Final – CIS2350CG3: Principles of Information Security – Flashcards
Unlock all answers in this set
Unlock answersquestion
Select the tool below that consists of a system of security tools that is used to recognize and identify data that is critical to an organization and ensure that it is protected: a. Automated Data Policy b. Information Detection System c. Data Loss Prevention d. Local Loss Prevention
answer
c. Data Loss Prevention
question
In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network? a. local b. centered c. remote d. distributed
answer
d. distributed
question
What country is now the number one source of attack traffic? a. India b. Russia c. Indonesia d. China
answer
c. Indonesia
question
DNS poisoning can be prevented using the latest edition of what software below? a. DHCP b. finger c. BIND d. WINS
answer
c. BIND
question
A key that is generated by a symmetric cryptographic algorithm is said to be a: a. shared key b. public key c. symmetric key d. private key
answer
d. private key
question
During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities? a. vulnerability profiler b. application profiler c. threat scanner d. port scanner
answer
d. port scanner
question
At what level of the OSI model does the IP protocol function? a. Data link Layer b. Network Layer c. Transport Layer d. Presentation Layer
answer
b. Network Layer
question
One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique? a. Swiss cheese b. appender c. split d. stealth
answer
a. Swiss cheese
question
What mobile operating system below requires all applications to be reviewed and approved before they can be made available on the public store front? a. iOS b. Symbian c. Android d. Blackberry OS
answer
a. iOS
question
What SD card family can be used to transmit pictures over a wireless network to a laptop hard drive or wireless printer? a. eXtended-Capacity (SDXC) b. High Capacity (SDHC) c. Secure Digital Input Output (SDIO) d. Standard Capacity (SDSC)
answer
c. Secure Digital Input Output (SDIO)
question
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? a. whatever AND email IS NULL; -- b. whatever' AND email IS NULL; -- c. whatever" AND email IS NULL; -- d. whatever; AND email IS NULL; --
answer
b. whatever' AND email IS NULL; --
question
At what stage can a certificate no longer be used for any type of authentication? a. expiration b. revocation c. creation d. suspension
answer
a. expiration
question
Which encryption protocol below is used in the WPA2 standard? a. AES-SCMP b. AES-CCMP c. AES-CTR d. AES-TKIP
answer
b. AES-CCMP
question
Select below the string of characters that can be used to traverse up one directory level from the root directory: a. %20/ b. ../ c. ./ d. ;/
answer
b. ../
question
Which of the following is not one of the functions of a digital signature? a. Prove the integrity of the message b. Prevention of the sender from disowning the message c. Verification of the sender d. Protect the public key
answer
d. Protect the public key
question
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information? a. DAP hijacking b. LDAP poisoning c. Kerberos injection d. LDAP injection
answer
d. LDAP injection
question
What kind of certificate is typically used by an individual to secure e-mail transmissions? a. Server digital b. Personal digital c. Private digital d. Public digital
answer
b. Personal digital
question
What term below describes the start-up relationship between partners? a. On-boarding b. Uploading c. Off-boarding d. Uptaking
answer
a. On-boarding
question
What federated identity management (FIM) relies on token credentials? a. OpenID b. Windows Live c. OpenPass d. OAuth
answer
d. OAuth
question
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options? a. DIB b. LDAP c. DAP d. DIT
answer
d. DIT
question
What type of learner learns best through hands-on approaches? a. Visual b. Spatial c. Kinesthetic d. Auditory
answer
c. Kinesthetic
question
Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices? a. Application Layer b. Network Layer c. Transport Layer d. Presentation Layer
answer
c. Transport Layer
question
What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face? a. Reactive biometrics b. Standard biometrics c. Affective biometrics d. Cognitive biometrics
answer
b. Standard biometrics
question
What MAC limiting configuration setting allows for MAC addresses to be automatically learned and stored along with any addresses that were learned prior to using the configuration setting? a. Permissive b. Static c. Dynamic d. Sticky
answer
d. Sticky
question
What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters? a. Computer spies b. Cybercriminals c. Hackers d. Cyberterrorists
answer
b. Cybercriminals
question
On what principle did Julius Caesar's cyptographic messages function? a. Each alphabetic letter was replaced by a corresponding number b. Each alphabetic letter was shifted three places down in the alphabet c. Each alphabetic letter was shifted 5 places up in the alphabet. d. Each alphabetic letter was represented by a seemingly random symbol
answer
b. Each alphabetic letter was shifted three places down in the alphabet
question
Using technology to search for computer evidence of a crime in order to retrieve information, even if it has been altered or erased, that can be used in pursuit of an attacker or criminal is an example of: a. Vulnerability testing b. Penetration testing c. Risk management d. Computer forensics
answer
d. Computer forensics
question
Which term below describes the art of helping an adult learn? a. metagogical b. deontological c. andragogical d. pedagogical
answer
c. andragogical
question
What is the best way to prevent data input by a user from having potentially malicious effects on software? a. SQL validation b. Server-side validation c. Client-side validation d. Escaping user responses
answer
d. Escaping user responses
question
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service: a. HTTP b. DNS c. NSDB d. URNS
answer
b. DNS
question
What language below is for the transport and storage of data, with the focus on what the data is? a. SML b. SGML c. XML d. HTML
answer
c. XML
question
Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristics of a virus. What is the name for this technique? a. heuristic detection b. combination detection c. pattern detection d. hybrid detection
answer
a. heuristic detection
question
Select below the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree. a. TACACS+ b. NIS c. DNS d. WINS
answer
c. DNS
question
What may be defined as the components required to identify, analyze, and contain an incident? a. Vulnerability response b. Threat response c. Risk response d. Incident response
answer
d. Incident response
question
What type of device, sometimes called a packet filter, is designed to prevent malicious network packets from entering or leaving computers or networks? a. firewall b. IPS c. scanner d. honeypot
answer
a. firewall
question
What is the term for a network set up with intentional vulnerabilities? a. honeycomb b. honeynet c. honeypot d. honey hole
answer
b. honeynet
question
What is the name for a computer or application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user? a. VPN server b. proxy server c. DNS server d. telnet server
answer
b. proxy server
question
What device operates at the Network Layer (layer 3) of the OSI model and forwards packets across computer networks? a. bridge b. switch c. router d. hub
answer
c. router
question
When a company needs to identify mission-critical business functions and quantify the impact a loss of such functions may have on the organization in terms of it's operational and financial position, what should be performed? a. Business risk analysis b. Business productivity analysis c. Business alert assessment d. Business impact analysis (BIA)
answer
d. Business impact analysis (BIA)
question
What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password? a. Enable a challenge-response screen b. Enable a smart card c. Enable a lock screen d. Enable a sleep time setting
answer
c. Enable a lock screen
question
What information security position reports to the CISO and supervises technicians, administrators, and security staff? a. auditor b. engineer c. manager d. inspector
answer
c. manager
question
What concept below is at the very heart of information security? a. threat b. risk c. management d. mitigation
answer
b. risk
question
Mobile devices with global positioning system (GPS) abilities typically make use of: a. Open networks b. Location services c. Anti-virus software d. Weak passwords
answer
b. Location services
question
What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks? a. Ad-hoc peer b. WMM c. Endpoint d. Access Point
answer
d. Access Point
question
Because of the limitations of a hierarchical trust model, what type of trust model is used for CAs on the Internet? a. related trust b. distributed trust c. managed trust d. third-party trust
answer
b. distributed trust
question
Which of the following is not one of the four methods for classifying the various types of malware? a. Circulation b. Source c. Concealment d. Infection
answer
b. Source
question
What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters? a. brute force b. hash replay c. network replay d. hybrid
answer
d. hybrid
question
What kind of learners learn from taking notes, being at the front of the class, and watching presentations? a. Visual b. Spatial c. Auditory d. Kinesthetic
answer
a. Visual
question
How can an administrator manage applications on mobile devices using a technique called "app wrapping?" a. Mobile Application Management b. Extended Application Management c. Remote Application Management d. Cloud Application Management
answer
a. Mobile Application Management
question
According to the Federal Bureau of Investigation (FBI), what percentage of crime committed today leaves behind digital evidence that can be retrieved via computer forensics? a. 65 b. 75 c. 85 d. 95
answer
c. 85
