Exam 1

Question 1

Process of Auditing A Network or Application for Known Exploits

Answer 1

Vulnerability Scanning

Question 2

Control Designed to Physically or Logically restrict unauthorized access

Answer 2

Preventative Control

Question 3

Method of Assessing the Security of Systems available to an insider

Answer 3

Credentialed Scan

Question 4

Preventing an incident from spreading to other areas

Answer 4

Containment

Question 5

The art of making a message difficult to understand

Answer 5

Ohdufucation

Question 6

The only truly unbreakable encryption mechanism

Answer 6

One-Time Pad

Question 7

Document that shows a red team has obtained permission to perform a penetration test

Answer 7

Personal Letter of authorization - Get out of jail free card

Question 8

Property that an encryption key should not be derivable from the ciphertext

Answer 8

Confusion

Question 9

Control Designed to discourage an attacker from attempting an attack

Answer 9

Deterrent

Question 10

Action taken to reduce the likelihood of a threat occuring

Answer 10

Mitigation

Question 11

Completely removing the cause of an incident

Answer 11

eradication

Question 12

Process of returning to normal operations following and incident

Answer 12

Recovery

Question 13

Security principle that states data should only be modified by authorized individuals

Answer 13

Integrity

Question 14

Control designed to identify and record any attempted intrusions

Answer 14

Detective

Question 15

Property that predictable features of the plaintext should not be evident in the ciphertext

Answer 15

Difusion

Question 16

Limits established for security assessments

Answer 16

Rules of engagement

Question 17

Goal of ensuring that someone cannot deny sending or creating certain data

Answer 17

Non Repudiation

Question 18

Security tool used to lure attackers away from actual network systems

Answer 18

Honey Pot

Question 19

Documents that detail requirements for protecting technology and information assets

Answer 19

Security Policy

Question 20

Member of an incident response team who initially takes charge

Answer 20

First Responder

Question 21

Method of Isolating a particular system or network for analysis following an incident

Answer 21

Quarantine - Sandboxing

Question 22

Obtaining access to an it manager’s credentials after compromising another employee

Answer 22

Escalation of Privelages

Question 23

Control that restores the function of the system through some other means

Answer 23

compensating

Question 24

Implementing security controls at various levels

Answer 24

Defense in Depth or Layered Security

Question 25

Control responds to and fixes an incident any may also prevent its recurrence

Answer 25

Corrective Control

Question 26

Specific method for establishing a shared secret across an insecure channel (a method of securely exchanging cryptographic keys over a public channel)

Answer 26

Diffle-Hellman Merkle

Question 27

Tactic to obtain someone’s credentials through observations

Answer 27

Shoulder Surfing

Question 28

Obtaining information from publicly available sources

Answer 28

Opensource Intelligence

Question 29

A form of malicious code that appears to perform one service, but also hides another purpose

Answer 29

Trojan Horse

Question 30

Intercepting and logging traffic that passes over a network

Answer 30

Packet Sniffing

Question 31

Malicious code that enables administrator-level access to a computer or network

Answer 31

RootKits

Question 32

A hidden method used to gain access to a computer system; Sometimes used by software developers

Answer 32

Backdoors

Question 33

Failing to shred documents leaves them vulnerable to this type of attack

Answer 33

Dumpster diving

Question 34

Common motivations and intents can be used to group attacker into these

Answer 34

Threat Actors

Question 35

Path or tool used to exploit a vulnerability

Answer 35

Threat Vector

Question 36

Used by attacker to discover unprotected wireless networks

Answer 36

War Driving

Question 37

Error in establishing or maintaining a security control

Answer 37

Misconfiguration

Question 38

Method of entering a secured area without authorization

Answer 38

Tailgating - Piggy Backing

Question 39

Hactivists are known for employing this type of attack

Answer 39

Denial of Service

Question 40

Replaying and spoofing packets would be classified as this

Answer 40

Injection

Question 41

A form of malicious code that is triggered by a specific event or condition

Answer 41

Logic Bomb

Question 42

Technique used to determine what is running on a particular system

Answer 42

Service Discovery or Fingerprinting

Question 43

Technique used to convince Burger King workers to break the windows of the restaurant

Answer 43

Intimidation

Question 44

Utility to show network information, such as active connection and routing tables

Answer 44

Netstat

Question 45

Claiming someone has given you permission

Answer 45

Authority

Question 46

Most challenging type of Threat Actor

Answer 46

Malicious Insider

Question 47

An arbitrary 24-bit number used along with a secret key for data wep encryption

Answer 47

Initialization Vector

Question 48

Malware capable of stealing typed credentials

Answer 48

Keylogger

Question 49

Attacker’s ability to obtain, maintain, and diversify access

Answer 49

Advanced persistent threat

Question 50

Specific setting to listen to all nearby wireless traffic

Answer 50

Promiscuous Mode

Question 51

Research activity that involves running specific queries

Answer 51

Google Hacking