Shared Flashcard Set

Details

Sec midterm
slkdf
213
Advertising
Pre-School
10/18/2012

Additional Advertising Flashcards

 


 

Cards

Term
The SQL injection statement ____ discovers the name of a table.
Definition
whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
Term
In order to allow untrusted outside users access to resources such as Web servers, most networks employ a
____.
Definition
dmz
Term
A ____ is designed to separate a nonsecured area from a secured area.
Definition
mantrap
Term
Identify what to do about threats is done in
Definition
risk mitigation.
Term
A(n)_____ is hardware or software that captures packets to decode and analyze its contents
Definition
protocol analyzer
Term
A ____ is a program advertised as performing one activity but actually does something else.
Definition
Trojan
Term
A ____ virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.
Definition
resident
Term
There are almost ____ different Microsoft Windows file extensions that could contain a virus.
Definition
70
Term
A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program.
Definition
companion
Term
A systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is potentially harmful is called ___
Definition
vulnerability assessment.
Term
The expression ____ up one directory level.
Definition
../ traverses
Term
____ is for the transport and storage of data, with the focus on what the data is.
Definition
XML
Term
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.
Definition
C:\Inetpub\ wwwroot
Term
Web application attacks are considered ____ attacks.
Definition
server-side
Term
Eliminating as many security risks as possible and make the system more secure
Definition
Hardening
Term
Include a keyed cylinder in both the outside and inside knobs so that a key in either knob locks or unlocks both at the same time
Definition
Store entry double cylinder locks
Term
____ is an attack in which an attacker attempts to impersonate the user by using his session token.
Definition
Session hijacking
Term
____ involves horizontally separating words, although it is still readable by the human eye.
Definition
Word splitting
Term
_______ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.
Definition
Vulnerability scanners
Term
The end product of a penetration test is the penetration ______
Definition
test report.
Term
The most popular attack toolkit, which has almost half of the attacker toolkit market is ____.
Definition
MPack
Term
____ is an image spam that is divided into multiple images.
Definition
GIF layering
Term
A ____ virus infects program executable files.
Definition
program
Term
A ____ attack is similar to a passive man-in-the-middle attack.
Definition
replay
Term
Approximately two out of three malicious Web attacks have been developed using one of four popular attack toolkits
Definition
False
Term
A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks.
Definition
Easter egg
Term
An information security ____ position focuses on the administration and management of plans, policies, and
people.
Definition
Manager
Term
____ ensures that only authorized parties can view information.
Definition
Confidentiality
Term
Attack toolkits range in price from only $400 to as much as $8,000.
Definition
False
Term
Identify what damages could result from the threats is known as
Definition
risk assessment.
Term
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.
Definition
DNS poisoning
Term
When DNS servers exchange information among themselves it is known as a ____.
Definition
Zone transfer
Term
____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.
Definition
DLP (Data Loss Prevention)
Term
____ is defined as a security analysis of the transaction within its approved context.
Definition
Content inspection
Term
A(n)_____ examines the current security in a passive method.
Definition
vulnerability scan
Term
For a Web server's Linux system, the default root directory is typically ____.
Definition
/var/www
Term
____ is designed to display data, with the primary focus on how the data looks.
Definition
HTML
Term
A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.
Definition
drive-by-download
Term
Identifying how susceptible the current protection is is called
Definition
vulnerability appraisal.
Term
Each host (desktop, wireless laptop, smartphone, gateway server) runs a local application called a ____, which is sent over the network to the devices and runs as an OS service.
Definition
DLP Agent
Term
Lock the door from the inside but cannot be unlocked from the outside
Definition
Patio locks
Term
_______ is designed to actually exploit any weaknesses in systems that are vulnerable.
Definition
Penetration test
Term
____ uses "speckling" and different colors so that no two spam e-mails appear to be the same.
Definition
Geometric variance
Term
ARP poisoning is successful because there are no authentication procedures to verify ARP requests and replies.
Definition
True
Term
______ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.
Definition
Outsourcing
Term
An automated software search through a system for any known security weaknesses is technically known as
Definition
vulnerability scan.
Term
TCP is the main ____ protocol that is responsible for establishing connections and the reliable data transport between devices.
Definition
Transport Layer (4)
Term
If port 20 is available, then an attacker can assume that FTP is being used. TRUE OR FALSE
Definition
TRUE
Term
A/an in effect takes a snapshot of the current security of the organization.
Definition
vulnerability appraisal
Term
A(n) ____ can block malicious content in “real time” as it appears without first knowing the URL of a
dangerous site.
Definition
Web security gateway
Term
When you Identify what needs to be protected, this is called
Definition
asset identification.
Term
In Microsoft Windows, a ____ is a collection of security configuration settings.
Definition
security template
Term
Identifying what the pressures are against a company is called
Definition
threat evaluation.
Term
_________ is a comparison of the present state of a system compared to its baseline.
Definition
Baseline reporting
Term
The signal from an ID badge is detected as the owner moves near a ____, which receives the signal.
Definition
proximity reader
Term
In a general sense, assurance may be defined as the necessary steps to protect a person or property from
harm.
Definition
False
Term
When performing a vulnerability assessment, many organizations use____ software to search a system for any port vulnerabilities.
Definition
port scanner
Term
____ is typically used on home routers that allow multiple users to share one IP address received from an
Internet service provider (ISP).
Definition
PAT
Term
________ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.
Definition
Exposure factor
Term
____ can be used to determine whether new IP addresses are attempting to probe the network.
Definition
Firewall Logs
Term
The goal of ______ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
Definition
threat modeling
Term
Lock the door but have access to unlock from the outside via a small hole
Definition
Privacy locks
Term
When a policy violation is detected by the DLP agent, it is reported back to the DLP server.
Definition
True
Term
While the code for a program is being written, it is being analyzed by a ____.
Definition
code review
Term
When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities.
Definition
port scanner
Term
____ are combination locks that use buttons which must be pushed in the proper sequence to open the door.
Definition
Cipher Locks
Term
____ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated.
Definition
Tailgate sensors
Term
Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself.
Definition
Physical Token
Term
Passive tags have ranges from about 1/3 inch to ____ feet.
Definition
19
Term
Using video cameras to transmit a signal to a specific and limited set of receivers is called ____.
Definition
CCTV
Term
Securing a restricted area by erecting a barrier is called ____.
Definition
fencing
Term
A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or immobile object.
Definition
Cable Lock
Term
A ____ is an independently rotating large cups affixed to the top of a fence prevent the hands of intruders from gripping the top of a fence to climb over it.
Definition
roller barrier
Term
____ can be prewired for electrical power as well as wired network connections.
Definition
Locking Cabinet
Term
A ____ outlines the major security considerations for a system and becomes the starting point for solid security.
Definition
baseline
Term
A ____ is software that is a cumulative package of all security updates plus additional features.
Definition
service pack
Term
A(n) ____ is hardware or software that is designed to prevent malicious packets from entering or leaving computers.
Definition
firewall
Term
Securing the host involves protecting the physical device itself, securing the operating system software on the system, using security-based software applications, and monitoring logs.
Definition
True
Term
Cipher locks are the same as combination padlocks.
Definition
False
Term
The outside can be locked or unlocked, and the inside lever is always unlocked
Definition
Classroom locks
Term
Most common type of door lock for keeping out intruders, but its security is minimal
Definition
Standard keyed entry locks
Term
Extends a solid metal bar into the door frame for extra security
Definition
Deadbolt locks
Term
The outside is always locked, entry is by key only, and the inside lever is always unlocked
Definition
Storeroom locks
Term
Data, once restricted to papers in the office filing cabinet, now flows freely both in and out of organizations, among employees, customers, contractors, and business partners.
Definition
True
Term
A basic level of security can be achieved through using the security features found in network hardware. TRUE OR FALSE
Definition
TRUE
Term
The OSI model breaks networking steps down into a series of six layers.
TRUE OR FALSE
Definition
FALSE
Term
Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups
of hosts.
TRUE OR FALSE
Definition
TRUE
Term
TRUE OR FALSE. Workgroup switches must work faster than core switches.
Definition
False
Term
A ____ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair
copper or fiber-optic cables in order to make them function as a single network segment.
Definition
hub
Term
A ____ is a network device that can forward packets across computer networks.
Definition
router
Term
____ is a technology that can help to evenly distribute work across a network.
Definition
Load Balancing
Term
____ keeps a record of the state of a connection between an internal computer and an external device and
then makes decisions based on the connection as well as the conditions.
Definition
Stateful Packet filtering
Term
A ____ is a computer or an application program that intercepts a user request from the internal secure
network and then processes that request on behalf of the user.
Definition
Proxy server
Term
A(n) ____ does not serve clients, but instead routes incoming requests to the correct server.
Definition
Reverse Proxy
Term
A(n) ____ encrypts all data that is transmitted between the remote device and the network
Definition
VPN
Term
A(n) ____ is the end of the tunnel between VPN devices.
Definition
endpoint
Term
Examining network traffic, activity, transactions, or behavior and looking for well-known patterns is known
as ____-based monitoring
Definition
signature based monitoring
Term
Each operation in a computing environment starts with a ____.
Definition
System Call
Term
___ is a technique that allows private IP addresses to be used on the public Internet.
Definition
NAT
Term
____ IP addresses are IP addresses that are not assigned to any specific user or organization.
Definition
Private ip addresses
Term
____ switches are connected directly to the devices on a network
Definition
Workgroup
Term
A ____ allows scattered users to be logically grouped together even though they may be attached to different
switches.
Definition
Vlan
Term
____ provides remote users with the same access and functionality as local users through a VPN or dial-up
connection.
Definition
Remote access
Term
Server virtualization typically relies on the ____, which is software that runs on a physical computer to manage one or more virtual machine operating systems.
Definition
Hypervisor
Term
DNS uses port 35.
Answer:
True
False
Definition
False
Term
In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure.
Definition
Cloud Software as a service
Term
While the code for a program is being written, it is being analyzed by a ________
Definition
code review.
Term
Latch a door closed yet do not lock; typically used on hall and closet doors
Definition
Passage locks
Term
DNS poisoning can be prevented by using the latest editions of the DNS software known as ____.
Definition
BIND
Term
TCP is responsible for addressing packets and sending them on the correct route to the destination, while IP is responsible for reliable packet transmission.
Answer:
True
False
Definition
False
Term
Switches, not individual switch ports are configured for MAC limiting and filtering.
Answer:
True
False
Definition
False
Term
A ____ can create entries in a log for all queries that are received.
Definition
DNS log
Term
IP telephony and Voice over IP (VoIP) are identical.
Definition
False
Term
what port does ftp use
Definition
21
Term
The most common protocol suite used today for local area networks (LANs) as well as the Internet is ____.
Definition
TCP/IP
Term
It is possible to segment a network by physical devices grouped into logical units through a(n) ____.
Definition
VLAN
Term
TCP/IP uses its own five-layer architecture that includes Network Interface, Internet, Control, Transport, and Application.
Answer:
True
False
Definition
False
Term
Routers operate at the ____ Layer.
Definition
Network
Term
Select the statements below that correctly explain different ways to increase security of FTP traffic.
Definition
Use Passive Mode and limit port ranges
Term
The ____ is a database, organized as a hierarchy or tree, of the name of each site on the Internet and its corresponding IP number.
Definition
DNS
Term
IP is the protocol that functions primarily at the Open Systems Interconnection (OSI) ____.
Definition
Network Layer (3)
Term
IEEE 802.1x is commonly used on wireless networks.
Definition
True
Term
SNMP agents are protected with a password known as a(n) ____ in order to prevent unauthorized users from taking control over a device.
Definition
Community String
Term
A ____ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack.
Definition
Flood Guard
Term
An example of a smurf DoS attack is when an attacker spoofs broadcasted ICMP packets to make them appear as though they came from the target of the attack.
Answer:
True
False
Definition
True
Term
A ____ forwards packets across computer networks.
Definition
Router
Term
____ is a means of managing and presenting computer resources by function without regard to their physical layout or location.
Definition
Virtualization
Term
____ is used to relay query messages.
Definition
ICMP
Term
____ is a pay-per-use computing model in which customers pay only for the computing resources they need.
Definition
Cloud Computing
Term
What would log entries showing probes to obscure ports indicate?
Definition
pre attack scanning to see if a port is open and being used
Term
In the ____ cloud computing model, the customer has the highest level of control.
Choose one answer.
Definition
Cloud Infrastructure as a service
Term
Broadcast storms can be prevented with ____.
Definition
Loop protection
Term
Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and
signature-based monitoring by being more adaptive and proactive instead of reactive. TRUE OR FALSE
Definition
TRUE
Term
Removing a rootkit from an infected computer is extremely difficult.
Definition
True
Term
The demand for IT professionals who know how to secure networks and computers is at an all-time low.
Definition
False
Term
Recent employment trends indicate that employees with security certifications are in high demand.
Definition
True
Term
The_____ is the expected monetary loss every time a risk occurs.
Definition
single loss expectancy
Term
_________ is the probability that a risk will occur in a particular year.
Definition
Annual rate of occurrence
Term
The________ for software is the code that can be executed by unauthorized users.
Definition
attack surface
Term
A(n) _____ indicates that no process is listening at this port.
Definition
closed port
Term
Despite its promise to dramatically impact IT, cloud computing raises significant security concerns.
Answer:
True
False
Definition
True
Term
Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive
information.
Definition
True
Term
A study by Foote Partners showed that security certifications earn employees ____ percent more pay than
their uncertified counterparts.
Definition
10 to 14
Term
The position of ____ is generally an entry-level position for a person who has the necessary technical skills.
Definition
Security Technician
Term
____ attacks are responsible for half of all malware delivered by Web advertising
Definition
Fake Antivirus
Term
Approximately ____ percent of households in the United States use the Internet for managing their finances.
Definition
80
Term
In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single
Definition
Distributed
Term
The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
Definition
Information Security
Term
The CompTIA Security+ Certification is aimed at an IT security professional with the recommended
background of a minimum of two years experience in IT administration, with a focus on security.
TRUE or false
Definition
True
Term
____ ensures that information is correct and that no unauthorized person or malicious software has altered
that data.
Definition
Integrity
Term
In information security, a loss can be ____.
a. theft of information
b. a delay in transmitting information that results in a financial penalty
c. the loss of good will or a reputation
d. all of the above
Definition
d. all of the above
Term
In information security, an example of a threat agent can be ____.
a. a force of nature such as a tornado that could destroy computer equipment
b. a virus that attacks a computer network
c. an unsecured computer network
d. both a and b

Definition
d. both a and b
Term
Under the ____, health care enterprises must guard protected health information and implement policies and
procedures to safeguard it, whether it be in paper or electronic format.
Definition
HIPAA
Term
What is the maximum fine for those who wrongfully disclose individually identifiable health information
with the intent to sell it?
Definition
$250,000
Term
The ____ Act requires banks and financial institutions to alert customers of their policies and practices in
disclosing customer information.
Definition
Gramm-Leach-Bililey Act (GLBA)
Term
The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.
Definition
Love Bug
Term
What is another name for unsolicited e-mail messages?
Definition
Spam
Term
ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter.
Definition
Authentication
Term
____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.
Definition
Cybercriminals
Term
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.
Definition
Cybercrime
Term
Weakness in software can be more quickly uncovered and exploited with new software tools and techniques.
Definition
True
Term
According to the 2007 FBI Computer Crime and Security Survey, the loss due to the theft of confidential data for 494 respondents was approximately ____.
Definition
10 Million
Term
The _____ act is designed to broaden the surveillance of law enforcement agencies so they can detect and suppress terrorism.
Definition
USA Patriot
Term
COPPA requires operators of online services or Web sites designed for children under the age of _____ to obtain parental consent prior to the collection, use, disclosure, or display of a child’s personal information.
Definition
13
Term
According to the research group Postini, over ____ of daily e-mail messages are unsolicited and could be carrying a malicious payload.
Definition
Two-Thirds
Term
In a company of 500 employees, it is estimated that _____ employees would be required to combat a virus attack.
Definition
Five
Term
Approximately two out of three malicious Web attacks have been developed using one of four popular attack
toolkits.
Definition
False
Term
Attack toolkits range in price from only $400 to as much as $8,000
Definition
False
Term
Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection.
Definition
False
Term
Removing a rootkit from an infected computer is extremely difficult.
Definition
True
Term
Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.
Definition
True
Term
Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail
attachment to start the infection.
Definition
False
Term
____ is when an attacker tricks users into giving out information or performing a compromising action.
Definition
Social engineering
Term
____ provides a greater degree of security by implementing port-based authentication.
Definition
IEEE 802.1X
Term
A computer ____ is malicious computer code that reproduces itself on the same computer.
Definition
virus
Term
The two types of malware that have the primary objective of spreading are ____.
Definition
viruses and worms
Term
Unlike other malware, a ____ is heavily dependent upon the user for its survival.
Definition
virus
Term
A(n)____ is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.
Definition
honeypot
Term
A ____ virus infects the Master Boot Record of a hard disk drive.
Definition
boot
Term
A(n)_____ is a network set up with intentional vulnerabilities.
Definition
honeynet
Term
A security weakness is known as a(n)_______
Definition
vulnerabilities.
Term
A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks.
Definition
macro
Term
A(n)________ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.
Definition
white box
Term
Viruses and worms are said to be self-____.
Definition
replicating
Term
In a(n) ____ infection, a virus injects itself into the program's executable code instead of at the end of the file.
Definition
Swiss cheese
Term
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms.
Definition
rootkit
Term
Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire.
Definition
Data
Term
Released in 1995, one of the first tools that was widely used for penetration testing was
Definition
SATAN.
Term
____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
Definition
Adware
Term
A(n) _______ scan uses various techniques to avoid detection.
Definition
stealth
Term
Most vulnerability scanners maintain a(n) _____ that categorizes and describes the vulnerabilities that it can detect.
Definition
database
Term
Vulnerability scans are usually performed from outside the security perimeter. TRUE OR FALSE
Definition
FALSE
Term
The "omnipresence" of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today.
Definition
True
Term
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
Definition
True
Term
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
Definition
False
Term
When using a black box test, many testers use______ tricks to learn about the network infrastructure from inside employees.
Definition
social engineering
Term
Because of the minor role it plays, DNS is never the focus of attacks.
Definition
False
Term
____ is a language used to view and manipulate data that is stored in a relational database.
Definition
SQL
Term
A healthy security posture results from a sound and workable strategy toward managing risks. true or false
Definition
true
Term
HTML is a markup language that uses specific ____ embedded in brackets.
Definition
tags
Term
A/an_____ outlines the major security considerations for a system and becomes the starting point for solid security.
Definition
baseline
Term
A(n)____ box test is one in which some limited information has been provided to the tester.
Definition
gray
Term
A(n) ______ means that the application or service assigned to that port is listening for any instructions.
Definition
open port
Term
In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested. TRUE OR FALSE
Definition
False
Term
The first step in a vulnerability assessment is to determine the assets that need to be protected. TRUE OR FALSE
Definition
TRUE
Term
ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags.
Definition
RFID
Term
An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing.
Definition
spiked collar
Term
Keyed entry locks are much more difficult to defeat than deadbolt locks.
Definition
False
Term
In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer.
Definition
heuristic detection
Term
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.
Definition
DNS
Term
____ substitutes DNS addresses so that the computer is automatically redirected to another device.
Definition
DNS poisoning
Term
Use a key to open the lock from the outside
Definition
Keyed entry locks
Term
A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.
Definition
logic bomb
Supporting users have an ad free experience!