EXAM

Question 1

T or F. The potential for a hacker to compromise the system is called an attack.

Answer 1

F. The potential for a hacker to compromise the system is called an attack.

It’s a threat

Question 2

T or F. A virus deletes all of the content of your hard drive at home. This was the virus’ transport mechanism.

Answer 2

F. A virus deletes all of the content of your hard drive at home. This was the virus’ transport mechanism.

It’s the payload – or what the virus does when it executes.

Question 3

T or F. A particular type of malware looks for an Administrator’s name on the payroll. If its not found, it starts to delete files. This is known as a backdoor.

Answer 3

F. A particular type of malware looks for an Administrator’s name on the payroll. If its not found, it starts to delete files. This is known as a backdoor.

This describes a logic bomb

Question 4

T or F. A virus is a fragment of code that requires user action to deliver its payload.

Answer 4

T. A virus is a fragment of code that requires user action to deliver its payload.

Worms are standalone code that automatically replicates across the network.

Question 5

Sarbanes-Oxley applies to which industry?

• Publicly traded companies
• Healthcare
• Financial
• Retail

Answer 5

Sarbanes-Oxley applies to which industry?

-Publicly traded companies

Question 6

GLBA applies to which industry?

• Publicly traded companies
• Healthcare
• Financial
• Retail

Answer 6

GLBA applies to which industry?

-Financial

Question 7

PCI-DSS applies to which industry?

• Publicly traded companies
• Healthcare
• Financial
• Retail

Answer 7

PCI-DSS applies to which industry?

-Retail

Question 8

Information about yourself, such as your SSN, is called _____ ________ ______.

Answer 8

Personally Identifiable Information.

Question 9

True or False. FISMA only applies to federal agencies.

Answer 9

True

Question 10

Which of the following is the estimated asset value loss for the year? (ALE, ARO, AV)

Answer 10

ALE

Question 11

Risk acceptance means what, and would be used when?

Answer 11

Do nothing to mitigate (reduce) the risk. It would be used when the cost of the risk is less than the cost of the control.

Question 12

T or F. Your boss asks you to do a port scan of a competitor’s website. This is OK as long as you document that the boss asked you to do this.

& What is the law you just broke if you did hack the competitor?

Answer 12

F

18 U.S.C. 1030

Question 13

What section in the act governs unauthorized eavesdropping on transmitted communications?

Answer 13

Section 2511

Question 14

Breaking a cipher by trying to use every possible key combination is a __________ attack.

Answer 14

Brute Force attack

Question 15

The process of defeating cryptographic systems is known as ___________________.

• Cryptography
• Cryptanalysis
• Cryptology
• Decryption

Answer 15

Cryptanalysis

Question 16

SNMP is a protocol that traps network messages into a MIB that can be logged into to access the data.

What version of SNMP should you be using and why?

Answer 16

3.0 or higher as it encrypts network traffic and the “community string” which is the SNMP password at the devices.

Question 17

A wireless encryption protocol that has a weakness with its initialization vector

• WEP
• WPA
• DES
• WPA2 Enterprise

Answer 17

WEP – WPA2 is the one that you should be using (802.11i)

Question 18

_______ is the protocol that resolves IP addresses to MAC addresses

Answer 18

ARP

Question 19

T or F. Changing your IP Address to masquerade as someone else is called IP Poisoning.

Answer 19

F.

It’s called IP Spoofing

Question 20

An _______________ ______________ is an attack on a wireless network in which an Access Point is configured exactly like an authorized AP.

Answer 20

Evil Twin

Question 21

An address associated with an application running on the system is known as a (MAC address, IP address, port number). Pick one.

Answer 21

port number

Question 22

This is an attack on a network layer protocol that resolves application layer addresses to network layer addresses. It can be used to redirect the user to a malicious Web site where authentication credentials can be obtained.

• DNS Poisoning
• ARP Poisoning
• IP Spoofing
• Smurf Attack

Answer 22

DNS Poisoning

Question 23

Which of the following is not a range used by NAT for private IP Addresses.

a. 10.0. 0.0 – 10.255. 255.255.
b. 172.16. 0.0 – 172.31. 255.255.
c. 192.168. 0.0 – 192.168. 255.255.

Answer 23

172.16. 0.0 – 172.31. 255.255.

Question 24

An attack in which the system is flooded with packets to make it unavailable to others is a _____________.

Answer 24

DoS or DDoS

Question 25

Two documents that are hashed produce the same digest (output). This is called a/an ____________.

Answer 25

collision

Question 26

A MAC function uses what as inputs?

Answer 26

Shared key and message

Question 27

T or F. If the hashing algorithm is known, it can be reverse-engineered to figure out the object that was hashed.

Answer 27

F

Question 28

T or F. Multi-factor authentication increases the probability of a false positive.

Answer 28

F

Question 29

T or F. The most stringent form of access control is DAC.

Answer 29

F. MAC is the most stringent

Question 30

Authentication through the process of measuring physiological or behavioral characteristics is ___________.

Answer 30

biometrics

Question 31

T or F. A centralized access control system in which users from different companies can access resources using a single sign on is called identity management.

Answer 31

F

Question 32

An authentication system that uses tickets to manage user access is called _______.

Answer 32

Kerberos

Question 33

A firewall that checks data at an application layer is called a/an:

A. Stateful packet inspecting firewall
B. Stateful packet inspecting firewall
C. Deep packet inspecting firewall
D. Host-based IDS

Answer 33

Deep packet inspecting firewall

Question 34

George’s IDS baselined the amount of traffic to the email server. One morning, his IDS alerts that the traffic at the server is in considerable excess to that expected. This type of IDS would be:

• Anomaly-based
• Host-based
• Signature-based

Answer 34

Anomaly-based

Question 35

An IDS that takes action, such as blocking a port at the firewall, when an intrusion is identified is called a/an: _________________

Answer 35

IPS, or active IDS

Question 36

A team that responds to a security incident is known as a/an _________________.

Answer 36

Computer Security Incident Response Team (CSIRT)

Question 37

The first three steps in an Incident Response Process are Detection, Analysis, and ____________.

Answer 37

Escalation

Question 38

The first three steps in an Incident Response Process are Detection, Analysis, and ____________.

Answer 38

Escalation

Question 39

Law that deal with information technology are called ____________.

Answer 39

Cyberlaw

Question 40

T or F. It is legal for email providers to read your personal email.

Answer 40

T

Question 41

T or F. Backup tapes should be stored onsite so they are accessible.

Answer 41

F

Really a trick question – a copy should be accessible, however make certain you store them off-site so they are preserved if the building burns down.

Question 42

The process of retrieving deleted data from a hard drive is called

A. Data carving
B. Data recovery
C. Anti-forensics
D. Data delineation

Answer 42

Data carving

Question 43

Laws that criminalize bad behavior by imprisonment are known as ___________

A. Cyberlaw
B. Civil Law
C. Criminal Law
D. Administrative Law

Answer 43

Criminal Law

Question 44

Disconnecting the systems infected with a virus so that other systems don’t become infected is done during the ___________ stage of an incident response.

• Containment
• Reporting
• Escalation
• Recovery

Answer 44

Containment

Question 45

Which of the following forensics assessment types is characterized by looking active connections?

• Network analysis
• Media analysis
• Software analysis
• Forensic analysis

Answer 45

Network analysis

Question 46

A DoS attack in which the attacker sets up multiple connections, but never completes the connections, is called a/an:

• TCP SYN Flood
• Fraggle
• Smurf
• Ping of Death

Answer 46

TCP SYN Flood

Question 47

T or F. Blocking an attacker’s address at the firewall is known as IP Spoofing.

Answer 47

F

Question 48

In a TCP 3-way handshake, which packet closes the communication?

A. SYNCED
B. SYN-ACK
C. ACK
D. FIN

Answer 48

SYN-ACK

Question 49

129.10.15.8:80 is called a/an _______________.

Answer 49

socket – it’s a combination of an IP address and a port number

Question 50

T or F. An attack in which network traffic is captured and re-sent is called a Replay Attack.

Answer 50

T

Question 51

T or F. Users who bring in modems or other devices to circumvent security controls on a network create backdoors.

Answer 51

F

Question 52

Which class of fire extinguisher would be used on an electrical fire?

• A
• B
• C
• D

Answer 52

C

Question 53

What are the 3 As of Forensics?

Answer 53

• Acquisition (i.e. duplicating the drive, collecting evidence)
• Authentication (hashing the files on the drive)
• Analysis (finding the evidence).

Question 54

A document that accompanies the evidence to show where it goes, who has it, and what was done is called a/an: ________________.

Answer 54

Chain of Custody

Question 55

An attack in which an attacker’s content is viewed in your browser when you access the website is called a/an _____________.

Answer 55

Cross-site Scripting (XSS)

Question 56

An attack in which the malware is delivered to your system using pixels on the page that are too small for you to see is called ____________.

Answer 56

iFrame attack

Question 57

Small sensors or other devices with microcode or small amounts of firmware that are used to control the nation’s critical infrastructure is called _________.

Answer 57

Industrial Control Systems

Question 58

T or F. A buffer overflow attack that redirects the system to instructions of the attackers choosing is a heap overflow.

Answer 58

F

This is a stack overflow

Question 59

Which of the following would not be a method of preventing SQL Injection attacks?

-Least permissions on database accounts
-Encrypting input – what good would this do? The command would just be decrypted
before it executed.
-Use of stored parameters
-Input validation

Answer 59

Encrypting input – what good would this do? The command would just be decrypted
before it executed.

Question 60

George performs full-volume backups every Friday. Mondays – Thursdays, he performs incremental backups. On Tuesday, he has a catastrophic failure of his hard drive array before the backup runs. What tapes, and in what order would be installed? How much data would he lose?

A drive array that provides fault tolerance by copying everything written to one set of drives to a spare set of drives is RAID ______.

A drive array that provides no fault tolerance is RAID _________.

Answer 60

• Friday full, Monday. Tuesday didn’t run, so it is not available. He lost all day on Tuesday.
• RAID 1 - Mirroring
• RAID 0 - Striping

Question 61

The security service that deters an individual from claiming that he or she did not take part of a transaction is:

Answer 61

Non-Repudiation

Question 62

Your student records contain a lot of personally identifiable information, such as SSNs, that can lead to identity theft. Which of the following security services is the most important to protect against that?

Answer 62

Confidentiality

Question 63

You receive an email stating you won the London Lottery (although you’ve never played the London Lottery). Which of the following security services would be necessary to know that this email was really from the London Lottery?

Answer 63

Authentication

Question 64

T or F. The more usable a system is, the more secure it is.

Answer 64

F

Question 65

A snowstorm has knocked out Blackboard. Which of the security services has been negatively impacted?

Answer 65

Availability

Question 66

You are a security officer for a hospital, and are worried about a hacker accessing electronic health records and changing blood type and other patient information in the record. Which of the following security services would be implemented to detect unauthorized changes to the record?

Answer 66

Integrity

Question 67

Malware that constantly changes its characteristics in order to avoid detection by anti-virus software is called a/an:

Answer 67

Polymorphic Virus

Question 68

The potential to negatively impact the security of a system in known as a/an

Answer 68

Threat

Question 69

Which of the following is NOT a type of threat?

a. Attack
b. Natural event
c. Breach
d. Human error

Answer 69

C. Breach

Question 70

Which of the following is NOT another term for a successful attack?

a. Advanced Persistent Threat (APT)
b. Compromise
c. Incident
d. Event

Answer 70

d. Event

Question 71

Oops!!! You downloaded what you thought was a loan calculator for a new car you want, and you have infected your PC with malware. This type of malware is considered to be a/an ______________.

Answer 71

Trojan Horse

Question 72

Malware that autonomously replicates from one system to another, without user action is known as a/an:

Answer 72

Worm

Question 73

T or F. A car alarm is a detective control.

Answer 73

T

Question 74

T or F. Malware that delivers its payload when a person is no longer on the company payroll, as an example, is considered to be a time bomb.

Answer 74

F

Question 75

T or F. A tape backup of your files, so that they can be restored in the event your computer crashes, is considered a preventive control.

Answer 75

F

Question 76

T or F. An attack that occurs against a company that takes advantage of a previously unknown vulnerability is known as an zero day attack.

Answer 76

T

Question 77

T or F. If your boss asks you to port scan a competitor’s site, or gain access to test their security, you may do this as long as you have asked your boss to place his request in writing.

Answer 77

F

Question 78

A ___________ is a document that your company provides to you that describes the expectations employees are to follow with regard to their ethical behavior.

Answer 78

Code of Conduct

Question 79

Which of the following would contain mandatory security controls that need to be implemented?
a. Standard Operating 
    Procedures
b. Standards
c. Guidelines
d. Policies

Answer 79

b. Standards

Question 80

Kathy and Betty have to both log in at a computer in order to run a sensitive program. Which of the following describes this?

a. mandatory vacation
b. Segregation of duties
c. Least privilege
d. need-to-know

Answer 80

b. Segregation of duties

Question 81

T or F. In order to be protected, material to be copyrighted must be formally registered and marked with a copyright symbol. ©

Answer 81

F

Question 82

Which of the following is not a best practice to promulgate security policy?

a. require acknowledgement 
    in writing
b. send an email out
c. post policies online on a 
    site that appears when 
    users log in
d. schedule training 
    sessions

Answer 82

b. send an email out

Question 83

This security framework would be used by commercial organizations. It addresses 11 different areas that should be addressed with security controls.

a. COBIT
b. COSO
c. ISO 27000 series
d. FISMA

Answer 83

c. ISO 27000 series

Question 84

You, as a user on a network, decide one day to fire up and use Wireshark ( a packet tracer that captures all network packets on a network) on your boss’ network. Without authorization, this is a felony violation of what law below?

a. COPA
b. ECPA
c. U.S. Patriot Act
d. Terrorist Surveillance Program

Answer 84

b. ECPA

Question 85

Bob has a key employee in a critical IT position. He is worried about the possibility of the employee committing undetected faud. Which of the following is the best personnel security control he can implement to control this?

a. Segregation of duties
b. need to know
c. Least privilege
d. mandatory vacation

Answer 85

d. mandatory vacation

Question 86

On your company’s network, you have no expectation of privacy. Which of the following is the principal or law that provides an expectation of privacy from unlawful search and seizure?

a. 4th amendment
b. ECPA
c. 1st Amendment
d. U.S. Patriot Act

Answer 86

a. 4th amendment

Question 87

George has implemented a new technology that centrally allows him to manage all of the users on his network. He is able to provision them and, when they leave, click on one button to disable their accounts. This is an example of:

a. Federated Identity
b. Kerberos
c. Identity Management
d. Radius

Answer 87

c. Identity Management

Question 88

Betty tries to go in to the Payroll folder, to which she doesn’t have access. It logs the event and, when the supervisor sees it, she is fired. The fact that logging was being performed on this relates best to:

a. Authorization
b. Auditing
c. Access control
d. Authentication

Answer 88

b. Auditing

Question 89

In Blackboard, students can access their own work only, however the TA can access everyone’s work. The Professor can do all of that and also add people to the course. This is an example of which type of access control?

a. Mandatory
b. Rule based
c. Discretionary
d. Role based

Answer 89

d. Role based

Question 90

An older type of authentication service that was popular with dial-up services is:

Answer 90

RADIUS

Question 91

T or F. Bob is a network administrator for Acme Products. He has had no problems with physically accessing the fingerprint reader for the last month, however today he walked up to it, put his finger on the scanner, and was denied access. This is an example of a false acceptance.

Answer 91

F

Question 92

Windows and UNIX are examples of which Access Control Model?

a. Rule based Access control
b. Discretionary
c. Role based Access control
d. Mandatory access control

Answer 92

b. Discretionary

Question 93

T or F. Requiring multi-factor authentication results in higher false rejection rates.

Answer 93

T

Question 94

You enter your user ID and your password. Which of the 3 As does this address?

Answer 94

Authentication

Question 95

What are the 3 As of forensics?

Answer 95

Authentication
Analyze
Acquisition

Question 96

In 1959, a 500-block area of Manhattan lost complete electrical power for more than13 hours. This was a/an:

a. Brownout
b. Fault
c. Sag
d. Blackout

Answer 96

d. Blackout

Question 97

Barbara updated the Disaster Recovery Plan to include instructions on how personnel should safely evacuate the building in the event of a hazardous spill or fire. This is an example of which type of physical security group of controls?

a. Operational
b. Technical
c. Physical
d. Administrative

Answer 97

d. Administrative

Question 98

A type of motion detector that alerts when there is a change of lighting in the room is:

a. Infrared
b. Wave based
c. Heat based
d. Passive audio

Answer 98

a. Infrared

Question 99

T or F. We would first want to implement a security control that denies physical access to unauthorized individuals.

Answer 99

F

Question 100

T or F. A static charge of 17000 volts can cause permanent damage to circuits and equipment.

Answer 100

T

Question 101

The type of forensics that would examine logs from Wireshark to track when a hacker came through the firewall would be:

a. Forensic Analysis
b. Media Analysis
c. Code Analysis
d. Network Analysis

Answer 101

d. Network Analysis

Question 102

Which of the following fire extinguishers would you use on a fire in your server room?
Class:
a
b
c
d

Answer 102

Class C - electrical fires

Question 103

T or F. Tracking the average time it takes to fix a printer is an example of MTTR.

Answer 103

T

Question 104

T or F. The process of recovering files that have been deleted on a hard drive and are resident in its slack space is called file carving.

Answer 104

T

Question 105

T or F. The primary problem with symmetric encryption is that it is slow.

Answer 105

F

Question 106

T or F. The primary issue with asymmetric encryption is that it can be difficult verifying who sent you the public key.

Answer 106

T

Question 107

T or F. An attack in which the attacker tries to match passwords protecting crypto keys to real words is called a brute force attack.

Answer 107

F

Question 108

The process of “cracking” a key is called ___________

Answer 108

Cryptanalysis

Question 109

___________ uses a shared key to both encrypt and decrypt

a. Hashing
b. HMAC
c. Asymmetric
d. Symmetric

Answer 109

d. Symmetric

Question 110

A _________ cipher leaves all of the characters, just rearranging them.

a. Transposition
b. Substitution
c. Hybrid
d. Product

Answer 110

a. Transposition

Question 111

Let’s say you are shopping online at Amazon and see the lock and https.  Which key is used in a hybrid crypto system to encrypt the session keys that are sent back to Amazon?
a. A shared key shared 
    between you and 
    Amazon
b. Amazon’s private key
c. Amazon’s public key
d. None, the transmission 
    isn’t encrypted until the 
    session keys are 
    received by Amazon

Answer 111

c. Amazon’s public key

Question 112

Meaningful data that you can read is called

Answer 112

plaintext

Question 113

George wants to send an email to Gary and doesn’t want anyone else to be able to read it. Which key will be used to encrypt it?

a. George’s private key
b. Gary’s private key
c. Gary’s public key
d. George’s public key

Answer 113

c. Gary’s public key

Question 114

When Gary receives the email, which key will be used to decrypt it?

a. Gary’s private key
b. George’s private key
c. George’s public key
d. Gary’s public key

Answer 114

a. Gary’s private key

Question 115

T or F. A digital signature is an encrypted message digest (hash).

Answer 115

T

Question 116

Which key will be used to verify that it did come from Eva?

a. Eva’s public key
b. Don’s public key
c. Don’s private key
d. Eva’s private key

Answer 116

a. Eva’s public key

Question 117

If Eva wants to digitally sign a message that she is sending to Don, which key is used to encrypt the message digest to prove it came from Eva?

a. Eva’s private key
b. Don’s public key
c. Eva’s public key
d. Don’s private key

Answer 117

a. Eva’s private key

Question 118

T or F. DES is an asymmetric encryption algorithm.

Answer 118

F

Question 119

T or F. A hashing algorithm will produce a string of characters that is the same size regardless of the object being hashed. As an example, you can hash a single file on your hard drive and the output string will be the same size as if you were to hash the entire hard drive.

Answer 119

T

Question 119

T or F. A hashing algorithm will produce a string of characters that is the same size regardless of the object being hashed. As an example, you can hash a single file on your hard drive and the output string will be the same size as if you were to hash the entire hard drive.

Answer 119

T

Question 120

T or F. A collision, in terms of hashing, are when two different documents produce different hashes.

Answer 120

F

Question 121

T or F. An example of a hashing algorithm is MD5.

Answer 121

T

Question 122

A MAC or HMAC can provide some assurance of authentication of origin, but not such that it might stand up in court if there is a dispute and the sender says “I didn’t send it” for which of the following reasons?
a. It uses a key shared 
    between the two 
    individuals.
b. The key is public.
c. It isn't really designed to 
    provide for 
    authentication of origin.
d. It uses a very weak 
    algorithm.

Answer 122

a. It uses a key shared
between the two
individuals.

Question 123

Which of the following is not true about hashes
a. A hash results in a fixed- 
    size output
b. A hard drive that is 
    hashed will produce the 
    same size output as a 
    file that is hashed, if 
    using the same 
    algorithm
c. It can be decrypted to 
    reveal the contents of 
    whatever was hashed
d. Provides integrity 
    services

Answer 123

c. It can be decrypted to
reveal the contents of
whatever was hashed

Question 124

T or F. When attacked, a valid response is to counter-attack in order to stop the attacker from accessing more information.

Answer 124

F

Question 125

T or F. When an IDS alerts to a attacker on the network, an email should be sent to the administrator so that they can respond right away.

Answer 125

F

Question 126

T or F. An active IDS is also known as an IPS (Intrustion Prevention System) and can work with the firewall to block malicious traffic when it is detected.

Answer 126

T

Question 127

Which of the following is an example of a “socket”?

a. AA-FC-1B-FD-44-BE
b. 129.10.16.8:8080
c. None of the above
d. www.gmu.edu:8080

Answer 127

b. 129.10.16.8:8080

Question 128

This type of firewall only compares filters incoming traffic based on a set of defined rules (i.e. allowed IP addresses)

a. Stateful or dynamic
b. Circuit-based
c. Deep packet inspection
d. Static or stateless

Answer 128

d. Static or stateless

Question 129

This type of firewall can read into the application layer to block malware and suspicious web content.

a. Static or stateless
b. Circuit-based
c. Stateful or dynamic
d. Deep packet inspection

Answer 129

d. Deep packet inspection

Question 130

A type of network attack in which a web server, such as www.gmu.edu, is overwhelmed with connection requests until it can’t allow any more connections.

a. SYN attack
b. Replay attack
c. Fraggle attack
d. Smurf attack

Answer 130

a. SYN attack

Question 131

Users who bring in a modem or other device to circumvent security controls can inadvertently create a _____________ ?

Answer 131

Back channel

Question 132

An IDS creates a baseline of traffic to an email server, registering that normal protocols are SMTP, POP, IMAP, etc. One day, a TELNET packet comes into the network - headed for the email. The email server alerts on this as it has not been seen before. This type of IDS is best described as a/an___________ IDS.

Answer 132

Anomaly based

Question 133

Which of the following is not a reason to implement an IDS?
a. To filter out subnets you 
    don’t want to access 
    your network.
b. To gather information 
    about servers that might 
    be of interest to 
    attackers (maybe with an 
    unreported vulnerability)
c. To collect information 
    after an attack occurs.
d. To identify malicious 
    traffic and block that traffic.

Answer 133

a. To filter out subnets you
don’t want to access
your network.

Question 134

T or F. An attack in which content not visible to the person accessing the site is executed in their browser as an invisible popup from the attacker is called a cross-site scripting attack.

Answer 134

F

Question 134

T or F. An attack in which content not visible to the person accessing the site is executed in their browser as an invisible popup from the attacker is called a cross-site scripting attack.

Answer 134

F

Question 135

T or F. An attack in which more data than what was designed to be held by a program’s allocated RAM, allowing data to be corrupted, is known as a stack buffer overflow attack.

Answer 135

F

Question 136

T or F. A package of crypto tools that secure email, including symmetric and asymmetric encryption, is called PGP.

Answer 136

T

Question 137

T or F. A problem with SNMP is that it, in versions under Version 3, it passes data and the password over in plaintext.

Answer 137

T

Question 138

You are monitoring for attacks on your network and see that someone has Telneted to port 25. Which service might they be attacking?

a. SNMP
b. CMIP
c. SMTP
d. HTTP

Answer 138

c. SMTP

Question 139

Mason students are often the target of _________ attacks, in which large groups of individuals are targeted. In this example, you might receive an email from the “IT Help Desk” asking you to visit a link and change your password.

a. phishing
b. vishing
c. spear phishing
d. whaling

Answer 139

c. spear phishing

Question 140

Systems (sensors and actuators) that control pieces of the nation’s critical infrastructure are called
a. Critical Infrastructure 
    Control Systems
b. Industrial Control Systems
c. Information Control 
    Systems

Answer 140

b. Industrial Control Systems

Question 141

An attack in which database commands are inserted into a database from a web-based form is a/an:

a. iframes attack
b. redirection
c. cross-site scripting attack
d. SQL injection

Answer 141

d. SQL injection

Question 142

Developers can prevent SQL injections by ensuring \_\_\_\_\_\_\_\_\_\_\_ in their web forms.
a. API checking
b. the use of multi-factor 
    authentication
c. Input sanitization
d. Type setting

Answer 142

c. Input sanitization

Question 143

Which of the following is not a VoIP issue?
a. Calls sent over 
    unencrypted networks
b. Gateway vulnerabilities
c. Phone calls are subject 
    to 
    EMI, which negatively 
    impacts call clarity
d. Misconfigured phones 
    can result in interception 
    of voice calls

Answer 143

c. Phone calls are subject
to
EMI, which negatively
impacts call clarity

Question 144

T or F. A concern during the Containment phase of the Incident Response Process is that you might reload the attacker’s rootkit.

Answer 144

F

Question 145

T or F. If you run Wireshark at work to capture traffic on your network without your permission, you could be prosecuted under Section 2511 of the 18 U.S.C. 1030 (ECPA).

Answer 145

T

Question 146

T or F. An off-site location that has all of the hardware/software necessary to transition operations over to it in the event of a disaster is called a warm site.

Answer 146

F

Question 147

T or F. The Federal Rules of Evidence govern what evidence can be considered admissible in court.

Answer 147

T

Question 148

The activity that is concerned with how a company will continue to meet their mission, even in the event of a disaster such as a fire or flood is called:
a. Emergency Response 
    Procedures
b. Disaster Recovery 
    Planning
c. Business Impact Analysis
d. Business Continuity 
    Planning

Answer 148

d. Business Continuity

Planning

Question 149

The first priority for disaster response should be:

a. Backup media
b. Remote access
c. Paper records
d. Personnel safety

Answer 149

d. Personnel safety

Question 150

The best definition of downtown tolerance is:
a. The maximum amount of 
    downtime a business 
    could sustain before 
    bankruptcy
b. The method used to 
    recover backup data
c. The location of the 
    recovery site
d. The maximum amount of 
    data loss

Answer 150

a. The maximum amount of
downtime a business
could sustain before
bankruptcy

Question 151

The step, or phase, in which investigators might disconnect workstations from the network to prevent them from becoming infected would be the __________ phase.

a. Investigation
b. Tracking
c. Analysis
d. Containment

Answer 151

d. Containment

Question 152

T or F. A Data Manipulation Language trigger would issue an alert if the properties of a table were altered or dropped.

Answer 152

F

Question 153

This version of RAID provides fault tolerance and requires at least 3 drives to implement. It stripes data across all of the drives, and adds some redundant (parity) information, also striped across the drives..

Answer 153

RAID 5

Question 154

This version of RAID provides no fault tolerance and requires at least 2 drives to implement.

Answer 154

RAID 0 (no fault tolerance)

Question 155

A backup that is performed as each file is being worked on (saving it to a different location) is called

a. Shadowing
b. Incremental
c. Image
d. File/Directory Data Backup

Answer 155

a. Shadowing

Question 156

A company has a field office in San Antonio and another in Seattle.  They decide to backup in real-time data from one field office to the other.  This is called:
a. Warm site
b. Data Loss Prevention
c. Continuous Data 
    Protection
d. Digital Rights 
    Management

Answer 156

c. Continuous Data

Protection

Question 157

A set of policies, procedures, and systems designed to prevent sensitive data from being released to unauthorized individuals is called:
a. Continuous Data 
    Protection
b. Hot site
c. Digital Rights 
    Management
d. Data Loss Prevention

Answer 157

d. Data Loss Prevention

Question 158

Which if the following is not a database security method?
a. Rename the admin and 
    guest accounts.
b. Run the database under 
    the Admin account to 
    ensure that all of the 
    protections are enabled.
c. Restrict users to only the 
    columns and rows that 
    they need to access
d. Sanitize user input.

Answer 158

b. Run the database under
the Admin account to
ensure that all of the
protections are enabled.

Question 159

You want to sell your laptop so you can buy a new one. Which method do you use to ensure that the data on the drive is not recoverable, but the drive is still usuable.

a. Pulverize the drive
b. Delete the data and
empty the Recycle Bin
c. Delete the data
d. Wipe the drive

Answer 159

d. Wipe the drive

Question 160

A/an ___________ is a search tool that combines results from multiple sites.

a. Mashup
b. Spiders
c. Web scrapers
d. Search engine

Answer 160

a. Mashup