Security plus quiz

  1. Which type of malicious software does not require user assistance to propagate through the network?
    A. Worm
    B. Virus
    C. Adware
    D. Trojan Horse
  2. What would be the BEST way to reduce the number of unsolicited bulk emails that users on a company network receive?

  3. What utility is best to discover a ROOTKIT?

  4. Users inadvertently download malware from the Internet. What can you suggest to help eliminate this problem?

  5. Which type of malicious code is event driven? For example, when a certain application is opened, system files are deleted.

  6. What do the terms whitelisting, blacklisting, closing open relays and strong authentication techniques refer to?

  7. You download and install a new screen saver. You notice, after installing the screen saver, that some files are being deleted or renamed. What type of malware was your screen saver?

  8. Which type of malware does not automatically replicate itself across the network?

  9. Which type of cookie tracks user activities?
    A. Persistent cookie
    B. Authentication cookie
    C. Tracking cookie
    D. Session cookie
  10. Which type of attack could be configured to execute on a specific date?

  11. Which of the following terms references Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks?

  12. Which type of malware attempts to alter system level processes and modify registry keys?

  13. What is the primary difference between a worm and a Trojan horse?

  14. How can you best prevent computer viruses from spreading throughout the network

  15. Which term describes a spammers paradise, and allows the spoofing of email?

  16. You discover that one of your SMTP servers is sending out a tremendous amount of spam. What do you think is the main cause of this problem?

  17. Which type of virus is like a Chameleon and has the ability to mask itself and change it's appearance so it is difficult to detect?

  18. What are the primary characteristics of a computer virus?

  19. Why type of threat do USB hard drives pose to networks?
    Removal of sensitive and confidential data
  20. Reverse Proxy can be used for authentication to Network based on?
    Location, User, And Time
  21. Virtual Machines reduce what?
    Carbon Footprint
  22. Some _____ can detect virtual environments
  23. Three factor authentication:
    Location, ATM card, Pin
  24. Observe runaway process=?
    Perf. Monitor
  25. Whitelist for apps on a PC=?
  26. Digital signature provides=?
  27. 802.1X Authentication=?
  28. IPSEC requires?
    additional config for encrypted communication
  29. Goal of Penetration testing?
    Actively Assess
  30. Intruder obtains credentials=?
    Password Cracker
  31. Traffic from server over ports not well known =?
    bit torrent/file sharing
  32. Boot to onboard RAID=?
  33. Spyware can affect = ?
  34. Disable USB to prevent?
    Boot Sector Virus- through MBR (Master Boot Record)
  35. Port scanner can ?
    detect protocols
  36. To login to SSH using certs you must do what?
    Public key must be added to "authorized keys" file
  37. Signed Keys?
  38. Software restrictions limit what
    installs of needed apps
  39. _____ should be restored first
    Audit/Logging Transactions
  40. Continuity of ops planning least impact =?
    Table Top Exercise
  41. IPv6 =?
  42. Ports left open for access =?
  43. How can you make BIOS more secure and allow changes only by authorized users?

  44. How can you prevent users from copying files to USB drives? (select two)
    a. Disable the USB root hub within the OS
    b. Configure permissions on the USB devices
    c. Disable the USB within the workstations BIOS
    d. Run spyware detection against all workstations
    A, C
  45. What is the LEAST effective when hardening an OS?

  46. Which action should be performed to harden workstations and servers?
    a. Report all security incidents
    b Install only needed software
    c. Log on only as the administrator
    d. check logs regularly
  47. Which item can reduce the attack surface of an OS

  48. What preventative measures can reduce vulnerabilities on a web server

  49. What is the term used to describe the process of securing devices on a network?

  50. What is the term used to refer to a workstation or server after hardening the OS?

  51. What term refers to a standard load for all systems?

  52. Which term refers to secure coding and is used to prevent buffer overflow attacks?
    Input validation
  53. Web servers are most susceptible to which attack?
    Buffer overflow
  54. What security issues is associated with instant messaging?
    Communications are open and unprotected
  55. The MOST common exploits of Internet-exposed network services are due to:
    Buffer Overflow
  56. What term refers to the ability of an Email server to forward email to other Email servers?
    SMTP Relay
  57. How do you prevent buffer overflow?
    Apply all security patches to workstations
  58. What is the best way to prevent SQL injection attacks
    Input validation
  59. A HIDS will most often monitor what?
    System files
  60. You have installed a new software application on a machine. Which baseline needs to be updated?
    Behavior-Based HIDS
  61. Which type of system should be used to monitor for application activity and modifications?
  62. Through virtualization, the underlying operating system is protected from what?
    Malware installation from suspicious Internet sites
  63. What is the most probably reason that malware is difficult to detect
    The malware may be running at a more privileged level than the antivirus software
  64. A Java Aplet is best described by what?
    It allows customized controls, icons, and other features to increase the usability of WEB enabled systems
  65. What refers to registering a domain name and not having to pay for it for up to five days?
  66. what term refers to an attacker capturing traffic from a client to a server, and then resending that information to a server as the client?
  67. What refers to the attack the attack that can change the function of a switch to that of a hub?
    MAC flooding
  68. What is a nonessential protocol and service?
  69. The results of a port scan can be used to determine what?
    The fingerprint of the OS
  70. What port is used by Remote Desktop and Terminal Services
  71. What are two different ways ot get a user to access a spoofed website?
    altered hosts file, dns poisoning
  72. why should audit logging be enabled on DNS servers
    to monitor unauthorized zone transfers
  73. A man-in-the-middle attack can be carried out by what?
    A sniffer
  74. What refers to attempting to determine the operating system running in your networking environment based on the results of a port scan?
  75. What type of attack is referred to when a product is used to access information within an SSL session without disrupting the end user's sessions?
  76. anonymous logins =?
  77. Unauthorized DNS zone transfers would be used for what?
  78. What attack involves the attacker gaining access to a host in the network and logically disconnecting it?
    TCP/IP Hijacking
  79. what describes static NAT
    a static NAT uses a one-to-one mapping
  80. IPSEC headers are modified by what
  81. What is true concerning MAC address and DTP
    MAC addresses can be spoofed and DTP allows rogue network device to configure ports
  82. What term refers to multiple decoy servers
  83. What is the primary purpose of a honeypot
    To allow administrators a chance to observe an attack
  84. Which of the following would a security administrator use to determine if internal network clients are participating in a DDoS attack
    Firewall logs
  85. What is a protocol analyzer
  86. What NIC mode allows packets to accept traffic from any network client
  87. What would be a security risk to consider in regards to using peer-to-peer software?
    Data leakage
  88. What are bluetooth threats
    Blue Jacking, Bluesnarfing, Discovery mode
  89. What would be best to reduce the chances of a successful wireless attack?
    Implement an authentication system and WPA (highest encryption)
  90. The system administrator establishes access permissions to network resources in what access control model?
  91. The identity of the user or group is used in what access control model
  92. What is true regarding the MAC access control model
    In the MAC users cannot share resources dynamically
  93. DAC only uses the identity of the user and this causes what loophole
    Trojan horse attacks
  94. MAC uses what to identify the users who have permissions to a resource
    Predefined access privileges
  95. DAC uses what to identify the users who have permissions to a resource?
  96. What terminology or concept which best describes a MAC model
  97. Group Policy = ?
  98. A KDC (KEY distribution center) is used by what
  99. Detail when the CHAP handshake is performed after the initial logon from the client to the server
    At the stage when the connection is established and randomly after the connection has been establish
  100. Which is better, RADIUS or TACACS and why?
    TACACS, because it encrypts client-server negotiation dialogs
  101. Multiple keys + management of security associations = ?
  102. Detail TACACS
    It allows credentials to be accepted from multiple methods including Kerberos
  103. What is a mechanism that allows authentication of dial-in and other network connections
  104. Kerberos uses what port
  105. Secure LDAP uses what port?
  106. TACACS uses which port
  107. What is the purpose of using NTP within Kerberos authentication protocol
    Clocks are used to ensure that tickets expire correctly
  108. What prevents replays
  109. What replaced SLIP
  110. Proofing occurs during which phase of identification and authentication?
  111. Network access should be allowed only after which security actions have been completed?
    Identification and AUTHENTICAITON
  112. what two things to fob based authentication systems use
    Username/pw and token
  113. what position within an organization is ultimately in charge of the amount of risk?
    The senior management
  114. risk assessment should be based on?
    quantitative measurement of risk, impact, and asset value
  115. What is a password cracking utility
    a program that provides comparative analysis
  116. What is a password cracking tool
    John the Ripper/Cain
  117. A DLL injection is used most often in what?
    Penetration testing
  118. Vulnerabilities would be discovered by what?
  119. What requires a basline
    Anomaly-based and behavior-based monitoring
  120. What type of IDS uses a specific traffic pattern
    Signature based
  121. What is based on specifically defined data pattern referencing how an attack occurs
  122. Most basic type of IDS
  123. DNS operates on what port?
  124. Most encryption schemes are based on
  125. What algorithm cannot be reversed
    one-way function
  126. PKI is based on what type of encryption algorithms
  127. what is steganography primarily used for?
    hides information
  128. Birthday attacks =
  129. fastest and most secure form of encryption
  130. What encryption algorithm relies on the inability to factor large prime numbers
  131. Diffie-Hellman
    Key exchange
  132. what type of certificate trust model is used by PGP
    Peer to peer
  133. PGP
    Key ring
  134. What type of encryption is used by PGP
    Asymmetric scheme
  135. TLS uses what cryptographic algorithm to establish a session key?
  136. HTTPS/SSL uses what port
  137. SSL provides encryption at what layer of the OSI model
  138. You need to ensure connectivity redundancy for your broadband connection. What should you choose?
    Redundant ISP
  139. What needs to be backed up in order to backup Active Directory?
    System State
  140. What is the name of the form used to track evidence
    chain of custody
  141. Incident response does not include what
  142. What type of agreement is between a service provider and a customer
  143. What should be placed in promiscuous mode to allow a NIDS to monitor all network traffic?
    Sensor (NIC)
  144. One-Time Pad key size equals?
    size of data contained
  145. What would be most likely to cause a buffer overflow
  146. What overwrites the return address in a program to help with the execution of malicious code
    Buffer Overflow
  147. Secure Key Exchange without use of PSK
  148. What is a security threat to virtual machines
  149. What describes an attacker gaining administrator access to a system through the use of a compromised user account?
    Privilege escalation
  150. What access control method should be used in an environment with a high employee turnover rate?
    ROLE based
  151. Which type of encryption algorithm should be used when the desired result is fast and a large key size is used?
  152. The NMAP utility can be used to do what
    • 1. Identify the type of OS in use by a device
    • 2. Document open ports
    • 3. Spoof an IP address from which the scan is originating
  153. What is the difference between RADIUS and TACACS?
    TACACS separates authentication, authorization, and auditing
Card Set
Security plus quiz
security plus