info sec – Flashcards
Unlock all answers in this set
Unlock answersquestion
OCTAVE is a:
answer
. risk-assessment process
question
A security analyst is performing a security assessment. The analyst should not:
answer
take actions to mitigate a serious risk
question
A rational security decision, such as locking your vehicle when not in use, is an example of:
answer
reasoned paranoia
question
Supervisory control and data acquisition (SCADA) devices are most often associated with:
answer
utilities
question
An attempt by a threat agent to exploit assets without permission is referred to as:
answer
an attack
question
A person skilled in attacking computer systems, who uses those skills as a security expert to help protect systems, is a:
answer
white-hat hacker
question
When disclosing a security vulnerability in a system or software, the manufacturer should avoid
answer
including enough detail to allow an attacker to exploit the vulnerability
question
One of the vulnerabilities the Morris worm used was a networking service called finger. The purpose of the finger service is to
answer
report the status of individual computer users
question
A type of security control that takes measures to help restore a system is referred to as:
answer
corrective
question
The primary element on a computer motherboard that runs programs and makes the computer work is
answer
the central processing unit (CPU)
question
The directory access right that allows a user to search for a name in a file's path but not examine the directory as a whole is called
answer
seek
question
An interpreter is a program that interprets the text of a program one word at a time, and performs the actions specified in the text. The following are examples of interpreters except:
answer
Java
question
The type of computer-based access control that involves a process that uses secret or hidden information in order to retrieve particular data items is
answer
puzzle
question
A zero-day exploit
answer
has no software patch
question
The character that separates directories in a Windows directory path is
answer
the back slash ( )
question
The computer connection that allows you to attach several separate components is called
answer
A Bus
question
General security access controls refer to objects, rights, and:
answer
subjects
question
The product that creates financial-fraud botnets using Zbot malware and is offered for sale on the black market is:
answer
ZeuS
question
The main purpose of a software patch is to:
answer
fix a bug in a program
question
A type of security control in which you unplug a computer from the Internet to protect it from malware is
answer
mechanical
question
In a hierarchical file system directory, the topmost directory is called the:
answer
root
question
A typical hard drive has an arm, a read/write head, and
answer
platters
question
For data to be cryptographically random, it:
answer
cannot be produced by a procedure
question
A keystroke logger is often associated with
answer
botnets
question
The condition in which files automatically take on the same permissions as the folder in which they reside is called:
answer
dynamic inheritance
question
In Windows, when you copy a file from one folder to another and the folders have different access permissions, the file:
answer
. takes on the access rights of the destination folder
question
The law that establishes security measures that must be taken on health-related information
answer
HIPAA
question
When collecting digital evidence from a crime scene, often the best strategy for dealing with a computer that is powered on is to
answer
unplug it
question
The file system that organizes a volume's contents around five master files, such as the catalog file and the extents overflow file, is
answer
HFS+
question
The sector(s) at the beginning of a hard disk that identify the starting block of each partition is called the
answer
master boot record
question
A security database that contains entries for users and their access rights for files and folders is
answer
an access control list (ACL)
question
The Fourth Amendment prevents arbitrary searches of areas where users expect their privacy to be protected. This is referred to as:
answer
reasonable expectation of privacy
question
Hashing
answer
transforms readable text into gibberish
question
The inode is the data structure on a drive that describes each file and is used in
answer
UFS
question
An attack in which someone tries to trick a system administrator into divulging a password is called
answer
social engineering
question
The major file system used with Windows today is
answer
NTFS
question
An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of
answer
two-factor authentication
question
A primary use of event logs is to:
answer
serve as an audit trail
question
In a password system, the total number of possible passwords is called the
answer
search space
question
The file system that uses a master file table is:
answer
NTFS
question
In a Diffie-Hellman calculation using P=g^s mod N , s is
answer
the private key value
question
An Advanced Encryption Standard (AES) key may not be
answer
16 bits in length
question
The type of cipher that rearranges the text of a message is called
answer
transposition
question
To use symmetric cryptography, the sender and receiver must share:
answer
a secret key
question
Digital signatures are often used to provide
answer
nonrepudiation
question
Volume encryption protects data on a computer against:
answer
theft
question
The following are common ways to handle new encryption keys except
answer
transfer them via instant messenger
question
A self-encrypting drive locks data on the hard disk by
answer
erasing the encryption key when the drive is unplugged or reset
question
Hiding an object, such as a diary, to prevent others from finding it is an example of
answer
Security through Obscurity
question
A file encryption program
answer
truncates a passphrase that is too long
question
File encryption protects data on a computer against the following except:
answer
Trojan crypto
question
The following are properties of persistent key storage except:
answer
it uses volatile storage
question
1111 1111 - 1111 1111 - 1111 0000 - 0000 0000 is an example of:
answer
a binary network mask
question
A disadvantage of a mesh network is
answer
congestion
question
A disadvantage of a tree network is
answer
address-based size limits
question
Modern internet technology evolved from research on:
answer
the ARPANET
question
A disadvantage of a point-to-point network is
answer
no broadcasting
question
An advantage of packet switching is
answer
parallel transmission
question
To see a list of MAC addresses on a Windows-based network:
answer
issue the ipconfig /all command
question
An advantage of a bus network is
answer
no routing
question
192.168.1.1 is an example of:
answer
an IPv4 address
question
Primary forms of Ethernet media include the following except:
answer
nano
question
The well-known port number 80 is used for
answer
the World Wide Web
question
The whois database provides the following information except
answer
the annual cost to rent the domain name
question
Confidential company information that would give competitors a commercial advantage if leaked is called
answer
a trade secret
question
The software-based access control that identifies data items that require different types of protection is:
answer
internal security labeling
question
On the Internet, the entity that looks up a domain name and retrieves information about it is the:
answer
Domain Name System (DNS)
question
In the Web site address www.stthomas.edu, the top-level domain is:
answer
edu
question
Packet filtering looks at any packet header and filters on these values except:
answer
number of addresses
question
Rules that restrict certain types of information to specific groups within a company are categorized as
answer
need to know
question
An attack in which one or more hosts conspire to inundate a victim with ping requests is called a:
answer
ping flood
question
The "trust but verify" maxim applies to the Web site usage management technique of:
answer
monitoring
question
Managing a website's subject matter and files and constructing web pages can be accomplished with
answer
a content management system
question
A email security problem that can be prevented from occurring is:
answer
a connection-based attack
question
Chain emails often result in:
answer
excessive email traffic directed at a victim
question
Another term for an SMTP email server is:
answer
message transfer agent (MTA)
question
You are accessing an SSL-protected Web site, such as an online bank, and authentication fails. Your browser displays a message indicating why. The following is always an unsafe situation:
answer
Invalid digital signature
question
Using content control to control Internet traffic, a gateway focuses on a packet's
answer
application data
question
Firewalls use the following mechanisms to filter traffic except:
answer
hardware filtering
question
A point of presence system that analyzes network traffic to detect leaking data is:
answer
a data loss prevention system
question
The language that's the foundation of most Web pages is:
answer
Hypertext Markup Language (HTML)
question
You can often determine that an email message is a forgery by examining the:
answer
the first Received header
question
The Web address http://[email protected]/login.html is an example of:
answer
misleading syntax
question
ASPX is:
answer
ASP scripting extended to support Microsoft's .NET framework