Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CYBR4330 > CYBR 4330 - Week 7 > Flashcards

CYBR 4330 - Week 7 Flashcards

1
Q

What tool can be used to read and write data to ports over a network?

A

Netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of IDS/IPS is used to protect a critical network server or database server by installing the IDS or IPS software on the system you’re attempting to protect?

A

Host-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What type of IDSs/IPSs monitors activity on network segments by sniffing traffic as it flows over the network and alerting a security administrator when something suspicious occurs?

A

Network-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of Windows Server is the most likely server to be targeted by a computer hacker?

A

Domain Controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of an IDS is being used when it does not take any action to stop or prevent an activity occurring?

A

passive system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?

A

vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of attack causes the victim’s computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?

A

Ping of Death

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters?

A

brute force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms?

A

known plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What type of attack is being performed when an attacker intercepts the initial communications between a Web server and a Web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher?

A

SSL/TLS downgrade attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt?

A

chosen-plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What type of attack is occurring when an attacker places themselves between two parties and manipulates messages being passed back and forth?

A

Man-in-the-Middle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of cryptography is demonstrated by reversing the alphabet so A becomes Z, B becomes Y, and so on?

A

substitution cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of encryption is currently used to secure WPA2?

A

AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does?

A

application-aware firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of function is being performed when a router screens packets based on information in the packet header?

A

router screening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

router screening

A

HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What type of hardware devices and computer programs can be used to obtain passwords by capturing key strokes on a targeted computer system?

A

Keyloggers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What type of laws should a penetration tester or student learning hacking techniques be aware of?

A

local, state, and federal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What type of malicious code could be installed in a system’s flash memory to allow an attacker to access the system at a later date?

A

BIOS-based rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of malicious computer programs present themselves as useful computer programs or applications?

A

Trojan programs

22
Q

What type of malicious procedure involves using sniffing tools to capture network communications to intercept confidential information or gather credentials that can be used to extend the attack?

A

eavesdropping

23
Q

What type of malicious program cannot stand on its own and can replicate itself through an executable program attached to an e-mail?

A

virus

24
Q

What type of modulation spreads data across a large-frequency bandwidth instead of traveling across just one frequency band?

A

Spread spectrum

25
Q

What type of network attack relies on guessing a TCP header’s initial sequence number, or ISN?

A

Session hijacking

26
Q

What type of packet filtering records session-specific information about a network connection, including the ports a client uses?

A

Stateful

27
Q

What type of port scan has the FIN, PSH, and URG flags set?

A

XMAS scan

28
Q

What type of port scan is similar to a SYN scan and is risky to use because it relies on the attacked computer’s OS?

A

Connect

29
Q

What type of system converts between plaintext and ciphertext?

A

cryptosystem

30
Q

What type of testing procedure involves the tester(s) analyzing the company’s security policy and procedures, and reporting any vulnerabilities to management?

A

security test

31
Q

What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?

A

null session

32
Q

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?

A

developer tools

33
Q

What type of virus is used to lock a user’s system, or cloud accounts until the system’s owner complies by paying the attacker a monetary fee?

A

ransomware

34
Q

What type of viruses and code has been created by security researchers and attackers that could infect phones running Google’s Android, Windows Mobile, and the Apple iPhone OS?

A

Java-based

35
Q

What upper-level service is required to utilize file and printer sharing in Windows?

A

Server Message Block

36
Q

What utility can be used to intercept detailed information from a company’s Web site?

A

Zed Attack Proxy

37
Q

What version of Windows Server has completely eliminated the option for telnet server?

A

Windows Server 2016

38
Q

What wireless hacking tool can perform scans for wireless access points and can set up fake APs to social-engineer users or confuse attackers using airbase-ng?

A

WiFi Pineapple

39
Q

When Web site visitors are involved in downloading malicious code without their knowledge, they may be unknowingly involved in what type of process?

A

drive-by download

40
Q

When a TCP three-way handshake ends, both parties send what type of packet to end the connection?

A

FIN

41
Q

When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?

A

zombies

42
Q

When a programmer exploits written code that doesn’t check for a defined amount of memory space they are executing which of the following attacks?

A

buffer overflow

43
Q

When a security professional is presented with a contract drawn up by a company’s legal department, which allows them to “hack” the company’s network, they should proceed by performing what precautionary step?

A

consult their lawyer

44
Q

When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?

A

spear phishing

45
Q

When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing?

A

dictionary

46
Q

When an individual attempts to discover as much information legally possible about their competition, what information gathering technique are they performing?

A

competitive intelligence

47
Q

When hackers drive around or investigate an area with an antenna, they are usually looking for which component of a wireless network?

A

access point

48
Q

When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer?

A

flag

49
Q

When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?

A

ping sweep

50
Q

When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?

A

Share-level security

CYBR4330 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions