800

Question 1

Layer 1 of the OSI Model

Answer 1

Application

Question 2

Layer 2 of the OSI Model

Answer 2

Presentation

Question 3

Layer 3 of the OSI Model

Answer 3

Session

Question 4

Layer 4 of the OSI Model

Answer 4

Transport

Question 5

Layer 5 of the OSI Model

Answer 5

Network

Question 6

Layer 6 of the OSI Model

Answer 6

Data Link

Question 7

Layer 7 of the OSI Model

Answer 7

Physical

Question 8

A network database that contains a listing of all network resources - such as users - printers - groups - and so on.

Answer 8

directory

Question 9

A network service that provides access to a central database of information - which contains detailed information about the resources available on a network.

Answer 9

directory service

Question 10

A method of communication between wireless receivers.

Answer 10

direct-sequence (DS)

Question 11

A communications technology that is used to communicate in the 802.11 standard. It accomplishes communication by adding the data that is to be transmitted to a higher-speed transmission

Answer 11

direct-sequence spread spectrum (DSSS)

Question 12

The act of recovering data following a disaster that has destroyed the data.

Answer 12

disaster recovery

Question 13

The procedure by which data is recovered after a disaster.

Answer 13

disaster recovery plan

Question 14

A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.

Answer 14

Discretionary Access Control (DAC)

Question 15

Technology that keeps identical copies of data on two disks to prevent the loss of data if one disk faults.

Answer 15

disk mirroring

Question 16

Technology that enables writing data to multiple disks simultaneously in small portions called stripes.

Answer 16

disk striping

Question 17

A fault-tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails - the data on it can be recreated by looking at the remaining data and computing parity to figure out the missing data.

Answer 17

disk striping with parity

Question 18

A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target.

Answer 18

Distributed Denial of Service (DDoS) attack

Question 19

Any server that performs host name-to-IP address resolution.

Answer 19

DNS server

Question 20

An area in the DNS hierarchy that is managed as a single unit.

Answer 20

DNS zone

Question 21

Within the Internet - this is a group of computers with shared traits and a common IP address set.

Answer 21

domain

Question 22

The network service used in TCP/IP networks that translates host names to IP addresses.

Answer 22

Domain Name Service (DNS)

Question 23

A host that resides on more than one network and posses more than one physical network card.

Answer 23

dual-homed host

Question 24

A keyboard and monitor that send keystrokes to a central processing computer (typically a mainframe or minicomputer) that returns screen displays to the monitor. The unit has no processing power of its own.

Answer 24

dumb terminal

Question 25

Looking through trash for clues–often in the form of paper scraps–to users’ passwords and other pertinent information.

Answer 25

dumpster diving

Question 26

Two hard drives to which identical information is written simultaneously. A dedicated controller card controls each drive. Used for fault tolerance.

Answer 26

duplexed hard drives

Question 27

Two servers that are identical - for use in clustering.

Answer 27

duplicate servers

Question 28

A protocol used on a TCP/IP network to send client configuration data - including TCP/IP address - default gateway - subnet mask - and DNS configuration - to clients.

Answer 28

Dynamic Host Configuration Protocol (DHCP)

Question 29

A type of firewall used to accept or reject packets based on their contents.

Answer 29

dynamic packet filtering

Question 30

The use of route-discovery protocols to talk to other routers and find out what networks they are attached to. Routers that use dynamic routing send out special packets to request updates from the other routers on the network as well as to send their own updates.

Answer 30

dynamic routing

Question 31

A TCP/IP port used by an application when needed. The port isn’t constantly used.

Answer 31

dynamically allocated port

Question 32

Any type of passive attack that intercepts data in an unauthorized manner–usually in order to find passwords.

Answer 32

eavesdropping

Question 33

The interference that can occur during transmissions over copper cable because of electromagnetic energy outside the cable. The result is degradation of the signal.

Answer 33

electromagnetic interference (EMI)

Question 34

A type of public key cryptosystem that requires a shorter key length than many other cryptosystems (including the de facto industry standard - RSA).

Answer 34

Elliptic Curve Cryptosystem (ECC)

Question 35

A header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).

Answer 35

Encapsulating Security Payload (ESP)

Question 36

The process of translating data into signals that can be transmitted on a transmission medium.

Answer 36

encoding

Question 37

The process of converting data into a form that makes it less likely to be usable to anyone intercepting it if they can’t decrypt it.

Answer 37

encryption

Question 38

A string of alphanumeric characters used to decrypt encrypted data.

Answer 38

encryption key

Question 39

The process of luring someone.

Answer 39

enticement

Question 40

The process of encouraging an attacker to perform an act - even if they don’t want to do it.

Answer 40

entrapment

Question 41

An attempt to gain information about a network by specifically targeting network resources - users and groups - and applications running on the system.

Answer 41

enumeration

Question 42

The act of moving something up in priority. Often - when an incident is escalated - it’s brought to the attention of the next highest supervisor.

Answer 42

escalation

Question 43

A shared-media network architecture. It operates at the Physical and Data Link layers of the OSI model.

Answer 43

Ethernet

Question 44

A level of assurance - expressed as a numeric value - based on standards set by the CCRA (Common Criteria Recognition Agreement).

Answer 44

Evaluation Assurance Level (EAL)

Question 45

Any noticeable action or occurrence.

Answer 45

event

Question 46

A calculation of how much data (or other assets) could be lost from a single occurrence. If all the data on the network could be jeopardized by a single attack - the exposure factor is 100 percent.

Answer 46

exposure factor

Question 47

A threat that originates from outside the company.

Answer 47

external threat

Question 48

Web (or similar) services set up in a private network to be accessed internally and by select external entities - such as vendors and suppliers.

Answer 48

extranet

Question 49

Examining data leaving the network for signs of malicious traffic.

Answer 49

extrusion

Question 50

Programs that provide additional functionality to Web browsers.

Answer 50

Add-ons

Question 51

Part of the TCP/IP protocol for determining the MAC address based on the ip address.

Answer 51

Address Resolution Protocol (ARP)

Question 52

An attack that corrupts the ARP cache.

Answer 52

ARP poisoning

Question 53

Files that are coupled to e-mail messages.

Answer 53

Attachments

Question 54

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

Answer 54

Buffer Overflow

Question 55

An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data.

Answer 55

Client-side Attack

Question 56

A file on a local computer in which a server stores user-specific information.

Answer 56

Cookie

Question 57

Injecting and executing commands to execute on a server.

Answer 57

Command Injection

Question 58

An attack that injects scripts into a Web application server to direct attacks at clients.

Answer 58

Cross-site Scripting (XSS)

Question 59

An attack that attempts to prevent a system from performing its normal functions.

Answer 59

Denial of Service (DoS)

Question 60

An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.

Answer 60

Directory Traversal

Question 61

An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.

Answer 61

Distributed Denial of Service (DDoS)

Question 62

An attack that substitututes DNS addresses so that the computer is automatically redirected to another device.

Answer 62

DNS Poisoning

Question 63

A hierarchical name system for matching computer names and numbers.

Answer 63

Domain Name System (DNS)

Question 64

A cookie that is created from the Web site that currently is being viewed.

Answer 64

First-party Cookie

Question 65

A cookie named after the Adobe Flash player.

Answer 65

Flash Cookie

Question 66

A list of the mappings of names to computer numbers.

Answer 66

Host Table

Question 67

Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.

Answer 67

HTTP Header

Question 68

Modifying HTTP headers to create an attack.

Answer 68

HTTP header manipulaatioon

Question 69

An attack that intercepts legitimate communication and forges a fictitious response to the sender.

Answer 69

Man-in-the-Middle

Question 70

A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.

Answer 70

Persistent Cookie (tracking cookie)

Question 71

A utility that sends an ICMP (Internet Control Message Protocol) echo request message to a host.

Answer 71

Ping

Question 72

An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.

Answer 72

Ping Flood

Question 73

An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.

Answer 73

Privilege Escalation

Question 74

An attack that makes a copy of the transmission before sending it to the recipient.

Answer 74

Replay

Question 75

A cookie that is only used when a browser is visiting a server using a secure connection.

Answer 75

Secure Cookie

Question 76

A cookie that is stored in Random Access Memory (RAM) - instead of on the hard drive - and only lasts for the duration of visiting a Web site.

Answer 76

Session Cookie

Question 77

An attack in which an attacker attempts to impersonate the user by using his session token.

Answer 77

Session Hijacking

Question 78

A form of verification used when accessing a secure Web application.

Answer 78

Session Token

Question 79

An attack that broadcasts a ping request to all computers on the network yet changes the address from which the quest came to that of the target.

Answer 79

Smurf Attack

Question 80

Impersonating another computer or device.

Answer 80

Spoofing

Question 81

An attack that targets SQL servers by injecting commands to be manipulated by the database.

Answer 81

SQL Injection

Question 82

An attack that takes advantage of the procedures for initiating a TCP session.

Answer 82

SYN Flood Attack

Question 83

A cookie that was created by a third party that is different from the primary Web site.

Answer 83

Third-Party Cookies

Question 84

An attack involving using a third party to gain access rights.

Answer 84

Transitive Access

Question 85

A markup language that is designed to carry data instead of indicating how to display it.

Answer 85

XML (Extensible Markup Language)

Question 86

An attack that injects XML tags and data into a database.

Answer 86

XML Injection

Question 87

Attacks that exploit previously unknown vulnerabilities

Answer 87

Zero Day Attacks

Question 88

What are the three vulnerability control types?

Answer 88

Technical - Management and Operational

Question 89

What are the three primary functions of controls?

Answer 89

Preventative - detective and corrective

Question 90

The National Institue of Standards and Technology

Answer 90

NIST

Question 91

Information Technology Laboratory

Answer 91

ITL

Question 92

Uses technology to reduce vulnerabilities.

Answer 92

Technical Control

Question 93

Specifies that individuals or processes are granted only rights and permissions needed to perform their assigned tasks or functions - but no more

Answer 93

Least Privelege

Question 94

Provides protection against infection from malicious software and viruses

Answer 94

Antivirus software

Question 95

Monitors a network or host for intrusions and provides ongoing protection against various threats

Answer 95

Intrusion Detection Systems (IDSs)

Question 96

Restricts network traffic going in and out of a network

Answer 96

Firewall

Question 97

Use planning and assessment methods to provide an ongoing review of the organization’s ability to reduce and manage risk.

Answer 97

Management Controls

Question 98

Helps quantify and qualify risks within an organization so that they can focus on serious risks.

Answer 98

Risk assessments

Question 99

Attempts to discover current vulnerabilities

Answer 99

Vulnerability assessments

Question 100

Helps ensure that day-to-day operations of an organization comply with their overall security plan

Answer 100

Operational Controls