cyber security 2016 SLC Flashcards by Emeli Olivares

What type of convert attack uses devices or computer programs that captures anything the user types or anything the user clicks with a mouse?

A . Keylogger

How well did you know this?

Not at all

Perfectly

Spoofing is the act of falsely identifying a packet’s IP address, MAC address, etWhich of the below are three types of Spoofing?

A) ARP Poisoning, Web Spoofing, and DNS Spoofing

B) Web Spoofing, DNS Spoofing, and Relay Spoofing

C) Web Spoofing, ARP Poisoning, and Relay Spoofing

D) DNS Spoofing, Relay Spoofing, and ARP Poisoning

A) ARP Poisoning, Web Spoofing, and DNS Spoofing

How well did you know this?

Not at all

Perfectly

This refers to applications or files that are not classified as viruses or Trojan Horse programs, but can still negatively affect the performance of the computers on your network and introduce significant security risks to your organization. This is done by performing a variety of undesired actions such as irritating users with pop-up windows, tracking user habits, and unnecessarily exposing computer vulnerabilities to attack.

C) Grayware

How well did you know this?

Not at all

Perfectly

Malware, short for malicious software, is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. What are three methods antivirus software use to identify malware?

D) Signature-Based Detection, Heuristic-Based Detection, File Emulation

How well did you know this?

Not at all

Perfectly

Cloud-computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. What is the primary function of cloud antivirus technology?

C) A technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider’s infrastructure.

How well did you know this?

Not at all

Perfectly

Your regular bills and account statements do not arrive on time, you never receive bills or collection notices for products or services, or you receive calls from debt collectors about debts that do not belong to you are examples of:

C) Red Flags of Identity Theft

How well did you know this?

Not at all

Perfectly

What type of Trojan Horses send a copy of itself to all recipients in a user’s address book, which causes an outbreak by passing throughout a network?

D) Droppers

How well did you know this?

Not at all

Perfectly

What is considered the first piece of malicious software to have caused significant damage on the Internet?

B) Morris worm

How well did you know this?

Not at all

Perfectly

A Trojan horse, or Trojan, is a hacking program that is a non-self-replicating type of malware that gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload. What do Trojans install that create a hidden opening allowing access to a system?

A) Backdoor

How well did you know this?

Not at all

Perfectly

A computer virus is a type of malware that, when executed, replicates by inserting copies of itself into other computer programs, data files, or the boot sector. When this replication succeeds, the affected areas are then said to be infected. This type of virus spreads by infecting USB disks or hard drive disks. The virus is loaded into memory and attempts to infect any and all disks inserted into the computer.

C) Boot Sector

How well did you know this?

Not at all

Perfectly

Which one of the following is a network attack where the attacker creates an ICMP packet that’s larger than the maximum allowed size of 65,535 bytes?

C) Ping of Death

How well did you know this?

Not at all

Perfectly

12)  Which one of the following is a form of social engineering where an unauthorized person follows closely behind an authorized person into a restricted area?

A) piggybacking

How well did you know this?

Not at all

Perfectly

13)  Computer software, or just software, is any set of machine-readable instructions that directs a computer’s processor to perform specific operations. Changes and improvements to software happen. What is a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable bundle because installing is easier and less error-prone?

A) Service Pack

How well did you know this?

Not at all

Perfectly

14)  This must be regularly updated by a computer’s anti-virus program and is used to identify potential malicious software?

C) signature file

How well did you know this?

Not at all

Perfectly

Which class of brute-force mathematical attack exploits mathematical weaknesses of hash algorithms and one-way hash functions?

C) Birthday Attack

How well did you know this?

Not at all

Perfectly

Many legislative Acts affect computer security. Which Act changed computer crime damage assessments, increasing the number of crimes violating federal law?

C) The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Patriot Act)

How well did you know this?

Not at all

Perfectly

TCP/IP provides end-to-end connectivity, specifying how data should be formatted, addressed, transmitted, routed, and received at the destination. The Open Systems Interconnection (OSI) model is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model groups similar communication functions into one of seven logical layers. Which four of the seven layers does TCP/IP operate?

C) Application, Transport, Network, Data Link

How well did you know this?

Not at all

Perfectly

18)  Which is a set of protocols developed to support the secure exchange of packets and is required in IPv6?

D) IPsec

How well did you know this?

Not at all

Perfectly

19)  How do organizations classify information such as client lists, product designs, and organizational strategies?

B) sensitive

How well did you know this?

Not at all

Perfectly

20)  Risk is comprised of what two components?

C) Vulnerability and Threat

How well did you know this?

Not at all

Perfectly

21)  A security database that contains entries for users and their access rights for files and folders is known as?

B) an access control list (ACL)

How well did you know this?

Not at all

Perfectly

22)  The Open Systems Interconnection (OSI) model is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model groups similar communication functions into one of seven logical layers. This hardware device operates at the data link layer of the OSI model and can limit hostile sniffing on a LAN (Local Area Network)?

A) Ethernet Switch

How well did you know this?

Not at all

Perfectly

23)  The purpose of classification is to protect information from being used to damage or endanger national security, research and development, or proprietary information. How do organizations classify information such as client lists, product designs, and organizational strategies?

A) sensitive

How well did you know this?

Not at all

Perfectly

24)  What can an intruder place between two endpoints to capture an entire session?

B) sniffers

How well did you know this?

Not at all

Perfectly

25)  Internet browsers use this to store pages and other multimedia content, such as video and audio files, from websites visited by the user. This allows such websites to load more quickly the next time they are visited. D) temporary Internet file

D) temporary Internet file

26)  File Transfer Protocol (FTP) uses a client-server architecture and uses separate control and data connections between the client and the server. What do system administrators do to secure a FTP server so only authorized users can access the server? A) Disable Anonymous Authentication

27)  Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) Snort's open source network-based intrusion detection system has the ability to perform real-time traffic analysis and packet logging on IP networks. Snort performs protocol analysis, content searching, and content matching. What is the correct Snort Rule syntex to log TCP traffic from any port going to ports less than or equal to 4000 on the 192.168.1.0 network? A) log tcp any any -> 192.168.1.0/24 :4000

28)  At what stage of the security system development life cycle do organization's purchase or build security solution? A) Implementation Phase

29)  Some virtual networks may not use encryption to protect the data contents. What process do users initiate when carrying a payload over an incompatible delivery-network, or providing a secure path through an untrusted network? D) Tunneling

30)  When collecting digital evidence from a crime scene, often the best strategy for dealing with a computer that is powered on is to: C) unplug it

31)  This is a non-malicious, yet false message spread by users forwarding to a large number of recipients. C) e-mail hoax

32)  What is the unique number assigned to a message by the e-mail server? D) message ID

33)  A cyber attack is a type of offensive maneuver employed by both individuals and whole organizations that target computer information systems, infrastructures, computer networks, and/ or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system. What is a Distributed Denial of Service Attack?

C) An attack in which multitudes of compromised systems attack a single target and the flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

34)  This protocol is used to encrypt and digitally sign email messages using the X.509 format for certificates. D) S/MIME

35)  Why is instant messaging dangerous for file transfers? A) It bypasses server-based malware protection.

36)  What is the difference between SMTP and POP3? . B) The SMTP server listens on port 25, while POP3 listens on port 110.

37)  Simple Mail Transfer Protocol (SMTP) is an Internet standard for email transmission across Internet Protocol (IP) networks. Your SMTP server is the source of excessive spam emails. What is the most likely cause? C) The anonymous relays are not disabled

38)  What is the act of making an e-mail message look like it came from someone else or a different location? D) spoofing

39)  Attackers have learned to capitalize and take advantage of the human factor in trust relationships. What type of attack uses chat, social media, and email to exploit trust relationships? C) Online attack

40)  What is the purpose of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003? B) Allow email marketers to send unsolicited commercial e-mail as long as it adheres to 3 basic types of compliance: unsubscribe, content, and sending behavior compliance

41)  What type of email scam involves Internet fraudsters who send seemingly legitimate e-mail messages to trick unsuspecting victims into revealing personal and financial information, such as a Social Security number (SSN), that can be used to steal the victims’ identity and gain access to the victim’s finances? C) Phishing

42)  What is an attempt to make a machine or network resource unavailable to its intended users by temporarily or indefinitely interrupt or suspend services of a host connected to the Internet? B) Denial of Service

43)  This type of attack is an anomaly where a program, while writing data, overruns the boundary and overwrites adjacent memory. Most security applications and suites are incapable of adequate defense against these kinds of attacks. B) Buffer Overflow

44)  What type of intrusion detection system takes action after intruder detection? C) active

45)  What is a false positive? ed C) An event signaling an intrusion detection system to produce an alarm when no attack has taken place

46)  The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates. Which encryption scheme does PKI use? D) Asymmetric Encryption

47)  What is the process of recovering passwords from data that has been stored in or transmitted by a computer system? A) Password Cracking

48)  The purpose of this is to help you make more-informed decisions about which security measures to adopt? C) Security Assessment

49)  This type of assessment answers the following questions: What to protect? Who/What are the threats and vulnerabilities? What are the implications of damage or loss? What is the value to the organization? What can minimize exposure to the loss or damage? B) risk assessment

50)  What are groups of rigorous methods for finding bugs or errors in code related to computer security. These methods are used for testing purposes and are very important for ensuring that potential vulnerabilities are prevented. C) Attack Patterns

51)  Heuristic scanning is a: C) method of detecting potentially malicious behavior by examining what a program does or how it acts

52)  In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. What is the primary principle of encryption using a key? B) All functions are public, only the key is secret. The key contains the parameters used for the encryption responsible for decryption.

53)  A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. What is the primary role of the Certificate Authority? C) To digitally sign and publish the public key bound to a given user

54)  What is the primary role of the Certificate Authority? A) to digitally sign and publish the public key bound to a given user B) to review critical transactions communications between two or more parties C) to use a random number generator to create public keys D) to track self-signed certificates and third party attestations of those certifications

5555)  In a Public Key infrastructure, this provides nonrepudiation: A) symmetric keys B) digital signature C) electronic certificates D) e-mail signature

5656)  The digital signature scheme consists of which three algorithms? A) a key generation algorithm, a signing algorithm, and a signature verification algorithm B) a key generation algorithm, an asymmetric key algorithm, and a signing algorithm C) a key generation algorithm, a signing algorithm, and a hash-and-decrypt algorithm D) a symmetric key algorithm, a signing algorithm, and a signature verification algorithm

5757)  In computer security, challenge-response authentication is a family of protocols in which one party presents a question/challenge and another party must provide a valid answer/response to be authenticated. The simplest example of a challenge-response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password. Which technology issues a challenge/response test as a means of ascertaining that a user is a human and not a computer program? A) CAPTCHA B) Munging C) CHAP D) Site Key

5858)  This security principle describes the requirement that different people should perform different portions of a critical process. A) segregation of duties B) defense in depth C) job rotation D) least privilege

5959)  What type of authentication methodology uses a person's physical characteristic for identification? A) Behaviometrics B) Biometrics C) Voice Analysis D) Facial Recognition

6060)  When withdrawing money from an automated teller machine, a user inserts a card (something he has) and enters a pin code (something he knows) into a keypad. What type of authentication is this? A) Two-factor Authentication B) Two-factor Authorization C) Multi-Factor Authentication D) Common Authentication

6161)  In networking, the Point-to-Point Protocol (PPP) is a data link protocol commonly used in establishing a direct connection between two networking nodes. What authentication method is used in conjunction with PPP to validate the identify of a client? A) Password Authentication Protocol (PAP) B) Routing Internet Protocol (RIP) C) Challenge-Handshake Authentication Protocol (CHAP) D) Extensible Authentication Protocol (EAP)

62)  Your boss does not want anyone else to have the ability to read an email except the intended recipient. What type of security ensures only the intended recipient can read your email? A) Availability B) Confidentiality C) Authentication D) Integrity

63)  A binary code represents text or computer processor instructions using the binary number system's two binary digits – 0 and 1. What is added to the end of a string of binary code that indicates whether the number of bits in the string with the value one is even or odd? A) Checksum B) Modular Sum C) Parity Bit D) Parity Word

64)  What is a credential issued by the Authentication Service that supplies valid authentication credentials? A) User Certificate B) Server Ticket C) Security Ticket D) Server Certificate

65)  A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. What setup should an administrator use for regularly testing the strength of user passwords A) A standalone workstation on which the password database is copied and processed by the cracking program. B) A standalone workstation so that the live password database can be accessed and processed by the cracking program. C) A networked workstation so the password database can easily be copied locally and processed by the cracking program. D) A networked workstation so the cracking program can access the live password database.

66)  In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. When does CHAP perform the handshake process? A) Only when establishing the initial connection B) When establishing a connection and at any time after the connection is established C) When establishing a connection and after disconnecting the session D) Only after the connection is established

67)  Which one of the following is not an effect of a natural disaster on a computer? A) smoke damage to the hard drive B) static electricity C) water damage D) power fluctuations

68)  What is the best reason water isn’t used to suppress fires in a data center? A) It’s too expensive compared to other methods. B) Water would ruin the electronics in computers and network equipment. C) Water cannot put out electrical fires. D) Water may not be able to reach all servers in a rack.

69)  This provides duplication of server data storage by using multiple hard drive volumes. A) Parity B) Hot Swapping C) Mirroring D) Disk Striping

70)  What RAID level uses disk striping? A) RAID 5 B) RAID 0+1 C) RAID 1 D) RAID 0

71)  This term refers to the ability to maintain data and operational processing despite a disrupting event? A) business continuity B) high definition C) disaster planning D) high availability

72)  Regarding Business Continuity Planning and Disaster Recovery Planning, which one of the following determines the recovery cost balancing? A) cost of impact and the cost of resources B) cost of disruption and the cost to recover C) maximum allowable outage and the cost to recover D) cost of system inoperability and the cost of resources to recover

73)  The CEO wants to determine the feasibility of the IT recovery process, verify the compatibility of backup facilities, and ensuring the adequacy of procedures relating to the various teams working in the recovery process. These tasks are examples of what? A) Disaster Recovery Plan Testing B) Disaster Recovery Plan Training C) Disaster Recovery Plan Maintenance D) Disaster Recovery Plan Authentication

74)  This type of plan contains the steps for implementing critical business functions using alternate mechanisms until normal operations can be resumed at the primary site or elsewhere on a permanent basis. A) Disaster Recovery Plan B) Business Continuity Plan C) Incremental Recovery Plan D) Incident Recovery Plan

75)  What are the three primary strategies when developing a disaster recovery plan? A) Management Support, Detective Measures, and Preventative Measures B) Preventive Measures, Detective Measures, and Corrective Measures C) Risk Assessment, Independent Verification and Validation, and Management Support D) Corrective Measures, Detective Measures, and Risk Assessment

76)  Which one of the following configurations of elements represents the most complete disaster recovery plan? A) alternate processing site, backup and off-site storage procedures, identification of critical applications, and test of the plan B) vendor contract for alternate processing site, backup procedures, and names of persons on the disaster recovery team C) vendor contract for alternate processing site, names of persons on the disaster recovery team, and offsite storage procedures D) off-site storage procedures, identification of critical applications, and test of the plan

77)  Which one of the following IT contingency solutions provides recovery time objectives ranging from minutes to several hours? A) asynchronous shadowing B) multiple location disk replications C) single location disk replication D) synchronous mirroring

78)  Organizations use contingency plans for an outcome other than the usual (expected) outcome. Which one of the following IT contingency solutions provides recovery time objectives ranging from minutes to several hours? A) multiple location disk replications B) synchronous mirroring C) asynchronous shadowing D) single location disk replication

79)  Which one of the following configurations of elements represents the most complete disaster recovery plan? A) off-site storage procedures, identification of critical applications, test of the plan B) vendor contract for alternate processing site, names of persons on the disaster recovery team, offsite storage procedures C) vendor contract for alternate processing site, backup procedures, names of persons on the disaster recovery team D) alternate processing site, backup and off-site storage procedures, identification of critical applications, and test of the plan

80)  What maintains a historical record of all the changes make to data by constantly monitor all data written on a hard drive and thus provide backups that can be restored immediately? A) Synchronous backups B) Disk to Disk (D2D) backups C) Backup Data Plan (BDP) D) Continuous Data protection (CDP)

81)  This is the maximum length of time that an organization can tolerate between backups. A) Service Establishment Point (SEP) B) Recovery Point Objective (RPO) C) Recovery Time Objective (RTO) D) Business Recovery Time (BRT)

82)  This type of attack is to directly attach conductors to the circuit(s) being protected so that the information can be obtained from and/or changes injected into the system under attack. A) Shape Charge Attack B) Circuit Disruption Attack C) Probe Attack D) Machine Attack

83)  The abbreviation RAID stands for? A) Resistant Architecture of Interdependent Drives B) Repository Array of Inexpensive Disks C) Redundant Array of Independent Drives D) Replacement Archive for Identical Disks

84)  What is an effective technique in ventilation systems that forces air outward from a facility to help guard against dust and other pollutants? A) Negative Pressurization B) Adaptive Support Pressurization C) Supply Only Pressurization D) Positive Pressurization

85)  Half of employees admit to taking corporate data when they leave a job, and 40 percent say they plan to use the data in their new job. How do you prevent this? A) Enforce Non-Disclosure Agreements, Monitor Technology, Secure Intellectual Property B) Employee Education, Enforce Non-Disclosure Agreements, Monitor Technology C) Tag Sensitive Information, Monitor Technology, Enforce Non-Disclosure Agreements D) Monitor Technology, Secure Intellectual Property, Education Employees

86)  Which one of the following type of attacks requires physical access to a computer system? A) using a bootdisk to load an alternate operating systems B) scanning the network for open ports and IP addresses C) cracking passwords D) exploiting vulnerabilities in web servers

87)  What process takes a variable sized long input of bits and produces a fixed, small sequence of bits that is effectively unique? A) Decoy Protocol B) Hashing C) Cascading D) Public Key Encryption

88)  What process takes a variable sized long input of bits and produces a fixed, small sequence of bits that is effectively unique? A) hashing B) decoy protocol C) public key encryption D) cascading

89)  This is a method of hiding nearly undetectable messages in images, documents, or other file types. A) steganography B) cryptography C) symmetric encryption D) cryptanalysis

90)  In which way does the Combined Encryption combine symmetric and asymmetric encryption? A) The secret key is symmetrically transmitted, the message itself asymmetrically. B) First, the message is encrypted with asymmetric encryption and then it is encrypted symmetrically together with the key C) The secret key is asymmetrically transmitted, the message itself symmetrically. D) First, the message is encrypted with symmetric encryption and then it is encrypted asymmetrically together with the key

91)  What does the “dd” Unix/Linux command do as part of computer forensics? A) creates an exact duplicate of a disk image B) duplicates the slackspace on a hard disk C) copies the hard drive to a solid state drive D) creates a hash of all of the contents of a drive

92)  What are the two primary types of computer forensic investigations? A) when a computer was the target of a crime and the computer itself was stolen B) when a computer was used to commit a crime and when a computer was the target of a crime C) when a computer was the target of a crime and when the computer was used by a criminal D) when a computer was used to commit a crime and the crime involved medical records

93)  What is the name of the special container used to hold electronic evidence that blocks the radio signals? A) cell phone holder B) Radio Frequency Identification (RFID) C) signal blocking box D) Faraday bag

94)  Verifying the authentication of digital images is one form of forensic security. What are forensic techniques used to complete this verification? A) Erase an image’s compression history and use its associated compression fingerprints B) Use an image’s compression history after erasing its associated compression fingerprints C) Use an image's compression history and its associated compression fingerprints D) Erase an image’s compression history and its associated compression fingerprints

95)  Prosecuting cybercrimes is difficult because most of the evidence is digital. Forensic investigators must leverage a forensic investigation life cycle to ensure the confidentiality, integrity, or availability of digital evidence. Steps in the forensic investigation life cycle are: A) Requirement Analysis, Representation of Evidence, Repository of Data B) Requirement Analysis, Inaccuracy, Destruction of Evidence C) Review of Evidence, Destruction of Evidence, Representation of Evidence D) Representation of Evidence, Retrieval of Data, Inaccuracy

96)  What standard company policy outlines what the organization considers to be the appropriate use of all computer resources? A) Internet Usage Policy (IUP) B) End User License Agreement (EULA) C) Acceptable Use Policy (AUP) D) Data Communication Standard (DCS)

97)  U.S. Presidents use this power to set policy directives that implement or interpret federal statutes, a constitutional provision, or a treaty. A) Legislation B) Joint Resolution C) Executive Orders D) Public Law

98)  This Act intended to enhance the security and resiliency of the cyber and communications infrastructure of the United States. A) Federal Information Security Management Act of 2002 B) Computer Security Act of 1987 C) Cybersecurity Act of 2012 D) Confidential Information Protection and Statistical Efficiency Act of 2002

99)  This is the mission of what federal organization – to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. A) Department of Homeland Security (DHS) B) National Institute of Standards and Technology (NIST) C) Office of Management and Budget (OMB) D) Department of Commerce (DOC)

100)  What are the three primary goals of the Comprehensive National Cybersecurity Initiative (CNCI)? A) To establish a front line of defense against today's immediate threats; To defend against the full spectrum of threats; To develop and implement a government-wide cyber counterintelligence (CI) plan. B) To strengthen the future cybersecurity environment; To build cybersecurity capability in the electricity sector; To protect the nation’s communication grid from cyber threats C) To establish a front line of defense against today's immediate threats; To defend against the full spectrum of threats; To strengthen the future cybersecurity environment D) To defend against the full spectrum of threats; To coordinate and redirect research and development (R&D) efforts; To develop and implement a government-wide cyber counterintelligence (CI) plan

cyber security 2016 SLC Flashcards

(100 cards)