search

Which of the following security measures can detect a bit-flipping attack? select all that apply.

1 Jahrs vor
Kommentare: 0
Ansichten: 8

focusNode

Show

Didn't know it?
click below

Knew it?
click below

Which of the following security measures can detect a bit-flipping attack? select all that apply.

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

QuestionAnswer
A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as: A macro
A virus that infects an executable program file is known as? program virus
Computer code that is typically added to a legitimate program but lies dormant until it is triggered by a specific logical event is known as a? logic bomb
In information security, an example of a threat agent can be ____. a virus that attacks a computer network a force of nature such as a tornado that could destroy computer equipment A person attempting to break into a secure computer network All of the above
In information security, what constitutes a loss? a delay in transmitting information that results in a financial penalty the loss of good will or a reputation all of the above theft of information
In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network? distributed
A situation that involves exposure to danger Risk
A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often results in violence. cyberterrorism
A person or element that has the power to carry out a threat Threat agent
The means by which an attack could occur​ Threat vector
An item that has value. Asset
Automated attack package that can be used without an advanced knowledge of computers exploit kit
A type of action that has the potential to cause harm threat
A flaw or weakness that allows a threat agent to bypass security vulnerability
Attacker who attacks for ideological reasons that are generally not as well defined as a cyberterrorist's motivation hacktivist
Automated attack package that can be used without an advanced knowledge of computers exploit Kit
​A software program that delivers advertising content in a manner that is unexpected and unwanted by the user adware
Computer code that lies dormant until it is triggered by a specific logical event logic bomb
A logical computer network of zombies under the control of an attacker. Botnet
A false warning designed to trick users into changing security settings on their computer​ Hoax
A phishing attack that uses telephone calls instead of e-mails vishing
Software code that gives access to a program or a service that circumvents normal security protections backdoor
A computer virus that is written in a script known as a macro macro virus
Software or a hardware device that captures and stores each keystroke that a user types on the computer's keyboard. keylogger
A phishing attack that targets only specific users spear phishing
Malicious computer code that, like its biological counterpart, reproduces itself on the same computer computer virus
​What type of system security malware allows for access to a computer, program, or service without authorization? backdoor
Malware that locks or prevents a device from functioning properly until a fee has been paid is known as:​ ransomware
Of the three types of mutating malware, what type changes its internal code to one of a set number of predefined mutations whenever it is executed?​ oligomorphic Malware
The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as? tailgating
The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as? spim
What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company?​ watering hole
Which of the following is not one of the four methods for classifying the various types of malware?​ source
One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name swiss cheese
Script kiddies acquire which item below from other attackers to easily craft an attack: exploit kit
Select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data. Integrity
Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so: script kiddies
Select below the type of malware that appears to have a legitimate use, but actually contains or does something malicious: Trojan
The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. Gramm-Leach-Bliley
The security protection item that ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter is known as? Authentication
Which term below is frequently used to describe the tasks of securing information that is in a digital format? Information Security
The two types of malware that require user intervention to spread are: viruses and trojans
Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year? 1,500,000
To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack? love bug
Under which law are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format? HIPPA
What kind of software program delivers advertising content in a manner that is unexpected and unwanted by the user, and is typically included in malware? Adware
What term below is used to describe a means of gathering information for an attack by relying on the weaknesses of individuals? social engineering
What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters? cybercriminals
What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms? rootkit
What type of malware is heavily dependent on a user in order to spread? virus
What type of theft involves stealing another person’s personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? identity Theft
What type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks, and was no longer included in Microsoft software after the start of their Trustworthy Computing initiative? Easter egg
Which of the following is malicious computer code that reproduces itself on the same computer? virus
Which of the three protections ensures that only authorized parties can view information? confidentiality
Which position below is considered an entry-level position for a person who has the necessary technical skills? Security technician
What country is now the number one source of attack traffic? Indonesia
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? certificate practice statement
A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below? Stateful Packet Filtering
A framework for all of the entities involved in digital certificates for digital certificate management is known as: Public Key Infrastructure
A key that is generated by a symmetric cryptographic algorithm is said to be a: Private Key
A sensitive connection between a client and a web server uses what class of certificate? class 2
After the DES cipher was broken and no longer considered secure, what encryption algorithm was made as its successor? 3DES
At what stage can a certificate no longer be used for any type of authentication? expiration
Because of the limitations of a hierarchical trust model, what type of trust model is used for CAs on the Internet? Distributed trust
Cryptography that attempts to use the microscopic behaviors of objects to develop and share keys while also detecting eavesdropping is known as what type of cryptography? Quantum Cryptography
Data that is in an unencrypted form is referred to as which of the following? cleartext
In cryptography, which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data? Integrity
If using the MD5 hashing algorithm, what is the length to which each message is padded? 512 bits
A framework for managing all of the entities involved in creating, storing, distributing, and revoking digital certificates Public Key Infrastructure(PKI)
A trusted third-party agency that is responsible for issuing digital certificates​ Certificate Authority(CA)
​A trust model with one CA that acts as a facilitator to interconnect all other CAs Bridge Trust Model
A technology used to associate a user's identity to a public key, in which the user's public key is digitally signed by trusted third party.​ Digital certificate
​A trust model in which two individuals trust each other because each individually trusts a third party. Third-party trust
The type of trust relationship that can exist between individuals or entities.​ Trust model
A publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate​ Certificate Repository (CR)
A process in which keys are managed by a third party, such as a trusted CA​ Key Escrow
​Symmetric keys to encrypt and decrypt information exchanged during a handshake session between a web browser and web server session keys
​A trust model that has multiple CAs that sign digital certificates distributed trust model
​A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES Advanced Encryption Standard(AES)
​An algorithm that uses elliptic curves instead of prime numbers to compute keys Elliptic curve cryptography(ECC)
An asymmetric encryption key that does not have to be protected.​ Public Key
​A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks data Encryption standard (DES)
A temporary key that is used only once before it is discarded.​ Ephemeral key
​An asymmetric encryption key that does have to be protected. Private Key
A cipher that manipulates an entire block of plaintext at one time.​ Block cipher
A key exchange that requires all parties to agree upon a large prime number and related integer so that the same key can be separately created.​ Diffie-Hellman (DHE)
​An algorithm that takes one character and replaces it with one character. Stream cipher
Data that has been encrypted.​ ciphertext
​SSL and TLS keys of what length are generally considered to be strong? 4096
The Authentication Header (AH) protocol is a part of what encryption protocol suite below?​ IPSec
The SHA-1 hashing algorithm creates a digest that is how many bits in length? 160 bits
Which type of cryptographic algorithm takes an input string of any length, and returns a string of any requested variable length? sponge
Which of the following is not one of the functions of a digital signature? Protect the public key
When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established? third-party
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs? bridge trust
What type of cryptography uses two keys instead of just one, generating both a private and a public key? Asymmetric
What type of cryptographic algorithm is considered to be a one-way algorithm, in that its contents can't be used to reveal the original set of data? hash
What type of cryptographic algorithm can be used to ensure the integrity of a file's contents? hashing
What kind of certificate is typically used by an individual to secure e-mail transmissions? personal digital
What is the name of the open source asymmetric cryptography system that runs on Windows, UNIX, and Linux systems, and is compatible with PGP? GPG
What is the name of the cryptographic hash function that has international recognition and has been adopted by standards organizations such as the ISO, that creates a digest of 512 bits and will not be subject to patents? Whirlpool
What is the name for an organization that receives, authenticates, and processes certificate revocation requests? Registration Authority
What is the block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits known as? Blowfish
What cryptographic transport algorithm is considered to be significantly more secure than SSL? TLS
What cryptographic method, first proposed in the mid-1980s, makes use of sloping curves instead of large prime numbers? ECC
The simplest type of stream cipher, one in which one letter or character is exchanged for another, is known as what? Substitution
Using what mechanism below can the non-repudiation of an e-mail and it's content be enforced? asymmetric Encryption
The process by which keys are managed by a third party, such as a trusted CA, is known as? key Escrow
The asymmetric cryptography algorithm most commonly used is: RSA
The NTRUEncrypt cryptographic algorithm makes use of which of the following cryptographic techniques? Lattice-Based
Select below the type of certificate that is often issued from a server to a client, with the purpose of ensuring the authenticity of the server: server digital
Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: certification Authority
Select below the technology that can be used to examine content through application-level filtering: Web security gateway
Select below the standard that is based on the Rijndael algorithm, and was approved by NIST in late 2000 as a replacement for DES: AES
Select below the hashing algorithm that takes plaintext of any length and generates a digest 128 bits in length: MD2
On what principle did Julius Caesar's cyptographic messages function? Each Alphabetic letter was shifted three places down in the alphabet
What type of web server application attacks introduce new input to exploit a vulnerability? injection attacks
Which of the following is a server that routes incoming requests coming from an external network to the correct internal server? reverse proxy
If a network is completely isolated by an air gap from all other outside networks it is using what type of configuration? Physical network segregation
What vendor neutral protocol implements support for VLAN tagging? 802.1Q
Which of the following is a software-based application that runs on a local host computer that can detect an attack as it occurs? Host-Based intrusion Detection system
What type of network access control uses Active Directory to scan a device to verify that it is in compliance? Agentless NAC
What are the two types of cross-site attacks? (Choose all that apply.) Cross-site request forgery attacks Cross-site scripting Attacks
DNS poisoning can be prevented using the latest edition of what software below? BIND
What protocol suite below is the most commonly used protocol for local area network (LAN) communication? TCP/IP
An administrator has two servers that host the same web content, but only one server is utilized at a given time. What can be configured that can help to evenly distribute work across the network, and make use of both servers in a manner that is tran Load Balancing
What type of monitoring compares network traffic, activities, transactions, or behavior against a database of known attack patterns? Signature-based
Which Cloud computing service model uses the cloud computing vendor to provide access to the vendor's software applications running on a cloud infrastructure? software as a service
What specific ways can a session token be transmitted? (Choose all that apply.) In the URL, in the header of the HTTP requisition
Which layer of the OSI model contains the TCP protocol, which is used for establishing connections and reliable data transport between devices? transport layer
What technology will examine the current state of a network device before allowing it can to connect to the network and force any device that does not meet a specified set of criteria to connect only to a quarantine network? network access control
Which of the following is defined as a security analysis of the transaction within its approved context? content inspection
The exchange of information among DNS servers regarding configured zones is known as: zone transfer
Which of the following are considered to be interception attacks? (Choose all that apply.) man in the middle, replay attacks
A web server must be accessible to untrusted outside users. What can be done to isolate this host and any additional hosts with similar requirements from more secured hosts on a network? Create a DMZ, add Necessary hosts
The management in your corporate office needs to group users on the network together logically even though they are attached to separate network switches. How can this be done? create a VLan and add the users computer / ports to the VLAN
An attack that takes advantage of the procedures for initiating a session is known as what type of attack? SYN flood attack
Select the technology that can be used to examine content through application-level filtering. web security gateway
What kind of networking device forwards packets across different computer networks by reading destination addresses? router
A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below? stateful packet filtering
What specific type of hardware card inserts into a web server that contains one or more co-processors to handle SSL/TLS SSL/TLS accelerator
Select the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree. DNS
What type of additional attack does ARP spoofing rely on? DNS poisoning
Which of the following is a system of security tools that are used to recognize and identify data that is critical to the organization and ensure that it is protected? data loss prevention
What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks? ARP poisoning
How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to? Vlan
Where are MAC addresses stored for future reference? ARP Cache
Which of the following protocols is unsecured? FTP
What two locations can be a target for DNS poisoning? (Choose all that apply.) Local Host table, External DNS server
Which technology is a means of managing and presenting computer resources by function without regard to their physical layout or location? virtualization
At what level of the OSI model does the IP protocol function? network Layer
An early networking device that functioned at layer 1 of the OSI model and added devices to a single segment is known as which of the following choices? hub
What type of computing environment allows servers, storage, and the supporting networking infrastructure to be shared by multiple enterprises over a remote network connection that had been contracted for a specific period? hosted services
At what point in a vulnerability assessment would an attack tree be utilized? Threat evaluation
Which of the following is NOT true about privacy? Today, individuals can achieve any level of privacy that is desired.
Which of these is NOT a state of a port that can be returned by a port scanner? Busy
Which of these should NOT be classified as an asset? Accounts payable
Which of the following tools is a Linux command-line protocol analyzer? Tcpdump
Which of the following must be kept secure as mandated by HIPAA? PHI
Which of the following data sensitivity labels is the highest level of data sensitivity? Confidential
Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm? Vulnerability assessment
If a software application aborts and leaves the program open, which control structure is it using? Fail-open
Which statement regarding a honeypot is NOT true? It cannot be part of a honeynet.
Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur? Threat modeling
Which of the following is NOT a risk associated with the use of private data? Devices being infected with malware
Which of the following sends "probes" to network devices and examines the responses to evaluate whether a specific device needs remediation? Active scanner
Which statement regarding vulnerability appraisal is NOT true? Vulnerability appraisal is always the easiest and quickest step.
Which of the following is a command-line alternative to Nmap? Netcat
Which of the following command-line tools tests a connection between two network devices? Ping
Which of the following is NOT an issue raised regarding how private data is gathered and used? By law, all encrypted data must contain a "backdoor" entry point.
Which of the following is NOT a function of a vulnerability scanner? Alerts users when a new patch cannot be found
If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique? White box
Which of the following data sensitivity labels has the lowest level of data sensitivity? Public
The chain of _____ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. custody
Which level of RAID uses disk mirroring and is considered fault-tolerant? Level 1
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? Time offset
When an unauthorized event occurs, what is the first duty of the cyber-incident response team? To secure the crime scene
What does an incremental backup do? Copies all files changed since the last full or incremental backup
What does the abbreviation RAID represent? Redundant Array of Independent Drives
A(n) _____ is always running off its battery while the main power runs the battery charger. on-line UPS
Which question is NOT a basic question to be asked regarding creating a data backup? How long will it take to finish the backup?
What is the maximum length of time that an organization can tolerate between data backups? Recovery point objective (RPO)
Which of the following is NOT a category of fire suppression systems? Wet chemical system
Margaux has been asked to work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement. What report will she be working on? After-action report
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? MTTR
Which of the following can a UPS NOT perform? Prevent certain applications from launching that will consume too much power
Dilma has been tasked with creating a list of potential employees to serve in an upcoming tabletop exercise. Which employees will be on her list? Individuals on a decision-making level
Which of these is an example of a nested RAID? Level 0+1
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? Hot site
Which of the following is NOT required for a fire to occur? A spark to start the process
Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this? IT contingency planning
An electrical fire like that which would be found in a computer data center is known as what type of fire? Class C
Which of these is NOT a characteristic of a disaster recovery plan (DRP)? It is a private document used only by top-level administrators for planning.
Which statement is NOT something that a security policy must do? Balance protection with productivity.
Which policy defines the actions users may perform while accessing systems and networking equipment? Acceptable use policy
Which of the following threats would be classified as the actions of a hactivist? External threat
Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites? technical
Tomassa is asked to determine the expected monetary loss every time a risk occurs. Which formula will she use? SLE
What describes the ability of an enterprise data center to revert to its former size after expanding? Elasticity
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? MOU
For adult learners, which approach is often preferred? Andragogical
Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? Deterrent control
Which of the following covers the procedures of managing object authorizations? Privilege management
Which of these is NOT a response to risk? resistance
Which of the following is NOT a time employee training should be conducted? After monthly patch updates.
What is a collection of suggestions that should be implemented? Guideline
Bria is reviewing the company's updated personal email policy. Which of the following will she NOT find in it? Employees should not give out their company email address unless requested.
Which of the following is NOT a security risk of social media sites for users? Social media sites use popup ads.
While traveling abroad, Giuseppe needs to use public Internet cafe computers to access the secure network. Which of the following non-persistence tools should he use? Live boot media
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) represents a risk? Qualitative risk calculation
Which of the following is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? MTTR
Agnella was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization. Which of the following would she NOT list in her report? Access to resources
Which statement does NOT describe a characteristic of a policy? Policies communicate a unanimous agreement of judgment.

Which of the following security protections is used to prevent passive attacks?

However, encryption can help prevent passive attacks because it obfuscates the data, making it more difficult for attackers to make use of it. Poses a threat to the confidentiality of sensitive data.

Which of the following appears in the Web browser when you are connected to a secure website that is using a digital certificate?

Fortunately, there are two quick checks to help you be certain: Look at the uniform resource locator (URL) of the website. A secure URL should begin with “https” rather than “http.” The “s” in “https” stands for secure, which indicates that the site is using a Secure Sockets Layer (SSL) Certificate.

Which of the following is an algorithm that uses the same key to encrypt and decrypt data?

Symmetric Encryption. Symmetric encryption algorithms use the same secret key for both encryption and decryption. This means that the sender and the recipient of an encrypted message need to share a copy of the secret key via a secure channel before starting to send encrypted data.

Which of the following identifies the disadvantage of symmetric encryption?

The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.

security measures detect bit-flipping attack select apply

zusammenhängende Posts

Which of the following are responsibilities of information security management?
Which of the following are responsibilities of information security management?

A protocol indicating a secure website that uses transport layer security (tls) to protect data
A protocol indicating a secure website that uses transport layer security (tls) to protect data

Which of the following officials enforces the states weights and measures laws?
Which of the following officials enforces the states weights and measures laws?

Which two log types require a configured security profile to generate log entries choose two
Which two log types require a configured security profile to generate log entries choose two

Individual identifiers include but are not limited to: name, address, date of birth.
Individual identifiers include but are not limited to: name, address, date of birth.

What measure of central tendency best describes the center of the distribution skewed right?
What measure of central tendency best describes the center of the distribution skewed right?

What measure of central tendency best describes the center of the distribution?
What measure of central tendency best describes the center of the distribution?

What is a method or system of government for information management or control?
What is a method or system of government for information management or control?

What are some parts of the HTTP header and why is this important as a security analyst?
What are some parts of the HTTP header and why is this important as a security analyst?

Which of the following is considered the first step when designing an internal security control assessment?
Which of the following is considered the first step when designing an internal security control assessment?

Werbung

NEUESTEN NACHRICHTEN

What delivers applications over the cloud using a pay-per-use revenue model?
1 Jahrs vor . durch AsceticTranslation
What processes convert data into information and information into knowledge?
1 Jahrs vor . durch CorruptSolicitation
Fuß umgeknickt keine Schwellung aber Schmerzen was tun
1 Jahrs vor . durch TraceableMeasurement
What can decrease the effectiveness of an mbo (management by objectives) system?
1 Jahrs vor . durch HomesickDumps
Wie viel kostet ein normales Ohrloch stechen?
1 Jahrs vor . durch PitchedContents
Ein Colt für alle Fälle Klingelton Android
1 Jahrs vor . durch MonumentalShaving
Gemeinschaft entwässerung wer ist für zuständig
1 Jahrs vor . durch BarbaricCorrelation
Was ist der unterschied zwischen einem boot und einem schiff
1 Jahrs vor . durch HelluvaNuisance
Wann geht es weiter mit Outpost?
1 Jahrs vor . durch TumblingVariation
Wer ist bei lets danz faisal
1 Jahrs vor . durch SkilledStoryteller

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrkoptzhitthjphi
Urheberrechte © © 2024 nguoilontuoi Inc.