to be relatively simple and inexpensive to implement. SSH
_________ provides secure, remote logon and other secure client/server facilities. SSH
_________ require a client write MAC secret, a server write MAC secret, a client write key, a server write key, a client write IV, and a server write IV, which are generated from the master secret in that order. CipherSpecs
__________ allows the client to set up a "hijacker" process that will intercept selected application-level traffic and redirect it from an unsecured TCP connection to a secure SSH tunnel. Local forwarding
__________ provides confidentiality using symmetric encryption and message integrity using a message authentication code. SSL/TLS
__________ refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server. HTTPS
A WML _________ is similar to an HTML page in that it is identified by a URL and is the unit of content transmission. deck
Forming a hierarchy beginning with a master key from which other keys are derived dynamically and used for a limited period of time, __________ are used for communication between a pair of devices typically between a STA and an AP. pairwise keys
The MPDU authentication phase consists of three phases. They are: connect to AS, EAP exchange and _________ . secure key delivery
The MPDU exchange for distributing pairwise keys is known as the _________ which the STA and SP use to confirm the existence of the PMK, to verify the selection of the cipher suite, and to derive a fresh PTK for data sessions. 4-way handshake
The PMK is used to generate the _________ which consists of three keys to be used for communication between a STA and AP after they have been mutually authenticated. PTK
The WAP Programming Model is based on three elements: the client, the original server, and the _________ . gateway
The _________ is used to ensure the confidentiality of the GTK and other key material in the 4-Way Handshake. EAPOL-KEK
The __________ function is the logical function that determines when a station operating within a BSS is permitted to transmit and may be able to receive PDUs. coordination
The __________ is the information that is delivered as a unit between MAC users. MSDU
The __________ is used to convey WTLS-related alerts to the peer entity. Alert Protocol
The __________ layer keeps track of which frames have been successfully received and retransmits unsuccessful frames. logical link control
The function of the __________ is to on transmission assemble data into a frame, on reception disassemble frame and perform address recognition and error detection, and govern access to the LAN transmission medium. media access control layer
The layer of the IEEE 802 reference model that includes such functions as encoding/decoding of signals and bit transmission/reception is the _________ . physical layer
The master session key is also known as the __________ key. AAA
The purpose of the discovery phase in the ___________ is for a STA and an AP to recognize each other, agree on a set of security capabilities, and establish an association for future communication using those security capabilities. RSN
The specification of a protocol along with the chosen key length is known as a __________ . cipher suite
The term used for certified 802.11b products is ___________ . Wi-Fi
WAP security is primarily provided by the __________ which provides security services between the mobile device and the WAP gateway to the Internet. WTLS
_________ is a standard to provide mobile users of wireless phones and other wireless terminals access to telephony and information services including the Internet and the Web. WAP
was designed to describe content & format for presenting data on devices with limited bandwidth, limited screen size, and limited user input capability and to work with telephone keypads, styluses, and other input devices common to mobile, wireless comm. WML
__________ is the primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS. Distribution
__________ specifies security standards for IEEE 802.11 LANs including authentication, data integrity, data confidentiality, and key management. IEEE 802.11i
A _________ is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer, which is then encoded using base64 encoding. digital signature
Computed by PGP, a _________ field indicates the extent to which PGP will trust that this is a valid public key for this user; the higher the level of trust, the stronger the binding of this user ID to this key. key legitimacy
E-banking, personal banking, e-commerce server, software validation and membership-based online services all fall into the VeriSign Digital ID _________ . Class 3
For the __________ subtype the order of the parts is not significant. multipart/parallel
Key IDs are critical to the operation of PGP and __________ key IDs are included in any PGP message that provides both confidentiality and authentication. two
MIME is an extension to the ________ framework that is intended to address some of the problems and limitations of the use of SMTP. RFC 5322
PGP makes use of four types of keys: public keys, private keys, one-time session keys, and ___________ symmetric keys. passphrase-based
PGP provides authentication through the use of _________ . digital signatures
PGP provides compression using the __________ algorithm. ZIP
PGP provides e-mail compatibility using the __________ encoding scheme. radix-64
S/MIME cryptographic algorithms use __________ to specify requirement level. SHOULD and MUST
The ________ MIME field is a text description of the object with the body which is useful when the object is not readable as in the case of audio data. Content-Description
The _________ accepts the message submitted by a Message User Agent and enforces the policies of the hosting domain and the requirements of Internet standards. Mail Submission Agent
The _________ transfer encoding is useful when the data consists largely of octets that correspond to printable ASCII characters. quoted-printable
The _________ transfer encoding, also known as radix-64 encoding, is a common one for encoding arbitrary binary data in such a way as to be invulnerable to the processing by mail-transport programs. base64
The _________ type refers to other kinds of data, typically either uninterpreted binary data or information to be processed by a mail-based application. application
The __________ field is used to identify MIME entities uniquely in multiple contexts. Content-ID
The __________ MIME field describes the data contained in the body with sufficient detail that the receiving user agent can pick an appropriate agent or mechanism to represent the data to the user or otherwise deal with the data in an appropriate manner. Content-Type
The __________ enables the recipient to determine if the correct public key was used to decrypt the message digest for authentication. leading two octets of message digest
The __________ subtype is used when the different parts are independent but are to be transmitted together. They should be presented to the receiver in the order that they appear in the mail message. multipart/mixed
The key legitimacy field, the signature trust field and the owner trust field are each contained in a structure referred to as a ___________ . trust flag byte
To provide transparency for e-mail applications, an encrypted message may be converted to an ASCII string using _________ conversion. radix-64
Typically housed in the user's computer, a _________ is referred to as a client e-mail program or a local network e-mail server. Message User Agent
Video content will be identified as _________ type. MPEG
__________ is an Internet standard approach to e-mail security that incorporates the same functionality as PGP. S/MIME
A _________ is a one way relationship between a sender and a receiver that affords security services to the traffic carried on it. SA
A __________ attack is one in which an attacker obtains a copy of an authenticated packet and later transmits it to the intended destination. replay
A value chosen by the responder to identify a unique IKE SA is a _________ . Responder Cookie
At any point in an IKE exchange the sender may include a _________ payload to request the certificate of the other communicating entity. Certificate Request
Authentication applied to all of the packet except for the IP header is _________ . transport mode
Authentication applied to the entire original IP packet is _________ . tunnel mode
Authentication makes use of the _________ message authentication code. HMAC
IKE key determination employs __________ to ensure against replay attacks. nonces
IPsec encompasses three functional areas: authentication, key management, and __________ . confidentiality
IPsec provides security services at the ________ layer by enabling a system to select required security protocols, determine the algorithms to use for the services and put in place any cryptographic keys required to provide the requested services. IP
The _________ facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. confidentiality
The _________ payload allows peers to identify packet flows for processing by IPsec services. Traffic Selector
The __________ facility is concerned with the secure exchange of keys. key management
The __________ mechanism assures that a received packet was in fact transmitted by the party identified as the source in the packet header and assures that the packet has not been altered in transit. authentication
The __________ payload contains either error or status information associated with this SA or this SA negotiation. Notify
The key management mechanism that is used to distribute keys is coupled to the authentication and privacy mechanisms only by way of the _________ . SPI
The means by which IP traffic is related to specific SAs is the _________ . SPD
The selectors that determine a Security Policy Database are: Name, Local and Remote Ports, Next Layer Protocol, Remote IP Address, and _________ . Local IP Address
Three different authentication methods can be used with IKE key determination: Public key encryption, symmetric key encryption, and _________ . digital signatures
_________ consists of an encapsulating header and trailer used to provide encryption or combined encryption/authentication. The current specification is RFC 4303. ESP
_________ defines a number of techniques for key management. IKE
_________ identifies the type of data contained in the payload data field by identifying the first header in that payload. Next Header
_________ mode is used when one or both ends of an SA are a security gateway, such as a firewall or router that implements IPsec. Tunnel
__________ provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. IPsec
A ________ is a legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges. Misfeasor
A ________ is an individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection. Clandestine User
A ________ is used to measure the current value of some entity. Examples include the number of logical connections assigned to a user application and the number of outgoing messages queued for a user process. Gauge
A _________ is an individual who is not authorized to use the computer and who penetrates a system's access controls to exploit a legitimate user's account. Masquerader
A fundamental tool for intrusion detection is the _________ record. audit
Eg of a metric used for profile-based intrus detect is ? which is a non-neg int that may be + but not - until reset by mgmt. Eg the # of login by a single usr during an Hr/the # of time a given cmd is exe during single user sess/the # of pwrd fails/Min. Counter
An operation such as login, read, perform, I/O or execute that is performed by the subject on or with an object is the _________ audit record field. Action
Designed to lure a potential attacker away from critical sys _ are decoy systems that divert an attacker from accessing critical sys, collect info about the hacker's activity, and encourage the attacker to stay on the sys long enough for admin to respond. honeypots
Metrics that are useful for profile-based intrusion detection are: counter, gauge, resource utilization, and _________ . interval timer
One of the most important results from probability theory is known as ________ which is used to calculate the probability that something really is the case, given evidence in favor of it. Bayes' theorem
Password files can be protected in one of two ways: One-way function or __________ . Access control
Software trespass can take the form of a _________ . all of the above
The ________ is an audit collection module operating as a background process on a monitored system whose purpose is to collect data on security related events on the host and transmit these to the central manager. host agent module
The _________ is based on a judgment of what is considered abnormal rather than an automated analysis of past audit records. Operational model
The _________ model is used to establish transition probabilities among various states, such as looking at transitions between certain commands. Markov process
The _________ prevents duplicate passwords from being visible in the password file. Even if two users choose the same password, those passwords will be assigned at different times. salt
The most promising approach to improved password security is __________ . a proactive password checker
The simplest statistical test is to measure the _________ of a parameter over some historical period which would give a reflection of the average behavior and its variability. mean and standard deviation
The three classes of intruders identified by Anderson are: Masquerader, Misfeasor, and _________ . Clandestine user
Two types of audit records used are Detection-specific audit records and _________ audit records. Native
_________ detection involves the collection of data relating to the behavior of legit users over a time. Statistical tests are applied to observed behavior to determine with a hi level of confidence whether that behavior is not legit user behavior. Statistical anomaly
_________ is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified. Intrusion detection
_________ detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations. Profile-based anomaly
_________ involves counting the number of occurrences of a specific event type over an interval of time. Threshold detection
_________ techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious. Rule-based
__________ systems have been developed to provide early warning of an intrusion so that defensive action can be taken to prevent or minimize damage. Intrusion detection
A _________ is a secret entry point into a program that allows someone who is aware of it to gain access without going through the usual security access procedures. backdoor
A _________ is used when the programmer is developing an application that has an authentication procedure or a long setup requiring the user to enter many different values to run the application. maintenance hook
A _________ virus is a form of virus explicitly designed to hide itself from detection by antivirus software. stealth
A computer virus has three parts: infection mechanism, trigger, and __________ . payload
A network worm exhibits the same characteristics as a computer virus: a dormant phase, a propagation phase, a __________ phase, and an execution phase. triggering
Advertising that is integrated into software that can result in pop-up ads or redirection of a browser to a commercial site is called _________ . adware
In a ________ attack an attacker is able to recruit a number of hosts throughout the Internet to simultaneously or in a coordinated fashion launch an attack upon the target. DDoS
In a _ attack the slave zombies construct packets requiring a response that contains the target's IP as the source IP in the packet's IP header. These packets are sent to uninfected machines that respond with packets directed at the target machine. reflector DDoS
Malicious software that needs a host program is referred to as _________ . parasitic
Mobile phone worms communicate through Bluetooth wireless connections or via the _________ . MMS
The IDEAL solution to the threat of viruses is __________ . prevention
The Nimda attack, erroneously referred to as a worm, uses four distribution methods: Windows shares, Web servers, Web clients, and __________ . E-mail
The _________ is code embedded in some legitimate program that is set to explode when certain conditions are met. logic bomb
The _________ worm exploits a security hole in the Microsoft Internet Information Server to penetrate and spread to other hosts. It also disables the system file checker in Windows. Code Red
The sheer number of ways in which they can operate make coping with _________ attacks challenging because the countermeasures must evolve with the threat. DDoS
Two major trends in Internet technology that have had an increasing impact on the rate of virus propagation in recent years are: integrated mail systems and _________ systems. mobile program
Unlike heuristics or fingerprint based scanners,the _________ integrates with the operating system of a host computer and monitors program behavior in real time for malicious actions. behavior blocking software
Worm propagation proceeds through __________ phases. 3
Worms and bot programs are examples of __________ malicious software programs. independent
________ attacks make computer systems inaccessible by flooding servers, networks, or even end user systems with useless traffic so that legitimate users can no longer gain access to those resources. DDoS
_________ antivirus programs are memory resident programs that identify a virus by its actions rather than its structure in an infected program. Third generation
_________ are used to attack networked computer systems with a large volume of traffic to carry out a denial-of-service attack. Flooders
_________ is a mass mailing e-mail worm that installs a backdoor in infected computers thereby enabling hackers to gain remote access to data such as passwords and credit card numbers. Mydoom
_________ software runs on server and desktop computers and is instructed through policies set by the network administrator to let benign actions take place but to intercede when unauthorized or suspicious actions occur. Behavior blocking
__________ is software that is intentionally included or inserted in a system for a harmful purpose. Malicious software
__________ software is essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program. Parasitic
Created by: ITSec_guy