Name: ________________________ Class: ___________________ Date: __________

ID: A

Midterm Exam Review

True/False Indicate whether the statement is true or false. ____ ____ ____ 1. The demand for IT professionals who know how to secure networks and computers is at an all-time low. 2. Recent employment trends indicate that employees with security certifications are in high demand. 3. The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security. 4. Weakness in software can be more quickly uncovered and exploited with new software tools and techniques. 5. In a general sense, assurance may be defined as the necessary steps to protect a person or property from harm. 6. Approximately two out of three malicious Web attacks have been developed using one of four popular attack toolkits. 7. Attack toolkits range in price from only $400 to as much as $8,000. 8. Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection. 9. Removing a rootkit from an infected computer is extremely difficult.

____ ____

____

____ ____

____

____ 10. Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information. ____ 11. The omnipresence of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today. ____ 12. Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks. ____ 13. Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small. ____ 14. ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies. ____ 15. Because of the minor role it plays, DNS is never the focus of attacks. ____ 16. The first step in a vulnerability assessment is to determine the assets that need to be protected. ____ 17. If port 20 is available, then an attacker can assume that FTP is being used.

Name: ________________________ ____ 18. Vulnerability scans are usually performed from outside the security perimeter.

ID: A

____ 19. In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested. ____ 20. A healthy security posture results from a sound and workable strategy toward managing risks. ____ 21. Securing the host involves protecting the physical device itself, securing the operating system software on the system, using security-based software applications, and monitoring logs. ____ 22. Keyed entry locks are much more difficult to defeat than deadbolt locks. ____ 23. Cipher locks are the same as combination padlocks. ____ 24. Data, once restricted to papers in the office filing cabinet, now flows freely both in and out of organizations, among employees, customers, contractors, and business partners. ____ 25. When a policy violation is detected by the DLP agent, it is reported back to the DLP server. ____ 26. A basic level of security can be achieved through using the security features found in network hardware. ____ 27. The OSI model breaks networking steps down into a series of six layers. ____ 28. Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive. ____ 29. Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups of hosts. ____ 30. Workgroup switches must work faster than core switches. Multiple Choice Identify the choice that best completes the statement or answers the question. ____ 31. An information security ____ position focuses on the administration and management of plans, policies, and people. a. manager c. auditor b. engineer d. inspector ____ 32. A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts. a. 10 to 14 c. 13 to 14 b. 12 to 15 d. 14 to 16 ____ 33. The position of ____ is generally an entry-level position for a person who has the necessary technical skills. a. security technician c. CISO b. security administrator d. security manager

Name: ________________________ ____ 34. ____ attacks are responsible for half of all malware delivered by Web advertising. a. Canadian Pharmacy c. Melissa b. Fake antivirus d. Slammer

ID: A

____ 35. Approximately ____ percent of households in the United States use the Internet for managing their finances. a. 60 c. 80 b. 70 d. 90 ____ 36. In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network. a. centered c. remote b. local d. distributed ____ 37. The term ____ is frequently used to describe the tasks of securing information that is in a digital format. a. network security c. physical security b. information security d. logical security ____ 38. ____ ensures that only authorized parties can view information. a. Security c. Integrity b. Availability d. Confidentiality ____ 39. ____ ensures that information is correct and that no unauthorized person or malicious software has altered that data. a. Availability c. Integrity b. Confidentiality d. Identity ____ 40. In information security, a loss can be ____. a. theft of information b. a delay in transmitting information that results in a financial penalty c. the loss of good will or a reputation d. all of the above ____ 41. In information security, an example of a threat agent can be ____. a. a force of nature such as a tornado that could destroy computer equipment b. a virus that attacks a computer network c. an unsecured computer network d. both a and b ____ 42. Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format. a. HIPAA c. HCPA b. HLPDA d. USHIPA ____ 43. What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it? a. $100,000 c. $500,000 b. $250,000 d. $1,000,000

Name: ________________________

ID: A

____ 44. The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. a. Gramm-Leach-Bliley c. California Database Security Breach b. Sarbanes-Oxley d. USA Patriot ____ 45. The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion. a. Nimda c. Love Bug b. Slammer d. Code Red ____ 46. What is another name for unsolicited e-mail messages? a. spam c. trash b. spawn d. scam ____ 47. The most popular attack toolkit, which has almost half of the attacker toolkit market is ____. a. SpyEye c. ZeuS b. NeoSploit d. MPack ____ 48. ____ is when an attacker tricks users into giving out information or performing a compromising action. a. Phreaking c. Social engineering b. Hacking d. Reverse engineering ____ 49. A computer ____ is malicious computer code that reproduces itself on the same computer. a. virus c. adware b. worm d. spyware ____ 50. Unlike other malware, a ____ is heavily dependent upon the user for its survival. a. Trojan c. rootkit b. worm d. virus ____ 51. A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program. a. macro c. boot b. metamorphic d. companion ____ 52. Viruses and worms are said to be self-____. a. duplicating b. updating c. d. copying replicating

____ 53. A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms. a. rootkit c. wrapper b. backdoor d. shield ____ 54. A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks. a. Trojan horse c. bug b. virus d. Easter egg

Name: ________________________

ID: A

____ 55. ____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user. a. Adware c. Spam b. Keylogger d. Trojan ____ 56. ____ is an image spam that is divided into multiple images. a. Word splitting c. Layer variance b. Geometric variance d. GIF layering ____ 57. ____ involves horizontally separating words, although it is still readable by the human eye. a. Word splitting c. Geometric variance b. GIF layering d. Layer variance ____ 58. ____ is a language used to view and manipulate data that is stored in a relational database. a. C c. SQL b. DQL d. ISL ____ 59. The SQL injection statement ____ determines the names of different fields in a database. a. whatever AND email IS NULL; -c. whatever AND email IS NULL; -b. whatever; AND email IS NULL; -d. whatever AND email IS NULL; -____ 60. The SQL injection statement ____ discovers the name of a table. a. whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); -b. whatever AND 1=(SELECT COUNT(*) FROM tabname); -c. whatever; AND 1=(SELECT COUNT(*) FROM tabname); -d. whatever%; AND 1=(SELECT COUNT(*) FROM tabname); -____ 61. The SQL injection statement ____ finds specific users. a. whatever OR full_name = %Mia% b. whatever OR full_name IS %Mia% c. whatever OR full_name LIKE %Mia% d. whatever OR full_name equals %Mia% ____ 62. The SQL injection statement ____ erases the database table. a. whatever; DROP TABLE members; -b. whatever; DELETE TABLE members; -c. whatever; UPDATE TABLE members; -d. whatever; RENAME TABLE members; -____ 63. HTML is a markup language that uses specific ____ embedded in brackets. a. blocks c. taps b. marks d. tags ____ 64. ____ is designed to display data, with the primary focus on how the data looks. a. XML c. SGML b. HTML d. ISL ____ 65. Users who access a Web server are usually restricted to the ____ directory. a. top c. root b. base d. tap

Name: ________________________ ____ 66. The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____. a. /var/www c. /var/html b. C:\Inetpub\ wwwroot d. /etc/var/www ____ 67. For a Web servers Linux system, the default root directory is typically ____. a. /var/www c. /var/root b. C:\inetpub\wwwroot d. /home/root ____ 68. ____ is an attack in which an attacker attempts to impersonate the user by using his session token. a. Session replay c. Session hijacking b. Session spoofing d. Session blocking ____ 69. A ____ attack is similar to a passive man-in-the-middle attack. a. replay c. denial b. hijacking d. buffer overflow

ID: A

____ 70. When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____. a. HTTP c. URNS b. NSDB d. DNS ____ 71. ____ substitutes DNS addresses so that the computer is automatically redirected to another device. a. DNS poisoning c. DNS marking b. Phishing d. DNS overloading ____ 72. When DNS servers exchange information among themselves it is known as a ____. a. resource request c. zone transfer b. zone disarticulation d. zone removal ____ 73. The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry. a. DNS spooking c. DNS bonding b. DNS poisoning d. DNS blacklisting ____ 74. The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur. a. threat mitigation c. risk modeling b. threat profiling d. threat modeling ____ 75. A ____ in effect takes a snapshot of the current security of the organization. a. threat analysis c. risk assessment b. vulnerability appraisal d. threat assessment ____ 76. The ____ is the expected monetary loss every time a risk occurs. a. SLE c. ALE b. ARO d. SRE ____ 77. ____ is the proportion of an assets value that is likely to be destroyed by a particular risk. a. SLE c. EF b. ARO d. ER

Name: ________________________

ID: A

____ 78. ____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks. a. Insourcing c. Outcasting b. Outsourcing d. Inhousing ____ 79. A ____ outlines the major security considerations for a system and becomes the starting point for solid security. a. profile c. control b. threat d. baseline ____ 80. ____ is a comparison of the present state of a system compared to its baseline. a. Baseline reporting c. Baseline assessment b. Compliance reporting d. Compliance review ____ 81. The ____ for software is the code that can be executed by unauthorized users. a. vulnerability surface c. input surface b. risk profile d. attack surface ____ 82. When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities. a. threat scanner c. port scanner b. vulnerability profiler d. application profiler ____ 83. A(n) ____ is hardware or software that captures packets to decode and analyze its contents. a. application analyzer c. threat profiler b. protocol analyzer d. system analyzer ____ 84. A ____ is a network set up with intentional vulnerabilities. a. honeynet c. honeycomb b. honeypot d. honey hole ____ 85. A security weakness is known as a(n) ____. a. threat b. vulnerability c. d. risk opportunity

____ 86. A(n) ____ examines the current security in a passive method. a. application scan c. threat scan b. system scan d. vulnerability scan ____ 87. The end product of a penetration test is the penetration ____. a. test profile c. test system b. test report d. test view ____ 88. A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications. a. white box c. replay b. black box d. system ____ 89. Released in 1995, one of the first tools that was widely used for penetration testing was ____. a. GOPHER c. SATAN b. SAINT d. NESSUS

Name: ________________________

ID: A

____ 90. ____ are combination locks that use buttons which must be pushed in the proper sequence to open the door. a. Biometric locks c. Multifactor locks b. Cipher locks d. Reaction locks ____ 91. Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself. a. logical token c. physical token b. physical sensor d. hybrid sensor ____ 92. The signal from an ID badge is detected as the owner moves near a ____, which receives the signal. a. proximity reader c. barcode scanner b. mantrap d. magnetic scanner ____ 93. ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags. a. wave c. AFID b. pulse d. RFID ____ 94. Passive tags have ranges from about 1/3 inch to ____ feet. a. 12 c. 19 b. 15 d. 25 ____ 95. A ____ is designed to separate a nonsecured area from a secured area. a. lockout c. closet b. mantrap d. pit ____ 96. Using video cameras to transmit a signal to a specific and limited set of receivers is called ____. a. CCTV c. IPTV b. ICTV d. ITV ____ 97. Securing a restricted area by erecting a barrier is called ____. a. blocking c. fencing b. boundary placement d. moating ____ 98. An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing. a. flat collar c. slippery collar b. spiked collar d. sharp collar ____ 99. A ____ is an independently rotating large cups affixed to the top of a fence prevent the hands of intruders from gripping the top of a fence to climb over it. a. bollard c. roller barrier b. fence d. top hat ____ 100. ____ can be prewired for electrical power as well as wired network connections. a. Locking cabinets c. Locking drawers b. Fences d. Desks ____ 101. ____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected. a. IDS c. LLP b. ADP d. DLP

Name: ________________________

ID: A

____ 102. Each host (desktop, wireless laptop, smartphone, gateway server) runs a local application called a ____, which is sent over the network to the devices and runs as an OS service. a. DLP manager c. DLP agent b. DLP control d. DLP cipher ____ 103. A ____ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment. a. switch c. firewall b. router d. hub ____ 104. A ____ is a network device that can forward packets across computer networks. a. switch c. bridge b. router d. firewall ____ 105. ____ is a technology that can help to evenly distribute work across a network. a. Stateful packet filtering c. DNS caching b. Load balancing d. DNS poisoning ____ 106. ____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions. a. Stateful frame filtering c. Stateful packet filtering b. Stateless frame filtering d. Stateless packet filtering ____ 107. A ____ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user. a. proxy server c. VPN server b. DNS server d. telnet server ____ 108. A(n) ____ does not serve clients, but instead routes incoming requests to the correct server. a. forward proxy c. system proxy b. application proxy d. reverse proxy ____ 109. A(n) ____ encrypts all data that is transmitted between the remote device and the network. a. IKE tunnel c. endpoint b. VPN d. router ____ 110. A(n) ____ is the end of the tunnel between VPN devices. a. endpoint c. server b. client d. proxy ____ 111. A(n) ____ can block malicious content in real time as it appears without first knowing the URL of a dangerous site. a. application gateway c. Web security gateway b. security proxy d. firewall ____ 112. Examining network traffic, activity, transactions, or behavior and looking for well-known patterns is known as ____-based monitoring a. application c. packet b. protocol d. signature

Name: ________________________ ____ 113. Each operation in a computing environment starts with a ____. a. system call c. hardware instruction b. unit call d. system exception ____ 114. ____ is a technique that allows private IP addresses to be used on the public Internet. a. PAT c. NAPT b. PNAT d. NAT ____ 115. ____ IP addresses are IP addresses that are not assigned to any specific user or organization. a. Public c. Public domain b. Private d. Private domain

ID: A

____ 116. ____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP). a. PAT c. PAN b. NAT d. PNAT ____ 117. In order to allow untrusted outside users access to resources such as Web servers, most networks employ a ____. a. bastion c. DMZ b. choke d. reduction point ____ 118. ____ switches are connected directly to the devices on a network. a. Workgroup c. Core b. Distribution d. Intermediate ____ 119. A ____ allows scattered users to be logically grouped together even though they may be attached to different switches. a. subnet c. DMZ b. broadcast domain d. VLAN ____ 120. ____ provides remote users with the same access and functionality as local users through a VPN or dial-up connection. a. Extranet c. Intranet b. Remote access d. Virtual access Completion Complete each statement. 121. Security ____________________ have both technical knowledge and managerial skills and analyze and design security solutions within a specific entity. 122. In a general sense, ____________________ may be defined as the necessary steps to protect a person or property from harm. 123. Malicious software, or ____________________, silently infiltrate computers with the intent to do harm. 124. A macro virus takes advantage of the ____________________ relationship between the application and the operating system.

10

Name: ________________________

ID: A

125. A(n) ____________________ is either a small hardware device or a program that monitors each keystroke a user types on the computers keyboard. 126. ____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems. 127. When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees. 128. A(n) ____________________ box test is one in which some limited information has been provided to the tester. 129. A(n) ____________________ is a record or list of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area. 130. ____________________ work occasionally or regularly from a home office.

11