Book Tests Flashcards
(156 cards)
1
Q
the greatest danger from leaving default username and passwords on devices is from ___ attacks
A
automated
2
Q
in order to hijack a domain, the following generally needs to occur
A
the registration needs to lapse
3
Q
when typing a url into a browser takes you to the wrong site, but typing the IP address doesn’t, then it is a case of ___
A
DNS poisoning
4
Q
a Pixie Dust attack requires ___ to be enabled on the wireless network
A
WPS
5
Q
a ___ scan reveals system sprawl and undocumented devices
A
arp (or Discovery on IPv6)
6
Q
passive attack tools are defined as tools that will not ___
A
engage the system, or alert the target’s systems in any way
7
Q
use ___ to guard against a DNS poisoning attack
A
DNSSEC
8
Q
If a public DNS server is being used in an amplification attack, disable ___ in the server to stop it
A
Open Resolution
9
Q
a ___ attack forces a process to load unauthorized code from a dynamically linked library
A
DLL injection
10
Q
an ___ is the most sophisticated threat agent
A
Advanced Persistent Threat (APT)
11
Q
to protect against ___ attacks, disable browser extensions
A
man in the browser
12
Q
a ___ will usually eliminate vulnerability to SQL injections
A
Web Application Firewall (WAF)
13
Q
self-signed certificates can be OK to use for ___
A
internal use
14
Q
ASLR is a security technique that
A
randomizes the location of objects in memory (Address Space Layout Randomization)
15
Q
another term for deauthentication attacks is ___
A
disassociation attacks
16
Q
in a ___ spoofing attack, a local switch is fooled into directing reply traffic back to the spoofer
A
MAC
17
Q
passive reconnaissance for pen testing can be accomplished with [nmap; Nessus; Metasploit; Aircrack]
A
Aircrack -ng
18
Q
public certificates that can be shared are files that have the extension ___
A
.CRT
19
Q
while rainbow tables are good at cracking complex passwords, if the password is ___ they are much less effective
A
salted
20
Q
after a ___ attack, the attacker can typically execute any commands they wish
A
buffer overflow
21
Q
checking the “Enable Safe Checks” on a vulnerability scanner means the scanner ___
A
will only use non-intrusive plugins
22
Q
___ prevent the system from executing unauthorized code
A
Host intrusion prevention systems (HIPS)
23
Q
ARP poisoning works by broadcasting a false ___, meaning the attacker must have access to the ___
A
MAC address; LAN
24
Q
when an attacker uses a foothold in one system to access another system, this is called a ___
A
pivot
25
when a system works fine for awhile, then slows down until it is rebooted this is a symptom of a ___
memory leak
26
a Pass the Hash attack is only effective against a ___ server running ___
windows; NTLM
27
to improve the quality (and decrease false positives) of vulnerability scans, use ___ scanning
credentialed
28
an attack that exploits a ___ uses the timing of commands, lie the lag between Time of Check (TOC) and Time of Use (TOU)
Race Condition
29
a WiFi ___ is designed to carry out a rouge AP (access point) attack
Pineapple
30
a ___ is malware that spreads on it's own power
worm
31
a misconfigured ___ could stop everyone on a network from accessing certain websites
content filter
32
a ___ can check the health of computers on a network without leaving permanent software on the machines
Dissolvable Network Admission Control (NAC)
33
an LDAP entry contains __ for domain information, ___ to identify the name and ___ to identify the organization
DC (Domain Component); CN (Common Name); OU (Organizational Unit)
34
Addresses in the range 169.254.0.0/16 are assigned by the ___ protocol when a system is unable to receive an address via other means.
Automatic Private IP Assignment (APIPA)
35
___ queries a service for header information provided to clients. This information often includes the specific service running on a port as well as version information.
Banner grabbing
36
___ restricts the number of unique MAC addresses that may originate from a single switch port.
Port security
37
___ indicates that a device is capable of acting as a host server for other devices, such as cameras, flash drives, or peripherals
USB on-the-go (USB OTG)
38
tracert uses ___ transport protocols by default
UDP
39
VPN connections established in ___ mode encrypt the payload of data packets, but do not provide encryption for packet headers
transport
40
Android applications must be in ___ format to sideload onto a device
Android Application Package (APK)
41
Encrypted LDAPS sessions use TCP port ___
636
42
The ___ protocol supports only authentication and integrity for IPsec connections. The ___ protocol supports confidentiality, integrity, and authentication
Authentication Headers (AH); Encapsulating Security Payload (ESP)
43
The ___ performs clock synchronization across devices
Network Time Protocol (NTP)
44
___ would limit the applications that users may install on mobile devices but would not provide for storage segmentation
Application control
45
When measuring RSSI, the network with the strongest signal is the one with the ___ value
highest
46
___ NAC leaves software running on the endpoint that may remain in constant contact with the NAC solution.
Agent-Based
47
the command ___ is used to capture network traffic
tcpdump
48
the command ___ is used to scan network ports
nmap
49
the command ___ is used to redirect data to a network connection
netcat
50
___ storage devices allow the writing of data in a permanent fashion where modification is impossible
Write once, read many (WORM)
51
a ___ can be used to cheaply and easily restrict network access to a small number of devices
Preshared Key (PSK)
52
IPsec ___ mode is primarily used for site-to-site connections, ___ mode is normally used for connections involving endpoint devices
Tunnel; Transport
53
When registering DNS entries for a load balanced service, administrators should assign the entry to ___
a virtual IP address that maps to the public interface of the load balancer
54
S/MIME provides ___, ___ and ___ for email attachments
confidentiality; integrity; non-repudiation
55
SNMP versions prior to ___ did not provide secure authentication due to their use of plaintext community strings
v3
56
when using mobile devices for multi-factor authentication, use ___ to send notices
push notification
57
Microsoft ___ VPN automatically triggers VPN connections based upon security policies
Always On
58
___ requires the explicit marking of memory regions as executable, preventing malicious attacks that seek to execute code out of other regions of memory
Data execution prevention (DEP)
59
The most common false positive report for application whitelisting results from ___
an unexpected update from the software vendor that changes the signature of the application
60
___ are traditional firewalls with advanced capabilities, including defense against application-layer attacks, such as SQL injection
Next generation firewalls (NGFW)
61
___ services are a form of threat intelligence that provide organizations with a frequently updated list of known malicious IP addresses that can be automatically blocked at the firewall
IP reputation
62
___ allow the automated modification of access point settings to adapt to the changing radio frequency environment
Wireless (WiFi) controllers
63
___ environments allow employees to access a remote desktop computing environment and work within that environment without transferring data to the device used to access the desktop
Virtual Desktop Infrastructure (VDI)
64
TLS VPNs typically use port ___, which is commonly allowed full outbound access through firewalls
443
65
In a type ___ hypervisor, the hypervisor runs directly on the system hardware, eliminating the need for an underlying operating system and reducing the environment's attack surface. Type ___ hypervisors require the use of a host operating system
1; 2
66
the American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRE) recommends that data centers maintain temperatures within the range of ___ degrees Fahrenheit and keep relative humidity between ___
64.4 and 80.6; 8% and 80%
67
Input validation should always be performed on the ___
web server
68
use a network ___ to create a monitor port that allows the intrusion detection system to see all network traffic
terminal access point (TAP)
69
Tripwire is a ___ that is also able to perform system configuration monitoring
file integrity monitoring solution
70
Snort is an ___ system
intrusion detection and prevention
71
Standard ACLs are able to filter traffic based only upon ___ but Extended ACLs can filter based upon the ___ as well
source address; destination address
72
___ is commonly used to escape a SQL query for injection and should be carefully handled during input validation
single quotation mark (')
73
___ characters are used in cross-site scripting (XSS) injections
greater-than and less-than (< >)
74
ARP is used for ___ lookups
MAC address
75
All organizations involved in the processing of credit card transactions are contractually obligated to comply with the ___
Payment Card Industry Data Security Standard (PCI DSS)
76
Most security professionals consider ___ feet to be the minimum height for a fence protecting critical assets
eight
77
The ___ lays out the requirements for an operating system to be certified by the government as a Trusted Operating System
Common Criteria
78
___ VPNs are unique because they rely upon the same Transport Layer Security protocol used by HTTPS connections. Because of this, most customer networks will allow the access by default
TLS
79
Kiosk computers and even multifunction printers may be running standard operating systems, but ___ devices won't have enough memory to do so
Internet of things (IoT)
80
___ static code analysis traces variables that may contain user input and ensures that they are sanitized before being used by a potentially vulnerable function
Taint
81
The ___ is a modern tool designed to assess compliance with security baselines
Microsoft Security Compliance Toolkit (SCT)
82
when digitally signing code you have developed, use the ___ key
private key of you or your company
83
the best measure of a biometric system's accuracy is where the ___ (type 1) and ___ type 2 cross, called the ___
FRR (false rejection rate); FAR (false acceptance rate); CER (crossover equal rate)
84
___ testing specifically evaluates the performance of applications in response to mutated input combinations
Fuzz
85
Windows ___ allows administrators to easily determine the patch level of multiple systems
System Center Configuration Manager (SCCM)
86
Mac OS X uses ___ for all applications installed through the App Store
sandboxing
87
TCP wrappers is a ___ technology
firewall
88
OAuth is commonly used to provide API-based ___ for web applications, OpenID consumer-grade implementations, and SAML for enterprise-grade
single sign-on (SSO)
89
___ accounts are used to provide applications with access to resources necessary for the provision of their services
Service
90
The two main technologies used to generate one-time passwords are the ___ algorithm (generated sequentially and do not expire until use) and the ___ algorithm (based upon the time of authentication and expire frequently)
HMAC-based One Time Password (HOTP); Time-based One Time Password (TOTP)
91
When a user presents a digital certificate for authentication purposes, the primary purpose of that certificate is to provide a signed copy of the user's ___
public key
92
a website would like to access information in Taylor's Google account. ___ is the account/resource owner
Taylor
93
The PIV ___ is used to verify that the PIV credential was issued by an authorized entity, has not expired, has not been revoked, and holder of the credential (YOU) is the same individual it was issued to
authentication certificate
94
NIST's digital identity security guidelines suggest that organizations set a minimum password length of ___ characters for passwords that are memorized by the user
8
95
The ___ command computes and displays Resultant Set of Policy (RSoP) information for a remote user and computer. This allows administrators to determine the end result of a set of policies applied to a user account
gpresult
96
___ is an open-source federated identity management solution that is most commonly used in academic institutions
Shibboleth
97
oAuth and OpenID Connect are broadly used solutions for ___ authentication
web-based
98
Group Policy Objects are processed in the following order: ___ policies are processed first, followed by ___ GPOs, ___ GPOs, and ___ GPOs
local; site; domain; Organizational Unit (OU)
99
___ allows the system owner to set authorization based upon security labels (MAC)
Security-enhanced Linux (SELinux)
100
In 802.1x authentication, the end user's system contains a component called the ___ that initiates the authentication process. The supplicant connects to the authenticator, normally a network switch or wireless access point, that then reaches out to an ___ to confirm the user's identity
supplicant; authentication server
101
Using the ___ authentication mode ties database accounts to domain user accounts and provides the greatest level of assurance that user accounts will be promptly disabled
Windows
102
In a federated authentication system, a ___ trust is required if there are three or more domains
transitive
103
In SAML authentication the ___ is the principal. The ___ is the service provider and the ___ is the identity provider
user requesting authentication; organization providing the request service; organization providing the login account
104
802.1x authentication is normally carried out using a ___ protocol
RADIUS
105
Best practices in authentication security dictate that user accounts should be subject to ___ after failed login attempts
an exponentially increasing login delay
106
___ is an authentication protocol built directly on top of the oAuth 2.0 framework
OpenID connect
107
In 802.1x authentication, the supplicant connects to the authenticator, normally a ___, that then reaches out to an authentication server to confirm the user's identity
network switch or wireless access point
108
The Health Insurance Portability and Accountability Act (HIPAA) contains security and privacy provisions covering ___
protected health information (PHI)
109
Wireless access points are generally not configured to log ___. They typically record only diagnostic information
network traffic
110
a database of customer spending habits fits into the category of ___ (PII/PHI/PCI)
personally identifiable information (PII)
111
A ___ is the standard document used to document the need for a change, the test plan, implementation plan, and rollback procedure.
request for change (RFC)
112
The best place to track the status of all risks facing an organization is in a formal ___
risk register
113
___ are components of Microsoft Windows that add support for specific encryption algorithms
Cryptographic Service Providers (CSPs)
114
The purpose of a digital certificate is to share a public key freely with the world. Therefore, the public key is ___
not encrypted at all - it is freely given to anyone who receives the certificate
115
In the process of creating a digital certificate, the requester ___
creates a certificate signing request (CSR) on the device that will receive the certificate and then sends this CSR to the CA for use in creating the certificate
116
___ is a strong, modern approach to key exchange
The Elliptic Curve Diffie Hellman algorithm (ECDHE)
117
The SHA-3 algorithm differs from earlier versions of SHA in that it ___
supports an arbitrary message digest length
118
If you need to incorporate cryptography in an application, it is generally best to get your module from ___
Open source
119
The Advanced Encryption Standard uses a ___ fixed block size
128-bit
120
Diffie-Hellman group ___ uses a strong 256-bit elliptic curve key and is a very strong option
19
121
WPA2 uses the ___ to provide enhanced security using AES
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
122
The most commonly used message digest length in the RIPEMD algorithm is ___
160-bit
123
___ certificates are the most difficult for a website to obtain but provide the highest degree of trust to end users
Extended validation (EV)
124
3DES encryption uses ___ keys
symmetric
125
The Tor network uses ___ secrecy to allow the relay nodes to forward communications to their end destination without knowing the identity of the sender or the receiver of the message
perfect forward
126
When a user or browser wishes to verify a digital certificate, it does so by validating the digital signature using the ___ key
CA's public
127
In an 802.1x wireless network, the ___ typically serves as the 802.1x client
wireless access point or wireless controller
128
The purpose of a digital certificate is to share a ___ key. A browser will extract this key from the certificate and use it to send the server an ___ key to use for the remainder of the session
web server's public; ephemeral session
129
What encryption key length is used by the original Data Encryption Standard (DES)?
56
130
Most hash algorithms do not have message authentication, but the ___ algorithm supports both message integrity and authenticity.
hash-based message authentication code (HMAC)
131
The 802.1x protocol is an authentication protocol that is specifically designed to provide ___ as well as authentication for wireless networks
port-based authentication for wired networks
132
The ___ authentication protocol does not provide encryption capability and, therefore, must be run within a communications channel protected by other means
EAP
133
The two main properties of any cryptographic cipher are confusion and diffusion. Confusion ensures that ___, while diffusion ___
the relationship between the cryptographic key is extremely complex; takes any statistical patterns found in the plaintext and prevents them from appearing in the ciphertext
134
a ___ product combines the benefits of a firewall, content filter and intrusion detection, though not at high performance levels
Unified Threat Management (UTM)
135
The U.S. federal government's Digital Signature Standard (DSS) endorses the use of the ___ (algorithm) for the creation of digital signatures
Digital Signature Algorithm (DSA)
136
___ is a key stretching algorithm that is both memory-hardened and CPU-hardened
Bcrypt
137
The SIEM correlation engine should be placed ___
on the internal network where it is not exposed to external traffic
138
All DNSSEC implementations must support the ___ cipher suite to maintain compatibility between systems
RSA/SHA-1
139
___ is an attack using a technique to manipulate device drivers
Shimming
140
in a ___ the attacker executes a request against a third-party website by taking advantage of the fact that the user already has an established session with that site
cross-site request forgery (XSRF) attack
141
a forward proxy is on the same network as the ___, while a reverse proxy is on the same network as the ___
user; web server
142
Network access control lists are examples of ___-based access control because the router will make decisions based upon the ___ provided
rule; rules
143
The most appropriate tool to perform error handling is the use of the ___ construct
try...catch
144
In order for an ARP spoofing attack to be successful, the attacker and victim must be ___
attached to the same switch, although they do not need to be sharing the same switch port
145
an ___ attack requires poisoning the MAC address table either on an individual host or on the switch used by the victim
ARP spoofing
146
The ___ algorithm is cryptographically broken and should never be used for secure applications, such as creating a digital signature
MD5
147
The Bcrypt algorithm relies upon the ___ cipher to perform key stretching of passwords
Blowfish
148
Amazon's ___ service is a serverless computing platform offered to customers on a platform-as-a-service (PaaS) basis
Lambda
149
if you want to allow internet users to email you at an email server on your LAN, then you must allow ___ traffic past your firewall
SMTP
150
When using two-factor identification, a RADIUS server may respond to the client's request with an ___ message asking for additional authentication
Access-Challenge
151
Router access control lists are only capable of performing ___ filtering, which does not take connection status into account
stateless
152
In a pass-the-hash attack, the attacker must gain access to hashed Windows account passwords. This is possible by gaining access to a Windows ___
workstation where the target user logs into his or her domain account
153
The ___ is responsible for overseeing the audits of financial institutions and produces a series of information security standards that apply to those institutions
Federal Financial Institutions Examination Council (FFIEC)
154
___ is a windows based authentication system no longer recommended because it relies on either the MD4 or MD5 Hash algorithms
NTLM
155
individuals who are charged with the safekeeping of information under the guidance of the data owner are data ___
custodians
156
When a Kerberos client requests a session key, the client creates an authenticator consisting of the client's ID and a timestamp, which is encrypted with the TGS session key obtained from the ___
authentication server
