Security + Module 3 & 4 Exam – Flashcards
Unlock all answers in this set
Unlock answersquestion
Embedded system
answer
A system such as a printer, smart TV, or HVAC controller, typically uses an operating system on what is called a ________
question
Using a mantrap
answer
How can an area be made secure from a non-secured area via two interlocking doors to a small room?
question
Radio Frequency Identification (RFID)
answer
Proximity reader utilize a special type of tag that can be affixed to the inside of an ID badge. What is the name for this type of tag?
question
True
answer
XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user. T/F
question
CCTV (Closed Caption)
answer
What type of video surveillance is typically used by banks, casinos, airports, and military instillations, and commonly employs guards who actively monitor the surveillance?
question
Rollar Barrier
answer
An independently rotating large up of affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it. What is the name for this technology?
question
whatever' OR full_name LIKE %Mia%
answer
SQL injection statement example below that could be used to find specific user
question
SQL
answer
Stands for secured Query Language. It is used to communicate with a database. It is the standard language for relational database management systems.
question
Bayseian filtering
answer
What type of filtering utilizes an analysis of the content of spam messages in comparison to actual / non-spam messages in order to make intelligent decisions as to what should be considered spam
question
False
answer
Keyed entry locks are much more difficult to defeat than deadbolt locks. T/F
question
DNS poisoning
answer
How can an attacker substitute a DNS address so tat a computer is automatically redirected to another device?
question
DNS
answer
Domain Name System whose main job is to translate domain names to IP addresses
question
Heuristic direction
answer
Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristic of a virus. What is the name for this technique.
question
HTML
answer
What language is designed to display data with a primary focus on how the data looks?
question
Resolution settings
answer
What is not one of the types of settings that would be included in a Microsoft Windows security template?
question
Content inspection
answer
Most DLP systems make use of what method of security analysis?
question
DLP
answer
Digital Light Processing
question
Activity Phase Controls
answer
Subtypes of security controls, classified as a deterrent, preventive, detective, compensations, or corrective.
question
Access List
answer
A paper or electronic record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area.
question
Bayesian Filtering
answer
Spam filtering software that analyzed every word in an email and determines how frequently a word occurs in order to determine if it is spam
question
Fuzz Testing
answer
A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program
question
Cross-Site Request Forgery (XSRF)
answer
An attack that uses the user's web browser setting to impersonate the user
question
NoSQL
answer
a nonrelational database that is better tuned for accessing large data sets
question
Supervisory Control and Data Acquisition (SCADA)
answer
Large-scale, industrial control systems
question
Barricade
answer
A structure designed to block the passage of traffic
question
XML (Extensible Markup Language)
answer
What language is used for the transport and storage of data, with the focus on what the data is?
question
Drive-by-Download
answer
A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?
question
Zone Transfer
answer
The exchange of information among DNS servers regarding configured zones is known as:
question
True
answer
Securing the host involves protecting the physical device itself, securing the operating system software on the system, using security-based software applications, and monitoring logs
question
whatever'; DROP TABLE members; -
answer
SQL injection statement that can be used to erase an entire database table?
question
Static Analysis
answer
Anti-virus products typically utilize what type of virus scanning analysis?
question
Privilege Escalation
answer
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?
question
Server-Side
answer
Attacks that take place against web based services are considered to be what type of attack?
question
Cable Lock
answer
Most portable devices, and some computer monitors, have a special steel bracket security slot built into the case, which can be used in conjunction with a:
question
True
answer
DLP agent sensors are installed on each host device, and monitor for actions such as printing, copying to a USB flash drive, and burning to a CD or DVD.
question
Escaping user responses
answer
What is the best way to prevent data input by a user from having potentially malicious effects on software?
question
HTTP header
answer
What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?
question
False
answer
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies: T/F
question
-/
answer
String of characters that can be used to traverse up on dictionary level from the root directory:
question
Replay
answer
Which type of attack below is similar to a passive man-in-the-middle attack?
question
C:Inetpub wwwroot
answer
Default root directory of the Microsoft Internet Information Services (IIS) Web server is located in which directory?
question
False
answer
Because the XSS is a widely known attack, the number of Web sites that are vulnerable are very small T/F
question
Baseline
answer
What is the name for a standard or checklist against which system can be evaluated and audited for their level of security (security posture)?