CYBR 4330 - Week 5

Question 1

What is the current file system that Windows utilizes that has strong security features?

Answer 1

NTFS

Question 2

What is the current file system that Windows utilizes that has strong security features?

Answer 2

NTFS

Question 3

What is the decimal equivalent of the binary number 11000001?

Answer 3

193

Question 4

What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?

Answer 4

port

Question 5

What is the most serious shortcoming of Microsoft’s original File Allocation Table (FAT) file system?

Answer 5

no ACL support

Question 6

What is the most serious shortcoming of Microsoft’s original File Allocation Table (FAT) file system?

Answer 6

no ACL support

Question 7

What is the passive process of finding information on a company’s network called?

Answer 7

footprinting

Question 8

What is the specific act of checking a user’s privileges to understand if they should or should not have access to a page, field, resource, or action in an application?

Answer 8

authorization

Question 9

What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?

Answer 9

input validation

Question 10

What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?

Answer 10

Application

Question 11

What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments?

Answer 11

Transport layer

Question 12

What layer, in the TCP/IP stack, do applications and protocols, such as HTTP and Telnet, operate?

Answer 12

Application

Question 13

What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?

Answer 13

Internet

Question 14

What name is given to people who break into computer systems with the sole purpose to steal or destroy data?

Answer 14

crackers

Question 15

What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?

Answer 15

Fping

Question 16

What open source port-scanning tool is considered to be the standard port-scanning tool for security professionals?

Answer 16

NMap

Question 17

What open-source network utility allows you to use plug-ins to run test programs (scripts) that can be selected from the client interface?

Answer 17

OpenVAS

Question 18

What organization disseminates research documents on computer and network security worldwide at no cost?

Answer 18

SANS

Question 19

What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?

Answer 19

gray box

Question 20

What penetration model should be used when a company’s management team does not wish to disclose that penetration testing is being conducted?

Answer 20

black box

Question 21

What penetration model would likely provide a network diagram showing all the company’s routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?

Answer 21

white box

Question 22

What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network?

Answer 22

Acceptable Use Policy

Question 23

What port does the Domain Name System, or DNS service use?

Answer 23

53

Question 24

What port does the Hypertext Transfer Protocol, or HTTP service use?

Answer 24

80

Question 25

What port does the Simple Mail Transfer Protocol, or SMTP service use?

Answer 25

25

Question 26

What port does the Trivial File Transfer Protocol, or TFTP service use?

Answer 26

69

Question 27

What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?

Answer 27

443

Question 28

What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?

Answer 28

enumeration

Question 29

What professional level security certification did the “International Information Systems Security Certification Consortium” (ISC2) develop?

Answer 29

Certified Information Systems Security Professional (CISSP)

Question 30

What professional level security certification requires five years of experience and is designed to focus on an applicant’s security-related managerial skills?

Answer 30

Certified Information Systems Security Professional

Question 31

What professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate?

Answer 31

Offensive Security Certified Professional

Question 32

What programming languages are vulnerable to buffer overflow attacks?

Answer 32

C and C++

Question 33

What programming languages are vulnerable to buffer overflow attacks?

Answer 33

C and C++

Question 34

What protocol improves WPA encryption by adding Message Integrity Checks, Extended Initialization Vectors, Per-packet key mixing, and a Re-keying mechanism to improve encryption?

Answer 34

TKIP

Question 35

What protocol is the most widely used and allows all computers on a network to communicate and function

Answer 35

TCP/IP

Question 36

What router feature provides basic security by mapping internal private IP addresses to public external IP addresses, essentially hiding the internal infrastructure from unauthorized personnel?

Answer 36

NAT

Question 37

What security certification did the “The International Council of Electronic Commerce Consultants” (EC-Council) develop?

Answer 37

Certified Ethical Hacker (CEH)

Question 38

What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?

Answer 38

OPST

Question 39

What security feature was extended to the OS to alert the user when an application is launched on a Windows 8.1 computer?

Answer 39

SmartScreen

Question 40

What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?

Answer 40

dumpster diving

Question 41

What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?

Answer 41

Hacking

Question 42

What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?

Answer 42

domain controllers

Question 43

What specific type of spread spectrum modulation allows data to hop to other frequencies to avoid interference that might occur over a frequency band?

Answer 43

FHSS

Question 44

What specific type of tools can assist teams by identifying attacks and indicators of compromise by collecting, aggregating, and correlating log and alert data from routers, firewalls, IDS/IPS, endpoint logs, Web filtering devices, and other security tools?

Answer 44

SIEM

Question 45

What standard specifically defines the process of authenticating and authorizing users on a network?

Answer 45

802.1X

Question 46

What subject area is not one of the 22 domains tested during the CEH exam?

Answer 46

Trojan hijacking

Question 47

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

Answer 47

Piggybacking

Question 48

What term best describes a person who hacks computer systems for political or social reasons?

Answer 48

hacktivist

Question 49

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

Answer 49

Piggybacking

Question 50

What term best describes a person who hacks computer systems for political or social reasons?

Answer 50

hacktivist