Security Research and Analysis Flashcards
Which of the following is an example of a well-known open-source IDS tool? A. Nessus B. Snort C. Netcat D. Hping
B. Snort is an example of a well-known open-source IDS tool.
John the Ripper is used for which of the following? A. Remote listener
B. Wireless security
C. Packer analysis
D. Password cracking
D. John the Ripper is an example of a password cracking tool.
Which of the following is used to complete a scan by performing all three steps of the TCP session startup? A. Nmap sS B. Nmap sT C. Nmap sU D. Nmap O
B. An Nmap full connect scan is completed by entering Nmap–sT .
You have been asked to find a replacement for Telnet and want to use a secure protocol for data exchange. Which of the following applications would be acceptable? A. WebGoat B. Nessus C. PuTTY D. Helix
C. PuTTY is a replacement for FTP or other insecure protocols.
Which of the following is considered a framework for information security and addresses issues such as governance, systems development life cycles, security assessments, risk management, and incident response? A. ISO 2701
B. RFC 2196
C. COBIT
D. NIST 800-100
D. NIST 80-100 is considered a framework for information security. It addresses issues such as governance, systems development life cycles, security assessment, risk management, and incident response.
A \_\_\_\_\_\_\_\_\_\_\_\_\_\_ points to a statement in a policy or procedure by which to determine a course of action. A. Procedure B. Guideline C. Baseline D. Standard
B. Guidelines are typically used when standards or procedures are unavailable. A guideline points to a statement in a policy or procedure by which you can determine a course of action.
Which form of attack sends fake SMS text messages? A. SMiShing B. Phishing C. Pharming D. Phreaking
A. SMiShing is an attack that uses fake SMS text messages.
A(n) \_\_\_\_\_\_\_\_\_\_\_\_\_\_ occurs when a program or process tries to store more data in a space than it was designed to hold. A. XSRF B. XSS C. Buffer overflow D. SQL injection
C. A buffer overflow occurs when a program or process tries to store more data in a buffer than it was designed to hold. Buffer overflows can be heap-based or stack-based.
\_\_\_\_\_\_\_\_\_\_\_\_\_\_ are tactical documents that specify steps or processes required to meet a certain requirement. A. Procedures B. Guidelines C. Baselines D. Standards
D. Standards are tactical documents that specify specific steps or processes required to meet a certain level of quality or achievement.
Which of the following is a well-known Linux and Windows port scanner? A. Wireshark B. Nmap C. Netcat D. Nessus
B. Nmap is one of the best-known port scanning tools, and it is available for both Windows and Linux.
\_\_\_\_\_\_\_\_\_\_\_\_\_\_ solutions help security professionals identify, analyze, and report on threats in real time. A. NAC B. IDS C. IPS D. SIEM
D. SIEM solutions help security professionals identify, analyze, and report on threats in real time.
TCP is addressed in RFC \_\_\_\_\_\_\_\_\_\_\_\_\_\_. A. 821 B. 793 C. 822 D. 1700
B. TCP is addressed in RFC 793. RFCs detail how protocols and applications function.
Methodically tested and checked is equal to which one of the following? A. EAL 0 B. EAL 1 C. EAL 2 D. EAL 3
D. Methodically checked and tested is equal to EAL 3. Testing can be expensive, so systems may only be tested to certain levels.
The point at which the FRR and FAR meet is known as which one of the following? A. Type 2 errors B. Type 1 errors C. CER D. Zepher point
C. The point at which the false rejection rate and false acceptance rate meet is known as the CER.
\_\_\_\_\_\_\_\_\_\_\_\_\_\_ offers administrators a way to verify that devices meet certain health standards before they’re allowed to connect to the network. A. NAC B. IDS C. IPS D. SIEM
A. Network access control lets you verify that devices meet certain health standards before allowing them to connect to your network.
