Chat with AI
Deck 9: Network Risk Management
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 9: Network Risk Management
1
The original version of the Secure Hash Algorithm was developed by MIT.
False
2
If someone is offered a free gift or service in exchange for private information or access to a computer system, what type of social engineering is taking place?
A) phishing
B) baiting
C) quid pro quo
D) tailgating
A) phishing
B) baiting
C) quid pro quo
D) tailgating
C
3
The term malware is derived from a combination of the words malicious and software.
True
4
It is ideal to use the same password for multiple different applications, provided the password is complex enough.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Which of the following utilities performs sophisticated vulnerability scans, and can identify unencrypted data such as credit card numbers?
A) Nmap
B) Nessus
C) Metasploit
D) L0phtcrack
A) Nmap
B) Nessus
C) Metasploit
D) L0phtcrack
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following scenarios represents a phishing attempt?
A) An employee at your company has received a malware-infected file in their e-mail.
B) A person posing as an employee tried to access a secured area at your organization.
C) A gift was offered to an employee with access to secured information in exchange for details.
D) An e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access.
A) An employee at your company has received a malware-infected file in their e-mail.
B) A person posing as an employee tried to access a secured area at your organization.
C) A gift was offered to an employee with access to secured information in exchange for details.
D) An e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
What penetration testing tool combines known scanning and exploit techniques to explore potentially new attack routes?
A) Nessus
B) metasploit
C) nmap
D) Sub7
A) Nessus
B) metasploit
C) nmap
D) Sub7
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Current research indicates that a long, random string of words, such as correct horse battery staple is more secure than a random series of letters, numbers, and symbols that is short enough to be remembered.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following statements correctly describes the malware characteristic of polymorphism?
A) Polymorphic malware can change its characteristics every time it is transferred to a new system.
B) Polymorphic malware is designed to activate on a particular date, remaining harmless until that time.
C) Polymorphic malware is software that disguises itself as a legitimate program, or replaces a legitimate program's code with destructive code.
D) Polymorphic malware utilizes encryption to prevent detection.
A) Polymorphic malware can change its characteristics every time it is transferred to a new system.
B) Polymorphic malware is designed to activate on a particular date, remaining harmless until that time.
C) Polymorphic malware is software that disguises itself as a legitimate program, or replaces a legitimate program's code with destructive code.
D) Polymorphic malware utilizes encryption to prevent detection.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
An attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack?
A) buffer overflow
B) session hijacking attack
C) man-in-the-middle attack
D) banner-grabbing attack
A) buffer overflow
B) session hijacking attack
C) man-in-the-middle attack
D) banner-grabbing attack
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Over a long-distance connection, using SSH keys is more secure than using passwords.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
If multiple honeypots are connected to form a larger network, what term is used to describe the network?
A) combolure
B) lurenet
C) honeycomb
D) honeynet
A) combolure
B) lurenet
C) honeycomb
D) honeynet
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
In a red team-blue team exercise, what is the purpose of the blue team?
A) The blue team is tasked with attacking the network.
B) The blue team must observe the actions of the red team.
C) The blue team is charged with the defense of the network.
D) The blue team consists of regulators that ensure no illegal activity is undertaken.
A) The blue team is tasked with attacking the network.
B) The blue team must observe the actions of the red team.
C) The blue team is charged with the defense of the network.
D) The blue team consists of regulators that ensure no illegal activity is undertaken.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
The day after Patch Tuesday is informally dubbed Exploit Wednesday.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
A hacker, in the original sense of the word, is someone with technical skill and malicious intent.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
A virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what type of malware?
A) encrypted virus
B) logic bomb
C) boot sector virus
D) worm
A) encrypted virus
B) logic bomb
C) boot sector virus
D) worm
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Sudden unexplained increases in file sizes and unusual error messages with no apparent cause are both potential symptoms of a viral infection.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Different types of organizations have similar levels of network security risks.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following statements describes a worm?
A) A program that disguises itself as something useful but actually harms your system.
B) A process that runs automatically, without requiring a person to start or stop it.
C) A program that runs independently of other software and travels between computers and across networks.
D) A program that locks a user's data or computer system until a ransom is paid.
A) A program that disguises itself as something useful but actually harms your system.
B) A process that runs automatically, without requiring a person to start or stop it.
C) A program that runs independently of other software and travels between computers and across networks.
D) A program that locks a user's data or computer system until a ransom is paid.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
A drop ceiling could be used by an intruder to gain access to a secured room.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Which type of DoS attack involves an attack that is bounced off uninfected computers before being directed at the target?
A) cached denial-of-service attack
B) distributed denial-of-service attack
C) distributed reflection denial-of-service attack
D) permanent denial-of-service attack
A) cached denial-of-service attack
B) distributed denial-of-service attack
C) distributed reflection denial-of-service attack
D) permanent denial-of-service attack
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
What statement regarding denial-of-service (DoS) attacks is accurate?
A) A denial-of-service attack occurs when a MAC address is impersonated on the network.
B) A denial-of-service attack prevents legitimate users from accessing normal network resources.
C) A denial-of-service attack is generally a result of a disgruntled employee.
D) A denial-of-service attack is no longer a major concern due to the increased throughput available on most networks.
A) A denial-of-service attack occurs when a MAC address is impersonated on the network.
B) A denial-of-service attack prevents legitimate users from accessing normal network resources.
C) A denial-of-service attack is generally a result of a disgruntled employee.
D) A denial-of-service attack is no longer a major concern due to the increased throughput available on most networks.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
A variant of BYOD, what does CYOD allow employees or students to do?
A) They can supply their own software on a computer or mobile device.
B) They can supply their choice of cloud application or storage.
C) They can choose a device from a limited number of options.
D) They can use whatever devices they wish to bring.
A) They can supply their own software on a computer or mobile device.
B) They can supply their choice of cloud application or storage.
C) They can choose a device from a limited number of options.
D) They can use whatever devices they wish to bring.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
What document addresses the specific concerns related to special access given to administrators and certain support staff?
A) non-disclosure agreement
B) acceptable use policy
C) password policy
D) privileged user agreement
A) non-disclosure agreement
B) acceptable use policy
C) password policy
D) privileged user agreement
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
What type of door access control is a physical or electronic lock that requires a code in order to open the door?
A) key fob lock
B) cipher lock
C) biometric lock
D) encrypted lock
A) key fob lock
B) cipher lock
C) biometric lock
D) encrypted lock
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this?
A) phishing
B) baiting
C) quid pro quo
D) tailgating
A) phishing
B) baiting
C) quid pro quo
D) tailgating
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
An RFID label on a box is an example of what type of physical security detection method?
A) motion detection technology
B) video surveillance via CCTV
C) tamper detection
D) asset tracking tagging
A) motion detection technology
B) video surveillance via CCTV
C) tamper detection
D) asset tracking tagging
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Which command can be used on a Windows system to create a hash of a file?
A) md5
B) shasum
C) Get-FileHash
D) Compute-FileHash
A) md5
B) shasum
C) Get-FileHash
D) Compute-FileHash
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
What type of an attack forces clients off a wireless network, creating a form of Wi-Fi DoS?
A) deauthentication attack
B) channel hopping attack
C) man-in-the-middle attack
D) ARP poisoning attack
A) deauthentication attack
B) channel hopping attack
C) man-in-the-middle attack
D) ARP poisoning attack
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
What is the Nmap utility used for?
A) It is used to identify unsecured sensitive data on the network, such as credit cards.
B) It is an automated vulnerability and penetration testing framework.
C) It is a software firewall that can be used to secure a vulnerable host.
D) It is a port scanning utility that can identify open ports on a host.
A) It is used to identify unsecured sensitive data on the network, such as credit cards.
B) It is an automated vulnerability and penetration testing framework.
C) It is a software firewall that can be used to secure a vulnerable host.
D) It is a port scanning utility that can identify open ports on a host.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
What statement regarding the different versions of the SHA hashing algorithm is accurate?
A) SHA-0 is the most secure version of SHA.
B) SHA-1 supports a 128-bit hash function.
C) SHA-2 only supports a 256-bit hash.
D) SHA-2 and SHA-3 both support the same hash lengths.
A) SHA-0 is the most secure version of SHA.
B) SHA-1 supports a 128-bit hash function.
C) SHA-2 only supports a 256-bit hash.
D) SHA-2 and SHA-3 both support the same hash lengths.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following scenarios would necessitate the use of a non-disclosure agreement?
A) Your company wishes to educate users on the proper use of the network.
B) Your company needs to prevent a new contractor from sharing information with a potential competitor.
C) Your company needs to impose password restrictions on new users in the network.
D) Your company would like to allow employees to bring their own devices.
A) Your company wishes to educate users on the proper use of the network.
B) Your company needs to prevent a new contractor from sharing information with a potential competitor.
C) Your company needs to impose password restrictions on new users in the network.
D) Your company would like to allow employees to bring their own devices.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Where would restrictions regarding what users can and cannot do while accessing a network's resources be found?
A) acceptable use policy document
B) terms of service document
C) license restrictions document
D) non-disclosure agreement document
A) acceptable use policy document
B) terms of service document
C) license restrictions document
D) non-disclosure agreement document
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
How often should you require users to change their passwords?
A) every 30 days
B) every 60 days
C) every 90 days
D) every 120 days
A) every 30 days
B) every 60 days
C) every 90 days
D) every 120 days
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
In the typical social engineering attack cycle, what occurs at Phase 3?
A) The attacker researches the desired target for clues as to vulnerabilities.
B) The attacker builds trust with the target and attempts to gain more information.
C) The attacker exploits an action undertaken by the victim in order to gain access.
D) The attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.
A) The attacker researches the desired target for clues as to vulnerabilities.
B) The attacker builds trust with the target and attempts to gain more information.
C) The attacker exploits an action undertaken by the victim in order to gain access.
D) The attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
VMware's AirWatch and Cisco's Meraki Systems Manager are both examples of what type of software?
A) mobile device management software
B) software defined network software
C) virtual device management software
D) cloud network management software
A) mobile device management software
B) software defined network software
C) virtual device management software
D) cloud network management software
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?
A) least-risk privilege profile
B) principle of least privilege
C) minimal access/minimal exposure
D) limited liability access
A) least-risk privilege profile
B) principle of least privilege
C) minimal access/minimal exposure
D) limited liability access
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
How is a posture assessment performed on an organization?
A) A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised.
B) A third party organization is tasked with attempting to break into the organization and compromise security in order to determine threat vectors.
C) A report of data that is subject to special regulation is created, such that the organization is aware of what data needs protection.
D) An assessment of how a network will perform under stress is performed to determine if the network throughput is adequate.
A) A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised.
B) A third party organization is tasked with attempting to break into the organization and compromise security in order to determine threat vectors.
C) A report of data that is subject to special regulation is created, such that the organization is aware of what data needs protection.
D) An assessment of how a network will perform under stress is performed to determine if the network throughput is adequate.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
On a Linux based system, what command can you use to create a hash of a file using SHA-256?
A) sha1sum
B) md5sum
C) sha256sum
D) shasum -a 256
A) sha1sum
B) md5sum
C) sha256sum
D) shasum -a 256
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Utilized by China's so-called "Great Firewall", what type of attack can prevent user access to web pages, or even redirect them to illegitimate web pages?
A) MAC address spoofing
B) denial-of-service attack
C) DNS poisoning
D) rogue DHCP server
A) MAC address spoofing
B) denial-of-service attack
C) DNS poisoning
D) rogue DHCP server
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
How does a zero-day exploit differ from a typical exploit?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
How is an acceptable use policy typically used?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Hackers are categorized according to their intent and the prior approval of the organizations whose networks they're hacking. What are some of these categories?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
How is motion detection technology used to monitor and provide security for sensitive areas, and how can it deal with false positives?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What are some of the characteristics of malware that make it difficult to detect?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What is hashing, and how does it differ from encryption?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
When configuring a new device, why should changing the administrative credentials be a top priority?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
List and describe the four different locations in which anti-malware can be installed.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What is vulnerability scanning, and what are the two different types of vulnerability scans?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Why might an organization be required to undergo a security audit?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
