Cit370

102 Questions  I  By Katyrea

  
Changes are done, please start the quiz.


Question Excerpt

Removing question excerpt is a premium feature

Upgrade and get a lot more done!
1.  The demand for IT professionals who know how to secure networks and computers is at an all-time low.
A.
B.
2.  Recent employment trends indicate that employees with security certifications are in high demand.
A.
B.
3.  The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security.
A.
B.
4.  Weakness in software can be more quickly uncovered and exploited with new software tools and techniques.
A.
B.
5.  In a general sense, assurance may be defined as the necessary steps to protect a person or property from harm.
A.
B.
6.  An information security ____ position focuses on the administration and management of plans, policies, and people.
A.
B.
C.
D.
7.  A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts.
A.
B.
C.
D.
8.  The position of ____ is generally an entry-level position for a person who has the necessary technical skills.
A.
B.
C.
D.
9.   ____ attacks are responsible for half of all malware delivered by Web advertising.
A.
B.
C.
D.
10.  Approximately ____ percent of households in the United States use the Internet for managing their finances.
A.
B.
C.
D.
11.  In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network.
A.
B.
C.
D.
12.  The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
A.
B.
C.
D.
13.  ____ ensures that only authorized parties can view information.
A.
B.
C.
D.
14.  ____ ensures that information is correct and that no unauthorized person or malicious software has altered that data.
A.
B.
C.
D.
15.  ____ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter.
A.
B.
C.
D.
16.  In information security, a loss can be ____.
A.
B.
C.
D.
17.  In information security, an example of a threat agent can be ____.
A.
B.
C.
D.
18.  Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire.
A.
B.
C.
D.
19.  ____ involves stealing another person’s personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.
A.
B.
C.
D.
20.  Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
A.
B.
C.
D.
21.  What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?
A.
B.
C.
D.
22.  The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
A.
B.
C.
D.
23.  The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.
A.
B.
C.
D.
24.  ____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.
A.
B.
C.
D.
25.  Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.
A.
B.
C.
D.
26.  What is another name for unsolicited e-mail messages?
A.
B.
C.
D.
27.  Match the following
A. a weakness that allows a threat agent to bypass security
A.
B. the likelyhood that a threat agen will exploit a vulnerability
B.
C. a person or thing that has the power to carry out a threat
C.
D. something that has value
D.
E. plans and policies established by an organization to ensure that people correctly use the products
E.
F. to take advantage of a vulnerability
F.
G. a person who has been hired to break into a computer and steal information
G.
H. an event or action that might defeat security measures in place and result in a loss
H.
I. intended to cause panic, provoke violence, or result in a financial catastrophe
I.
28.  Approximately two out of three malicious Web attacks have been developed using one of four popular attack toolkits.
A.
B.
29.  Attack toolkits range in price from only $400 to as much as $8,000.
A.
B.
30.  Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection.
A.
B.
31.  Removing a rootkit from an infected computer is extremely difficult.
A.
B.
32.  Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.
A.
B.
33.  The most popular attack toolkit, which has almost half of the attacker toolkit market is ____.
A.
B.
C.
D.
34.  ____ is when an attacker tricks users into giving out information or performing a compromising action.
A.
B.
C.
D.
35.  The two types of malware that have the primary objective of spreading are ____.
A.
B.
C.
D.
36.  A computer ____ is malicious computer code that reproduces itself on the same computer.
A.
B.
C.
D.
37.  In a(n) ____ infection, a virus injects itself into the program’s executable code instead of at the end of the file.
A.
B.
C.
D.
38.  Unlike other malware, a ____ is heavily dependent upon the user for its survival.
A.
B.
C.
D.
39.  A ____ virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.
A.
B.
C.
D.
40.  A ____ virus infects the Master Boot Record of a hard disk drive.
A.
B.
C.
D.
41.  A ____ virus infects program executable files.
A.
B.
C.
D.
42.  A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks.
A.
B.
C.
D.
43.  A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program.
A.
B.
C.
D.
44.  Viruses and worms are said to be self-____.
A.
B.
C.
D.
45.  A ____ is a program advertised as performing one activity but actually does something else.
A.
B.
C.
D.
46.  A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms.
A.
B.
C.
D.
47.  A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.
A.
B.
C.
D.
48.  A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks.
A.
B.
C.
D.
49.  ____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
A.
B.
C.
D.
50.  ____ is an image spam that is divided into multiple images.
A.
B.
C.
D.
51.  ____ involves horizontally separating words, although it is still readable by the human eye.
A.
B.
C.
D.
52.  ____ uses “speckling” and different colors so that no two spam e-mails appear to be the same.
A.
B.
C.
D.
53.  Match each item with a statement below.
A. adds a program to the operating system that is a malicious copycat version to a legitimate program
A.
B. general term used to describe software that violates a user’s personal security
B.
C. hides or removes traces of log-in records, log entries, and related processes
C.
D. uses graphical images of text in order to circumvent text-based filters
D.
E. a program designed to take advantage of a vulnerability in an application or an operating system in order to enter a system
E.
F. series of instructions that can be grouped together as a single command
F.
G. general term used to describe software that violates a user’s personal security
G.
H. executable program advertised as performing one activity, but actually does something else
H.
I. false warning, often contained in an e-mail message claiming to come from the IT department
I.
54.  The “omnipresence” of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today.
A.
B.
55.  Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
A.
B.
56.  Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
A.
B.
57.  ARP poisoning is successful because there are no authentication procedures to verify ARP requests and replies.
A.
B.
58.  Because of the minor role it plays, DNS is never the focus of attacks.
A.
B.
59.  ____ is a language used to view and manipulate data that is stored in a relational database.
A.
B.
C.
D.
60.  The SQL injection statement ____ discovers the name of a table.
A.
B.
C.
D.
61.  HTML is a markup language that uses specific ____ embedded in brackets.
A.
B.
C.
D.
62.  ____ is designed to display data, with the primary focus on how the data looks.
A.
B.
C.
D.
63.  ____ is for the transport and storage of data, with the focus on what the data is.
A.
B.
C.
D.
64.  The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.
A.
B.
C.
D.
65.  For a Web server’s Linux system, the default root directory is typically ____.
A.
B.
C.
D.
66.  The expression ____ up one directory level.
A.
B.
C.
D.
67.  Web application attacks are considered ____ attacks.
A.
B.
C.
D.
68.  A client-side attack that results in a user’s computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.
A.
B.
C.
D.
69.  ____ is an attack in which an attacker attempts to impersonate the user by using his session token.
A.
B.
C.
D.
70.  A ____ attack is similar to a passive man-in-the-middle attack.
A.
B.
C.
D.
71.  When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.
A.
B.
C.
D.
72.  ____ substitutes DNS addresses so that the computer is automatically redirected to another device.
A.
B.
C.
D.
73.  When DNS servers exchange information among themselves it is known as a ____.
A.
B.
C.
D.
74.  The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.
A.
B.
C.
D.
75.  Match the following
A. Directory traversal attack
A.
B. Access rights
B.
C. Zero day attack
C.
D. Command injection
D.
E. First-party cookie
E.
F. Cross-site scripting (XSS) attack
F.
G. Privilege escalation
G.
H. Transitive access
H.
I. Client-side attack
I.
76.  ____ is the probability that a risk will occur in a particular year.
A.
B.
C.
D.
77.  ____ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.
A.
B.
C.
D.
78.  ____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.
A.
B.
C.
D.
79.  ____ is a comparison of the present state of a system compared to its baseline.
A.
B.
C.
D.
80.  The end product of a penetration test is the penetration ____.
A.
B.
C.
D.
81.  The ____ for software is the code that can be executed by unauthorized users.
A.
B.
C.
D.
82.  In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested.
A.
B.
83.  Released in 1995, one of the first tools that was widely used for penetration testing was ____.
A.
B.
C.
D.
84.  A ____ is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.
A.
B.
C.
D.
85.  A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.
A.
B.
C.
D.
86.  Match
A. Risk mitigation
A.
B. Threat Evaluation
B.
C. Penetration testing
C.
D. Vulnerability appraisal
D.
E. Risk assessment
E.
F. Hardening
F.
G. Vulnerability scan
G.
H. Vulnerability assessment
H.
I. Asset identification
I.
87.  The first step in a vulnerability assessment is to determine the assets that need to be protected.
A.
B.
88.  A(n) ____ is hardware or software that captures packets to decode and analyze its contents.
A.
B.
C.
D.
89.  A ____ in effect takes a snapshot of the current security of the organization.
A.
B.
C.
D.
90.  A(n) ____ examines the current security in a passive method.
A.
B.
C.
D.
91.  A ____ is a network set up with intentional vulnerabilities.
A.
B.
C.
D.
92.  A ____ outlines the major security considerations for a system and becomes the starting point for solid security.
A.
B.
C.
D.
93.  A security weakness is known as a(n) ____.
A.
B.
C.
D.
94.  The ____ is the expected monetary loss every time a risk occurs.
A.
B.
C.
D.