Security plus quiz

Card Set Information

Author:
ashleewalker
ID:
30503
Filename:
Security plus quiz
Updated:
2010-08-19 22:33:10
Tags:
Security plus walker
Folders:

Description:
security plus
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user ashleewalker on FreezingBlue Flashcards. What would you like to do?


  1. Which type of malicious software does not require user assistance to propagate through the network?
    A. Worm
    B. Virus
    C. Adware
    D. Trojan Horse
    Worm
  2. What would be the BEST way to reduce the number of unsolicited bulk emails that users on a company network receive?
    A. Configure the firewall with new filter rules
    B. Change the ACL in all network routers
    C. Configure spam filters on the company email servers
    D. Install a software firewall on all client machines
    C
  3. What utility is best to discover a ROOTKIT?
    A. Email scanner
    B. Malware scanner
    C. Anti-spam scanner
    D. Adware scanner
    B
  4. Users inadvertently download malware from the Internet. What can you suggest to help eliminate this problem?
    A. Implement Java virtual Machines
    B. Configure the browser settings to run only authorized ActiveX Scripts
    C. Institute a policy to prevent these actions
    D. Configure host based firewalls
    B
  5. Which type of malicious code is event driven? For example, when a certain application is opened, system files are deleted.
    A. Worm
    B. Trojan Horse
    C. Logic bomb
    D. Honeypot
    C
  6. What do the terms whitelisting, blacklisting, closing open relays and strong authentication techniques refer to?
    A. Viruses
    B. Aware
    C. Spam
    D. Spyware
    C
  7. You download and install a new screen saver. You notice, after installing the screen saver, that some files are being deleted or renamed. What type of malware was your screen saver?
    A. Worm
    B. Virus
    C. Trojan Horse
    D. Logic bomb
    C
  8. Which type of malware does not automatically replicate itself across the network?
    A. Botnet
    B. Adware
    C. Worm
    D. Virus
    D
  9. Which type of cookie tracks user activities?
    A. Persistent cookie
    B. Authentication cookie
    C. Tracking cookie
    D. Session cookie
    C
  10. Which type of attack could be configured to execute on a specific date?
    A. Rootkit
    B. Virus
    C. Logic bomb
    D. Worm
    C
  11. Which of the following terms references Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks?
    A. Adware
    B. Botnet
    C. Spyware
    D. Privilege escalation
    B
  12. Which type of malware attempts to alter system level processes and modify registry keys?
    A. Trojan
    B. Logic bomb
    C. Worm
    D. Rootkit
    D
  13. What is the primary difference between a worm and a Trojan horse?
    A. Worms are distributed through e-mail messages and Trojan horses are not
    B. Worms are self replicating and Trojan horses do not self replicate
    C. Worms are a form of malicious code while Trojan horses are not
    D. There is no difference
    B
  14. How can you best prevent computer viruses from spreading throughout the network
    A. Require root/administrator access to run programs and applications
    B. Enable scanning of all e-mail attachments
    C. Prevent the execution of .vbs files
    D. Install a host based firewall
    B
  15. Which term describes a spammers paradise, and allows the spoofing of email?
    A. Web based proxy
    B. Sniffers
    C. Logic Bombs
    D. Open Relays
    D
  16. You discover that one of your SMTP servers is sending out a tremendous amount of spam. What do you think is the main cause of this problem?
    A. The administrator account was not renamed.
    B. Your company is using Lotus Notes and not Microsoft Exchange
    C. The SMTP server is configured to allow remote access
    D. Anonymous relays have not been disabled
    D
  17. Which type of virus is like a Chameleon and has the ability to mask itself and change it's appearance so it is difficult to detect?
    A. Polymorphic Virus
    B. Trojan Horse Virus
    C. Stealth Virus
    D. Retrovirus
    A
  18. What are the primary characteristics of a computer virus?
    A. Find mechanism, initiation mechanism, and can propagate
    B. Learning mechanism, contamination mechanism and can exploit
    C. Search mechanism, connection mechanism and can integrate
    D. Replication mechanism, activation mechanism and has an objective
    D
  19. Why type of threat do USB hard drives pose to networks?
    Removal of sensitive and confidential data
  20. Reverse Proxy can be used for authentication to Network based on?
    Location, User, And Time
  21. Virtual Machines reduce what?
    Carbon Footprint
  22. Some _____ can detect virtual environments
    malware
  23. Three factor authentication:
    Location, ATM card, Pin
  24. Observe runaway process=?
    Perf. Monitor
  25. Whitelist for apps on a PC=?
    Anti-Virus
  26. Digital signature provides=?
    integrity
  27. 802.1X Authentication=?
    RADIUS
  28. IPSEC requires?
    additional config for encrypted communication
  29. Goal of Penetration testing?
    Actively Assess
  30. Intruder obtains credentials=?
    Password Cracker
  31. Traffic from server over ports not well known =?
    bit torrent/file sharing
  32. Boot to onboard RAID=?
    BIOS
  33. Spyware can affect = ?
    confidentiality
  34. Disable USB to prevent?
    Boot Sector Virus- through MBR (Master Boot Record)
  35. Port scanner can ?
    detect protocols
  36. To login to SSH using certs you must do what?
    Public key must be added to "authorized keys" file
  37. Signed Keys?
    PGP
  38. Software restrictions limit what
    installs of needed apps
  39. _____ should be restored first
    Audit/Logging Transactions
  40. Continuity of ops planning least impact =?
    Table Top Exercise
  41. IPv6 =?
    IPSEC
  42. Ports left open for access =?
    backdoor
  43. How can you make BIOS more secure and allow changes only by authorized users?
    a. Enable a BIOS password
    b. Flash the BIOS
    c. Encrypt the Hard drive
    D. Configure permissions on the BIOS
    A
  44. How can you prevent users from copying files to USB drives? (select two)
    a. Disable the USB root hub within the OS
    b. Configure permissions on the USB devices
    c. Disable the USB within the workstations BIOS
    d. Run spyware detection against all workstations
    A, C
  45. What is the LEAST effective when hardening an OS?
    a. Configuration Baseline
    b. Limiting administrative privileges
    c. Installing HIDS
    d. Install a software firewall
    C
  46. Which action should be performed to harden workstations and servers?
    a. Report all security incidents
    b Install only needed software
    c. Log on only as the administrator
    d. check logs regularly
    B
  47. Which item can reduce the attack surface of an OS
    a. Installing HIDS
    b. Patch management
    c. Installing antivirus
    d. disabling unused service
    D
  48. What preventative measures can reduce vulnerabilities on a web server
    a. Configure a network analyzer to capture traffic on incoming connections
    b. Apply the manufacturers updates and patches to the server
    c. enable auditing
    d. Do not allow incoming DNS requests to the server
    B
  49. What is the term used to describe the process of securing devices on a network?
    a. Enumerating
    b. Hardening
    c. Active prevention
    d. Passive detection
    B
  50. What is the term used to refer to a workstation or server after hardening the OS?
    A. Patch management.
    B. Vulnerability assessment
    C. Imaging software
    D. Configuration baseline
    D
  51. What term refers to a standard load for all systems?
    A. Configuration baseline
    B. Group Policy Template
    C. Patch management and windows update
    D. Security templates
    A
  52. Which term refers to secure coding and is used to prevent buffer overflow attacks?
    Input validation
  53. Web servers are most susceptible to which attack?
    Buffer overflow
  54. What security issues is associated with instant messaging?
    Communications are open and unprotected
  55. The MOST common exploits of Internet-exposed network services are due to:
    Buffer Overflow
  56. What term refers to the ability of an Email server to forward email to other Email servers?
    SMTP Relay
  57. How do you prevent buffer overflow?
    Apply all security patches to workstations
  58. What is the best way to prevent SQL injection attacks
    Input validation
  59. A HIDS will most often monitor what?
    System files
  60. You have installed a new software application on a machine. Which baseline needs to be updated?
    Behavior-Based HIDS
  61. Which type of system should be used to monitor for application activity and modifications?
    HIDS
  62. Through virtualization, the underlying operating system is protected from what?
    Malware installation from suspicious Internet sites
  63. What is the most probably reason that malware is difficult to detect
    The malware may be running at a more privileged level than the antivirus software
  64. A Java Aplet is best described by what?
    It allows customized controls, icons, and other features to increase the usability of WEB enabled systems
  65. What refers to registering a domain name and not having to pay for it for up to five days?
    kiting
  66. what term refers to an attacker capturing traffic from a client to a server, and then resending that information to a server as the client?
    Replay
  67. What refers to the attack the attack that can change the function of a switch to that of a hub?
    MAC flooding
  68. What is a nonessential protocol and service?
    TFTP
  69. The results of a port scan can be used to determine what?
    The fingerprint of the OS
  70. What port is used by Remote Desktop and Terminal Services
    3389
  71. What are two different ways ot get a user to access a spoofed website?
    altered hosts file, dns poisoning
  72. why should audit logging be enabled on DNS servers
    to monitor unauthorized zone transfers
  73. A man-in-the-middle attack can be carried out by what?
    A sniffer
  74. What refers to attempting to determine the operating system running in your networking environment based on the results of a port scan?
    Fingerprinting
  75. What type of attack is referred to when a product is used to access information within an SSL session without disrupting the end user's sessions?
    Man-in-the-middle
  76. anonymous logins =?
    FTP
  77. Unauthorized DNS zone transfers would be used for what?
    Reconnaissance
  78. What attack involves the attacker gaining access to a host in the network and logically disconnecting it?
    TCP/IP Hijacking
  79. what describes static NAT
    a static NAT uses a one-to-one mapping
  80. IPSEC headers are modified by what
    NAT
  81. What is true concerning MAC address and DTP
    MAC addresses can be spoofed and DTP allows rogue network device to configure ports
  82. What term refers to multiple decoy servers
    honeynet
  83. What is the primary purpose of a honeypot
    To allow administrators a chance to observe an attack
  84. Which of the following would a security administrator use to determine if internal network clients are participating in a DDoS attack
    Firewall logs
  85. What is a protocol analyzer
    WhireShark
  86. What NIC mode allows packets to accept traffic from any network client
    Promiscuous
  87. What would be a security risk to consider in regards to using peer-to-peer software?
    Data leakage
  88. What are bluetooth threats
    Blue Jacking, Bluesnarfing, Discovery mode
  89. What would be best to reduce the chances of a successful wireless attack?
    Implement an authentication system and WPA (highest encryption)
  90. The system administrator establishes access permissions to network resources in what access control model?
    MAC
  91. The identity of the user or group is used in what access control model
    DAC
  92. What is true regarding the MAC access control model
    In the MAC users cannot share resources dynamically
  93. DAC only uses the identity of the user and this causes what loophole
    Trojan horse attacks
  94. MAC uses what to identify the users who have permissions to a resource
    Predefined access privileges
  95. DAC uses what to identify the users who have permissions to a resource?
    ACLs
  96. What terminology or concept which best describes a MAC model
    Lattice
  97. Group Policy = ?
    GUI
  98. A KDC (KEY distribution center) is used by what
    Kerberos
  99. Detail when the CHAP handshake is performed after the initial logon from the client to the server
    At the stage when the connection is established and randomly after the connection has been establish
  100. Which is better, RADIUS or TACACS and why?
    TACACS, because it encrypts client-server negotiation dialogs
  101. Multiple keys + management of security associations = ?
    IKE
  102. Detail TACACS
    It allows credentials to be accepted from multiple methods including Kerberos
  103. What is a mechanism that allows authentication of dial-in and other network connections
    RADIUS
  104. Kerberos uses what port
    88
  105. Secure LDAP uses what port?
    636
  106. TACACS uses which port
    49
  107. What is the purpose of using NTP within Kerberos authentication protocol
    Clocks are used to ensure that tickets expire correctly
  108. What prevents replays
    Kerberos
  109. What replaced SLIP
    PPP
  110. Proofing occurs during which phase of identification and authentication?
    Identification
  111. Network access should be allowed only after which security actions have been completed?
    Identification and AUTHENTICAITON
  112. what two things to fob based authentication systems use
    Username/pw and token
  113. what position within an organization is ultimately in charge of the amount of risk?
    The senior management
  114. risk assessment should be based on?
    quantitative measurement of risk, impact, and asset value
  115. What is a password cracking utility
    a program that provides comparative analysis
  116. What is a password cracking tool
    John the Ripper/Cain
  117. A DLL injection is used most often in what?
    Penetration testing
  118. Vulnerabilities would be discovered by what?
    Nessus
  119. What requires a basline
    Anomaly-based and behavior-based monitoring
  120. What type of IDS uses a specific traffic pattern
    Signature based
  121. What is based on specifically defined data pattern referencing how an attack occurs
    signature
  122. Most basic type of IDS
    signature
  123. DNS operates on what port?
    53
  124. Most encryption schemes are based on
    algorithms
  125. What algorithm cannot be reversed
    one-way function
  126. PKI is based on what type of encryption algorithms
    Asymmetric
  127. what is steganography primarily used for?
    hides information
  128. Birthday attacks =
    collisions
  129. fastest and most secure form of encryption
    AES256
  130. What encryption algorithm relies on the inability to factor large prime numbers
    RSA
  131. Diffie-Hellman
    Key exchange
  132. what type of certificate trust model is used by PGP
    Peer to peer
  133. PGP
    Key ring
  134. What type of encryption is used by PGP
    Asymmetric scheme
  135. TLS uses what cryptographic algorithm to establish a session key?
    DH
  136. HTTPS/SSL uses what port
    443
  137. SSL provides encryption at what layer of the OSI model
    Session
  138. You need to ensure connectivity redundancy for your broadband connection. What should you choose?
    Redundant ISP
  139. What needs to be backed up in order to backup Active Directory?
    System State
  140. What is the name of the form used to track evidence
    chain of custody
  141. Incident response does not include what
    repudiation
  142. What type of agreement is between a service provider and a customer
    SLA
  143. What should be placed in promiscuous mode to allow a NIDS to monitor all network traffic?
    Sensor (NIC)
  144. One-Time Pad key size equals?
    size of data contained
  145. What would be most likely to cause a buffer overflow
    DoS
  146. What overwrites the return address in a program to help with the execution of malicious code
    Buffer Overflow
  147. Secure Key Exchange without use of PSK
    DH-ECC
  148. What is a security threat to virtual machines
    Escape
  149. What describes an attacker gaining administrator access to a system through the use of a compromised user account?
    Privilege escalation
  150. What access control method should be used in an environment with a high employee turnover rate?
    ROLE based
  151. Which type of encryption algorithm should be used when the desired result is fast and a large key size is used?
    symmetric
  152. The NMAP utility can be used to do what
    • 1. Identify the type of OS in use by a device
    • 2. Document open ports
    • 3. Spoof an IP address from which the scan is originating
  153. What is the difference between RADIUS and TACACS?
    TACACS separates authentication, authorization, and auditing

What would you like to do?

Home > Flashcards > Print Preview