Securty + Ch. 2-6 Test
Questions and Answers
- 1.
USB devices with a virus delivery mechanism are an example of which of the following security threats?
- A.
Adware
- B.
Trojan Horse
- C.
Botnets
- D.
Logic Bombs
Correct Answer
B. Trojan HorseExplanation
USB devices with a virus delivery mechanism are an example of a Trojan Horse. A Trojan Horse is a type of malware that disguises itself as a legitimate file or program to trick users into downloading or executing it. In the case of USB devices, the Trojan Horse virus is hidden within the device, and when the device is connected to a computer, the virus is automatically executed, infecting the system. This allows the attacker to gain unauthorized access to the computer and potentially steal sensitive information or cause other harmful actions.Rate this question:
-
- 2.
Cellphones with network access and the ability to store data files are susceptible to which of the following risks?
- A.
Input validation errors
- B.
SMTP open relays
- C.
Viruses
- D.
Logic Bombs
Correct Answer
C. VirusesExplanation
Cellphones with network access and the ability to store data files are susceptible to viruses. Viruses are malicious software programs that can infect a device and spread to other devices, causing harm by corrupting or deleting files, stealing personal information, or disrupting the normal functioning of the device. Cellphones, like computers, can be vulnerable to viruses if they do not have proper security measures in place, such as antivirus software and regular updates. Therefore, it is important for cellphone users to be cautious and take necessary precautions to protect their devices from viruses.Rate this question:
-
- 3.
Which of the following is a malicious program used to capture information from an infected computer?
- A.
Trojan
- B.
Botnet
- C.
Worm
- D.
Virus
Correct Answer
A. TrojanExplanation
A Trojan is a type of malicious program that disguises itself as a legitimate software or file, tricking the user into downloading or installing it. Once inside the infected computer, the Trojan can capture sensitive information such as passwords, credit card details, or personal data. Unlike viruses or worms, Trojans do not replicate themselves or spread to other computers. Instead, they rely on the user's action to be executed. Therefore, a Trojan is the correct answer as it is specifically designed to capture information from an infected computer.Rate this question:
-
- 4.
Mitigating security risks by updating and applying hotfixes is part of:
- A.
Patch Management
- B.
Vulnerability Scanning
- C.
Baseline Reporting
- D.
Penetration Testing
Correct Answer
A. Patch ManagementExplanation
Mitigating security risks by updating and applying hotfixes is part of patch management. Patch management involves identifying, acquiring, testing, and applying patches or updates to software systems in order to address security vulnerabilities and ensure the system's stability. By regularly updating and applying hotfixes, organizations can protect their systems from potential security breaches and minimize the risk of exploitation. This proactive approach helps to maintain the integrity and security of the software environment.Rate this question:
-
- 5.
When reviewing IDS logs, the security administrator notices many events pertaining to a "NOOP sled". Which of the following attacks is occuring?
- A.
Man-in-the-middle
- B.
SQL injection
- C.
Buffer overflow
- D.
Session hijacking
Correct Answer
C. Buffer overflowExplanation
The correct answer is "Buffer overflow." In a buffer overflow attack, an attacker overflows a buffer in a computer program, causing it to overwrite adjacent memory areas. The "NOOP sled" is a technique used in buffer overflow attacks where a series of NOOP (No Operation) instructions is inserted into the exploited buffer, making it easier for the attacker to jump to the malicious code. The security administrator noticing many events pertaining to a "NOOP sled" suggests that there is a buffer overflow attack occurring.Rate this question:
-
- 6.
Which of the following is the main difference between a hotfix and a patch
- A.
Hotfixes follow a predetermined release schedule while patches do not
- B.
Hotfixes are smaller than patches
- C.
Hotfixes may be released at anytime and will later be included in a patch
- D.
Patches can only be applied after obtaining proper approval, hotfixes do not need management approval.
Correct Answer
C. Hotfixes may be released at anytime and will later be included in a patchExplanation
The main difference between a hotfix and a patch is that hotfixes may be released at any time and will later be included in a patch. This means that hotfixes are often released urgently to address critical issues, while patches are more planned and scheduled updates that may include multiple hotfixes. The inclusion of hotfixes in a patch ensures that all the necessary fixes are consolidated and released together, providing a more comprehensive update for the software or system.Rate this question:
-
- 7.
A vulnerability assessment was conducted against a network. One of the findings indicated an out-dated version of software. This is an example of weak:
- A.
Security policies
- B.
Patch management
- C.
Acceptable use policies
- D.
Configuration baselines
Correct Answer
B. Patch managementExplanation
This finding indicates a weakness in the patch management process of the network. Patch management involves keeping software up to date with the latest security patches and updates. An outdated version of software can leave the network vulnerable to known security vulnerabilities. Therefore, this finding highlights the need for better patch management practices to ensure the network's security.Rate this question:
-
- 8.
Which of the following should a technician deploy to detect malicious changes to the system an configuration?
- A.
Pop-up blocker
- B.
File integrity checker
- C.
Anti-spyware
- D.
Firewall
Correct Answer
B. File integrity checkerExplanation
A technician should deploy a file integrity checker to detect malicious changes to the system and configuration. This tool is designed to monitor and verify the integrity of files and detect any unauthorized modifications or tampering. It compares the current state of files with a known baseline or checksum to identify any discrepancies or changes. By regularly scanning the system, the file integrity checker can help identify potential security breaches or unauthorized modifications to the system's configuration.Rate this question:
-
- 9.
Which of the following solutions would a company be MOST likely to choose if they wanted to conserve rack space in the data center and also be able to manage various resources on the servers?
- A.
Install manageable, centralized power and cooling system
- B.
Server virtualization
- C.
Different virtual machines on a local workstation
- D.
Centalize all blade servers and chassis within one or two racks
Correct Answer
B. Server virtualizationExplanation
Server virtualization would be the most likely solution for a company that wants to conserve rack space in the data center and also be able to manage various resources on the servers. This technology allows multiple virtual servers to run on a single physical server, reducing the number of physical servers needed and therefore conserving rack space. It also provides centralized management capabilities, allowing the company to efficiently allocate and control resources across the virtual servers.Rate this question:
-
- 10.
which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?
- A.
Eavesdropping
- B.
Process hiding
- C.
Self-replication
- D.
Popup displays
Correct Answer
C. Self-replicationExplanation
A virus is distinguished from a rootkit, spyware, and adware by its ability to self-replicate. Unlike the other types of malware listed, a virus is capable of creating copies of itself and spreading to other systems or files. Rootkits, spyware, and adware may perform various malicious activities, but they do not have the ability to reproduce and spread on their own. Therefore, self-replication is the characteristic that sets viruses apart from these other types of malware.Rate this question:
-
- 11.
Monitoring a computer's log and critcal files is part of the functionality of a
- A.
NIPS
- B.
HIDS
- C.
Firewall
- D.
Honeypot
Correct Answer
B. HIDSExplanation
HIDS stands for Host-based Intrusion Detection System. It is a security tool that monitors and analyzes the activity on a computer or network to detect any unauthorized access or malicious behavior. One of the key functions of a HIDS is to monitor the computer's log and critical files for any suspicious activity or signs of intrusion. Therefore, monitoring a computer's log and critical files is part of the functionality of a HIDS.Rate this question:
-
- 12.
Which of the following can be implemented as an OS hardening practice to mitigate risk?
- A.
Domain name kiting
- B.
Removable storage
- C.
Input validation
- D.
Security templates
Correct Answer
D. Security templatesExplanation
Security templates can be implemented as an OS hardening practice to mitigate risk. Security templates are preconfigured settings that can be applied to an operating system to enhance its security. These templates contain a set of security policies and configurations that can help protect the system from various threats and vulnerabilities. By implementing security templates, organizations can ensure that their operating systems are hardened and have the necessary security measures in place to mitigate risks and protect against unauthorized access, data breaches, and other security incidents.Rate this question:
-
- 13.
Which of the following is often bundled with freely downloaded software
- A.
Cookies
- B.
Logic bomb
- C.
Adware
- D.
Spam
Correct Answer
C. AdwareExplanation
Adware is often bundled with freely downloaded software. It is a type of software that displays advertisements on the user's computer, usually in the form of pop-up ads or banners. Adware is often included in free software as a way for developers to generate revenue. When users download and install the free software, they unknowingly also install the adware, which then displays targeted advertisements based on the user's browsing habits.Rate this question:
-
- 14.
Every company workstation contains the same software prior to being assigned to workers. Which of the following software options would give remote users the needed protections from outside attackers when they are outside the company's internal network?
- A.
HIDS
- B.
Vulnerability scanner
- C.
Personal firewall
- D.
NIPS
Correct Answer
C. Personal firewallExplanation
A personal firewall would give remote users the needed protections from outside attackers when they are outside the company's internal network. A personal firewall acts as a barrier between the user's device and the external network, monitoring and controlling incoming and outgoing network traffic. It helps to prevent unauthorized access to the user's device and blocks malicious traffic from reaching it. This is especially important for remote users who may be connecting to unsecured networks outside of the company's internal network, as it adds an extra layer of protection to their device and data.Rate this question:
-
- 15.
A security administrator is analyzing the packet capture from an IDS triggered filter. The packet capture shows the following string: <scrip>source=http://www.evilsite.jp/evil.js</script> Which of the following attacks is occuring?
- A.
SQL injection
- B.
Redirection attack
- C.
Cross-site scripting
- D.
Data label challenges
Correct Answer
C. Cross-site scriptingExplanation
The given packet capture contains a string that resembles a cross-site scripting (XSS) attack. XSS occurs when an attacker injects malicious code into a website or application, which is then executed by the victim's browser. In this case, the string "source=http://www.evilsite.jp/evil.js" suggests that the attacker is attempting to inject a script from a malicious website. This script could be used to steal sensitive information, modify the website's content, or perform other malicious actions. Therefore, the correct answer is cross-site scripting.Rate this question:
-
- 16.
Management would like to know if anyone is attempting to access files on the company file server. Which of the following could be deployed to BEST provide this information?
- A.
Software firewall
- B.
Hardware firewall
- C.
HIDS
- D.
NIDS
Correct Answer
C. HIDSExplanation
A Host-based Intrusion Detection System (HIDS) would be the best option to provide information about attempts to access files on the company file server. HIDS monitors activities on individual hosts or servers and can detect unauthorized access or suspicious behavior. It can analyze file access logs, monitor file integrity, and alert management about any unusual activity or attempts to access files on the server.Rate this question:
-
- 17.
Which of the following is a benefit of utilizing virtualization technology?
- A.
Lowered cost of the host machine
- B.
Less overhead of software licensing
- C.
Streamline systems to a single OS
- D.
Fewer systems to monitor physical access
Correct Answer
D. Fewer systems to monitor physical accessExplanation
Utilizing virtualization technology allows for the consolidation of multiple physical systems into a single host machine. This means that instead of having to monitor and maintain multiple physical systems, administrators only need to monitor and maintain the single host machine. This reduces the complexity and workload associated with physical access to multiple systems, resulting in fewer systems to monitor physically.Rate this question:
-
- 18.
Which of the following would MOST likely contain a &;SCRIPT> tag?
- A.
Cookies
- B.
XSS
- C.
DOS
- D.
Buffer overflow
Correct Answer
B. XSSExplanation
XSS stands for Cross-Site Scripting, which is a type of security vulnerability commonly found in web applications. It occurs when an attacker injects malicious scripts into a trusted website, which is then executed by the user's browser. These scripts can be used to steal sensitive information, manipulate website content, or perform other malicious activities. Therefore, XSS is the most likely option to contain a <SCRIPT> tag, as it is directly related to injecting and executing scripts on a website.Rate this question:
-
- 19.
A security administrator is analyzing the packetcapture from an IDS triggered filter. The packet capture shows the following string: a or1==1-- Which of the following attacks is occuring?
- A.
Cross-site scripting
- B.
XML injection
- C.
Buffer overflow
- D.
SQL injection
Correct Answer
D. SQL injectionExplanation
The given string "a or1==1--" is a common technique used in SQL injection attacks. In SQL injection, attackers manipulate the input fields of a web application to inject malicious SQL statements into the application's database. In this case, the string suggests that the attacker is trying to bypass authentication by injecting a condition that always evaluates to true (1==1). This can allow the attacker to gain unauthorized access to the system or retrieve sensitive information from the database.Rate this question:
-
- 20.
Which of the following should a security administrator implement to ensure there are no security holes in the OS?
- A.
Encryption protocols
- B.
Firewall definitions
- C.
Patch management
- D.
Virus definitions
Correct Answer
C. Patch managementExplanation
Patch management is the process of regularly updating and applying patches or fixes to software, including the operating system (OS), to address any security vulnerabilities or bugs. By implementing patch management, a security administrator can ensure that the OS is up to date with the latest security patches, reducing the risk of security holes or vulnerabilities that could be exploited by attackers. This helps to maintain the security and integrity of the OS and prevent potential security breaches.Rate this question:
-
- 21.
Several PCs are running extremely slow all of a sudden. Users of the PCs that they do a lot of web browsing and explain that a disgruntled employee from their department was recently fired. The security administrator observes that all of the PCs are attempting to open a large number of connections to the same destination. Which of the following is MOST likely the issue?
- A.
A logic bomb has been installed by the former employee.
- B.
A man-in-the-middle attack is taking place
- C.
The PCs have downloaded adware
- D.
The PCs are being used in a botnet
Correct Answer
D. The PCs are being used in a botnetExplanation
The PCs are being used in a botnet because the security administrator observes that all of the PCs are attempting to open a large number of connections to the same destination. This behavior is characteristic of a botnet, where multiple computers are controlled remotely by a malicious actor to carry out coordinated actions without the users' knowledge or consent.Rate this question:
-
- 22.
Which of the following has a programmer MOST likely failed to consider if a user entering improper input is able to compromise the integrity of data?
- A.
SDLM
- B.
Error handling
- C.
Data formatting
- D.
Input validation
Correct Answer
D. Input validationExplanation
The programmer has most likely failed to consider input validation if a user entering improper input is able to compromise the integrity of data. Input validation is the process of ensuring that the data entered by the user meets the specified criteria and is safe for processing. It involves checking the input against predefined rules and rejecting any input that does not meet these rules. If input validation is not implemented properly, it can lead to security vulnerabilities and allow users to manipulate the system and compromise the integrity of the data.Rate this question:
-
- 23.
Which of the following should be implemented on a mobile phone to help prevent a conversation from being captured?
- A.
Device encryption
- B.
Voice encryption
- C.
GPS tracking
- D.
Sniffer
Correct Answer
B. Voice encryptionExplanation
Voice encryption should be implemented on a mobile phone to help prevent a conversation from being captured. Voice encryption is a security measure that scrambles the voice data during transmission, making it difficult for unauthorized individuals to intercept and understand the conversation. This ensures that even if someone manages to capture the conversation, they will not be able to decipher the content. Device encryption, on the other hand, protects the overall data stored on the mobile phone, while GPS tracking helps in locating the device and a sniffer is a tool used for capturing network traffic.Rate this question:
-
- 24.
Which of the following helps prevent a system from being fingerprinted?
- A.
Personal firewall
- B.
Complex passwords
- C.
Anti-spam software
- D.
OS patching
Correct Answer
A. Personal firewallExplanation
A personal firewall helps prevent a system from being fingerprinted by blocking unauthorized access attempts and hiding the system's presence on the network. It acts as a barrier between the system and the external network, monitoring incoming and outgoing traffic and allowing only authorized connections. This helps to prevent attackers from gathering information about the system's operating system, open ports, and services, making it difficult for them to identify and exploit vulnerabilities.Rate this question:
-
- 25.
Which of the following is a malicious program that infects a host computer and has the ability to replicate itself
- A.
Spyware
- B.
Virus
- C.
Rootkit
- D.
Spam
Correct Answer
B. VirusExplanation
A virus is a type of malicious program that infects a host computer and has the ability to replicate itself. It can spread from one computer to another, often through email attachments, infected websites, or shared files. Once inside a computer, a virus can cause various harmful effects, such as deleting or corrupting files, stealing personal information, or slowing down the system. Unlike spyware, which is designed to collect information without replicating, or a rootkit, which is used to gain unauthorized access to a computer, a virus specifically focuses on self-replication and spreading to other computers.Rate this question:
-
- 26.
Which of the following malicious programs comprimises system security by exploiting system access through a virtual backdoor?
- A.
Virus
- B.
Trojan
- C.
Spam
- D.
Adware
Correct Answer
B. TrojanExplanation
A Trojan is a type of malicious program that compromises system security by exploiting system access through a virtual backdoor. Unlike viruses, which can replicate themselves and spread to other systems, Trojans disguise themselves as legitimate software to trick users into downloading and installing them. Once inside the system, Trojans can open a backdoor, giving unauthorized access to hackers who can then exploit the system's vulnerabilities and compromise its security. Spam and adware, on the other hand, are not specifically designed to exploit system access through a virtual backdoor.Rate this question:
-
- 27.
Which of the following BEST represents why a system administrator should download security patches from the manufacturer's website directly?
- A.
Maintain configuration baseline
- B.
Implement OS hardening
- C.
Ensure integrity of the patch
- D.
Ensure patches are up-to-date
Correct Answer
C. Ensure integrity of the patchExplanation
Downloading security patches directly from the manufacturer's website ensures the integrity of the patch. By obtaining patches from the official source, system administrators can be confident that the patches have not been tampered with or modified by any third parties. This helps to prevent the installation of malicious or compromised patches that could potentially introduce vulnerabilities into the system.Rate this question:
-
- 28.
The BEST location for a spam filter is
- A.
On the local LAN
- B.
On the proxy server
- C.
Behind the firewall
- D.
In front of the mail relay server
Correct Answer
D. In front of the mail relay serverExplanation
The best location for a spam filter is in front of the mail relay server because it allows the filter to analyze incoming emails before they reach the mail server. By being positioned in front of the mail relay server, the spam filter can effectively block or quarantine spam emails, reducing the load on the mail server and preventing spam from reaching the end users' mailboxes. This placement also allows for more efficient filtering as it can detect and filter out spam before it consumes network resources.Rate this question:
-
- 29.
which of the following BEST describes a security benefit of a virtualization farm?
- A.
Increased anomaly detection
- B.
Stronger authentication
- C.
Stronger encryption
- D.
Increased availability
Correct Answer
D. Increased availabilityExplanation
A virtualization farm provides increased availability as a security benefit. By consolidating multiple virtual machines onto a single physical server, virtualization allows for better utilization of resources and the ability to quickly migrate virtual machines to other servers in case of hardware failure or maintenance. This ensures that critical systems and applications remain available to users, reducing the risk of downtime and potential security breaches.Rate this question:
-
- 30.
Which of the following is a primary effect of allowing P2P connection on a network?
- A.
Increase amount of spam
- B.
Input validation on web applications
- C.
Possible storage of illegal materials
- D.
Tracking cookies on the website
Correct Answer
C. Possible storage of illegal materialsExplanation
Allowing P2P (peer-to-peer) connections on a network can lead to the possible storage of illegal materials. P2P networks enable users to directly connect and share files with each other without the need for a centralized server. This decentralized nature makes it difficult to monitor or control the content being shared. As a result, individuals may use P2P networks to store and distribute illegal or copyrighted materials, such as pirated software, movies, or music.Rate this question:
-
Back to top