Question 1

Which of the following sometimes uses direct propagation between computers?&#10;A)viruses&#10;B)worms&#10;C)Trojan horses&#10;D)downloaders

Accepted Answer

Worms sometimes use direct propagation between computers, which means they can spread from one computer to another without any user action, simply by exploiting vulnerabilities in networked systems. Viruses, Trojan horses, and downloaders do not typically use this propagation method.

Question 2

Mobile code is another name for ________.&#10;A)virus&#10;B)worm&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

Mobile code refers to software transferred across a network and executed on a local system, such as Java applets or JavaScript, not specifically viruses or worms.

Question 3

Small malware programs that download larger malware programs are called ________.&#10;A)downloaders&#10;B)scouts&#10;C)foothold programs&#10;D)stage-one programs

Accepted Answer

Downloaders are small malware programs that download larger malware programs, including those that can cause more extensive damage to a system. Scouts and foothold programs refer to different aspects of malware behavior, and stage-one programs are typically used in the context of advanced persistent threats (APTs), which involve a multi-stage attack process.

Question 4

The Target attackers probably first broke into Target using the credentials of a(n)________.&#10;A)low-level Target employee&#10;B)Target IT employee&#10;C)Target security employee&#10;D)employee in a firm outside Target

Accepted Answer

The Target attackers initially gained access by using the credentials of an employee from a firm outside Target, specifically an HVAC company that was a vendor to Target. This external entry point allowed them to exploit Target's network further.

Question 5

Which of the following can spread more rapidly?&#10;A)directly-propagating viruses&#10;B)directly-propagating worms&#10;C)Both of the above can spread with approximately equal speed.

Accepted Answer

Directly-propagating worms can spread more rapidly than directly-propagating viruses. This is because worms can automatically replicate themselves and spread to other computers without any user interaction or intervention, while viruses require a user to unknowingly execute or open an infected file. As a result, worms can quickly infect a large number of systems within a short amount of time.

Question 6

The general name for evil software is ________.&#10;A)virus&#10;B)worm&#10;C)exploit&#10;D)malware

Accepted Answer

Malware is the general term used to describe any type of malicious software, including viruses, worms, Trojans, ransomware, spyware, adware, and other types of harmful software. It is a broad term that covers all types of malicious software that can harm computer systems, steal sensitive data or perform other malicious activities. The other options are specific types of malware, but D is the correct answer for a general name.

Question 7

A program that can capture passwords as you enter them is ________.&#10;A)a keystroke logger&#10;B)data mining software&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

A keystroke logger is a program that can capture passwords and other typed information as you enter them, while data mining software is designed to search and analyze large amounts of data for patterns and trends, but may not necessarily capture passwords directly. Therefore, the best choice is A.

Question 8

The Target attackers sold their stolen card information to ________.&#10;A)crimeware shops&#10;B)card shops&#10;C)card counterfeiters&#10;D)Hallmark

Accepted Answer

"Card shops" are known to be the primary buyers of stolen card information, where the data is sold on the black market for profit. Crimeware shops and card counterfeiters may also be involved, but "card shops" are the most likely answer. The option "Hallmark" is not a relevant choice as it is a card-making company and does not have any involvement in this type of illegal activity.

Question 9

The general name for malware on a user's PC that collects sensitive information and sends this information to an attacker is ________.&#10;A)keystroke loggers&#10;B)anti-privacy software&#10;C)spyware&#10;D)data mining software

Accepted Answer

Spyware is the general term for malicious software that is designed to collect sensitive information from a user's computer without their knowledge or consent, and then send this information to an attacker. Keystroke loggers are a specific type of spyware that record everything the user types on their keyboard, while anti-privacy software and data mining software are not necessarily malicious but may still collect and potentially misuse user data.

Question 10

Vulnerability-based attacks that occur before a patch is available are called ________ attacks.&#10;A)preinstallation&#10;B)stealth&#10;C)malware&#10;D)zero-day

Accepted Answer

Zero-day attacks are called so because they occur on the same day that the vulnerability is discovered or made public. As a result, they are hard to detect and prevent using traditional security measures. These attacks are designed to take advantage of an unknown or unpatched vulnerability, which means that antivirus software and other security controls may not yet be able to detect or prevent them.

Question 11

Which of the following attach themselves to other programs?&#10;A)Viruses&#10;B)Worms&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Which of the following attach themselves to...

Question 12

The general name for a security flaw in a program is a ________.&#10;A)virus&#10;B)malware&#10;C)security fault&#10;D)vulnerability

Accepted Answer

The answer of The general name for a security flaw...

Question 13

________ are full programs.&#10;A)Viruses&#10;B)Worms&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of ________ are full programs.&#10;A)Viruses&#10;B)Worms&#10;C)both A and B&#10;D)neither...

Question 14

Malware programs that masquerade as system files are called ________.&#10;A)viruses&#10;B)scripts&#10;C)payloads&#10;D)Trojan horses

Accepted Answer

The answer of Malware programs that masquerade as system files...

Question 15

Which of the following probably suffered the most financial damage from the Target breach?&#10;A)retailers other than Target&#10;B)banks&#10;C)consumers&#10;D)POS terminal vendors

Accepted Answer

The answer of Which of the following probably suffered the...

Question 16

A ________ is a flaw in a program that permits a specific attack or set of attacks against this problem.&#10;A)malware&#10;B)security error&#10;C)vulnerability&#10;D)security fault

Accepted Answer

The answer of A ________ is a flaw in a...

Question 17

Users typically can eliminate a vulnerability in one of their programs by ________.&#10;A)installing a patch&#10;B)doing a zero-day installation&#10;C)using an antivirus program&#10;D)all of the above

Accepted Answer

The answer of Users typically can eliminate a vulnerability in...

Question 18

Trojan horses can spread by ________.&#10;A)e-mailing themselves to victim computers&#10;B)directly propagating to victim computers&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Trojan horses can spread by ________.&#10;A)e-mailing themselves...

Question 19

Viruses most commonly spread from one computer to another ________.&#10;A)via e-mail&#10;B)by propagating directly by themselves&#10;C)through obfuscation&#10;D)all of the above

Accepted Answer

The answer of Viruses most commonly spread from one computer...

Question 20

Which of the following probably suffered the most financial damage from the Target breach?&#10;A)Target&#10;B)banks&#10;C)consumers&#10;D)POS vendors

Accepted Answer

The answer of Which of the following probably suffered the...

Question 21

In distributed DoS attacks,the attacker sends messages directly to ________.&#10;A)bots&#10;B)the intended victim of the DoS attack&#10;C)a command and control server&#10;D)DOS servers

Accepted Answer

The answer of In distributed DoS attacks,the attacker sends messages...

Question 22

Pieces of code that are executed after the virus or worm has spread are called ________.&#10;A)vulnerabilities&#10;B)exploits&#10;C)compromises&#10;D)payloads

Accepted Answer

The answer of Pieces of code that are executed after...

Question 23

An attack in which an authentic-looking e-mail or website entices a user to enter his or her username,password,or other sensitive information is called ________.(Select the most specific answer.)&#10;A)phishing&#10;B)identity theft&#10;C)social engineering&#10;D)a spyware attack

Accepted Answer

The answer of An attack in which an authentic-looking e-mail...

Question 24

Unsolicited commercial e-mail is better known as ________.&#10;A)spam&#10;B)adware&#10;C)social engineering&#10;D)identity theft

Accepted Answer

The answer of Unsolicited commercial e-mail is better known as...

Question 25

Which of the following can be upgraded after it is installed on a victim computer? (Choose the most specific answer.)&#10;A)Trojan horses&#10;B)bots&#10;C)viruses&#10;D)worms

Accepted Answer

The answer of Which of the following can be upgraded...

Question 26

Attack programs that can be remotely controlled by an attacker are ________.&#10;A)bots&#10;B)DoS programs&#10;C)exploits&#10;D)sock puppets

Accepted Answer

The answer of Attack programs that can be remotely controlled...

Question 27

Which of the following meets the definition of hacking ________.&#10;A)to intentionally use a computer resource without authorization&#10;B)to use a computer on which you have an account for unauthorized purposes&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Which of the following meets the definition...

Question 28

Methods that hackers use to break into computers are ________.&#10;A)cracks&#10;B)magics&#10;C)exploits&#10;D)compromises

Accepted Answer

The answer of Methods that hackers use to break into...

Question 29

Tricking users into doing something against their security interests is ________.&#10;A)social engineering&#10;B)hacking&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Tricking users into doing something against their...

Question 30

Credit card number thieves are called ________.(Pick the most precise answer.)&#10;A)numbers racketeers&#10;B)fraudsters&#10;C)identity thieves&#10;D)carders

Accepted Answer

The answer of Credit card number thieves are called ________.(Pick...

Question 31

What type of attacker can do the most damage?&#10;A)criminal attackers&#10;B)hackers driven by curiosity&#10;C)employees and ex-employees&#10;D)national governments

Accepted Answer

The answer of What type of attacker can do the...

Question 32

What type of attacker are most of attackers today?&#10;A)disgruntled employees and ex-employees&#10;B)career criminals&#10;C)hackers motivated by a sense of power&#10;D)cyberterrorists

Accepted Answer

The answer of What type of attacker are most of...

Question 33

Which of the following tends to be more damaging to the victim?&#10;A)credit card theft&#10;B)identity theft&#10;C)Both are about equally damaging to the victim.&#10;D)Neither is damaging to the victim.

Accepted Answer

The answer of Which of the following tends to be...

Question 34

Advanced persistent threats are ________.&#10;A)inexpensive for the attacker&#10;B)extremely dangerous for the victim&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Advanced persistent threats are ________.&#10;A)inexpensive for the...

Question 35

An attack aimed at a single person or a small group of individuals is a(n)________ attack.(Choose the most specific answer.)&#10;A)phishing&#10;B)spear phishing&#10;C)highly targeted&#10;D)customized

Accepted Answer

The answer of An attack aimed at a single person...

Question 36

A specific encryption method is called a ________.&#10;A)code&#10;B)schema&#10;C)key method&#10;D)cipher

Accepted Answer

The answer of A specific encryption method is called a...

Question 37

Who are the most dangerous types of employees?&#10;A)financial employees&#10;B)manufacturing employees&#10;C)IT security employees&#10;D)former employees

Accepted Answer

The answer of Who are the most dangerous types of...

Question 38

If you see a username and password on a Post-It note that anyone can see on a monitor,is it hacking if you use this information to log in?&#10;A)Yes&#10;B)No&#10;C)We cannot say from the information given.

Accepted Answer

The answer of If you see a username and password...

Question 39

DoS attacks attempt to ________.&#10;A)hack a computer&#10;B)reduce the availability of a computer&#10;C)steal information from a computer&#10;D)delete files on a computer

Accepted Answer

The answer of DoS attacks attempt to ________.&#10;A)hack a computer&#10;B)reduce...

Question 40

You discover that you can get into other e-mail accounts after you have logged in under your account.You spend just a few minutes looking at another user's mail.Is that hacking?&#10;A)Yes&#10;B)No&#10;C)We cannot say from the information given.

Accepted Answer

The answer of You discover that you can get into...

Question 41

A user picks the password &#34;tiger.&#34; This is likely to be cracked quickly by a(n)________.&#10;A)attack on an application running as root&#10;B)brute-force attack&#10;C)dictionary attack&#10;D)reverse engineering attack

Accepted Answer

The answer of A user picks the password &#34;tiger.&#34; This...

Question 42

Electronic signatures also provide ________ in addition to authentication.&#10;A)message integrity&#10;B)message encryption&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Electronic signatures also provide ________ in addition...

Question 43

The password &#34;R7%t&&#34; can be defeated by a ________.&#10;A)dictionary attack&#10;B)hybrid mode dictionary attack&#10;C)brute-force attack&#10;D)All of the above could defeat the password equally quickly.

Accepted Answer

The answer of The password &#34;R7%t&&#34; can be defeated by...

Question 44

In authentication,the ________ is the party trying to prove his or her identity.&#10;A)supplicant&#10;B)verifier&#10;C)true party&#10;D)all of the above

Accepted Answer

The answer of In authentication,the ________ is the party trying...

Question 45

SSL/TLS is used for ________.&#10;A)Web applications&#10;B)any application&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of SSL/TLS is used for ________.&#10;A)Web applications&#10;B)any application&#10;C)both...

Question 46

The password &#34;NeVEr&#34; can be defeated by a ________.&#10;A)dictionary attack&#10;B)hybrid dictionary attack&#10;C)brute-force attack&#10;D)none of the above

Accepted Answer

The answer of The password &#34;NeVEr&#34; can be defeated by...

Question 47

Passwords are widely used because they ________.&#10;A)are demanded by users&#10;B)offer strong authentication&#10;C)are the only authentication techniques known by most security professionals&#10;D)are inexpensive to use

Accepted Answer

The answer of Passwords are widely used because they ________.&#10;A)are...

Question 48

Requiring someone to use a resource to prove his or her identity is ________.&#10;A)confidentiality&#10;B)authentication&#10;C)authorization&#10;D)both B and C

Accepted Answer

The answer of Requiring someone to use a resource to...

Question 49

________ is the general name for proofs of identity in authentication.&#10;A)Credentials&#10;B)Authorizations&#10;C)Certificates&#10;D)Signatures

Accepted Answer

The answer of ________ is the general name for proofs...

Question 50

Using encryption,you make it impossible for attackers to read your messages even if they intercept them.This is ________.&#10;A)authentication&#10;B)confidentiality&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Using encryption,you make it impossible for attackers...

Question 51

In symmetric key encryption,a key must be ________ bits long,or longer,to be considered strong.(Choose the choice closest to the correct answer.)&#10;A)36&#10;B)56&#10;C)64&#10;D)128

Accepted Answer

The answer of In symmetric key encryption,a key must be...

Question 52

Using SSL/TLS for Web applications is attractive because SSL/TLS ________.&#10;A)is essentially free to use&#10;B)offers the strongest possible cryptographic protections&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Using SSL/TLS for Web applications is attractive...

Question 53

The messages of VPNs ________.&#10;A)share the same transmission lines&#10;B)are encrypted&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of The messages of VPNs ________.&#10;A)share the same...

Question 54

To defeat brute-force attacks,a password must be ________.&#10;A)long&#10;B)complex&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of To defeat brute-force attacks,a password must be...

Question 55

Electronic signatures provide message-by-message ________.&#10;A)authentication&#10;B)confidentiality&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of Electronic signatures provide message-by-message ________.&#10;A)authentication&#10;B)confidentiality&#10;C)both A and...

Question 56

The password &#34;velociraptor&#34; can be defeated most quickly by a ________.&#10;A)dictionary attack&#10;B)reverse engineering attack&#10;C)brute-force attack&#10;D)None of the above because it is more than 8 characters long.

Accepted Answer

The answer of The password &#34;velociraptor&#34; can be defeated most...

Question 57

Authentication should generally be ________.&#10;A)as strong as possible&#10;B)appropriate for a specific resource&#10;C)the same for all resources, for consistency&#10;D)all of the above

Accepted Answer

The answer of Authentication should generally be ________.&#10;A)as strong as...

Question 58

Prepare2 can be cracked most quickly by a(n)________.&#10;A)authentication attack&#10;B)brute-force attack&#10;C)dictionary attack&#10;D)hybrid dictionary attack

Accepted Answer

The answer of Prepare2 can be cracked most quickly by...

Question 59

A password-cracking attack that tries all combinations of keyboard characters is called a ________.&#10;A)dictionary attack&#10;B)hybrid mode dictionary attack&#10;C)brute-force attack&#10;D)comprehensive keyboard attack

Accepted Answer

The answer of A password-cracking attack that tries all combinations...

Question 60

In two-way dialogues using symmetric key encryption,how many keys are used for encryption and decryption?&#10;A)1&#10;B)2&#10;C)4&#10;D)none of the above

Accepted Answer

The answer of In two-way dialogues using symmetric key encryption,how...

Question 61

A firewall will drop a packet if it ________.&#10;A)is a definite attack packet&#10;B)is a probable attack packet&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of A firewall will drop a packet if...

Question 62

When a packet that is part of an ongoing connection arrives at a stateful inspection firewall,the firewall usually ________.&#10;A)drops the packet&#10;B)drops the packet and notifies an administrator&#10;C)passes the packet&#10;D)passes the packet, but notifies an administrator

Accepted Answer

The answer of When a packet that is part of...

Question 63

In digital certificate authentication,the verifier uses ________.&#10;A)the supplicant's public key&#10;B)the true party's public key&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of In digital certificate authentication,the verifier uses ________.&#10;A)the...

Question 64

How will a stateful packet inspection (SPI)firewall handle a packet containing a TCP SYN segment?&#10;A)process it through the Access Control List (ACL)&#10;B)pass it if it is part of an approved connection&#10;C)both A and B&#10;D)neither A nor B

Accepted Answer

The answer of How will a stateful packet inspection (SPI)firewall...

Deck 3: Network Security