Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Network Security Fundamentals (2022) > Quiz 13 > Flashcards

Quiz 13 Flashcards

1
Q

What process does a penetration tester rely on to access an ever-higher level of resources?

continuous exploitation
persistence
pivot
spinning

A

persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which item below is the standard security checklist against which systems are evaluated for a security posture?

baseline
control
profile
threat

A

baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are imitations of real data files?

honeypot
honeynet
honeycomb
port scanner

A

honeypot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vulnerability scanning should be conducted on existing systems and particularly as new technology equipment is deployed.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In white box and gray box testing, the first task of the tester is to perform preliminary information gathering on their own from outside the organization, sometimes called open source intelligence (OSINT).

True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The second step in a vulnerability assessment is to determine the assets that need to be protected.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Netstat displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and DNS settings.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of penetration testing technique is used if the tester has no prior knowledge of the network infrastructure that is being tested?
black box
gray box
white box
sealed box

A

black box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Select the vulnerability scan type that will use only the available information to hypothesize the status of the vulnerability.
active
intrusive
passive
non-intrusive

A

non-intrusive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications?
white box
replay
system
black box

A

white box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of reconnaissance is a penetration tester performing if they are using tools that do not raise any alarms?
active
invasive
passive
evasive

A

passive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What process addresses how long data must be kept and how it is to be secured?

legal and compliance
data methodology
legal retention
data retention

A

data retention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?
threat mitigation
threat profiling
threat modeling
risk modeling

A

threat modeling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which data erasing method will permanently destroy a magnetic-based hard disk by reducing or eliminating the magnetic field?
wiping
degaussing
purging
data sanitation

A

degaussing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What term is defined as the state or condition of being free from public attention to the degree that you determine?
privacy
secure
contentment
freedom

A

privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?
protocol analyzer
system analyzer
application analyzer
threat profiler

A

protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Nslookup displays detailed information about how a device is communicating with other network devices.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which scan examines the current security, using a passive method?
threat scan
vulnerability scan
system scan
application scan

A

vulnerability scan

19
Q

Realistically, risks can never be entirely eliminated.
True
False

A

True

20
Q

Which of the following groups categorize the risks associated with the use of private data? (Choose all that apply.)
Private and consumer data.
Individual inconveniences and identity theft.
Associations with groups.
Statistical inferences.

A

Individual inconveniences and identity theft.

Associations with groups.

Statistical inferences.

21
Q

What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?
confidentiality
safety
integrity
availability

A

integrity

22
Q

What is another term used for a security weakness?
vulnerability
risk
opportunity
threat

A

vulnerability

23
Q

A port in what state below implies that an application or service assigned to that port is listening for any instructions?
empty port
interruptible system
closed port
open port

A

open port

24
Q

A risk management assessment is a systematic and methodical evaluation of the security posture of the enterprise.
True
False

A

False

25
Q

Which item below is the standard security checklist against which systems are evaluated for a security posture?
baseline
control
profile
threat

A

baseline

26
Q

What is the name of the process that basically takes a snapshot of the current security of an organization?
threat assessment
threat analysis
risk assessment
vulnerability appraisal

A

vulnerability appraisal

27
Q

An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?
secure port
closed port
open port
hardened port

A

closed port

28
Q

What security goal do the following common controls address: Redundancy, fault tolerance, and patching?
integrity
availability
confidentiality
safety

A

availability

29
Q

What is the end result of a penetration test?
penetration test profile
penetration test view
penetration test system
penetration test report

A

penetration test report

30
Q

What type of scanner sends “probes” to network devices and examines the responses received back to evaluate whether a specific device needs remediation?
non-intrusive
passive
active
intrusive

A

active

31
Q

Which of the following is used to replicate attacks during a vulnerability assessment by providing a structure of exploits and monitoring tools?
assessment image
replication image
exploitation framework
penetration framework

A

exploitation framework

32
Q

TCP/IP uses a numeric value as an identifier to the applications and services on these systems.
True
False

A

True

33
Q

Which of the following are the goals of a vulnerability scan? (Choose all that apply.)
identify a lack of security controls
identify vulnerabilities
identify common misconfigurations
identify threat actors

A

identify a lack of security controls
identify vulnerabilities
identify common misconfigurations

34
Q

If a penetration tester has gained access to a network and then tries to move around inside the network to other resources, what procedure is the tester performing?
persistence
secondary exploitation
pivot
spinning

A

pivot

35
Q

What is the term for a network set up with intentional vulnerabilities?
honeycomb
honeypot
honey hole
honeynet

A

honeynet

36
Q

If a user uses the operating system’s “delete” command to erase data, what type of data removal procedure was used?
degaussing
data sanitation
wiping
purging

A

purging

37
Q

Each packet/datagram contains a source port and destination port.
True
False

A

True

38
Q

During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?
application profiler
port scanner
vulnerability profiler
threat scanner

A

port scanner

39
Q

Determining vulnerabilities often depends on the background and experience of the assessor.
True
False

A

True

40
Q

What process does a penetration tester rely on to access an ever-higher level of resources?
continuous exploitation
persistence
pivot
spinning

A

persistence

41
Q

Which security procedure is being demonstrated if an administrator is using Wireshark to watch for specific inbound and outbound traffic?
virus control
firewall monitoring
application control
application search

A

firewall monitoring

42
Q

Which of the following is a valid data sensitivity labeling and handling category? (Choose all that apply.)
proprietary
confidential
personal health information
high-risk

A

proprietary
confidential

43
Q

What security goal do the following common controls address: Redundancy, fault tolerance, and patching.?
confidentiality
integrity
availability
safety

A

availability

Network Security Fundamentals (2022) (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions