Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Data Communication > Chapter 9: Network Risk Management > Flashcards

Chapter 9: Network Risk Management Flashcards

1
Q

A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this?

tailgating
baiting
phishing
quid pro quo

A

tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A variant of BYOD, what does CYOD allow employees or students to do?

They can supply their choice of cloud application or storage.

They can choose a device from a limited number of options.

They can use whatever devices they wish to bring.

They can supply their own software on a computer or mobile device.

A

They can choose a device from a limited number of options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An RFID label on a box is an example of what type of physical security detection method?

video surveillance via CCTV
asset tracking tagging
tamper detection
motion detection technology

A

asset tracking tagging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack?

man-in-the-middle attack
session hijacking attack
buffer overflow
banner-grabbing attack

A

man-in-the-middle attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How often should you require users to change their passwords?

every 90 days
every 60 days
every 30 days
every 120 days

A

every 60 days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If multiple honeypots are connected to form a larger network, what term is used to describe the network?

honeycomb
combolure
lurenet
honeynet

A

honeynet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In a red team-blue team exercise, what is the purpose of the blue team?
You Answered

The blue team is tasked with attacking the network.

The blue team consists of regulators that ensure no illegal activity is undertaken.

The blue team must observe the actions of the red team.

The blue team is charged with the defense of the network.

A

The blue team is charged with the defense of the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In the typical social engineering attack cycle, what occurs at Phase 3?
The attacker researches the desired target for clues as to vulnerabilities.

The attacker exploits an action undertaken by the victim in order to gain access.

The attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.

The attacker builds trust with the target and attempts to gain more information.

A

The attacker exploits an action undertaken by the victim in order to gain access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?

minimal access/minimal exposure
limited liability access
least-risk privilege profile
principle of least privilege

A

principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Utilized by China’s so-called “Great Firewall”, what type of attack can prevent user access to web pages, or even redirect them to illegitimate web pages?

DNS poisoning
denial-of-service attack
MAC address spoofing
rogue DHCP server

A

denial-of-service attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What document addresses the specific concerns related to special access given to administrators and certain support staff?

password policy

privileged user agreement

acceptable use policy

non-disclosure agreement

A

privileged user agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the Nmap utility used for?
Correct!

It is a port scanning utility that can identify open ports on a host.

It is a software firewall that can be used to secure a vulnerable host.

It is used to identify unsecured sensitive data on the network, such as credit cards.

It is an automated vulnerability and penetration testing framework.

A

It is a port scanning utility that can identify open ports on a host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What statement regarding denial-of-service (DoS) attacks is accurate?

A denial-of-service attack prevents legitimate users from accessing normal network resources.

A denial-of-service attack is no longer a major concern due to the increased throughput available on most networks.

A denial-of-service attack occurs when a MAC address is impersonated on the network.

A denial-of-service attack is generally a result of a disgruntled employee.

A

A denial-of-service attack prevents legitimate users from accessing normal network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What statement regarding the different versions of the SHA hashing algorithm is accurate?

SHA-0 is the most secure version of SHA.

SHA-1 supports a 128-bit hash function.

SHA-2 only supports a 256-bit hash.

SHA-2 and SHA-3 both support the same hash lengths.

A

SHA-2 and SHA-3 both support the same has lengths.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of door access control is a physical or electronic lock that requires a code in order to open the door?

cipher lock
key fob lock
biometric lock
encrypted lock

A

cipher lock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Where would restrictions regarding what users can and cannot do while accessing a network’s resources be found?

license restrictions document

terms of service document

non-disclosure agreement document

acceptable use policy document

A

acceptable use policy document

17
Q

Which of the following scenarios represents a phishing attempt?

A person posing as an employee tried to access a secured area at your organization.

An employee at your company has received a malware-infected file in their e-mail.

An e-mail was sent to a manager at your company that appeared to be from the company’s CTO, asking for access.

A gift was offered to an employee with access to secured information in exchange for details.

A

An e-mail was sent to a manager at your company that appeared to be from the company’s CTO, asking for access.

18
Q

Which of the following scenarios would necessitate the use of a non-disclosure agreement?

Your company needs to impose password restrictions on new users in the network.
  
Your company wishes to educate users on the proper use of the network.

Your company would like to allow employees to bring their own devices.

Your company needs to prevent a new contractor from sharing information with a potential competitor.

A

Your company needs to prevent a new contractor from sharing information with a potential competitor.

19
Q

Which of the following statements describes a worm?

A process that runs automatically, without requiring a person to start or stop it.

A program that locks a user’s data or computer system until a ransom is paid.

A program that runs independently of other software and travels between computers and across networks.

A program that disguises itself as something useful but actually harms your system.

A

A program that runs independently of other software and travels between computers and across networks.

20
Q

Which of the following utilities performs sophisticated vulnerability scans, and can identify unencrypted data such as credit card numbers?

Metasploit
L0phtcrack
Nmap
Nessus

A

Nessus

Data Communication (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions