Term
| Smart phones give the owner of the device the ability to download security updates. |
|
Definition
|
|
Term
| Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format? |
|
Definition
|
|
Term
| Successful attacks are usually not from software that is poorly designed and has architecture/design weaknesses. |
|
Definition
|
|
Term
| Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data. |
|
Definition
|
|
Term
| One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government. |
|
Definition
|
|
Term
| According to the U.S. Bureau of Labor Statistics, what percentage of growth for information security analysts is the available job outlook supposed to reach through 2024? |
|
Definition
|
|
Term
| What class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period? |
|
Definition
| Advanced Persistent Threat |
|
|
Term
| In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network? |
|
Definition
|
|
Term
| What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? |
|
Definition
|
|
Term
| Which of the following is a common security framework? (Choose all that apply.) |
|
Definition
|
|
Term
| In information security, what can constitute a loss? |
|
Definition
a delay in transmitting information that results in a financial penalty
the loss of good will or a reputation
theft of information
all of the above |
|
|
Term
| Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so? |
|
Definition
|
|
Term
| What information security position reports to the CISO and supervises technicians, administrators, and security staff? |
|
Definition
|
|
Term
| The Security Administrator reports directly to the CIO. |
|
Definition
|
|
Term
| What process describes using technology as a basis for controlling the access and usage of sensitive data? |
|
Definition
|
|
Term
| Which term below is frequently used to describe the tasks of securing information that is in a digital format? |
|
Definition
|
|
Term
| What term describes a layered security approach that provides the comprehensive protection? |
|
Definition
|
|
Term
| What term is used to describe a group that is strongly motivated by ideology, but is usually not considered to be well-defined and well-organized? |
|
Definition
|
|
Term
| A vulnerability is a flaw or weakness that allows a threat to bypass security. |
|
Definition
|
|
Term
| Which of the following are considered threat actors? (Choose all that apply.) |
|
Definition
|
|
Term
| What type of malware is heavily dependent on a user in order to spread? |
|
Definition
|
|
Term
| Phishing is sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information. |
|
Definition
|
|
Term
| How many different Microsoft Windows file types can be infected with a virus? |
|
Definition
|
|
Term
| A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as: |
|
Definition
|
|
Term
| Select below the type of malware that appears to have a legitimate use, but contains something malicious: |
|
Definition
|
|
Term
| What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as a virus? |
|
Definition
|
|
Term
| What specific science discipline do most social engineering attacks rely on when they are being used? |
|
Definition
|
|
Term
| A virus self-replicates on the host computer and spreads to other computers by itself. |
|
Definition
|
|
Term
| A remote access Trojan has the basic functionality of a Trojan but also gives the threat actor unauthorized remote access to the victim's computer by using specially configured communication protocols. |
|
Definition
|
|
Term
| What type of structure is used to provide instructions to infected bot computers? |
|
Definition
|
|
Term
| What social engineering principal frightens and coerces a victim by using threats? |
|
Definition
|
|
Term
| Malware is software that enters a computer system with the user's knowledge or consent and then performs an unwanted and harmful action. |
|
Definition
|
|
Term
| A polymorphic virus changes its internal code to one of a set number of predefined mutations whenever it is executed. |
|
Definition
|
|
Term
| A rootkit can hide its presence, but not the presence of other malware. |
|
Definition
|
|
Term
| What specific type of phishing attack uses the telephone to target a victim? |
|
Definition
|
|
Term
| What type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks? |
|
Definition
|
|
Term
| Select the term used to describe tracking software that is deployed without the consent or control of the user. |
|
Definition
|
|
Term
| Two types of malware have the primary trait of circulation. These are viruses and worms. |
|
Definition
|
|
Term
| What type of ransomware displays a screen and prevents the user from accessing the computer's resources? |
|
Definition
|
|
Term
| What social engineering principal convinces a victim an immediate action is needed? |
|
Definition
|
|
Term
| One of the first popular symmetric cryptography algorithms was RSA. |
|
Definition
|
|
Term
| Which type of cryptographic algorithm takes an input string of any length, and returns a string of any requested variable length? |
|
Definition
|
|
Term
| What is a block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits? |
|
Definition
|
|
Term
| The simplest type of stream cipher, one in which one letter or character is exchanged for another, is known as what? |
|
Definition
|
|
Term
| What alternative term can be used to describe asymmetric cryptographic algorithms? |
|
Definition
|
|
Term
| Obfuscation is making something well known or clear. |
|
Definition
|
|
Term
| Which of the following asymmetric cryptography algorithms is most commonly used? |
|
Definition
|
|
Term
| When Bob needs to send Alice a message with a digital signature, whose private key is used to encrypt the hash? |
|
Definition
|
|
Term
| What term best describes when cryptography is applied to entire disks instead of individual files or groups of files? |
|
Definition
|
|
Term
| Asymmetric cryptographic algorithms are also known as private key cryptography. |
|
Definition
|
|
Term
| What type of cryptographic algorithm creates a unique digital fingerprint of a set of data? |
|
Definition
|
|
Term
| What widely used commercial asymmetric cryptography software can be used for encrypting files and email messages? |
|
Definition
|
|
Term
| What type of cipher takes one character and replaces it with one character, working one character at a time? |
|
Definition
|
|
Term
| Which of the following are considered to be common asymmetric cryptographic algorithms? (Choose all that apply.) |
|
Definition
Digital Signature Algorithm
Elliptic Curve Cryptography |
|
|
Term
| What type of message authentication code uses hashing to authenticate the sender by using both a hash function and a secret cryptographic key? |
|
Definition
|
|
Term
| Which of the following is not one of the functions of a digital signature? |
|
Definition
|
|
Term
| GNU Privacy Guard a proprietary software that runs on different operating systems. |
|
Definition
|
|
Term
| Data that is in an unencrypted form is referred to as which of the following? |
|
Definition
|
|
Term
| What technology uses a chip on the motherboard of the computer to provide cryptographic services? |
|
Definition
|
|
Term
| The XOR cipher is based on the binary operation eXclusive OR that compares two bits. |
|
Definition
|
|
Term
| A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? |
|
Definition
| Certificate practice statement (CPS) |
|
|
Term
| Select the secure alternative to the telnet protocol: |
|
Definition
|
|
Term
| What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs? |
|
Definition
|
|
Term
| What protocol below supports two encryption modes: transport and tunnel? |
|
Definition
|
|
Term
| What is used to create session keys? |
|
Definition
|
|
Term
| The Authentication Header (AH) protocol is a part of what encryption protocol suite below? |
|
Definition
|
|
Term
| What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks, and each block is then encrypted separately? |
|
Definition
|
|
Term
| What process links several certificates together to establish trust between all the certificates involved? |
|
Definition
|
|
Term
| Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session? |
|
Definition
|
|
Term
| SSL v3.0 served as the basis for TLS v1.0. |
|
Definition
|
|
Term
| Stream ciphers work on multiple characters at a time. |
|
Definition
|
|
Term
| What type of trust model is used as the basis for most digital certificates used on the Internet? |
|
Definition
|
|
Term
| What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission? |
|
Definition
|
|
Term
| What common method is used to ensure the security and integrity of a root CA? |
|
Definition
| Keep it in an offline state from the network. |
|
|
Term
| What is a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest? |
|
Definition
|
|
Term
| What kind of digital certificate is typically used to ensure the authenticity of a web server to a client? |
|
Definition
|
|
Term
| A framework for all of the entities involved in digital certificates for digital certificate management is known as: |
|
Definition
| public key infrastructure |
|
|
Term
| Digital certificates should last forever. |
|
Definition
|
|
Term
| What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system? |
|
Definition
|
|
Term
| Some CAs issue only entry-level certificates that provide domain-only validation. |
|
Definition
|
|
Term
| How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? |
|
Definition
|
|
Term
| When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service: |
|
Definition
|
|
Term
| Which SQL injection statement example below could be used to discover the name of the table? |
|
Definition
| whatever' AND 1=(SELECT COUNT(*) FROM tabname); -- |
|
|
Term
| What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor? |
|
Definition
|
|
Term
| The exchange of information among DNS servers regarding configured zones is known as: |
|
Definition
|
|
Term
| What type of privileges to access hardware and software resources are granted to users or devices? |
|
Definition
|
|
Term
| What type of additional attack does ARP spoofing rely on? |
|
Definition
|
|
Term
| On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? |
|
Definition
|
|
Term
| A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it. |
|
Definition
|
|
Term
| What type of web server application attacks introduce new input to exploit a vulnerability? |
|
Definition
|
|
Term
| An attack in which the attacker attempts to impersonate the user by using his or her session token is known as: |
|
Definition
|
|
Term
| What protocol can be used by a host on a network to find the MAC address of another device based on an IP address? |
|
Definition
|
|
Term
| Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? |
|
Definition
| whatever' AND email IS NULL; -- |
|
|
Term
| What language below is used to view and manipulate data that is stored in a relational database? |
|
Definition
|
|
Term
| Traditional network security devices can block traditional network attacks, but they cannot always block web application attacks. |
|
Definition
|
|
Term
| What specific ways can a session token be transmitted? (Choose all that apply.) |
|
Definition
In the header of the HTTP requisition.
In the URL. |
|
|
Term
| Securing web applications is easier than protecting other systems. |
|
Definition
|
|
Term
| The malicious content of an XSS URL is confined to material posted on a website |
|
Definition
|
|
Term
| Choose the SQL injection statement example below that could be used to find specific users: |
|
Definition
| whatever' OR full_name LIKE '%Mia%' |
|
|
Term
| In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow. |
|
Definition
|
|
