Quiz #4 Flashcards
What two files are commonly attacked using offline brute-force attacks?
a. The Windows SAM and the Linux /etc/passwd file
b. The Windows registry and the Linux /etc/passwd file
c. The Windows registry and the Linux /etc/shadow file
d. The Windows SAM and the Linux /etc/shadow file
d. The Windows SAM and the Linux /etc/shadow file
What two techniques are most commonly associated with a pharming attack?
a. Modifying the hosts file on a PC or exploiting a DNS vulnerability on a trusted DNS server
b. Phishing many users and harvesting email addresses from them
c. Phishing many users and harvesting many passwords from them
d. Spoofing DNS server IP addresses or modifying the hosts file on a PC
a. Modifying the hosts file on a PC or exploiting a DNS vulnerability on a trusted DNS server
Jared has discovered malware on the workstations of several users. This particular malware provides administrative privileges for the workstation to an external hacker. What best describes this malware?
a. Trojan horse
b. Logic bomb
c. Rootkit
d. Multipartite virus
c. Rootkit
Carolyn runs a vulnerability scan of a network device and discovers that the device is running services on TCP ports 22 and 443. What services has she most likely discovered?
a. Telnet and a web server
b. SSH and a web server
c. FTP and a Windows fileshare
d. SSH and a Windows fileshare
b. SSH and a web server
Greg wants to gain admission to a network which is protected by a network access control (NAC) system that recognized the hardware address of systems. How can he bypass this protection?
a. Conduct a denial-of-service attack against the NAC system
b. Spoof a legitimate IP address
c. Use MAC cloning to clone a legitimate MAC address.
d. None of the above
c. Use MAC cloning to clone a legitimate MAC address.
Daryl is investigating a recent breach of his company’s web server. The attacker used sophisticated techniques and then defaced the website, leaving messages that were denouncing the company’s public policies. He and his team are trying to determine the type of actor who most likely committed the breach. Based on the information provided, who was the most likely threat actor?
a. A script
b. Organized crime
c. Nation-state
d. Hacktivists
d. Hacktivists
Susan’s secure building is equipped with alarms that go off if specific doors are opened. As part of a penetration test, Susan wants to determine if the alarms are effective. What technique is used by penetration testers to make alarms less effective?
a. Setting off the alarms as part of a preannounced test
b. Setting off the alarms repeatedly so that staff become used to hearing them go off
c. Disabling the alarms and then opening doors to see if staff report the opened doors
d. Asking staff members to open the doors to see if they will set the alarm off
b. Setting off the alarms repeatedly so that staff become used to hearing them go off
In an attempt to observe hacker techniques, a security administrator configures a nonproduction network to be used as a target so that he can covertly monitor network attacks. What is this type of network called?
a. Honeynet
b. Active detection
c. False subnet
d. IDS
a. Honeynet
Nora has rented a building with access to bandwidth and power in case her organization ever experiences a disaster. What type of site has she established?
a. A cold site
b. A hot site
c. A warm site
d. A MOU site
a. A cold site
Which cloud service model provides the consumer with the infrastructure to create applications and host them?
a. SaaS
b. PaaS
c. IaaS
d. IDaaS
b. PaaS
Mike knows that computational overheads are a concern for cryptographic systems. What can he do to help limit the computational needs of his solution?
a. Use hashes instead
b. Use short keys
c. Use elliptic curve encryption
d. Use the RSA algorithm
c. Use elliptic curve encryption
Angela wants to help her organization use APIs more securely and needs to select three API security best practices. Which of the following options is not a common API security best practice?
a. Use encryption throughout the API’s request/response cycle
b. Enable auditing and logging
c. Do not trust input strings and validate parameters
d. Authorize before authenticating.
d. Authorize before authenticating.
What does the OPAL standard specify?
a. Online personal access licenses
b. The origin of personal accounts and libraries
c. Self-encrypting drives
d. Drive sanitization modes for degaussers
c. Self-encrypting drives
Cynthia wants to issue contactless cards to provide access to the buildings she is tasked with securing. Which of the following technologies should she deploy?
a. RFID
b. Wi-Fi
c. Magstripe
d. HOTP
a. RFID
Which of the following is not a common way to validate control over a domain for a domain-validated X.509 certificate?
a. Changing the DNS TXT record
b. Changing the IP addresses associated with the domain
c. Responding to an email sent to a contact in the domain’s WHOIS information
d. Publishing a nonce provided by the certificate authority as part of the domain information
b. Changing the IP addresses associated with the domain
Tom is responsible for VPN connections in his company. His company uses IPSec for VPNs. What is the primary purpose of AH in IPSec?
a. Encrypt the entire packet
b. Encrypt just the header
c. Authenticate the entire packet
d. Authenticate just the header
c. Authenticate the entire packet
Matt has enabled port security on the network switches in his building. What does port security do?
a. Filters by MAC address
b. Prevents routing protocol updates from being sent from protected ports
c. Establishes private VLANs
d. Prevents duplicate MAC addresses from connecting to the network
a. Filters by MAC address
Charles has been asked to implement DNSSEC for his organization. Which of the following does it provide?
a. Confidentiality
b. Availability
c. Integrity
d. All of the above
c. Integrity
Emily wants to capture HTTPS packets using tcpdump. If the service is running on its default port and her Ethernet adapter is eth0, which tcpdump command should she use?
a. tcpdump eth0 -proto https
b. tcpdump -i eth0 -proto https
c. tcpdump tcp https eth
d. tcpdump -i eth0 tcp port 443
d. tcpdump -i eth0 tcp port 443
Mila wants to generate a unique digital fingerprint for a file, and needs to choose between a checksum and a hash. Which option should she choose and why should she choose it?
a. A checksum, because it verifies the contents of the file
b. A hash, because it is unique to the file
c. A hash, because it can be reversed to validate the file
d. A checksum, because it is less prone to collisions than a hash
b. A hash, because it is unique to the file
Which of the following scenarios is least likely to result in data recovery being possible?
a. A file is deleted from a disk
b. A disk is degaussed
c. A file is overwritten by a smaller file
d. A hard drive is quick-formatted
b. A disk is degaussed
What U.S. federal agency is in charge of COOP?
a. The USDA
b. The NSA
c. The FBI
d. FEMA
d. FEMA
Charlene wants to set up a tool that can allow her to see all the systems a given IP address connects to and how much data is sent to that IP by port and protocol. Which of the following tools is not suited to meet that need?
a. IPSec
b. IPFIX
c. sFlow
d. NetFlow
a. IPSec
What type of file is created when Windows experiences a blue screen of death?
a. A blue log
b. A security log
c. A dump file
d. A tcpdump
c. A dump file
