Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
com 26 test
| Question | Answer |
|---|---|
| A program that is covertly inserted into a system with the intent of compromising the integrity or confidentiality of the victim’s data is (BLANK) | malware |
| A (BLANK) is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met | A logic bomb |
| The term “computer virus” is attributed to (BLANK) | malware |
| Computer viruses first appeared in the early (BLANK) | 1980s |
| The (BLANK) is what the virus “does” | Payload |
| The (BLANK) is when the virus function is performed | execution phase |
| During the (BLANK) the virus is idle | Dormant phase |
| A (BLANK) uses macro or scripting code, typically embedded in a document and triggered when the document is viewed or edited, to run and replicate itself into other such documents | macro virus |
| (BLANK) is the first function in the propagation phase for a network worm | scanning/fingerprinting |
| (BLANK) is malware that encrypts the user’s data and demands payment in order to access the key needed to recover the information | ransomware |
| A (BLANK) attack is a bot attack on a computer system or network that causes a loss of service to users | Distributed denial-of-service (DDoS) attacks |
| The ideal solution to the threat of malware is (BLANK) | prevention |
| (BLANK) will integrate with the operating system of a host computer and monitor program behavior in real time for malicious actions | dynamic behavior-blocking software (BLANK) software aims to trick users into revealing sensitive personal data |
| (BLANK) captures keystrokes on a compromised system | keylogger |
| (BLANK) code is software that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics | Mobile code |
| A (BLANK) that attaches to an executable program can do anything that the program is permitted to do | virus |
| It is (BLANK) to spread a virus via a USB stick | possible |
| A (BLANK) is the event or condition that determines when the payload is activated or delivered | Trigger |
| A macro virus infects (BLANK) | documents |
| (BLANK) is a common method for spreading macro viruses | electronic mail |
| In addition to propagating, a worm usually carries some form of (BLANK) | payload |
| A (BLANK) is an apparently useful program containing hidden code that, when invoked, performs some harmful function | Trojan horse |
| (BLANK) are mostly used to retrieve sensitive information like usernames and passwords | Sniffing traffic |
| A (BLANK) propagates itself and activates itself | worm |
| (BLANK) is initially controlled from some central facility | bot |
| Every (BLANK) has a distinct IP address | bot |
| Programmers use (BLANK) to debug and test programs | backdoors (BLANK) relates to the capacity of the network links connecting a server to the wider Internet |
| A (BLANK) triggers a bug in the system’s network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded | poison packet |
| Using forged source addresses is known as (BLANK) | source address spoofing |
| The (BLANK) attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections | SYN spoofing |
| TCP uses the (BLANK) to establish a connection | three-way handshake |
| (BLANK) is a text-based protocol with a syntax similar to that of HTTP | Session Initiation Protocol (SIP) |
| Bots starting from a given HTTP link and then following all links on the provided Web site in a recursive way is called (BLANK) | spidering/recursive HTTP flood |
| (BLANK) attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete | Slowloris |
| A characteristic of reflection attacks is the lack of (BLANK) traffic | backscatter |
| In both direct flooding attacks and (BLANK) the use of spoofed source addresses results in response packets being scattered across the Internet and thus detectable | SYN spoofing attacks |
| It is possible to specifically defend against the (BLANK) by using a modified version of the TCP connection handling code | the SYN spoofing attack |
| Modifying the system’s TCP/IP network code to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows, allowing a new connection attempt to proceed is (BLANK) | selective drop or random drop |
| When a DoS attack is detected, the first step is to (BLANK) | identify the type of attack A (BLANK) attack is an attempt to compromise availability by hindering or blocking completely the provision of some service |
| (BLANK) cause damage or destruction of IT infrastructures | Denial-of-Service Attacks |
| A DoS attack targeting (BLANK) resources typically aims to overload or crash its network handling software | system |
| The (BLANK) targets the table of TCP connections on the server | SYN spoofing |
| A (BLANK) is an application attack that consumes significant resources, limiting the server’s ability to respond to valid requests from other users | cyberslam |
| Given sufficiently privileged access to the network handling code on a computer system, it is (BLANK) to create packets with a forged source address | easy |
| SYN-ACK and ACK packets are transported using (BLANK), which is an unreliable network protocol | IP |
| The attacker (BLANK) access to a high-volume network connection for a SYN spoof attack | does not |
| (BLANK) take a variety of forms based on which network protocol is being used to implement the attack | Flooding attacks |
| The best defense against being an unwitting participant in a DDoS attack is to prevent your systems from being (BLANK) | compromised |
| A SIP flood attack exploits the fact that a single (BLANK) request triggers considerable resource consumption | INVITE |
| (BLANK) is a form of ICMP flooding | ping flood |
| Reflector and amplifier attacks use (BLANK) | network systems |
| There is very little that can be done to prevent a (BLANK) | slashdotted, flash crowd, or flash event |
| (BLANK) are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes | Activists |
| A (BLANK) monitors the characteristics of a single host and the events Occurring within that host for suspicious activity | Host-based IDS (HIDS) |
| A (BLANK) monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity | Network-based IDS (NIDS) |
| (BLANK) involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder | signature detection |
| (BLANK) involves the collection of data relating to the behavior of legitimate users over a period of time | Anomaly detection |
| A (n) (BLANK) is a hacker with minimal technical skill who primarily uses existing attack toolkits | Apprentice |
| The (BLANK) module analyzes LAN traffic and reports the results to the central manager | LAN monitor agent |
| The purpose of the (BLANK) module is to collect data on security related events on the host and transmit these to the central manager | Host agent module |
| A(n) (BLANK) is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor | inline sensor |
| A(n) (BLANK) event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way | DDI events |
| (BLANK) is a document that describes the application level protocol for exchanging data between intrusion detection entities | The Intrusion Detection Exchange Protocol (RFC 4767) |
| The rule (BLANK) tells Snort what to do when it finds a packet that matches the rule criteria | Action |
| The (BLANK) is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator | Analyzer An (BLANK) can also be referred to as a hacker or cracker |
| Activists are either individuals or members of an organized crime group with a goal of (BLANK) | Cyber criminals |
| Running a (BLANK) on a workstation to capture usernames and passwords is an example of intrusion | packet sniffer |
| Intruders typically use steps from a common attack (BLANK) | methodology |
| The IDS component responsible for collecting data is the (BLANK) | Sensors |
| (BLANK) is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified | Intrusion detection |
| The primary purpose of an (BLANK) is to detect intrusions, log suspicious events, and send alerts | IDS |
| (BLANK) approaches attempt to define normal, or expected, behavior | anomaly |
| Anomaly detection is effective against (BLANK) | zero-day attacks |
| To be of practical use an (BLANK) should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level | IDS |
| An inline sensor monitors a copy of network traffic, the actual traffic (BLANK) pass through the device | does not |
| A common location for a NIDS sensor is just (BLANK) the external firewall | inside |
| (BLANK) intrusion detection makes use of signature detection and anomaly detection | network-based |
| Snort can perform intrusion prevention (BLANK) intrusion detection | as well as The (BLANK) defines the transport protocol |
| A (BLANK) gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host | an application gateway/circuit-level gateway |
| An example of a circuit-level gateway implementation is the (BLANK) package | SOCKS |
| Typically the systems in the (BLANK) require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server | DMZ |
| A (BLANK) consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security | VPN |
| A (BLANK) configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control | distributed firewall |
| Typical for SOHO applications, a (BLANK) is a single router between internal and external networks with stateless or full packet filtering | Screening router |
| (BLANK) are attacks that attempt to give ordinary users root access | Privilege-escalation exploits |
| (BLANK) scans for attack signatures in the context of a traffic stream rather than individual packets | Stateful matching |
| (BLANK) looks for deviation from standards set forth in RFCs | Protocol anomaly |
| The (BLANK) attack is designed to circumvent filtering rules that depend on TCP header information | Tiny fragment attacks The (BLANK) may be a single computer system or a set of two or more systems that cooperate to perform the firewall function |
| A firewall can serve as the platform for (BLANK) | IPSec |
| The firewall (BLANK) protect against attacks that bypass the firewall | cannot |
| A packet filtering firewall is typically configured to filter packets going in (BLANK) directions | both |
| One (BLANK) of a packet filtering firewall is its simplicity | advantage |
| The countermeasure to (BLANK) is to discard packets with an inside source address if the packet arrives on an external interface | ? |
| A (BLANK) makes filtering decisions on an individual packet basis and does not take into consideration any higher layer context | traditional packet filter |
| A prime disadvantage of an (BLANK) is the additional processing overhead on each connection | gateway |
| The primary role of the (BLANK) is to deny unauthorized remote access to the computer | personal firewall |
| A DMZ (BLANK) one of the internal firewalls protecting the bulk of the enterprise network | DMZ (demilitarized zone) network |
| A logical means of implementing an IPSec is in a (BLANK) | firewall |
| (BLANK) protect against internal attacks and provide protection tailored to specific machines and applications | distributed firewall |
| An important aspect of a distributed firewall configuration is (BLANK) | security monitoring |
| Like a firewall, an IPS (BLANK) traffic | blocks |
| (BLANK) enables Snort to function as an intrusion prevention capability | Snort Inline |
Created by:
Catst