CIS 2337 Final

Which term refers to a unique alphanumeric identifier for a user of a computer system?

Username

Which access control type allows a company to restrict employee logon hours?

Rule-based access control

When referring to the three steps in the establishment of proper privileges, what does AAA stand for?

authentication, authorization, and accounting.

What is a method of establishing the authenticity of specific objects, such as an individual's public key or downloaded software?

Certificates

Permissions can be applied to specific users or groups to control that user's or group's ability to view, modify, access, use, or delete resources such as folders and files.

TRUE

SSID (service set identifier )is:

Name of the wireless network Setting should limit access only to authorized users

WEP stands for Wired Equivalent Privacy -

Uses an RC4 stream cipher to encrypt the data as it is transmitted through the air

What is Point-to-point (P2P) connection?

Uses an RC4 stream cipher to encrypt the data as it is transmitted through the air

WiFi series refers to:

referring to the 802.11 Wireless LAN standards certified by the Wi-Fi Alliance

WiFi uses which frequency spectrum?

systems exist on 2.4GHz and 5GHz frequency spectrums

What does a host-based IDS monitor?

A single system; intrusion detection system that monitors the computer infrastructure on which it is installed, analyzing traffic and logging malicious behavior

Which component of an HIDS pulls in the information that the other components, such as the analysis engine, need to examine?

traffic collector

Which component of an HIDS must decide what activity is "okay" and what activity is "bad"?

analysis engine

What is an advantage of a network-based IDS?

It takes fewer systems to provide IDS coverage. Development, maintenance, and upgrade costs are usually lower. Visibility into all network traffic and can correlate attacks among multiple systems.

What is an advantage of a host-based IDS?

HIDS can detect attacks that cannot be seen by a Network-Based IDS since they monitor events local to a host

Service pack is the term for a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks.

FALSE

BIOS stands for:

basic input/output system

What is operating system?

is a program that manages a computer's hardware as well as providing an environment for applications programs to run on.

TPM is: -

A system of maintenance covering the entire life of the equipment and the total human resource

Which protection ring has the highest privilege level and acts directly with the physical hardware? -

Ring 0

Rainbow tables include precomputed tables or hash values associated with passwords -

TRUE

What is malware? -

refers to software that has been designed for some nefarious purposes

Shimming attack is the process of putting a layer of code between the driver and the OS -

TRUE

SYN flooding is an example of a __________. -

Denial of service attack

A computer system is attacked for one of two general reasons: it is specifically targeted by the attacker or it is a target of opportunity. -

TRUE

Both ipconfig and if config are command-line tools to manipulate the network interfaces on a system.

TRUE

During penetration testing, zero-day vulnerabilities will be established. -

FALSE

If you test something and it comes back negative, but it was in fact positive, then the result is a false positive. -

FALSE

Tail is a utility designed to return the first lines of a file. -

FALSE

The _______________ is a list of known vulnerabilities in software systems. -

Common Vulnerabilities and Exposures (CVE) enumeration

The _______________ is a set of tools that can be used to target attacks at the people using systems; it has applets that can be used to create phishing e-mails, Java attack code, and other social engineering-type attacks. -

Social-Engineering Toolkit

The movement to an account that enables root or higher-level privilege is known as: -

escalation of privilege

Which term is used to define vulnerabilities that are newly discovered and not yet addressed by a patch?

**zero day**

Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on? -

white box testing

Which testing technique requires that the testers have no knowledge of the internal workings of the software being tested? -

black box testing

A(n) _______________ is a low-level program that allows multiple operating systems to run concurrently on a single host computer.

hypervisor

Which cloud computing service model involves the offering of software to end users from within the cloud? -

Software as a service (SaaS)

Which cloud system is defined as one where several organizations with a common interest share a cloud environment for the specific purposes of the shared endeavor? -

A public cloud system

Which type of computing brings processing closer to the edge of the network, which optimizes web applications and IoT devices? -

edge computing

Lease privilege refers to removing all controls from a system. -

FALSE

Cryptography is the universal solution to all security problems. -

FALSE

All input validation that is essential for business reasons or for security should be performed on the _______ of the client-server relationship, where it is free from outside influence and change. -

Server Side

Which process involves implementing security tools and policies to ensure your container is running as intended? -

Container Security

Which term refers to characteristics of resources that can be exploited by a threat to cause harm? -

Vulnerabilities

Which type of attack can be used to execute arbitrary commands in a database? -

SQL Injection

A qualitative risk assessment relies on judgment and experience. -

TRUE

Which action is an example of transferring risk? -

Management purchases insurance for the occurrence of an attack.

The presence of risks in a system is an absolute—they cannot be removed or eliminated. -

TRUE

Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure? -

change management

Which term refers to the possibility of suffering harm or loss? -

risk

Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure? -

change management

The goal of the delta backup is to back up as little information as possible each time you perform a backup. -

TRUE

Which backup technique requires a large amount of space and is considered to have a simple restoration process? -

full

Which term is used to describe the target time that is set for resuming operations after an incident? -

recovery time object

Backups can prevent a security event from occurring. -

FALSE

Which document outlines what the loss of any critical functions will mean to the organization? -

business impact analysis

Which term is used to describe the target time that is set for resuming operations after an incident? -

recovery time objective (RTO)

From a forensics perspective, Linux systems have the same artifacts as Windows systems. -

FALSE

A physical hard disk drive will persist data longer than a cache. -

TRUE

Tangible objects that prove or disprove facts are what type of evidence? -

Physical evidence

Business records, printouts, and manuals are which type of evidence? -

Documentary Evidence

Evidence that is convincing or measures up without question is known as __________. -

Sufficient Evidence

Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution? -

the Exclusionary Rule

Evidence that is both legally qualified and reliable is known as __________.

Admissible evidence

Clusters on a hard disk that are marked by the operating system as usable when needed are referred to as __________. -

free space

From a forensics perspective, Linux systems have the same artifacts as Windows systems. -

FALSE

NIDSs are typically deployed so that they can monitor traffic in and out of an organization's major links. -

TRUE

SYN flooding is an example of a __________. -

Denial-of-service

The _______________ is a list of known vulnerabilities in software systems. -

Common Vulnerability Database

TCP is a connectionless protocol. -

TRUE

If the root CA's private key were compromised, what would happen? -

Subordinate CAs and end users would be affected.

What is a method of establishing the authenticity of specific objects, such as an individual's public key or downloaded software? -

Certificates

Which statement describes the main difference between TCP and UDP? -

TCP packets are connection oriented, whereas UPD packets are connectionless.

Backups can prevent a security event from occurring. -

FALSE

Access Point (AP)

Point of entry for radio-based network signals into and out of a network

Fat access point

standalone access points

Thin access point

controller-based access points

Controller based

allow for centralized management and control

Standalone points

have substantial capabilities with respect to authentication, encryption, and channel management

The lower power used, the less opportunity for interference

TRUE

Replay attack

the attacker captures a portion of a communication between two parties and retransmits it at a later time

Evil Twin

Attack against the wireless protocol via substitute hardware

Network-based IDS (NIDS)

Examines activity on the network itself

It has visibility only into the traffic crossing the network link it is monitoring and typically has no idea of what is happening on individual systems

Host-based IDS (HIDS)

Examines activity on an individual system

Concerned with an individual system

Signature database

collection of patterns and definitions of known suspicious or malicious activity

User interface and reporting

interfaces with the human element and provides alerts when appropriate

Advantages of NIDS

Providing IDS coverage requires fewer systems

Deployment, maintenance, and upgrade costs are usually lower

A NIDS has visibility into all network traffic and can correlate attacks among multiple systems

Disadvantages of a NIDS

Ineffective when traffic is encrypted

Can’t see traffic that does not cross it

Must be able to handle high volumes of traffic

Does not know about activity on the hosts themselves

Advantages of HIDSs

Very operating system–specific with more detailed signatures

Reduce false-positive rates

Examine data after it has been decrypted

Very application specific

Determine whether or not an alarm may impact that specific system

Disadvantages of HIDSs

Must have a process on every system you want to watch

High cost of ownership and maintenance

Use local system resources

Have a very focused view and cannot relate to activity around them

If logging only locally, could be compromised or disabled

Hardening

The process of securing and preparing a system for the production environment

Trusted operating system

Designed to allow multilevel security in its operation

Sniffing

Someone examines all the network traffic that passes their NIC, whether addressed for them or not

Spraying

Attack uses a limited number of commonly used passwords and applies them to a large number of accounts

Dictionary attack

A password-cracking program that uses a list of dictionary words to try to guess the password is used

Brute force attack

A password-cracking program attempts all possible character combinations

OpenSSL

General-purpose cryptography library that offers a wide range of cryptographic functions on Windows and Linux systems

Gray box testing

testers typically having some knowledge of the software, network, or systems they are testing

Weak configurations

System may not achieve all of the desired performance or security objectives

Infrastructure as a Service (IaaS)

systems that are delivered as a virtual solution for computing