Related Quizzes
Take Another Quiz

cit370

102 Questions
Cit370
Questions and Answers
  • 1. 
    The demand for IT professionals who know how to secure networks and computers is at an all-time low.
    • A. 

      True

    • B. 

      False

  • 2. 
    Recent employment trends indicate that employees with security certifications are in high demand.
    • A. 

      True

    • B. 

      False

  • 3. 
    The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security.
    • A. 

      True

    • B. 

      False

  • 4. 
    Weakness in software can be more quickly uncovered and exploited with new software tools and techniques.
    • A. 

      True

    • B. 

      False

  • 5. 
    In a general sense, assurance may be defined as the necessary steps to protect a person or property from harm.
    • A. 

      True

    • B. 

      False

  • 6. 
    An information security ____ position focuses on the administration and management of plans, policies, and people.
    • A. 

      Manager

    • B. 

      Engineer

    • C. 

      Auditor

    • D. 

      Inspector

  • 7. 
    A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts.
    • A. 

      10-14

    • B. 

      12-15

    • C. 

      13-14

    • D. 

      15-16

  • 8. 
    The position of ____ is generally an entry-level position for a person who has the necessary technical skills.
    • A. 

      Security technician

    • B. 

      Security administrator

    • C. 

      CISO

    • D. 

      Security manager

  • 9. 
     ____ attacks are responsible for half of all malware delivered by Web advertising.
    • A. 

      Canadian Pharmacy

    • B. 

      Fake antivirus

    • C. 

      Melissa

    • D. 

      Slammer

  • 10. 
    Approximately ____ percent of households in the United States use the Internet for managing their finances.
    • A. 

      60

    • B. 

      70

    • C. 

      80

    • D. 

      90

  • 11. 
    In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network.
    • A. 

      Centered

    • B. 

      Local

    • C. 

      Remote

    • D. 

      Distributed

  • 12. 
    The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
    • A. 

      Network security

    • B. 

      Information security

    • C. 

      Physical security

    • D. 

      Logical security

  • 13. 
    ____ ensures that only authorized parties can view information.
    • A. 

      Security

    • B. 

      Availability

    • C. 

      Integrity

    • D. 

      Confidentiality

  • 14. 
    ____ ensures that information is correct and that no unauthorized person or malicious software has altered that data.
    • A. 

      Availability

    • B. 

      Confidentiality

    • C. 

      Integrity

    • D. 

      Identity

  • 15. 
    ____ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter.
    • A. 

      Encryption

    • B. 

      Authentication

    • C. 

      Authorization

    • D. 

      Accounting

  • 16. 
    In information security, a loss can be ____.
    • A. 

      Theft of information

    • B. 

      A delay in transmitting information that results in a financial penalty

    • C. 

      The loss of good will or a reputation

    • D. 

      All of the above

  • 17. 
    In information security, an example of a threat agent can be ____.
    • A. 

      A force of nature such as a tornado that could destroy computer equipment

    • B. 

      A virus that attacks a computer network

    • C. 

      An unsecured computer network

    • D. 

      Both a and b

  • 18. 
    Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire.
    • A. 

      Identity

    • B. 

      Plan

    • C. 

      Data

    • D. 

      Record

  • 19. 
    ____ involves stealing another person’s personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.
    • A. 

      Cyberterrorism

    • B. 

      Identity theft

    • C. 

      Phishing

    • D. 

      Scam

  • 20. 
    Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
    • A. 

      HIPAA

    • B. 

      HLPDA

    • C. 

      HCPA

    • D. 

      USHIPA

  • 21. 
    What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?
    • A. 

      $100,000

    • B. 

      $250,000

    • C. 

      $500,00

    • D. 

      $1,000,000

  • 22. 
    The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
    • A. 

      Gramm-Leach-Bliley

    • B. 

      Sarbanes-Oxley

    • C. 

      California Database Security Breach

    • D. 

      USA Patriot

  • 23. 
    The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.
    • A. 

      Nimda

    • B. 

      Slammer

    • C. 

      Love Bug

    • D. 

      Code Red

  • 24. 
    ____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.
    • A. 

      Cybercriminals

    • B. 

      Cyberterrorists

    • C. 

      Computer spies

    • D. 

      Hackers

  • 25. 
    Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.
    • A. 

      Spam

    • B. 

      Phishing

    • C. 

      Cybercrime

    • D. 

      Cyberterrorism

  • 26. 
    What is another name for unsolicited e-mail messages?
    • A. 

      Spam

    • B. 

      Spawn

    • C. 

      Trash

    • D. 

      Scam

  • 27. 
    Match the following
    • A. a weakness that allows a threat agent to bypass security
    • A.
    • B. the likelyhood that a threat agen will exploit a vulnerability
    • B.
    • C. a person or thing that has the power to carry out a threat
    • C.
    • D. something that has value
    • D.
    • E. plans and policies established by an organization to ensure that people correctly use the products
    • E.
    • F. to take advantage of a vulnerability
    • F.
    • G. a person who has been hired to break into a computer and steal information
    • G.
    • H. an event or action that might defeat security measures in place and result in a loss
    • H.
    • I. intended to cause panic, provoke violence, or result in a financial catastrophe
    • I.
  • 28. 
    Approximately two out of three malicious Web attacks have been developed using one of four popular attack toolkits.
    • A. 

      True

    • B. 

      False

  • 29. 
    Attack toolkits range in price from only $400 to as much as $8,000.
    • A. 

      True

    • B. 

      False

  • 30. 
    Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection.
    • A. 

      True

    • B. 

      False

  • 31. 
    Removing a rootkit from an infected computer is extremely difficult.
    • A. 

      True

    • B. 

      False

  • 32. 
    Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.
    • A. 

      True

    • B. 

      False

  • 33. 
    The most popular attack toolkit, which has almost half of the attacker toolkit market is ____.
    • A. 

      SpyEye

    • B. 

      NeoSploit

    • C. 

      ZeuS

    • D. 

      MPack

  • 34. 
    ____ is when an attacker tricks users into giving out information or performing a compromising action.
    • A. 

      Phreaking

    • B. 

      Hacking

    • C. 

      Social Engineering

    • D. 

      Reverse Engineering

  • 35. 
    The two types of malware that have the primary objective of spreading are ____.
    • A. 

      Viruses and worms

    • B. 

      Rootkits and worms

    • C. 

      Trojans and worms

    • D. 

      Rootkits and trojans

  • 36. 
    A computer ____ is malicious computer code that reproduces itself on the same computer.
    • A. 

      Virus

    • B. 

      Worm

    • C. 

      Adware

    • D. 

      Spyware

  • 37. 
    In a(n) ____ infection, a virus injects itself into the program’s executable code instead of at the end of the file.
    • A. 

      Stealth

    • B. 

      Appender

    • C. 

      Swiss cheese

    • D. 

      Split

  • 38. 
    Unlike other malware, a ____ is heavily dependent upon the user for its survival.
    • A. 

      Trojan

    • B. 

      Worm

    • C. 

      Rootkit

    • D. 

      Virus

  • 39. 
    A ____ virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.
    • A. 

      Companion

    • B. 

      File infector

    • C. 

      Resident

    • D. 

      Boot

  • 40. 
    A ____ virus infects the Master Boot Record of a hard disk drive.
    • A. 

      File infector

    • B. 

      Companion

    • C. 

      Resident

    • D. 

      Boot

  • 41. 
    A ____ virus infects program executable files.
    • A. 

      Macro

    • B. 

      Program

    • C. 

      Companion

    • D. 

      Boot sector

  • 42. 
    A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks.
    • A. 

      Rootkit

    • B. 

      Macro

    • C. 

      Program

    • D. 

      Process

  • 43. 
    A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program.
    • A. 

      Macro

    • B. 

      Metamorphic

    • C. 

      Boot

    • D. 

      Companion

  • 44. 
    Viruses and worms are said to be self-____.
    • A. 

      Duplicating

    • B. 

      Updating

    • C. 

      Copying

    • D. 

      Replicating

  • 45. 
    A ____ is a program advertised as performing one activity but actually does something else.
    • A. 

      Script

    • B. 

      Virus

    • C. 

      Trojan

    • D. 

      Worm

  • 46. 
    A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms.
    • A. 

      Rootkit

    • B. 

      Backdoor

    • C. 

      Wrapper

    • D. 

      Shield

  • 47. 
    A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.
    • A. 

      Trojan

    • B. 

      Logic bomb

    • C. 

      Macro virus

    • D. 

      Metamorphic virus

  • 48. 
    A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks.
    • A. 

      Trojan horse

    • B. 

      Virus

    • C. 

      Bug

    • D. 

      Easter egg

  • 49. 
    ____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
    • A. 

      Adware

    • B. 

      Keylogger

    • C. 

      Spam

    • D. 

      Trojan

  • 50. 
    ____ is an image spam that is divided into multiple images.
    • A. 

      Word splitting

    • B. 

      Geometric variance

    • C. 

      Layer variance

    • D. 

      GIF layering

  • 51. 
    ____ involves horizontally separating words, although it is still readable by the human eye.
    • A. 

      Word splitting

    • B. 

      GIF layering

    • C. 

      Geometric variance

    • D. 

      Layer variance

  • 52. 
    ____ uses “speckling” and different colors so that no two spam e-mails appear to be the same.
    • A. 

      GIF layering

    • B. 

      Geometric variance

    • C. 

      Word splitting

    • D. 

      Layer variance

  • 53. 
    Match each item with a statement below.
    • A. adds a program to the operating system that is a malicious copycat version to a legitimate program
    • A.
    • B. general term used to describe software that violates a user’s personal security
    • B.
    • C. hides or removes traces of log-in records, log entries, and related processes
    • C.
    • D. uses graphical images of text in order to circumvent text-based filters
    • D.
    • E. a program designed to take advantage of a vulnerability in an application or an operating system in order to enter a system
    • E.
    • F. series of instructions that can be grouped together as a single command
    • F.
    • G. general term used to describe software that violates a user’s personal security
    • G.
    • H. executable program advertised as performing one activity, but actually does something else
    • H.
    • I. false warning, often contained in an e-mail message claiming to come from the IT department
    • I.
  • 54. 
    The “omnipresence” of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today.
    • A. 

      True

    • B. 

      False

  • 55. 
    Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
    • A. 

      True

    • B. 

      False

  • 56. 
    Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
    • A. 

      True

    • B. 

      False

  • 57. 
    ARP poisoning is successful because there are no authentication procedures to verify ARP requests and replies.
    • A. 

      True

    • B. 

      False

  • 58. 
    Because of the minor role it plays, DNS is never the focus of attacks.
    • A. 

      True

    • B. 

      False

  • 59. 
    ____ is a language used to view and manipulate data that is stored in a relational database.
    • A. 

      C

    • B. 

      DQL

    • C. 

      SQL

    • D. 

      ISL

  • 60. 
    The SQL injection statement ____ discovers the name of a table.
    • A. 

      Whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --

    • B. 

      Whatever’ AND 1=(SELECT COUNT(*) FROM tabname); --

    • C. 

      Whatever; AND 1=(SELECT COUNT(*) FROM tabname); --

    • D. 

      Whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --

  • 61. 
    HTML is a markup language that uses specific ____ embedded in brackets.
    • A. 

      Blocks

    • B. 

      Marks

    • C. 

      Taps

    • D. 

      Tags

  • 62. 
    ____ is designed to display data, with the primary focus on how the data looks.
    • A. 

      XML

    • B. 

      HTML

    • C. 

      SGML

    • D. 

      ISL

  • 63. 
    ____ is for the transport and storage of data, with the focus on what the data is.
    • A. 

      XML

    • B. 

      HTML

    • C. 

      SGML

    • D. 

      SML

  • 64. 
    The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.
    • A. 

      /var/www

    • B. 

      C:\Inetpub\ wwwroot

    • C. 

      /var/html

    • D. 

      /etc/var/www

  • 65. 
    For a Web server’s Linux system, the default root directory is typically ____.
    • A. 

      /var/www

    • B. 

      C:\inetpub\wwwroot

    • C. 

      C. /var/root

    • D. 

      /home/root

  • 66. 
    The expression ____ up one directory level.
    • A. 

      ../ traverses

    • B. 

      %20/traverses

    • C. 

      ./traverses

    • D. 

      ;/traverses

  • 67. 
    Web application attacks are considered ____ attacks.
    • A. 

      Client-side

    • B. 

      Hybrid

    • C. 

      Server-side

    • D. 

      Relationship

  • 68. 
    A client-side attack that results in a user’s computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.
    • A. 

      Buffer overflow

    • B. 

      Drive-by-download

    • C. 

      Denial of service

    • D. 

      Stack underflow

  • 69. 
    ____ is an attack in which an attacker attempts to impersonate the user by using his session token.
    • A. 

      Session replay

    • B. 

      Session spoofing

    • C. 

      Session hijacking

    • D. 

      Session blocking

  • 70. 
    A ____ attack is similar to a passive man-in-the-middle attack.
    • A. 

      Replay

    • B. 

      Hijacking

    • C. 

      Denial

    • D. 

      Buffer overflow

  • 71. 
    When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.
    • A. 

      HTTP

    • B. 

      NSDB

    • C. 

      URNS

    • D. 

      DNS

  • 72. 
    ____ substitutes DNS addresses so that the computer is automatically redirected to another device.
    • A. 

      DNS poisoning

    • B. 

      Phishing

    • C. 

      DNS marking

    • D. 

      DNS overloading

  • 73. 
    When DNS servers exchange information among themselves it is known as a ____.
    • A. 

      Resource request

    • B. 

      Zone disarticulation

    • C. 

      Zone transfer

    • D. 

      Zone removal

  • 74. 
    The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.
    • A. 

      DNS spooking

    • B. 

      DNS poisoning

    • C. 

      DNS bonding

    • D. 

      DNS blacklisting

  • 75. 
    Match the following
    • A. Directory traversal attack
    • A.
    • B. Access rights
    • B.
    • C. Zero day attack
    • C.
    • D. Command injection
    • D.
    • E. First-party cookie
    • E.
    • F. Cross-site scripting (XSS) attack
    • F.
    • G. Privilege escalation
    • G.
    • H. Transitive access
    • H.
    • I. Client-side attack
    • I.
  • 76. 
    ____ is the probability that a risk will occur in a particular year.
    • A. 

      SLE

    • B. 

      EF

    • C. 

      ARO

    • D. 

      ALE

  • 77. 
    ____ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.
    • A. 

      SLE

    • B. 

      ARO

    • C. 

      ER

    • D. 

      EF

  • 78. 
    ____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.
    • A. 

      Insourcing

    • B. 

      Outsourcing

    • C. 

      Inhousing

    • D. 

      Outcasting

  • 79. 
    ____ is a comparison of the present state of a system compared to its baseline.
    • A. 

      Baseline Assessment

    • B. 

      Compliance review

    • C. 

      Baseline reporting

    • D. 

      Compliance reporting

  • 80. 
    The end product of a penetration test is the penetration ____.
    • A. 

      Test report

    • B. 

      Test view

    • C. 

      Test profile

    • D. 

      Test system

  • 81. 
    The ____ for software is the code that can be executed by unauthorized users.
    • A. 

      Vulnerability surface

    • B. 

      Input surface

    • C. 

      Risk profile

    • D. 

      Attack surface

  • 82. 
    In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested.
    • A. 

      True

    • B. 

      False

  • 83. 
    Released in 1995, one of the first tools that was widely used for penetration testing was ____.
    • A. 

      SATAN

    • B. 

      SAINT

    • C. 

      GOPHER

    • D. 

      NESSUS

  • 84. 
    A ____ is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.
    • A. 

      Port scanner

    • B. 

      Honeycomb

    • C. 

      Write blocker

    • D. 

      Honeypot

  • 85. 
    A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.
    • A. 

      White box

    • B. 

      Black box

    • C. 

      System

    • D. 

      Replay

  • 86. 
    Match
    • A. Risk mitigation
    • A.
    • B. Threat Evaluation
    • B.
    • C. Penetration testing
    • C.
    • D. Vulnerability appraisal
    • D.
    • E. Risk assessment
    • E.
    • F. Hardening
    • F.
    • G. Vulnerability scan
    • G.
    • H. Vulnerability assessment
    • H.
    • I. Asset identification
    • I.
  • 87. 
    The first step in a vulnerability assessment is to determine the assets that need to be protected.
    • A. 

      True

    • B. 

      False

  • 88. 
    A(n) ____ is hardware or software that captures packets to decode and analyze its contents.
    • A. 

      System analyzer

    • B. 

      Threat profiler

    • C. 

      Protocol analyzer

    • D. 

      Application analyzer

  • 89. 
    A ____ in effect takes a snapshot of the current security of the organization.
    • A. 

      Risk assessment

    • B. 

      Threat analysis

    • C. 

      Threat assessment

    • D. 

      Vulnerability appraisal

  • 90. 
    A(n) ____ examines the current security in a passive method.
    • A. 

      Threat scan

    • B. 

      Vulnerability scan

    • C. 

      System scan

    • D. 

      Application scan

  • 91. 
    A ____ is a network set up with intentional vulnerabilities.
    • A. 

      Honeynet

    • B. 

      Honeycomb

    • C. 

      Honeyhole

    • D. 

      Honeypot

  • 92. 
    A ____ outlines the major security considerations for a system and becomes the starting point for solid security.
    • A. 

      Profile

    • B. 

      Threat

    • C. 

      Control

    • D. 

      Baseline

  • 93. 
    A security weakness is known as a(n) ____.
    • A. 

      Risk

    • B. 

      Vulnerability

    • C. 

      Opportunity

    • D. 

      Threat

  • 94. 
    The ____ is the expected monetary loss every time a risk occurs.
    • A. 

      SRE

    • B. 

      ARO

    • C. 

      ALE

    • D. 

      SLE

  • 95. 
    If port 20 is available, then an attacker can assume that FTP is being used.
    • A. 

      True

    • B. 

      False

  • 96. 
    A(n) ____ indicates that no process is listening at this port.
    • A. 

      Open port

    • B. 

      Closed address

    • C. 

      Open address

    • D. 

      Closed port

  • 97. 
    When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities.
    • A. 

      Vulnerability profiler

    • B. 

      Application profiler

    • C. 

      Threat scanner

    • D. 

      Port scanner

  • 98. 
    Vulnerability scans are usually performed from outside the security perimeter.
    • A. 

      True

    • B. 

      False

  • 99. 
    While the code for a program is being written, it is being analyzed by a ____.
    • A. 

      Code review

    • B. 

      Black box

    • C. 

      White box

    • D. 

      Scanner

  • 100. 
    The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
    • A. 

      Risk modeling

    • B. 

      Threat modeling

    • C. 

      Threat profiling

    • D. 

      Threat mitigation

  • 101. 
    A(n) ____ means that the application or service assigned to that port is listening for any instructions.
    • A. 

      Empty port

    • B. 

      Open port

    • C. 

      Closed port

    • D. 

      Interruptible system

  • 102. 
    A healthy security posture results from a sound and workable strategy toward managing risks.
    • A. 

      True

    • B. 

      False

Related Quizzes