Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IT Security Final
| Question | Answer |
|---|---|
| Which of the following iptables rules would generate a destination unreachable error? Refer to 1. in IT Sec Final | iptables –A FORWARD –s 0/0 –d 0/0 –j REJECT |
| Standards for protocols and associated information are first published in? | RFCs |
| The ICMP protocol is specifically designed to: | Check & report on network error conditions |
| Which of the following is an example of egress filtering? | Only allowing traffic to leave you network with a source IP in your company's IP range |
| Of all the vulnerabilities listed below, which is considered the hardest to harden against? | The human element |
| In security environments, Authorization means | Using your identity to assign access rights |
| It is possible to capture packets from the network that are not destined for your machine. | True |
| During a packet capture, you notice a couple of TCP packets with the “F” flag and some “A” flags. What is likely going on? | A TCP/IP session shutdown process |
| Which of the following are methods of authentication used in three factor authentication? (Select all that apply) Refer to Q10. in IT Sec Final | Something you have, are, or know |
| Which of the CIA Triad elements is responsible for ensuring that information is not disclosed to unauthorized users? | Confidentiality |
| TCP has ___ states. | 11 |
| Based on the packet capture code below, what network protocol is being used? 4500 0064 0000 4000 40[01] b755 c0a8 0101 | ICMP |
| A friend asks you to make a backup copy for him of a DVD he just bought, because he doesn’t have a DVD burner but you do. He even shows you the purchase slip. You gladly do it for him and hand him back both the original and copy. Are you breaking the law? | No |
| The loss or omission of one of the goals of security is known as: | A compromise |
| Which of the following tools will help you determine which services are running on a port? | Nessus |
| If you run password crackers or packet sniffers at work, which of the following is true? | Get permission from management first |
| Which one of the following software tools are not considered to be a packet sniffer? (Select all that apply) Refer to Q18 on IT Sec Final | Ping, Nmap |
| Packet sniffing is a form of | Passive reconnaissance |
| ___ is a mechanism to verify identity prior to allowing access to protected resources. | Access Control |
| Computer A wishes to open a TCP session with Computer B. If Computer A's initial sequence number is 145678913, then Computer B will respond with: | An initial sequence number of its own and an acknowledgement number of 145678914 |
| The Data ____ is the person having responsibility and authority for data, while the Data ___ is the entity temporarily accessing and/or modifying the data. | Owner, Custodian |
| Passwords are considered to be the most common security weakness. | True |
| A proxy server is responsible for: | Making information requests to the outside world as if it was you doing it |
| The DoD Trusted Computer Evaluation Criteria is also known as: | The Orange Book |
| Based on the packet capture code below, what protocol is being used? [45]00 0064 0000 4000 4001 b755 c0a8 0101 | None of the above. |
| NetBIOS packets can be filtered using an ipchains firewall. | False |
| Strong passwords are the only insurance against password cracking. | False |
| When talking about O/S passwords, a “salt” refers to: | The random bits used as part of the input for encrypting the password |
| Kevin Mitnick is, by his own admission, most widely recognized for his ____ skills. | Social Engineering |
| A ___ outlines specific requirements or rules that must be met. | Policy |
| Each TCP connection is uniquely identified by: | Source and Destination IP and Port |
| Which of the following is an example of phishing? | An e-mail from your provider asking for you to confirm you password back in e-mail |
| This tool is considered to be a port sniffer/mapper, but not a vulnerability scanner. | NMap |
| Tiger Teams refer to | A team of hackers trying to break into your company for the fun of it |
| When using a packet sniffer, what parts of the packet can you observe? | IP header content Protocol header (TCP, UDP, ICMP, etc) content Payload |
| Physical dangers - i.e. earthquakes, flooding - are not considered a security concern. | False |
| Which of the following is not one of the Security Goals? | Accountability |
| Your system receives a few packets, but no connection seems to be established. When you look at the logs, you notice you received a few SYN packets, immediately followed by RST packets, but no ACK packets. What’s could be happening? | SYN Stealth Open Port scan from Nmap |
| The hacker’s version of the CIA Triad is called: | The DAD Triad |
| This SNORT rule has a built-in external link to information about the specific attack type. | True |
| Security policies should be written while keeping in mind the protection of: (Select all that apply) | Information People Assets |
| Which of the authentication methods below will ensure the strongest degree of authentication to a system? | Multi-factor authentication |
| Which of the following is considered a reason why hackers attack systems? | Profit Religious / political / ethical reasons “Mount Everest” syndrome Revenge |
| Scanning network traffic using a sniffer is not considered an infraction in Canadian Law. | False |
| The Microsoft Win2k Security Checklist can also effectively be used for either Windows XP Pro or Windows 2003 Server. | False |
| In the CIA Triad, ____ is responsible for ensuring that legitimate users maintain access to information and resources they need access to. | Availability |
| In order to properly administer and implement security measures, which of the following is considered required knowledge? (Select all that apply) | Strong working knowledge of the IP protocol and supporting Layer 4 protocols, IT Laws and Policies, network services and associated default ports, security and hacking tools |
| Which one of the following is NOT a fundamental principle of the Computer Security Triad? | Disclosure |
| In terms of security, Social Engineering is considered to be a form of: | Non-Technical spoofing |
| A ___ attaches itself to a program or file so it can spread from one computer to another with the file as it travels, leaving infections as it travels. | Virus |
| ___ spread from computer to computer, but unlike a (#78), it has the ability to travel and replicate itself without any user intervention. | Worm |
| The ___, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. | Trojan |
Created by:
Dankmeme369
Popular Computers sets