Term
The SQL injection statement ____ discovers the name of a table. |
|
Definition
whatever' AND 1=(SELECT COUNT(*) FROM tabname); -- |
|
|
Term
In order to allow untrusted outside users access to resources such as Web servers, most networks employ a ____.
|
|
Definition
|
|
Term
A ____ is designed to separate a nonsecured area from a secured area. |
|
Definition
|
|
Term
Identify what to do about threats is done in
|
|
Definition
|
|
Term
A(n)_____ is hardware or software that captures packets to decode and analyze its contents |
|
Definition
|
|
Term
A ____ is a program advertised as performing one activity but actually does something else. |
|
Definition
|
|
Term
A ____ virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system. |
|
Definition
|
|
Term
There are almost ____ different Microsoft Windows file extensions that could contain a virus. |
|
Definition
|
|
Term
A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program. |
|
Definition
|
|
Term
A systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is potentially harmful is called ___ |
|
Definition
vulnerability assessment. |
|
|
Term
The expression ____ up one directory level. |
|
Definition
|
|
Term
____ is for the transport and storage of data, with the focus on what the data is. |
|
Definition
|
|
Term
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____. |
|
Definition
|
|
Term
Web application attacks are considered ____ attacks. |
|
Definition
|
|
Term
Eliminating as many security risks as possible and make the system more secure |
|
Definition
|
|
Term
Include a keyed cylinder in both the outside and inside knobs so that a key in either knob locks or unlocks both at the same time |
|
Definition
Store entry double cylinder locks |
|
|
Term
____ is an attack in which an attacker attempts to impersonate the user by using his session token. |
|
Definition
|
|
Term
____ involves horizontally separating words, although it is still readable by the human eye. |
|
Definition
|
|
Term
_______ for organizations are intended to identify vulnerabilities and alert network administrators to these problems. |
|
Definition
|
|
Term
The end product of a penetration test is the penetration ______ |
|
Definition
|
|
Term
The most popular attack toolkit, which has almost half of the attacker toolkit market is ____. |
|
Definition
|
|
Term
____ is an image spam that is divided into multiple images. |
|
Definition
|
|
Term
A ____ virus infects program executable files. |
|
Definition
|
|
Term
A ____ attack is similar to a passive man-in-the-middle attack. |
|
Definition
|
|
Term
Approximately two out of three malicious Web attacks have been developed using one of four popular attack toolkits |
|
Definition
|
|
Term
A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks. |
|
Definition
|
|
Term
An information security ____ position focuses on the administration and management of plans, policies, and people.
|
|
Definition
|
|
Term
____ ensures that only authorized parties can view information.
|
|
Definition
|
|
Term
Attack toolkits range in price from only $400 to as much as $8,000. |
|
Definition
|
|
Term
Identify what damages could result from the threats is known as |
|
Definition
|
|
Term
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry. |
|
Definition
|
|
Term
When DNS servers exchange information among themselves it is known as a ____. |
|
Definition
|
|
Term
____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected. |
|
Definition
DLP (Data Loss Prevention) |
|
|
Term
____ is defined as a security analysis of the transaction within its approved context. |
|
Definition
|
|
Term
A(n)_____ examines the current security in a passive method. |
|
Definition
|
|
Term
For a Web server's Linux system, the default root directory is typically ____. |
|
Definition
|
|
Term
____ is designed to display data, with the primary focus on how the data looks. |
|
Definition
|
|
Term
A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____. |
|
Definition
|
|
Term
Identifying how susceptible the current protection is is called |
|
Definition
|
|
Term
Each host (desktop, wireless laptop, smartphone, gateway server) runs a local application called a ____, which is sent over the network to the devices and runs as an OS service. |
|
Definition
|
|
Term
Lock the door from the inside but cannot be unlocked from the outside |
|
Definition
|
|
Term
_______ is designed to actually exploit any weaknesses in systems that are vulnerable. |
|
Definition
|
|
Term
____ uses "speckling" and different colors so that no two spam e-mails appear to be the same. |
|
Definition
|
|
Term
ARP poisoning is successful because there are no authentication procedures to verify ARP requests and replies. |
|
Definition
|
|
Term
______ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks. |
|
Definition
|
|
Term
An automated software search through a system for any known security weaknesses is technically known as |
|
Definition
|
|
Term
TCP is the main ____ protocol that is responsible for establishing connections and the reliable data transport between devices. |
|
Definition
|
|
Term
If port 20 is available, then an attacker can assume that FTP is being used. TRUE OR FALSE |
|
Definition
|
|
Term
A/an in effect takes a snapshot of the current security of the organization.
|
|
Definition
|
|
Term
A(n) ____ can block malicious content in “real time” as it appears without first knowing the URL of a dangerous site.
|
|
Definition
|
|
Term
When you Identify what needs to be protected, this is called |
|
Definition
|
|
Term
In Microsoft Windows, a ____ is a collection of security configuration settings. |
|
Definition
|
|
Term
Identifying what the pressures are against a company is called |
|
Definition
|
|
Term
_________ is a comparison of the present state of a system compared to its baseline. |
|
Definition
|
|
Term
The signal from an ID badge is detected as the owner moves near a ____, which receives the signal. |
|
Definition
|
|
Term
In a general sense, assurance may be defined as the necessary steps to protect a person or property from harm.
|
|
Definition
|
|
Term
When performing a vulnerability assessment, many organizations use____ software to search a system for any port vulnerabilities. |
|
Definition
|
|
Term
____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP).
|
|
Definition
|
|
Term
________ is the proportion of an asset’s value that is likely to be destroyed by a particular risk. |
|
Definition
|
|
Term
____ can be used to determine whether new IP addresses are attempting to probe the network. |
|
Definition
|
|
Term
The goal of ______ is to better understand who the attackers are, why they attack, and what types of attacks might occur. |
|
Definition
|
|
Term
Lock the door but have access to unlock from the outside via a small hole |
|
Definition
|
|
Term
When a policy violation is detected by the DLP agent, it is reported back to the DLP server. |
|
Definition
|
|
Term
While the code for a program is being written, it is being analyzed by a ____. |
|
Definition
|
|
Term
When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities. |
|
Definition
|
|
Term
____ are combination locks that use buttons which must be pushed in the proper sequence to open the door. |
|
Definition
|
|
Term
____ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated. |
|
Definition
|
|
Term
Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself. |
|
Definition
|
|
Term
Passive tags have ranges from about 1/3 inch to ____ feet. |
|
Definition
|
|
Term
Using video cameras to transmit a signal to a specific and limited set of receivers is called ____. |
|
Definition
|
|
Term
Securing a restricted area by erecting a barrier is called ____. |
|
Definition
|
|
Term
A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or immobile object. |
|
Definition
|
|
Term
A ____ is an independently rotating large cups affixed to the top of a fence prevent the hands of intruders from gripping the top of a fence to climb over it. |
|
Definition
|
|
Term
____ can be prewired for electrical power as well as wired network connections. |
|
Definition
|
|
Term
A ____ outlines the major security considerations for a system and becomes the starting point for solid security. |
|
Definition
|
|
Term
A ____ is software that is a cumulative package of all security updates plus additional features. |
|
Definition
|
|
Term
A(n) ____ is hardware or software that is designed to prevent malicious packets from entering or leaving computers. |
|
Definition
|
|
Term
Securing the host involves protecting the physical device itself, securing the operating system software on the system, using security-based software applications, and monitoring logs. |
|
Definition
|
|
Term
Cipher locks are the same as combination padlocks. |
|
Definition
|
|
Term
The outside can be locked or unlocked, and the inside lever is always unlocked |
|
Definition
|
|
Term
Most common type of door lock for keeping out intruders, but its security is minimal |
|
Definition
Standard keyed entry locks |
|
|
Term
Extends a solid metal bar into the door frame for extra security |
|
Definition
|
|
Term
The outside is always locked, entry is by key only, and the inside lever is always unlocked |
|
Definition
|
|
Term
Data, once restricted to papers in the office filing cabinet, now flows freely both in and out of organizations, among employees, customers, contractors, and business partners. |
|
Definition
|
|
Term
A basic level of security can be achieved through using the security features found in network hardware. TRUE OR FALSE |
|
Definition
|
|
Term
The OSI model breaks networking steps down into a series of six layers. TRUE OR FALSE |
|
Definition
|
|
Term
Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups of hosts. TRUE OR FALSE |
|
Definition
|
|
Term
TRUE OR FALSE. Workgroup switches must work faster than core switches.
|
|
Definition
|
|
Term
A ____ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment.
|
|
Definition
|
|
Term
A ____ is a network device that can forward packets across computer networks.
|
|
Definition
|
|
Term
____ is a technology that can help to evenly distribute work across a network.
|
|
Definition
|
|
Term
____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
|
|
Definition
Stateful Packet filtering |
|
|
Term
A ____ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.
|
|
Definition
|
|
Term
A(n) ____ does not serve clients, but instead routes incoming requests to the correct server.
|
|
Definition
|
|
Term
A(n) ____ encrypts all data that is transmitted between the remote device and the network |
|
Definition
|
|
Term
A(n) ____ is the end of the tunnel between VPN devices.
|
|
Definition
|
|
Term
Examining network traffic, activity, transactions, or behavior and looking for well-known patterns is known as ____-based monitoring
|
|
Definition
signature based monitoring |
|
|
Term
Each operation in a computing environment starts with a ____.
|
|
Definition
|
|
Term
___ is a technique that allows private IP addresses to be used on the public Internet.
|
|
Definition
|
|
Term
____ IP addresses are IP addresses that are not assigned to any specific user or organization.
|
|
Definition
|
|
Term
____ switches are connected directly to the devices on a network |
|
Definition
|
|
Term
A ____ allows scattered users to be logically grouped together even though they may be attached to different switches.
|
|
Definition
|
|
Term
____ provides remote users with the same access and functionality as local users through a VPN or dial-up connection.
|
|
Definition
|
|
Term
Server virtualization typically relies on the ____, which is software that runs on a physical computer to manage one or more virtual machine operating systems. |
|
Definition
|
|
Term
DNS uses port 35. Answer: True False |
|
Definition
|
|
Term
In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. |
|
Definition
Cloud Software as a service |
|
|
Term
While the code for a program is being written, it is being analyzed by a ________ |
|
Definition
|
|
Term
Latch a door closed yet do not lock; typically used on hall and closet doors |
|
Definition
|
|
Term
DNS poisoning can be prevented by using the latest editions of the DNS software known as ____. |
|
Definition
|
|
Term
TCP is responsible for addressing packets and sending them on the correct route to the destination, while IP is responsible for reliable packet transmission. Answer: True False |
|
Definition
|
|
Term
Switches, not individual switch ports are configured for MAC limiting and filtering. Answer: True False |
|
Definition
|
|
Term
A ____ can create entries in a log for all queries that are received. |
|
Definition
|
|
Term
IP telephony and Voice over IP (VoIP) are identical. |
|
Definition
|
|
Term
|
Definition
|
|
Term
The most common protocol suite used today for local area networks (LANs) as well as the Internet is ____. |
|
Definition
|
|
Term
It is possible to segment a network by physical devices grouped into logical units through a(n) ____. |
|
Definition
|
|
Term
TCP/IP uses its own five-layer architecture that includes Network Interface, Internet, Control, Transport, and Application. Answer: True False |
|
Definition
|
|
Term
Routers operate at the ____ Layer. |
|
Definition
|
|
Term
Select the statements below that correctly explain different ways to increase security of FTP traffic. |
|
Definition
Use Passive Mode and limit port ranges |
|
|
Term
The ____ is a database, organized as a hierarchy or tree, of the name of each site on the Internet and its corresponding IP number. |
|
Definition
|
|
Term
IP is the protocol that functions primarily at the Open Systems Interconnection (OSI) ____. |
|
Definition
|
|
Term
IEEE 802.1x is commonly used on wireless networks. |
|
Definition
|
|
Term
SNMP agents are protected with a password known as a(n) ____ in order to prevent unauthorized users from taking control over a device. |
|
Definition
|
|
Term
A ____ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack. |
|
Definition
|
|
Term
An example of a smurf DoS attack is when an attacker spoofs broadcasted ICMP packets to make them appear as though they came from the target of the attack. Answer: True False |
|
Definition
|
|
Term
A ____ forwards packets across computer networks. |
|
Definition
|
|
Term
____ is a means of managing and presenting computer resources by function without regard to their physical layout or location. |
|
Definition
|
|
Term
____ is used to relay query messages. |
|
Definition
|
|
Term
____ is a pay-per-use computing model in which customers pay only for the computing resources they need. |
|
Definition
|
|
Term
What would log entries showing probes to obscure ports indicate? |
|
Definition
pre attack scanning to see if a port is open and being used |
|
|
Term
In the ____ cloud computing model, the customer has the highest level of control. Choose one answer. |
|
Definition
Cloud Infrastructure as a service |
|
|
Term
Broadcast storms can be prevented with ____. |
|
Definition
|
|
Term
Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive. TRUE OR FALSE |
|
Definition
|
|
Term
Removing a rootkit from an infected computer is extremely difficult.
|
|
Definition
|
|
Term
The demand for IT professionals who know how to secure networks and computers is at an all-time low.
|
|
Definition
|
|
Term
Recent employment trends indicate that employees with security certifications are in high demand.
|
|
Definition
|
|
Term
The_____ is the expected monetary loss every time a risk occurs.
|
|
Definition
|
|
Term
_________ is the probability that a risk will occur in a particular year. |
|
Definition
Annual rate of occurrence |
|
|
Term
The________ for software is the code that can be executed by unauthorized users. |
|
Definition
|
|
Term
A(n) _____ indicates that no process is listening at this port.
|
|
Definition
|
|
Term
Despite its promise to dramatically impact IT, cloud computing raises significant security concerns. Answer: True False |
|
Definition
|
|
Term
Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.
|
|
Definition
|
|
Term
A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts.
|
|
Definition
|
|
Term
The position of ____ is generally an entry-level position for a person who has the necessary technical skills.
|
|
Definition
|
|
Term
____ attacks are responsible for half of all malware delivered by Web advertising |
|
Definition
|
|
Term
Approximately ____ percent of households in the United States use the Internet for managing their finances.
|
|
Definition
|
|
Term
In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single
|
|
Definition
|
|
Term
The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
|
|
Definition
|
|
Term
The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security. TRUE or false |
|
Definition
|
|
Term
____ ensures that information is correct and that no unauthorized person or malicious software has altered that data.
|
|
Definition
|
|
Term
In information security, a loss can be ____. a. theft of information b. a delay in transmitting information that results in a financial penalty c. the loss of good will or a reputation d. all of the above
|
|
Definition
|
|
Term
In information security, an example of a threat agent can be ____. a. a force of nature such as a tornado that could destroy computer equipment b. a virus that attacks a computer network c. an unsecured computer network d. both a and b
|
|
Definition
|
|
Term
Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
|
|
Definition
|
|
Term
What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?
|
|
Definition
|
|
Term
The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
|
|
Definition
Gramm-Leach-Bililey Act (GLBA) |
|
|
Term
The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.
|
|
Definition
|
|
Term
What is another name for unsolicited e-mail messages?
|
|
Definition
|
|
Term
ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter. |
|
Definition
|
|
Term
____ are a loose-knit network of attackers, identity thieves, and financial fraudsters. |
|
Definition
|
|
Term
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____. |
|
Definition
|
|
Term
Weakness in software can be more quickly uncovered and exploited with new software tools and techniques.
|
|
Definition
|
|
Term
According to the 2007 FBI Computer Crime and Security Survey, the loss due to the theft of confidential data for 494 respondents was approximately ____. |
|
Definition
|
|
Term
The _____ act is designed to broaden the surveillance of law enforcement agencies so they can detect and suppress terrorism. |
|
Definition
|
|
Term
COPPA requires operators of online services or Web sites designed for children under the age of _____ to obtain parental consent prior to the collection, use, disclosure, or display of a child’s personal information. |
|
Definition
|
|
Term
According to the research group Postini, over ____ of daily e-mail messages are unsolicited and could be carrying a malicious payload. |
|
Definition
|
|
Term
In a company of 500 employees, it is estimated that _____ employees would be required to combat a virus attack. |
|
Definition
|
|
Term
Approximately two out of three malicious Web attacks have been developed using one of four popular attack toolkits.
|
|
Definition
|
|
Term
Attack toolkits range in price from only $400 to as much as $8,000 |
|
Definition
|
|
Term
Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection. |
|
Definition
|
|
Term
Removing a rootkit from an infected computer is extremely difficult. |
|
Definition
|
|
Term
Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information. |
|
Definition
|
|
Term
Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection.
|
|
Definition
|
|
Term
____ is when an attacker tricks users into giving out information or performing a compromising action. |
|
Definition
|
|
Term
____ provides a greater degree of security by implementing port-based authentication. |
|
Definition
|
|
Term
A computer ____ is malicious computer code that reproduces itself on the same computer. |
|
Definition
|
|
Term
The two types of malware that have the primary objective of spreading are ____. |
|
Definition
|
|
Term
Unlike other malware, a ____ is heavily dependent upon the user for its survival. |
|
Definition
|
|
Term
A(n)____ is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.
|
|
Definition
|
|
Term
A ____ virus infects the Master Boot Record of a hard disk drive. |
|
Definition
|
|
Term
A(n)_____ is a network set up with intentional vulnerabilities. |
|
Definition
|
|
Term
A security weakness is known as a(n)_______ |
|
Definition
|
|
Term
A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks. |
|
Definition
|
|
Term
A(n)________ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications. |
|
Definition
|
|
Term
Viruses and worms are said to be self-____. |
|
Definition
|
|
Term
In a(n) ____ infection, a virus injects itself into the program's executable code instead of at the end of the file. |
|
Definition
|
|
Term
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms. |
|
Definition
|
|
Term
Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire. |
|
Definition
|
|
Term
Released in 1995, one of the first tools that was widely used for penetration testing was |
|
Definition
|
|
Term
____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user. |
|
Definition
|
|
Term
A(n) _______ scan uses various techniques to avoid detection. |
|
Definition
|
|
Term
Most vulnerability scanners maintain a(n) _____ that categorizes and describes the vulnerabilities that it can detect. |
|
Definition
|
|
Term
Vulnerability scans are usually performed from outside the security perimeter. TRUE OR FALSE |
|
Definition
|
|
Term
The "omnipresence" of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today. |
|
Definition
|
|
Term
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks. |
|
Definition
|
|
Term
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small. |
|
Definition
|
|
Term
When using a black box test, many testers use______ tricks to learn about the network infrastructure from inside employees.
|
|
Definition
|
|
Term
Because of the minor role it plays, DNS is never the focus of attacks. |
|
Definition
|
|
Term
____ is a language used to view and manipulate data that is stored in a relational database. |
|
Definition
|
|
Term
A healthy security posture results from a sound and workable strategy toward managing risks. true or false |
|
Definition
|
|
Term
HTML is a markup language that uses specific ____ embedded in brackets. |
|
Definition
|
|
Term
A/an_____ outlines the major security considerations for a system and becomes the starting point for solid security.
|
|
Definition
|
|
Term
A(n)____ box test is one in which some limited information has been provided to the tester.
|
|
Definition
|
|
Term
A(n) ______ means that the application or service assigned to that port is listening for any instructions. |
|
Definition
|
|
Term
In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested. TRUE OR FALSE |
|
Definition
|
|
Term
The first step in a vulnerability assessment is to determine the assets that need to be protected. TRUE OR FALSE |
|
Definition
|
|
Term
ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags. |
|
Definition
|
|
Term
An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing. |
|
Definition
|
|
Term
Keyed entry locks are much more difficult to defeat than deadbolt locks. |
|
Definition
|
|
Term
In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer. |
|
Definition
|
|
Term
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____. |
|
Definition
|
|
Term
____ substitutes DNS addresses so that the computer is automatically redirected to another device. |
|
Definition
|
|
Term
Use a key to open the lock from the outside |
|
Definition
|
|
Term
A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event. |
|
Definition
|
|