CYBR 3200 - Network Security

____ forensics involves capturing a point-in-time picture of a process.

Snapshot

Media that is used to collect digital evidence must be forensically ____.

sterile

A(n) ____ is used to sniff network traffic.

Ethernet tap

Hardware write blockers have the advantage of having been vetted more often in legal cases.

True

A disadvantage of hardware imaging platforms is that they are ____.

costly

Which material presents a gray area of ownership?

Employee-purchased briefcases used to transfer work

Countering efforts by foreign countries to steal our nation's secrets, evaluating the capabilities of terrorists in a digital age, and ____ are the FBI's highest priorities.

fighting cyber crime

Forensic investigators use ____ (also known as sector-by-sector) copying when making a forensic image of a device.

bit-stream

Information collected in such a way that the information will be usable in a criminal or civil proceeding is known as ____.

evidence

The ____ handles certain cases involving credit card fraud and identity theft.

U.S. Secret Service

The business impact analysis (BIA) is the first major component of the CP process.

True

The ____, which is also known as the Security Incident Response Team (SIRT), is the group of individuals who would be expected to respond to a detected incident.

Computer Security Incident Response Team (CSIRT)

A(n) ____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.

incident

Which cloud type acts as a collaboration between a few entities for the sole benefit of those entities?

Community clouds

In some organizations, which two plans are considered to be one plan, known as the Business Resumption Plan?

DR plan and BC plan

What is a drawback of tape backups?

Time required to store and retrieve information

____ is the transfer of live transactions to an off-site facility.

Remote journaling

The actions an organization should take while an incident is in progress are defined in a document referred to as the ____ plan.

incident response (IR)

____ techniques are generally used by organizations needing immediate data recovery after an incident or disaster.

Shadowing

____ clustering is a more complex model in which all members of a cluster simultaneously provide application services.

Active/active

Within the change management process, after the need for a change has been identified, a(n) ____ is submitted to the appropriate decision-making body.

change request

Which Linux file shows a listing of failed login attempts?

btmp

A spreadsheet program might record an error for access to a file in the ____ log.

application

____ is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks.

COBIT

____ are processes that are designed to operate without user interaction.

Services

The primary focus of ____ is to determine if the standards and/or regulations the organization claims to comply with are, in fact, complied with.

an audit

COBIT provides a framework to support information security requirements and assessment needs.

True

You can view Ubuntu Linux distribution daemons using the ____.

service command

A(n) ____ is a task being performed by a computing system.

process

Logs provide dynamic records of running processes.

False

The most realistic type of penetration test is a ____ box test.

black

Wired networks are just as vulnerable to sniffing as wireless networks.

True

A(n) ____ uses all the techniques and tools available to an attacker in an attempt to compromise or penetrate an organization's defenses.

penetration test

The printf (user_input); command in C has the potential to cause a(n) ____ vulnerability.

format string problem

Which vulnerability can occur if a programmer does not properly validate user input and allows an attacker to include unintended SQL input that can be passed to a database?

Command injection

Most C++ catastrophe vulnerabilities rely on uninitialized function pointers in a class.

True

Allowing users to decide which mobile code to run is the best way to resolve weaknesses introduced with mobile code.

False

802.11 wireless networks exist as ____ on nearly all large networks.

subnets

____ verify that an organization's security policies are prudent (cover the right issues) and are being implemented correctly.

Audits

Organizations are safe from sniffer attacks when their computing environment is primarily a switched network environment.

False

What is the best way to secure FTP or TFTP?

Employ encryption and authentication.

____ is a simple method of transferring files between computer systems.

FTP

File Transfer Protocol (FTP)

The Common Gateway Interface (CGI) is a programming language in and of itself.

False

____ are collections of IP addresses of known spam sources on the Internet, and they can be easily integrated into most SMTP server configurations.

Real-time blacklistings (RBLs)

Most of the weaknesses with SNMP occur with Version 1 of SNMP.

True

When properly configured to afford anonymous users only very limited access, the FTP server works well.

True

In passive mode, the FTP client must listen and wait for the server connection.

False

A sender with a valid internal IP address should be allowed to send e-mail to external e-mail addresses.

True

DNS ____ provide a mechanism to divide ownership responsibility among various DNS servers and the organizations they serve.

zones

With ____ mode, a trusted internal FTP client makes an outgoing request to the FTP server.

passive

Most installed wireless networks use the infrastructure model.

True

Which wireless security protocol is considered to be too weak for use inmost network settings?

WEP

Ad hoc wireless models rely on the existence of ____ to provide connectivity.

multiple stations

By default, Bluetooth authenticates connections.

False

Which notable Bluetooth attack allows a nearby attacker to issue commands to an unsuspecting target phone?

BlueBug

EAP is an actual authentication mechanism.

False

In the mesh wireless topology, there may be no dominant ____.

WAP

Which wireless modulation technique addresses the transmission of the data stream that has been properly encoded onto the radio signal?

Spread-spectrum transmission

802.11n has a maximum data rate of ____.

600 Mbps

Most BSS networks are configured as simple stars.

True

A ____ is a list of discrete entities that are known to be benign.

whitelist

A signature-based IDPS examines network traffic in search of patterns that match known ____.

signatures

The first hurdle a potential IDPS must clear is functioning in your systems environment.

True

One tool that provides active intrusion prevention is known as ____.

LaBrea

The tcpdump tool will output both the header and packet contents into ____ format.

hex

Which tcpdump option specifies the number of packets to capture?

-c

A ____ resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that network segment - much like tcpdump - looking for indications of ongoing or successful attacks.

network-based IDPS (NIDPS)

In ____, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.

DNS cache poisoning

Under the guise of justice, some less scrupulous administrators may even be tempted to ____, or hack into a hacker's system to find out as much as possible about the hacker.

back hack

Most NBA sensors can be deployed in ____ mode only, using the same connection methods (e.g., network tap, switch spanning port) as network-based IDPSs.

passive

Which term refers to two connections over a VPN line?

Split tunneling

A ____ is an automatic phone-dialing program that dials every phone number in a configured range (e.g., from 555-1000 to 555-2000) and checks to see if a person, answering machine, or modem answers.

war dialer

A ____ attack is time-intensive, so they are rarely aimed at the target system in general.

brute-force

Client authentication is similar to user authentication but with the addition of ____.

usage limits

Which level in the U.S. military data classification scheme applies to any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security?

Confidential data

Most personal computer operating systems use the mandatory access control (MAC) model.

False (They use Discretionary Access Controls (DAC))

Which access control process documents the activities of the authenticated individual and systems?

Accountability

Separation of duties reduces the chance of an individual violating information security policy and breaching the confidentiality, integrity, and availability of information.

True

PPTP provides stronger protection than L2TP.

False (L2TP is stronger than PPTP)

Which access control principle restricts users to having access appropriate to the level required for their assigned duties?

Least privilege

What is the best way to secure FTP or TFTP?

Employ encryption and authentication.

____ is a simple method of transferring files between computer systems.

FTP

File Transfer Protocol (FTP)

The Common Gateway Interface (CGI) is a programming language in and of itself.

False

____ are collections of IP addresses of known spam sources on the Internet, and they can be easily integrated into most SMTP server configurations.

Real-time blacklistings (RBLs)

Most of the weaknesses with SNMP occur with Version 1 of SNMP.

True

When properly configured to afford anonymous users only very limited access, the FTP server works well.

True

In passive mode, the FTP client must listen and wait for the server connection.

False

A sender with a valid internal IP address should be allowed to send e-mail to external e-mail addresses.

True

DNS ____ provide a mechanism to divide ownership responsibility among various DNS servers and the organizations they serve.

zones

With ____ mode, a trusted internal FTP client makes an outgoing request to the FTP server.

passive

Most installed wireless networks use the infrastructure model.

True

Which wireless security protocol is considered to be too weak for use inmost network settings?

WEP

Ad hoc wireless models rely on the existence of ____ to provide connectivity.

multiple stations

By default, Bluetooth authenticates connections.

False

Which notable Bluetooth attack allows a nearby attacker to issue commands to an unsuspecting target phone?

BlueBug

EAP is an actual authentication mechanism.

False

In the mesh wireless topology, there may be no dominant ____.

WAP

Which wireless modulation technique addresses the transmission of the data stream that has been properly encoded onto the radio signal?

Spread-spectrum transmission

802.11n has a maximum data rate of ____.

600 Mbps

Most BSS networks are configured as simple stars.

True