Chapter 9

Question 1

Different types of organizations have similar levels of network security risks.

T/F

Answer 1

False

Question 2

The term malware is derived from a combination of the words malicious and software.

T/F

Answer 2

True

Question 3

A hacker, in the original sense of the word, is someone with technical skills and malicious intent.

T/F

Answer 3

False

Question 4

The day after Patch Tuesday is informally Exploit Wednesday.

T/F

Answer 4

True

Question 5

A drop ceiling could be used by an intruder to gain access to a secured room.

T/F

Answer 5

True

Question 6

Over a long distance connection, using SSH keys is more secure than using passwords.

T/F

Answer 6

True

Question 7

The original version of the Secure Hash Algorithm was developed by MIT.

T/F

Answer 7

False

Question 8

Sudden unexplained increases in file sizes and unusual error messages with no apparent cause are both potential symptoms of a viral infection.

T/F

Answer 8

True

Question 9

Current research indicates that a long, random string of words, such as correct horse battery staple is much more secure than a random series of letters, numbers, and symbols that is short enough to be remembered.

T/F

Answer 9

True

Question 10

It is ideal to use the same password for multiple different applications, provided the password is complex enough.

T/F

Answer 10

False

Question 11

Which penetration testing tool combines known scanning and exploit techniques to explore potentially new attack routes?

Nessus
metasploit
nmap
Sub7

Answer 11

metasploit

Question 12

Which of the following statements correctly describes the malware characteristic of polymorphism?

Polymorphic malware can change its characteristics every time it is transferred to a new system.

Polymorphic malware is designed to activate on a particular date, remaining harmless until that time.

Polymorphic malware is software that disguises itself as a legitimate program, or replaces a legitimate program’s code with destructive code.

Polymorphic malware utilizes encryption to prevent detection.

Answer 12

Polymorphic malware can change its characteristics every time its transferred to a new system

Question 13

A virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what kind of malware?

encrypted virus
logic bomb
boot sector virus
worm

Answer 13

logic bomb

Question 14

Which of the following statements describes a worm?

A program that disguises itself as something useful but actually harms your system.

A process that runs automatically, without requiring a person to start or stop it.

A program that runs independently of other software and travels between computers and across networks.

A program that locks a user’s data or computer system until a ransom is paid.

Answer 14

A program that runs independently of other software and travels between computers a across networks

Question 15

If multiple honeypots are connected to form a larger network, what term is used to describe the network?

combolure
lurenet
honeycomb
honeynet

Answer 15

honeynet

Question 16

An attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack?

buffer overflow
session hijacking attack
man-in-the-middle attack
banner-grabbing attack

Answer 16

man-in-the-middle attack

Question 17

Which of the following scenarios represents a phishing attempt?

An employee at your company has received a malware-infected file in their e-mail.

A person posing as an employee tried to access a secured area at your organization.

A gift was offered to an employee with access to secured information in exchange for details.

An e-mail was sent to a manager at your company that appeared to be from the company’s CTO, asking for access.

Answer 17

An email was sent to a manager at your company that appeared to be from the company’s CTO, asking for access

Question 18

In a red team blue team exercise, what is the purpose of the blue team?

The blue team is tasked with attacking the network.

The blue team must observe the actions of the red team.

The blue team is charged with the defense of the network.

The blue team consists of regulators that ensure no illegal activity is undertaken.

Answer 18

The blue team is charged with the defense of the network

Question 19

Which of the following utilities performs sophisticated vulnerability scans, and can identify unencrypted data such as credit card numbers?

Nmap
Nessus
Metasploit
L0phtcrack

Answer 19

Nessus

Question 20

If someone is offered a free gift or service in exchange for private information or access to a computer system, what type of social engineering is taking palce?

phishing
baiting
quid pro quo
tailgating

Answer 20

quid pro quo

Question 21

A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this?

phishing
baiting
quid pro quo
tailgating

Answer 21

tailgating

Question 22

In the typical social engineering attack cycle, what occurs in Phase 3?

The attacker researches the desired target for clues as to vulnerabilities.

The attacker builds trust with the target and attempts to gain more information.

The attacker exploits an action undertaken by the victim in order to gain access.

The attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.

Answer 22

The attacker exploits an action undertaken by the victim in order to gain access

Question 23

The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?

least-risk privilege profile
principle of least privilege
minimal access/minimal exposure
limited liability access

Answer 23

principle of least privilege

Question 24

What statement regarding denial of service attacks is accurate?

A denial-of-service attack occurs when a MAC address is impersonated on the network.

A denial-of-service attack prevents legitimate users from accessing normal network resources.

A denial-of-service attack is generally a result of a disgruntled employee.

A denial-of-service attack is no longer a major concern due to the increased throughput available on most networks.

Answer 24

A denial of service attack prevents legitimate users from accessing normal network resources

Question 25

Utilized by China’s so called “Great Firewall”, what type of attack can prevent user access to web pages, or even redirect them to illegitimate web pages?

MAC address spoofing
denial-of-service attack
DNS poisoning
rogue DHCP server

Answer 25

DNS poisoning

Question 26

What is the Nmap utility used for?

It is used to identify unsecured sensitive data on the network, such as credit cards.

It is an automated vulnerability and penetration testing framework.

It is a software firewall that can be used to secure a vulnerable host.

It is a port scanning utility that can identify open ports on a host.

Answer 26

It is a port scanning utility that can identify open ports on a host

Question 27

How is a posture assessment performed on an organization?

A thorough examination of each aspect of the organization’s network is performed to determine how it might be compromised.

A third party organization is tasked with attempting to break into the organization and compromise security in order to determine threat vectors.

A report of data that is subject to special regulation is created, such that the organization is aware of what data needs protection.

An assessment of how a network will perform under stress is performed to determine if the network throughput is adequate.

Answer 27

A thorough examination of each aspect of the organization’s network is performed to determine how it might be compromised

Question 28

What type of door access control is physical or electronic lock that requires a code to open the door?

key fob lock
cipher lock
biometric lock
encrypted lock

Answer 28

cipher lock

Question 29

An RFID label on a box is an example of what type of physical security detection method?

motion detection technology
video surveillance via CCTV
tamper detection
asset tracking tagging

Answer 29

asset tracking tagging

Question 30

What statement regarding the different versions of the SHA hashing algorithm is accurate?

SHA-0 is the most secure version of SHA.

SHA-1 supports a 128-bit hash function.

SHA-2 only supports a 256-bit hash.

SHA-2 and SHA-3 both support the same hash lengths.

Answer 30

SHA-2 and SHA-3 both support the same hash lengths

Question 31

On a Linux based system, what command can you use to create a hash of a file using SHA-256?

sha1sum
md5sum
sha256sum
shasum -a 256

Answer 31

sha256sum

Question 32

What command can be used on a Windows system to create a hash of a file?

md5
shasum
Get-FileHash
Compute-FileHash

Answer 32

Get-FileHash

Question 33

VMware’s AirWatch and Cisco’s Meraki Systems Manager are both examples of what type of software?

mobile device management software
software defined network software
virtual device management software
cloud network management software

Answer 33

mobile device management software

Question 34

A variant of BYOD, what does CYOD allow employees or students to do?

They can supply their own software on a computer or mobile device.

They can supply their choice of cloud application or storage.

They can choose a device from a limited number of options.

They can use whatever devices they wish to bring.

Answer 34

They can choose a device from a limited number of options

Question 35

Where would restrictions regarding what users can and cannot do while accessing a network’s resources be found?

acceptable use policy document
terms of service document
license restrictions document
non-disclosure agreement document

Answer 35

acceptable use policy document

Question 36

What document addresses the specific concerns related to special access given to administrators and certain support staff?

non-disclosure agreement
acceptable use policy
password policy
privileged user agreement

Answer 36

privileged user agreement

Question 37

Which of the following scenarios would necessitate the use of a non disclosure agreement?

Your company wishes to educate users on the proper use of the network.

Your company needs to prevent a new contractor from sharing information with a potential competitor.

Your company needs to impose password restrictions on new users in the network.

Your company would like to allow employees to bring their own devices.

Answer 37

Your company needs to prevent a new contractor from sharing information with a potential competitor

Question 38

How often should you require users to change their passwords?

every 30 days
every 60 days
every 90 days
every 120 days

Answer 38

every 60 days

Question 39

What type of attack forces clients off a wireless network, creating a form of Wi-Fi DoS?

deauthentication attack
channel hopping attack
man-in-the-middle attack
ARP poisoning attack

Answer 39

deauthentication attack

Question 40

Which type of DoS attack involves an attack that is bounced off uninfected computers before being directed at the target?

cached denial-of-service attack
distributed denial-of-service attack
distributed reflection denial-of-service attack
permanent denial-of-service attack

Answer 40

distributed reflection denial of service attack