Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 1: Cybersecurity and Technology

Full screen (f)
exit full mode
Question
This technology is used to measure and analyze human body characteristics for authentication purposes.

A)Footprinting
B)Biometrics
C)JBOD
D)Anthropomorphism
Use Space or
up arrow
down arrow
to flip the card.
Question
__________ is an electronic or paper log used to track computer activity.

A)Traceroute
B)Cookie
C)Weblog
D)Audit trail
Question
This is a series of messages sent by someone attempting to break into a computer to learn which computer network services the computer provides.

A)Bit robbing
B)Web services description language (WSDL)
C)Jabber
D)Port scan
Question
This is the name for a group of programmers who are hired to expose errors or security holes in new software or to find out why a computer network's security is being broken.

A)ERM group
B)Computer emergency response tea
C)Tiger team
D)Silicone cockroach
Question
This is a mechanism for ensuring that only authorized users can copy or use specific software applications.

A)Authorized program analysis report
B)Private key
C)Service level agreement
D)Dongle
Question
At which two traffic layers do most commercial IDSes generate signatures?

A)Application layer
B)Network layer
C)Session layer
D)Transport layer
Question
This is a Peripheral Component Interconnect (PCI) card that offloads SSL processing to speed up secure transactions on e-commerce Web sites.

A)PCMCIA card
B)Smart card
C)Server accelerator card
D)Network interface card
Question
___________is a form of eavesdropping used to pick up telecommunication signals by monitoring the electromagnetic fields produced by the signals.

A)Reverse engineering
B)Magneto resistive head technology
C)Van Eck phreaking
D)Electronic data processing (EDP)
Question
This enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

A)Security Identifier (SID)
B)Public key infrastructure (PKI)
C)Internet Assigned Numbers Authority (IANA)
D)Private Branch Exchange (PBX)
Question
This is an assault on the integrity of a security system in which the attacker substitutes a section of cipher text (encrypted text) with a different section that looks like (but is not the same as) the one removed.

A)Trojan horse
B)Hashing
C)Switching fabric
D)Cut and paste attack
Question
Which of the following is an advantage of anomaly detection?

A)Rules are easy to define.
B)Custom protocols can be easily analyzed.
C)The engine can scale as the rule set grows.
D)Malicious activity that falls within normal usage patterns is detected.
Question
A false positive can be defined as…

A)An alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior.
B)An alert that indicates nefarious activity on a system that is not running on the network.
C)The lack of an alert for nefarious activity.
D)Both a. and b.
Question
This is an encryption/decryption key known only to the party or parties that exchange secret messages.

A)E-signature
B)Digital certificate
C)Private key
D)Security token
Question
What is the purpose of a shadow honeypot?

A)To flag attacks against known vulnerabilities
B)To help reduce false positives in a signature-based IDS.
C)To randomly check suspicious traffic identified by an anomaly detection system.
D)To enhance the accuracy of a traditional honeypot.
Question
This is is the hiding of a secret message within an ordinary message and the extraction of it at its destination.

A)Secret key algorithm
B)Message queuing
C)Spyware
D)Steganography
Question
An IDS follows a two-step process consisting of a passive component and an active component. Which of the following is part of the active component?

A)Inspection of password files to detect inadvisable passwords
B)Mechanisms put in place to reenact known methods of attack and record system responses
C)Inspection of system to detect policy violations
D)Inspection of configuration files to detect inadvisable settings
Question
When discussing IDS/IPS, what is a signature?

A)An electronic signature used to authenticate the identity of a user on the network
B)Attack-definition file
C)It refers to "normal," baseline network behavior
D)None of the above
Question
"Semantics-aware" signatures automatically generated by Nemean are based on traffic at which two layers?

A)Application layer
B)Network layer
C)Session layer
D)Both a and c
Question
In what type of attack does an intruder manipulate a URL in such a way that the Web server executes or reveals the contents of a file anywhere on the server, including those lying outside the document root directory?

A)Cross-site scripting
B)Command injection
C)SQL injection
D)Path traversal attacks
Question
Which of the following is true of improper error handling?

A)Attackers can use error messages to extract specific information from a system.
B)Attackers can use unexpected errors to knock an application off line, creating a denial-of- service attack.
C)Unexpected errors can provide an attacker with a buffer or stack overflow condition that sets the stage for an arbitrary code execution.
D)All of the above.
Question
Which of the following is NOT recommended for securing Web applications against authenticated users?

A)Client-side data validation
B)Filtering data with a default deny regular expression
C)Running the application under least privileges necessary
D)Using parameterized queries to access a database
Question
In which of the following exploits does an attacker insert malicious coding into a link that appears to be from a trustworthy source?

A)Cross-site scripting
B)Command injection
C)Path traversal attack
D)Buffer overflow
Question
In which of the following exploits does an attacker add SQL code to a Web form input box to gain access to resources or make changes to data?

A)Cross-site scripting
B)Command injection
C)SQL injection
D)Buffer overflow
Question
Which of the following is characteristic of spyware?

A)Blocking access to antivirus and antispyware updates
B)Aggregating surfing habits across multiple users for advertising
C)Customizing search results based on an advertiser's needs
D)All of the above
Question
One of the most obvious places to put an IDS sensor is near the firewall. Where exactly in relation to the firewall is the most productive placement?

A)Inside the firewall
B)Outside the firewall
C)Both
D)None
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/25
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 1: Cybersecurity and Technology
1
This technology is used to measure and analyze human body characteristics for authentication purposes.

A)Footprinting
B)Biometrics
C)JBOD
D)Anthropomorphism
Biometrics
2
__________ is an electronic or paper log used to track computer activity.

A)Traceroute
B)Cookie
C)Weblog
D)Audit trail
Audit trail
3
This is a series of messages sent by someone attempting to break into a computer to learn which computer network services the computer provides.

A)Bit robbing
B)Web services description language (WSDL)
C)Jabber
D)Port scan
Port scan
4
This is the name for a group of programmers who are hired to expose errors or security holes in new software or to find out why a computer network's security is being broken.

A)ERM group
B)Computer emergency response tea
C)Tiger team
D)Silicone cockroach
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
5
This is a mechanism for ensuring that only authorized users can copy or use specific software applications.

A)Authorized program analysis report
B)Private key
C)Service level agreement
D)Dongle
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
6
At which two traffic layers do most commercial IDSes generate signatures?

A)Application layer
B)Network layer
C)Session layer
D)Transport layer
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
7
This is a Peripheral Component Interconnect (PCI) card that offloads SSL processing to speed up secure transactions on e-commerce Web sites.

A)PCMCIA card
B)Smart card
C)Server accelerator card
D)Network interface card
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
8
___________is a form of eavesdropping used to pick up telecommunication signals by monitoring the electromagnetic fields produced by the signals.

A)Reverse engineering
B)Magneto resistive head technology
C)Van Eck phreaking
D)Electronic data processing (EDP)
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
9
This enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

A)Security Identifier (SID)
B)Public key infrastructure (PKI)
C)Internet Assigned Numbers Authority (IANA)
D)Private Branch Exchange (PBX)
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
10
This is an assault on the integrity of a security system in which the attacker substitutes a section of cipher text (encrypted text) with a different section that looks like (but is not the same as) the one removed.

A)Trojan horse
B)Hashing
C)Switching fabric
D)Cut and paste attack
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is an advantage of anomaly detection?

A)Rules are easy to define.
B)Custom protocols can be easily analyzed.
C)The engine can scale as the rule set grows.
D)Malicious activity that falls within normal usage patterns is detected.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
12
A false positive can be defined as…

A)An alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior.
B)An alert that indicates nefarious activity on a system that is not running on the network.
C)The lack of an alert for nefarious activity.
D)Both a. and b.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
13
This is an encryption/decryption key known only to the party or parties that exchange secret messages.

A)E-signature
B)Digital certificate
C)Private key
D)Security token
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
14
What is the purpose of a shadow honeypot?

A)To flag attacks against known vulnerabilities
B)To help reduce false positives in a signature-based IDS.
C)To randomly check suspicious traffic identified by an anomaly detection system.
D)To enhance the accuracy of a traditional honeypot.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
15
This is is the hiding of a secret message within an ordinary message and the extraction of it at its destination.

A)Secret key algorithm
B)Message queuing
C)Spyware
D)Steganography
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
16
An IDS follows a two-step process consisting of a passive component and an active component. Which of the following is part of the active component?

A)Inspection of password files to detect inadvisable passwords
B)Mechanisms put in place to reenact known methods of attack and record system responses
C)Inspection of system to detect policy violations
D)Inspection of configuration files to detect inadvisable settings
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
17
When discussing IDS/IPS, what is a signature?

A)An electronic signature used to authenticate the identity of a user on the network
B)Attack-definition file
C)It refers to "normal," baseline network behavior
D)None of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
18
"Semantics-aware" signatures automatically generated by Nemean are based on traffic at which two layers?

A)Application layer
B)Network layer
C)Session layer
D)Both a and c
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
19
In what type of attack does an intruder manipulate a URL in such a way that the Web server executes or reveals the contents of a file anywhere on the server, including those lying outside the document root directory?

A)Cross-site scripting
B)Command injection
C)SQL injection
D)Path traversal attacks
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following is true of improper error handling?

A)Attackers can use error messages to extract specific information from a system.
B)Attackers can use unexpected errors to knock an application off line, creating a denial-of- service attack.
C)Unexpected errors can provide an attacker with a buffer or stack overflow condition that sets the stage for an arbitrary code execution.
D)All of the above.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
21
Which of the following is NOT recommended for securing Web applications against authenticated users?

A)Client-side data validation
B)Filtering data with a default deny regular expression
C)Running the application under least privileges necessary
D)Using parameterized queries to access a database
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
22
In which of the following exploits does an attacker insert malicious coding into a link that appears to be from a trustworthy source?

A)Cross-site scripting
B)Command injection
C)Path traversal attack
D)Buffer overflow
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
23
In which of the following exploits does an attacker add SQL code to a Web form input box to gain access to resources or make changes to data?

A)Cross-site scripting
B)Command injection
C)SQL injection
D)Buffer overflow
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
24
Which of the following is characteristic of spyware?

A)Blocking access to antivirus and antispyware updates
B)Aggregating surfing habits across multiple users for advertising
C)Customizing search results based on an advertiser's needs
D)All of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
25
One of the most obvious places to put an IDS sensor is near the firewall. Where exactly in relation to the firewall is the most productive placement?

A)Inside the firewall
B)Outside the firewall
C)Both
D)None
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree