Chapter 4 Flashcards
- An attack in which an SYN flood ties up all open sessions in
order to overwhelm a computer, is known as?
A. Domain hijacking
B. Session replays
C. A DDoS
D. A resource exhaustion attack
D. The correct answer is A resource exhaustion attack. Resource
exhaustion attacks are computer security exploits that crash, hang,
or otherwise interfere with the targeted program or system. They
are a form of denial-of-service attack but are different from
distributed denial-of-service attacks, which involve overwhelming a
network host such as a web server with requests from many
locations.
- The National Intelligence Service, NIS, wants to perform a
penetration test; they use airplanes and drones in order to gather
some information for the penetration test. What term describes this
action the NIS has performed to gather information?
A. Airplane attack
B. Fly hijacking
C. Drone attack
D. War flying
D. The correct answer is War flying. War flying is an activity
consisting of using an airplane and a Wi-Fi-equipped computer,
such as a laptop or a PDA, to detect Wi-Fi wireless networks. War
flying shares similarities to Wardriving and Warwalking in all
aspects except for the method of transport
- A system in your organization has a vulnerability in the Apache version being run on it. You try to conduct a vulnerability scan on the system using up-to-date definitions, but the scan does not indicate the problem present, what problem are you facing?
A. Positive false
B. False negative
C. False positive
D. Negative false
B. The correct answer is False negative. A false negative state is
when the IDS identifies an activity as acceptable when the activity
is actually an attack. That is, a false negative is when the IDS fails
to catch an attack.
- Attackers are likely to target passwords that are stored in
memory because?
A. They are often in plain text
B. They are often encrypted
C. They are often hashed
D. None of the above
A. The correct answer is They are often in plain text. Passwords
stored in memory are stored in plain text usually. This makes it easy
for the attackers to recover the password when they access the
memory, even if the storage is temporary.
- What is the supply chain risk involved in purchasing network devices from a gray market supplier who imports the devices without any direct relationship with the original manufacturers?
A. No warranty
B. No support
C. No updates
D. All the above
D. The correct answer is All the above.
- What is the supply chain risk involved in purchasing network devices from a gray market supplier who imports the devices without any direct relationship with the original manufacturers?
A. Proxy logs
B. Endpoint logs
C. Application logs
D. Web server logs
D. The correct answer is Web server logs. XML injection is majorly perpetrated by altering HTTP queries sent to an XML-based web service. When you check the web server log, you can see if any unexpected user input is visible in the logs.
- If you decide to operate in your on-site infrastructure rather than the publishing service of your cloud hosting company, then what technology would you use to identify the kind of attack you are facing?
A. A firewall
B. An IPS
C. An IDS
D. A proxy
B. The correct answer is An IPS. The data he needs is likely to come from an IPS. When he gets that, he can then determine if the attack is a DoS attack, and the IPS can help him determine the source of the DoS attack.
- To ensure that one does not have unwanted ports and services running on a device whilst not being able to make a scan for breaches, what can one do?
A. Network topology assessment
B. Network topology review
C. Configuration assessment
D. Configuration review
D. The correct answer is Configuration review. Configuration reviews and configuration management tools can be used to ensure that no unwanted ports or services are accessible.
- The cybersecurity administrator in an organization, instead of using a single vendor for the Network and host antimalware, puts them on different vendors. This action can be described as?
A. Technology diversity
B. Vendor diversity
C. Crypto diversity
D. Control diversity
B. The correct answer is Vendor diversity. Vendor diversity is the practice of implementing security controls from different vendors to increase security. Many DMZs use two firewalls and vendor diversity dictates the use of firewalls from different vendors.
For example, one firewall could be a Cisco firewall and the other one could be a Check Point firewall. If a vulnerability is discovered
in one of these firewalls, an attacker might be able to exploit it. However, it’s unlikely that both firewalls would develop a vulnerability at the same time.
- A windows picture password can be categorized as?
A. Somewhere you are
B. Something you have
C. Something you know
D. Something you can do
D. The correct answer is Something you can do. Something you can do is a type of authentication which proves identities by
observing actions. These actions could be things like gestures or touches. Windows 8 users might know about a feature called
Picture Password. This feature allows the user to set up gestures and touches on a picture as a way to authenticate themselves.
- The process of deploying 1,000 rounds of MD5 hashing to secure confidential details e.g passwords, is called?
A. Perfect forward secrecy
B. Hashing
C. Salting
D. Key stretching
D. The correct answer is Key stretching. Key stretching is the practice of converting a password to a longer and more random key
for cryptographic purposes such as encryption. This is generally recognized as making encryption stronger as it ensures that the encryption itself is reasonably hard.
- To ascertain that the session is not breached even if the
server’s private key is, which of the listed cryptographic capabilities will we use?
A. Lightweight cryptography
B. Key stretching
C. Elliptic-curve cryptography
D. Perfect forward secrecy
D. The correct answer is Perfect forward secrecy. In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if longterm secrets used in the session key exchange are compromised.
- You are in charge of application development in your company and want to ensure that no web application is deployed live before testing. Your company prefers that you do the test with a system that looks like the live server. What do we call this?
A. Deploy server
B. Test server
C. Pre-test server
D. Non production server
B. The correct answer is Test server. The Test Server is a place
where new updates, features, and mechanics are tested before
being released to the main servers. Sometimes, these servers are in a closed-testing mode, meaning that only developers and testers can access them.
- Which of the following is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems?
A. IDS
B. Data loss prevention
C. Fake telemetry
D. Honeypot
D. The correct answer is Honeypot. In computer terminology, a
honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.
Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site and contain information or resources of value to attackers. It is actually isolated,
monitored, and capable of blocking or analyzing the attackers. This is similar to police sting operations, colloquially known as “baiting” a suspect.
