1200

Question 1

An organization that purchased security products from different vendors is demonstrating which security principle? A. obscurity B. diversity C. limiting D. layering

Answer 1

B. diversity

Question 2

Each of the following can be classified as an “insider” except __________. A. business partners B. contractors C. cybercriminals D. employees

Answer 2

C. cybercriminals

Question 3

__________ are a network of attackers - identify thieves - and financial fraudsters. A. script kiddies B. hackers C. cybercriminals D. spies

Answer 3

C. cybercriminals

Question 4

Each of the following is a characteristic of cybercriminals except __________. A. better funded B. less risk-averse C. low motivation D. more tenacious

Answer 4

C. low motivation

Question 5

Each of the following is a characteristic of cybercrime except __________. A. targeted attacks against financial networks B. exclusive use of worms and viruses C. unauthorized access to information D. theft of personal information

Answer 5

B. exclusive use of worms and viruses

Question 6

An example of a(n) ___________ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password. A. threat agent B. threat C. vulnerability D. asset exploit (AE)

Answer 6

C. vulnerability

Question 7

__________ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper documents containing personally identifiable financial information. A. California Savings and Loan Security Act (CS&LSA) B. Gramm-Leach-Bliley Act (GLBA) C. USA Patriot Act D. Sarbanes-Oxley Act (Sarbox)

Answer 7

B. Gramm-Leach-Bliley Act (GLBA)

Question 8

The term __________ is sometimes used to identify anyone who illegally breaks into a computer system. A. hacker B. cyberterrorist C. Internet Exploiter D. cyberrogue

Answer 8

A. hacker

Question 9

An example of __________ is not revealing the type of computer - operating system - software - and network connection a computer uses. A. obscurity B. limiting c. diversity D. layering

Answer 9

a. obscurity

Question 10

The __________ is primarily responsible for assessment - management - and implementation of security. A. security manager B. security administrator C. Chief Information Security Officer (CISO) D. security technician

Answer 10

C. Chief Information Security Officer (CISO)

Question 11

List the 3 protections or CIA.

Answer 11

1- Confidentiality
2- Integrity
3- Availability

Question 12

List the 3 sets of protections that must be implemented to secure information or AAA.

Answer 12

1- Authentication
2- Authorization
3- Accounting

Question 13

List the 3 information security layers.

Answer 13

1- Products
2- People
3- Procedures

Question 14

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

Answer 14

Adware

Question 15

Software code that gives access to a program or a service that circumvents normal security protections.

Answer 15

Backdoor

Question 16

A logical computer network of zombies under the control of an attacker.

Answer 16

Botnet

Question 17

A malicious computer code that - like its biological counterpart - reproduces itself on the same computer.

Answer 17

Computer Virus (Virus)

Question 18

The act of digging through trash receptacles to find information that can be useful in an attack.

Answer 18

Dumpster Diving

Question 19

A false warning.

Answer 19

Hoax

Question 20

An attack that creates a fictitious character and then plays out the role of that person on a victim.

Answer 20

Impersonation

Question 21

Captures and stores each keystroke that a user types on the computer’s keyboard.

Answer 21

Keylogger

Question 22

Computer code that lies dormant until it is triggered by a specific logical event.

Answer 22

Logic Bomb

Question 23

Software that enters a computer system without the user’s knowledge or consent and then performs an unwanted - and usually harmful - action.

Answer 23

Malware

Question 24

A phishing attack that automatically redirects the user to a fake site.

Answer 24

Pharming

Question 25

Sending an email or displaying a Web announcement that falsely claims to be form a legitimate enterprise in an attempt to trick the user into surrendering private information.

Answer 25

Phishing

Question 26

A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.

Answer 26

Rootkit

Question 27

Watching an authorized user enter a security code on a keypad.

Answer 27

Shoulder Surfing

Question 28

A means of gathering information for an attack by relying on the weaknesses of individuals.

Answer 28

Social Engineering

Question 29

Unsolicited email.

Answer 29

Spam

Question 30

A phishing attack that targets only specific users.

Answer 30

Spear Phishing

Question 31

A variation of spam - which targets instant messaging users instead of email users.

Answer 31

Spim

Question 32

A general term used to describe software that spies on users by gathering information without consent - thus violating their privacy.

Answer 32

Spyware

Question 33

The act of unauthorized individuals entering a restricted-access building by following an authorized user.

Answer 33

Tailgating

Question 34

An executable program advertised as performing one activity - but actually does something else (or it may perform both the advertised and malicious activities).

Answer 34

Trojan Horse (Trojan)

Question 35

A phishing attack that uses a telephone call instead of using email.

Answer 35

Vishing

Question 36

A phishing attack that targets only wealthy individuals.

Answer 36

Whaling

Question 37

Horizontally separating words so that they can still be read by the human eye.

Answer 37

Word Splitting

Question 38

A malicious program designed to take advantage of a vulnerability in an application or an operating system in order to enter a computer and then self-replicate to other computers.

Answer 38

Worm

Question 39

A __________ requires a user to transport it from one computer to another. A. worm B. rootkit c. virus d. trojan

Answer 39

C. Virus

Question 40

Each of the following is an action that a virus can take except __________. A. transport itself through the network to another device B. cause a computer to crash C. erase files for a hard drive D. make multiple copies of itself and consume all of the free space in a hard drive

Answer 40

A. transport itself through the network to another device

Question 41

Each of the following is a different type of computer virus except ___________. A. program virus B. macro virus C. remote virus D. boot virus

Answer 41

C. remote virus

Question 42

Li downloads a program that prints coupons - but in the background it silently collects her passwords. Li has actually downloaded a __________. A. virus B. worm C. Trojan D. logic bomb

Answer 42

C. Trojan

Question 43

To completely remove a rootkit from a computer - you should __________. A. flash the ROM BIOS B. erase and reinstall all fires in the WINDOWS folder C. expand the Master Boot Record D. reformat the hard drive and reinstall the operating system

Answer 43

D. reformat the hard drive and reinstall the operating system

Question 44

Each of the following could be a logic bomb except ___________. A. erase all data if John Smith’s name is removed from the list of employees. B. reformat the hard drive three months after Susan Jones left the company C. send spam e-mail to all users D. if the company’s stock price drops below $10 - then credit Jeff Brown with 10 additional years of retirement credit

Answer 44

C. send spam e-mail to all users

Question 45

C. GIF layering A. Word splitting B. Geometric variance

Answer 45

D. if the company’s stock price drops below $10 - then credit Jeff Brown with 10 additional years of retirement credit

Question 46

__________ is an image spam that is divided into multiple images - and each piece of the message is divided and then layered to create a complete and legible message. A. Word splitting B. Geometric variance C. GIF layering D. Split painting

Answer 46

C. GIF layering

Question 47

__________ is a general term used for describing software that gathers information without the user’s consent. A. Adware B. Scrapeware C. Pullware D. Spyware

Answer 47

D. Spyware

Question 48

Each of the following is true regarding a keylogger except __________. A. hardware keyloggers are installed between the keyboard connector and computer keyboard or USB port B. software keyloggers are easy to detect C. keyloggers can be used to capture passwords - credit card numbers - or personal information D. software keyloggers can be designed to send captured information automatically back to the attacker through the Internet

Answer 48

B. software keyloggers are easy to detect

Question 49

The preferred method today of bot herders for command and control of zombies is to use __________. A. Internet Relay Chat (IRC) B. e-mail C. Hypertext Transport Protocol (HTTP) D. spam

Answer 49

C. Hypertext Transport Protocol (HTTP)

Question 50

Which of the following is a social engineering technique that uses flattery on a victim? A. Conformity B. Friendliness C. Fear D. Ingratiation

Answer 50

D. Ingratiation

Question 51

__________ sends phishing messages only to wealthy individuals. A. Spear phishing B. Target phasing C. Microing D. Whaling

Answer 51

D. Whaling

Question 52

__________ is unsolicited instant messaging. A. Spam B. Vishing C. SMS Phishing (SMS-P) D. Spim

Answer 52

D. Spim

Question 53

Erin pretends to be a manager from another city and calls Nick to trick him into giving her his password. What social engineering attack has Erin performed? A. Aliasing B. Luring C. Impersonation D. Duplicity

Answer 53

C. Impersonation

Question 54

How can an attacker use a hoax? A. A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings. B. By sending out a hoax - an attacker can convince a user to read his e-mail more often. C. A user who receives multiple hoaxes could contact his supervisor for help. D. Hoaxes are not used by attackers today.

Answer 54

A. A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings.

Question 55

Which of the following is not an item that could be retrieved through dumpster diving that would provide useful information? A. Calendars B. Memos C. Organizational Charts D. Books

Answer 55

D. Books

Question 56

__________ is the following of an authorized person through a secure door. A. Tagging B. Tailgating C. Social Engineering Following (SEF) D. Backpacking

Answer 56

B. Tailgating

Question 57

Each of the following is the reason adware is scorned except __________. A. it displays the attackers programming skills B. it displays objectionable content C. it can cause a computer to crash slow down. D. it can interfere with a user’s productivity

Answer 57

A. it displays the attackers programming skills

Question 58

An attacker who controls multiple zombies in a botnet is known as a __________. A. zombie shepherd B. rogue IRC C. bot herder D. cyberrobot

Answer 58

C. bot herder

Question 59

Observing someone entering a keypad code from a distance is known as __________. A. shoulder surfing B. piggybacking C. spoofing D. watching

Answer 59

A. shoulder surfing

Question 60

Programs that provide additional functionality to Web browsers.

Answer 60

Add-ons

Question 61

Part of the TCP/IP protocol for determining the MAC address based on the IP address.

Answer 61

Address Resolution Protocol (ARP)

Question 62

An attack that corrupts the ARP cache.

Answer 62

ARP Poisoning

Question 63

Files that are coupled to e-mail messages.

Answer 63

Attachments

Question 64

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

Answer 64

Buffer Overflow

Question 65

An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data.

Answer 65

Client-Side Attack

Question 66

A file on a local computer in which a server stores user-specific information.

Answer 66

Cookie

Question 67

Injecting and executing commands to execute on a server.

Answer 67

Command Injection

Question 68

An attack that injects scripts into a Web application server to direct attacks at clients.

Answer 68

Cross-Site Scripting (XSS)

Question 69

An attack that attempts to prevent a system from performing its normal functions.

Answer 69

Denial of Service (DoS)

Question 70

An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.

Answer 70

Directory Traversal

Question 71

An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.

Answer 71

Distributed Denial of Service (DDoS)

Question 72

An attack that substitutes DNS addresses so that the computer is automatically redirected to another device.

Answer 72

DNS Poisoning

Question 73

A hierarchical name system for matching computer names and numbers.

Answer 73

Domain Name System (DNS)

Question 74

A cookie that is created from the Web site that currently is being viewed.

Answer 74

First-Party Cookie

Question 75

A cookie named after the Adobe Flash player. Also known as local shared objects (LSO’s). Flash cookies cannot be deleted through the browser’s normal configuration settings as regular cookies can. Typically - they are saved in multiple locations on the hard drive and can take up as much as 100 - 000 bytes of storage per cookie (about 25 times the size of a normal cookie). Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked.

Answer 75

Flash Cookie

Question 76

A list of the mappings of names to computer numbers.

Answer 76

Host Table

Question 77

Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.

Answer 77

HTTP Header

Question 78

Modifying HTTP headers to create an attack.

Answer 78

HTTP Header Manipulation

Question 79

An attack that intercepts legitimate communication and forges a fictitious response to the sender.

Answer 79

Man-In-The-Middle

Question 80

A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.

Answer 80

Persistent Cookie (Tracking Cookie)

Question 81

A utility that sends an ICMP echo request message to a host.

Answer 81

Ping

Question 82

An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.

Answer 82

Ping Flood

Question 83

An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.

Answer 83

Privilege Escalation

Question 84

An attack that makes a copy of the transmission before sending it to the recipient.

Answer 84

Replay

Question 85

A cookie that is only used when a browser is visiting a server using a secure connection.

Answer 85

Secure Cookie

Question 86

A cookie that is stored in Random Access Memory (RAM) - instead of on the hard drive - and only lasts for the duration of visiting a Web site.

Answer 86

Session Cookie

Question 87

An attack in which an attacker attempts to impersonate the user by using his session token.

Answer 87

Session Hijacking

Question 88

A form of verification used when accessing a secure Web application.

Answer 88

Session Token

Question 89

An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target.

Answer 89

Smurf Attack

Question 90

Impersonating another computer or device.

Answer 90

Spoofing

Question 91

An attack that targets SQL servers by injecting commands to be manipulated by the database.

Answer 91

SQL Injection

Question 92

An attack that takes advantage of the procedures for initiating a TCP session.

Answer 92

SYN Flood Attack

Question 93

A cookie that was created by a third party that is different from the primary Web site.

Answer 93

Third-Party Cookies

Question 94

An attack involving using a third party to gain access rights.

Answer 94

Transitive Access

Question 95

A markup language that is designed to carry data instead of indicating how to display it.

Answer 95

XML (Extensible Markup Language)

Question 96

An attack that injects XML tags and data into a database.

Answer 96

XML Injection

Question 97

Attacks that exploit previously unknown vulnerabilities - so victims have not time (zero days) to prepare or defend against the attacks.

Answer 97

Zero Day Attacks

Question 98

A __________ attack exploits previously unknown vulnerabilities.

Answer 98

D. zero day

Question 99

Why can traditional networking security devices NOT be used to block Web application attacks? A. Traditional network security devices ignore the content of HTTP traffic - which is the vehicle of Web application attacks B. Web application attacks use Web browsers that cannot be controlled on a local computer C. Network security devices cannot prevent attacks from Web resources D. The complex nature of TCP/IP allows for too many ping sweeps to be blocked.

Answer 99

A. Traditional network security devices ignore the content of HTTP traffic - which is the vehicle of Web application attacks

Question 100

Attackers use buffer overflows to __________. A. corrupt the kernel so the computer cannot reboot. B. point to another area in data memory that contains the attacker’s malware code C. place a virus into the kernel D. erase buffer overflow signature files

Answer 100

B. point to another area in data memory that contains the attacker’s malware code