Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Network Security
| Question | Answer |
|---|---|
| Which layer of the OSI provides services for user application or APIs? | Layer 7 |
| Which type of server configuration is best suited for application such as web servers and VPN servers? | Symmetric server cluster |
| TACACS(terminal access controller access controller system) is usually used on which type of system? | UNIX |
| Which of the four access control models is the least restrictive? MAC Role based access control Rule based access control DAC | DAC(discretionary access control) |
| Which type of control works to prevent the threat from coming into contact with the vulnerability? Preventative Deterrent Compensating Detective | Preventative |
| Which key handling procedure makes a userâs key unavailable for a period of time for security reasons but can be later reinstated? Revocation Destruction Expiration Suspension | Suspension |
| Plaintext data is inputted into cryptographic _________ to encrypt and decrypt the data. | Algorithm |
| Routers operate at the ___________ layer of the OSI | Network |
| What type of commercial lock would be used for rooms that require enhanced security? | Dead bolt |
| What do attackers often use to avoid detection when perpetrating a drive-by download attack | Zero-pixel iframe |
| What restricts fibre channel data transfers between unauthorized zone members? | FC hard zone |
| Which of the following would a virus NOT do to a computer Cause a computer to crash Short out the power supply Erase files from a hard disk Modify computer security settings | Short out the power supply |
| Which of the following is NOT an advantage of job rotation? -increase job proficiency and productivity -reduce burnout -limit the amount of time an individual has to manipulate security configurations -expose potential weaknesses for fraud by having mul | Increase job proficiency and productivity |
| How much time does a zero day attack give victims to defend against the attack? | 0 days |
| The current Bluetooth Low Energy version number is | V4.0 |
| A â virtual walletâ application on a smart phone would most likely use what? | NFC (Near-field communication is a set of communication protocols that enable two electronic devices, one of which is usually a portable device such as a smartphone, to establish communication by bringing them within 4 cm of each other) |
| What recognized security position would find individuals who have both technical and managerial skills? | Security Administrator |
| Granting permission to take an action would be known as | Authorization |
| The probability that a threat will actually occur | Threat Likelihood |
| An item that has value | Asset |
| The act of providing permission or approval to technology resources | Authorization |
| The task of protecting the integrity, confidentiality, and availability of information on the devices that store, manipulate and transmit the information through products, people and procedures | Information Security |
| Attacker commissioned by governments to attack enemiesâ information systems | State-sponsored attack |
| Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems | Script Kiddie |
| Attacker who attacks for ideological reasons that are generally not as well-defined as a cyberterroristâs motivation | Hactivist |
| A systematic outline of the steps of a cyberattack at Lockheed Martin in 2011 | Cyber kill chain |
| Attacker whose motivation may be defined as ideological, or attacking for the sake of principles or beliefs | Cyberterrorists |
| Employees, contractors and business partners who can be responsible for an attack | Insiders |
| Attacker who sells knowledge of a vulnerability to other attacker or governments | Brokers |
| Automated attack package that can be used without an advanced knowledge of computers | Exploit kits |
| Multi year intrusion campaign that targets highly sensitive economic, proprietary, or national security information | Advanced Persistent Threat (APT) |
| Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information | Cybercrime |
| A network of attackers, identity thieves, spammers, and financial fraudsters | Cyber criminals |
| A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often result in violence | Cyberterrorism |
| The first state electronic privacy law , which covers any state agency, person, or, company that does business in California | Californiaâs Database Security Breach Notification Act |
| A set of security standards that all U.S. companies processIng, storing, or transmitting credit card information must follow | Payment Card Industry Data Security Standard (PCI DSS) |
| A U.S. law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information | Gramm-Leach-Bliley Act (GLBA) |
| A U.S. law designed to guard protected health information and implement policies and procedures to safeguard it | Health Insurance Portability and Accountability Act (HIPAA) |
| Stealing another personâs personal information, such as a social security number and then using the information to impersonate the victim, generally for financial gain | Identity theft |
| Transferring the risk to a third party | Transference |
| Understanding the attacker and then informing him of the consequences of the action | Deterrence |
| Acknowledging a risk but taking no action to address it | Acceptance |
| Identifying the risk but making the decision to not to engage in the activity | Risk avoidance |
| A situation that involves exposure to danger | Risk |
| The means by which an attack could occur | Threat vector |
| A flaw or weakness that allows a threat agent to bypass security | Vulnerability |
| A person or element that has the power to carry out a threat | Threat agent |
| A type of action that has the potential to cause harm | Threat |
| The steps that ensure that the individual is who he or she claims to be | Authentication |
| Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data | Integrity |
| Security actions that ensure that only authorized parties can view the information | Confidentiality |
| The ability that provides tracking of events | Accounting |
| Security actions that ensure that data is accessible to authorized users | Availability |
| Addressing a risk by making it less serious | Mitigation |
| The practice of allowing users to use their own personal devices to connect to an organizational network | BYOD (bring your own device) |
| A smaller version of the regular USB connector | Micro USB |
| What fundamental security principle states what should be understood by the users but not to attackers? | Simplicity |
| What is the expected growth rate for security analyst through the end of the decade? | 22% |
| What type of attack puts more data in memory that the program can control? | Buffer overflow |
| What hardening technique would include removing supervisor and administrator accounts and splitting them into smaller units? | Least privilege |
| The only sure safe way to handle a rootkit infection is ________ and __________. | Reinstall the operating system Format the hard drive |
| What does the host using TCP/IP on an Ethernet network use to find the MAC address of another device on the IP network? | ARP (Address Resolution Protocol) |
| Of the choices provided, which protection does hashing provide? a.) Availability b.) Confidentiality c.) Integrity d.) Authenticity | Integrity |
| How many rounds of encryption are performed on each block of plaintext with AES (Advanced Encryption Standard)? | More than four |
| Which type of control is intended to mitigate or lessen damage caused by an incident? | Corrective |
| If user B wants to read an encrypted message from user A using a asymmetric cryptography which keys would they use? | User B’s private key |
| It is estimated than up to _____ percent of the computers on the internet could be zombies as part of the bot net? | 5 |
| Which type of cookies store more data and are more complex than simple cookies? | Locally shared objects |
| A ______ attack uses malformed input to take of a vulnerability to move from the root directory to restricted directories | Directory Traversal |
| A version of the email scam that contacts a potential with a telephone call is known as _________ | Vishing |
Created by:
Gigi1457