Embed Size (px)
DESCRIPTION
Banco de preguntas
Citation preview
1. A ________ card is an access card that has a built-in microprocessor and memory.
a) smart
b) magnetic stripe
c) Both A and B
d) Neither A nor B !2. A ________ is a small device that plugs into a standard computer port to identify the owner.
a) magnetic stripe card
b) USB token
c) smart card
d) one-time-password token !3. A ________ is a small device with a display that has a number that changes frequently.
a) one-time-password token
b) USB token
c) dongle
d) magnetic stripe card
!4. A magnetic stripe card is an access card that has a built-in microprocessor and memory.
a) True
b) False !5. A shoulder surfing attack will not be successful unless the attacker can read the entire password.
a) True
b) False !6. According to the book, r%Dv$ is a strong password.
a) True
b) False !7. All unattended exits should be locked to bar exit.
a) True
b) False !8. Buildings should be set back from streets and protected with rolling hill landscaping to reduce
threats from ________.
a) terrorism
b) casual observation
c) wireless eavesdropping
d) industrial espionage !9. Compared to access control based on individual accounts, RBAC is ________.
a) less error prone
b) more expensive
c) Both A and B
d) Neither A nor B !10. Even inexpensive CCTV cameras have enough resolution to recognize individuals
a) True
b) False !!
!11. In CobiT, entry must be ________.
a) logged
b) justified
c) Both A and B
d) Neither A nor B !12. In high-risk environments, password reset risks are reduced by requiring the user's physical presence.
a) True
b) False !13. It is illegal to go through a company's trash bins even if the trash bins are outside the corporation.
a) True
b) False !14. It is very important for testers to get permission before running a password cracking program on
their companies' computers to check for weak passwords even if such testing is in their job definitions.
a) True
b) False !15. Long passwords that use several types of keyboard characters are called ________ passwords.
a) dictionary
b) reusable
c) one-time
d) complex !16. Password cracking is usually done over the network by trying many passwords to log into an account.
a) True
b) False !17. Passwords offer reasonable security at reasonable cost and will likely continue to increase in
importance in the future.
a) True
b) False !18. Passwords should be changed frequently.
a) True
b) False !19. Placing sensitive equipment in secure areas to minimize potential threats and damage is called
siting.
a) True
b) False !20. Stealing the password file from a computer is safer than attempting to log in remotely.
a) True
b) False !21. The book recommends that passwords be at least ________ characters long.
a) 20
b) 100
c) 8
d) 6 !!
!22. Two-factor authentication can be defeated if ________.
a) the attacker uses a man-in-the-middle attack
b) the user's computer is compromised
c) Both A and B
d) Neither A nor B !!
23. Users should select very long and complex passwords and use the same password at all sites for auditability.
a) True
b) False !24. Watching someone while they type passwords in order to learn the password is called shoulder
surfing.
a) True
b) False !25. Which of the following is one of the four bases for authentication credentials?
a) What you know.
b) What you have.
c) Both A and B
d) Neither A nor B
26. Which of the following is true?
a) Human password resets are dangerous.
b) Automated password resets are dangerous.
c) Both A and B
d) Neither A nor B !27. Which of the following is not one of the AAA controls?
a) Authentication
b) Accuracy
c) Authorizations
d) Auditing !28. Which of the following is not one of the rules for working in secure areas?
a) When no one is in a secure area, it should be locked and verified periodically.
b) Unsupervised work in secure areas should be avoided.
c) Electronic devices that can record or copy mass amounts of information should be forbidden in secure areas.
d) No one should be allowed to work in secure areas for more than four hours in a row. !29. Which of the following should be forbidden in secure areas?
a) Cameras
b) USB flash drives
c) Both A and B
d) Neither A nor B !30. ________ are typically much shorter than ________.
a) There is no general length difference between passwords and PINs
b) Passwords, PINs
c) PINs, passwords !!
!31. ________ can be used to supply power during a long power outage.
a) Uninterruptable power supplies
b) Electrical generators
c) Both A and B
d) Neither A nor B !32. ________ is a password-cracking attempt wherein the attacker tries compares passwords to lists of
common word variants.
a) A hybrid dictionary attack
b) A dictionary attack
c) Brute-force guessing
d) A password-stealing attack !33. ________ is a password-cracking method wherein the attacker compares passwords to lists of
common words.
a) A hybrid dictionary attack
b) A dictionary attack
c) Brute-force guessing
d) A combinatorial attack !34. ________ is a password-cracking method wherein the attacker tries all possible passwords, starting
with single-character passwords.
a) Brute-force guessing
b) A hybrid dictionary attack
c) A combinatorial attack
d) A dictionary attack !35. ________ is a social engineering trick where an intruder may follow an authorized user through a
door that the authorized user opens with an access device.
a) Shoulder surfing
b) Shadowing
c) Piggybacking
d) Trailing !36. ________ is the process of assessing the identity of each individual claiming to have permission to
use a resource.
a) Authentication
b) Auditing
c) Authorizations
d) Accuracy !37. ________ is the process of collecting information about the activities of each individual in log files
for immediate and later analysis.
a) Authorizations
b) Accuracy
c) Auditing
d) Authentication !38. Fingerprint recognition can be easily deceived.
a) True
b) False !39. In federated identity management, firms do not query one another's identity management
databases.
a) True
b) False !40. The main standards used by firms to send security assertions to one another is LDAP.
a) True
b) False !41. In Kerberos, the Kerberos server sends the Service Ticket directly to the supplicant rather than
directly to the verifier.
a) True
b) False !42. A false rejection occurs when a person is improperly matched to a template.
a) True
b) False !43. Fingerprint scanning, which is often deceived, may be acceptable for entry into a non-sensitive
supplies cabinet
a) True
b) False !44. Verification is the process where the verifier determines the identity of the supplicant.
a) True
b) False !45. Identification requires more matches against templates than does verification.
a) True
b) False !46. The major promise of biometrics is to replace reusable passwords
a) True
b) False !47. Identification is the process where the verifier determines whether the supplicant is a particular
person that the supplicant claims who he or she is.
a) True
b) False !48. If Directory Server A trusts Directory Server B and Directory Server B trusts Directory Server C then
Directory Server A MUST trust Directory Server C.
a) True
b) False !49. In Kerberos, the verifier is explicitly notified that the supplicant has been authenticated.
a) True
b) False !50. If Directory Server A trusts Directory Server B, Directory Server B trusts Directory Server C, and
Directory Server A trusts Directory Server C, this is ________ trust.
a) Intransitive
b) Transitive
c) One-way
d) Mutual !!
!51. Giving a user permissions to use a certain resource is ________.
a) authorization
b) authentication
c) Both A and B
d) Neither A nor B !52. In the context of PKI, ________ is the process of accepting public keys and providing new digital
certificates to the users.
a) certification
b) provisioning
c) coordination
d) reflection !53. In directory servers, ________.
a) there can only be one O (organization) in a directory server.
b) there can only be one OU (organizational unit) in a directory server.
c) Both A and B
d) Neither A nor B !54. ________ record(s) and analyzes what a person or program actually did.
a) Auditing
b) Authorizations
c) Authentication
d) All of the above !55. Authorizations are also called ________.
a) permissions
b) verifications
c) Both A and B
d) Neither A nor B !56. LDAP can be used ________.
a) to update information in the directory server
b) to retrieve data from the directory server
c) Both A and B
d) Neither A nor B !57. ________ often get their authentication information from ________.
a) Metadirectory servers, central authentication servers
b) Directory servers, central authentication servers
c) Central authentication servers, directory servers
d) Central authentication servers, metadirectory servers !58. In Kerberos, the ________ gives the verifier a symmetric session key.
a) Ticket-Granting Ticket
b) Service Ticket
c) Both A and B
d) Neither A nor B !59. Which of the following statements accurately describes fingerprint recognition?
a) Fingerprint recognition is rarely used.
b) Fingerprint recognition can be easily deceived.
c) Fingerprint recognition scanners are very expensive.
d) All of the above. !60. A(n) ________ is the set of attributes about a person or resource that must be revealed in a
particular context.
a) subtemplate
b) identity
c) template
d) None of the above !61. A private key/public key pair is usually created by the ________.
a) client
b) PKI server
c) Both A and B
d) Neither A nor B !62. A security assertion may contain ________.
a) authenticity information
b) attributes, such as spending limits for purchasers
c) Both A and B
d) Neither A nor B !63. In Kerberos, the ________ is sent from the Kerberos server to the supplicant.
a) Service Ticket
b) Ticket Granting Ticket
c) Both A and B
d) Neither A nor B !64. In Kerberos, the ________ is sent from the Kerberos server to the verifier.
a) Service Ticket
b) Ticket Granting Ticket
c) Both A and B
d) Neither A nor B !65. Which is more likely to generate a false acceptance?
a) Identification
b) Verification
c) Both verification and identification are equally likely to generate a false acceptance. !66. It is better to have an ACL that permits access to a single internal webserver than one that allows
access to all internal webservers.
a) True
b) False !67. Wire speed is the maximum speed at which a firewall can filter packets.
a) True
b) False !68. A connection opening is a state.
a) True
b) False !69. The purpose of egress firewall filtering is to stop attack packets from entering the firm's internal
network.
a) True
b) False !!
!70. An internal firewall sits at the boundary between the corporate site and the Internet.
a) True
b) False !71. Stateful Packet Inspection (SPI) firewalls cannot handle UDP communications because UDP is
connectionless.
a) True
b) False !72. In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet
arrives that attempts to open a connection.
a) True
b) False !73. Ingress ACL rules typically permit a specific type of externally originated connection to network
resources.
a) True
b) False !74. Ingress ACL rules typically permit a specific type of internally originated connection to outside
resources.
a) True
b) False !75. The last egress ACL rule in a border firewall typically is DENY ALL.
a) True
b) False !76. In ________ filtering, the firewall examines packets entering the network from the outside.
a) egress
b) ingress
c) Both A and B
d) Neither A nor B !77. Firewalls will drop ________.
a) suspicious packets
b) provable attack packets
c) Both A and B
d) Neither A nor B !78. Most packets are part of the ________ state.
a) connection opening
b) connection closing
c) Both A and B
d) Neither A nor B !79. A ________ is a persistent conversation between different programs on different computers.
a) state
b) connection
c) Both A and B
d) Neither A nor B !80. If a firewall cannot keep up with traffic volume, it will ________.
a) drop packets it cannot process
b) pass any packets it cannot filter
c) shut down, failing safely
d) continue passing all packets but slow operation !81. If a firewall receives a provable attack packet, the firewall will ________.
a) log the packet
b) drop the packet
c) Both A and B
d) Neither A nor B !82. ________ firewalls filter traffic passing between different parts of a site's network.
a) Internal
b) Border
c) Intermediate
d) None of the above !83. A connection between two programs on different computers is represented by its ________.
a) pair of IP addresses
b) pair of port numbers
c) pair of sockets
d) None of the above !84. A ________ firewall handling all traditional firewall functions (SPI, ACLs, etc.) as well as additional
security functions such as antivirus filtering, spam filtering, application proxy filtering, and so forth.
a) unified threat management
b) stateful packet inspection
c) static packet inspection
d) None of the above !85. In ________ filtering, the firewall filters packets when they are leaving the network.
a) ingress
b) egress
c) Both A and B
d) Neither A nor B !86. Static packet filtering firewalls are limited to ________.
a) inspecting packets in isolation from their context
b) inspecting packets for which there are good application proxy filtering rules
c) Both A and B
d) Neither A nor B !87. Static packet filtering is sometimes used ________.
a) on border routers
b) as a secondary filtering mechanism on the main border firewall
c) Both A and B
d) Neither A nor B !88. NAT (network address translation) is able to stop ________.
a) scanning probes
b) sniffers from learning anything about the internal IP address of internal hosts
c) Both A and B
d) Neither A nor B !!
!89. If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________.
a) good because it will prevent possible attack packets from entering the network
b) bad because valid, non-attack packets will be dropped and this will effectively created a self-generated DOS attack
c) Both A and B
d) Neither A nor B !90. What is the SPI firewall rule for packets that do not attempt to open connections?
a) Drop the packet unless it is permitted by an ACL.
b) Pass the packet unless it is forbidden by an ACL.
c) Pass the packet if it is part of a previously approved connection.
d) Either A or B. !91. Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt
to open connections?
a) Permit all attempts to open a connection from an internal host to an external host.
b) Permit all attempts from external hosts to open a connection with an internal host.
c) Both A and B
d) Neither A nor B !92. An application proxy firewall needs to have multiple proxy programs if it is to filter multiple
application protocols.
a) True
b) False !93. Intrusion Detection Systems (IDSs ) tend to issue many false negatives.
a) True
b) False !94. It is easier to create appropriate ACL rules for server host firewalls than for border firewalls.
a) True
b) False !95. Creating ACLs is the most time-consuming part of firewall management.
a) True
b) False !96. The firewall should be completely vulnerability tested after each change.
a) True
b) False !97. A ________ attack is an attack that is made before attack signatures for the threat are defined.
a) zero-day
b) vulnerability based
c) stealth
d) anomaly based !98. ________ firewalls may be able to stop attacks by employees within the firm against internal site
resources
a) UTM
b) Internal
c) External
d) Border !!
!99. Firms can address the increasing ability of attackers to bypass the border firewalls by ________.
a) having multiple border firewalls
b) hardening hosts
c) Both A and B
d) Neither A nor B !100. ________ detection looks at traffic patterns for deviations from set norms.
a) Anomaly
b) Signature
c) Both A and B
d) Neither A nor B !101. ________ drop packets.
a) IPSs
b) IDSs
c) Both A and B
d) Neither A nor B !102. If you will proxy four different applications, how many proxy programs will you need?
a) 1
b) 4
c) 8
d) 2 !103. Today, application proxy firewalls are commonly used ________.
a) to protect internal clients from malicious external servers
b) as main border firewalls
c) Both A and B
d) Neither A nor B !104. ________ do not drop packets.
a) IPSs
b) Firewalls
c) IDSs
d) All of the above drop packets. !105. ________ firewalls always examine application messages in depth.
a) Static packet filtering
b) SPI
c) Application proxy
d) All of the above !106. Why is creating firewall policies desirable compared to just creating a list of ACL rules?
a) Policies are more specific.
b) Policies are easier to understand.
c) Both A and B
d) Neither A nor B !107. What type of filtering do IDSs do?
a) SPI filtering
b) Deep packet inspection
c) Both A and B
d) Neither A nor B !
!108. If an IPS identifies an attack, it can ________.
a) drop the attack packet(s)
b) limit suspicious traffic to a certain percentage of the total bandwidth
c) Both A and B
d) Neither A nor B !109. What type of host may be placed in the DMZ?
a) Public webservers.
b) External DNS servers.
c) Both A and B
d) Neither A nor B !110. A false alarm in IDS operation is called a(n) ________.
a) false negative
b) false positive
c) Either A or B, depending on the circumstance !111. Zero-day attacks might be stopped by ________ detection.
a) anomaly
b) signature
c) Both A and B
d) Neither A nor B !112. The most time-consuming part of firewall management is ________.
a) creating policies
b) creating ACLs
c) reading firewall logs
d) None of the above. !113. The ________ is a subnet that contains all of the servers and application proxy firewalls that must be
accessible to the outside world.
a) server subnet
b) Internet subnet
c) external subnet
d) None of the above !114. Stateful packet inspection firewalls ________.
a) have the slow speed of relay operation
b) always do application content filtering
c) Both A and B
d) Neither A nor B !115. Which IPS response to an attack can do the most damage?
a) Dropping packets.
b) Limiting suspicious traffic to a certain percentage of the total bandwidth.
c) Both A and B do equal amounts of damage !116. Any device with an IP address is a host.
a) True
b) False !117. An attack that comes before fixes are released is called a vulnerability attack.
a) True
b) False !118. Patching is a labor-intensive process of manual steps that a firm must do to address a vulnerability.
a) True
b) False !119. Vulnerability patches can result in a loss of functionality in the patched host.
a) True
b) False !120. To get to the super user account in UNIX, the administrator can use the RunAs command.
a) True
b) False !121. Windows group policy objects (GPOs) can restrict PCs from changing standard configurations.
a) True
b) False !
122. Optical disks can safely hold data for decades.
a) True
b) False !123. Restrictions on removable media should be enforced by relying on user behavior, rather than
technological restrictions.
a) True
b) False !124. File/directory backup is slower and takes up more storage space than image backup.
a) True
b) False !125. Digital Rights Management (DRM) usually is difficult to enforce.
a) True
b) False !126. ________ is necessary to protect the host against attacks.
a) Host shielding
b) Host bulwarking
c) Host hardening
d) None of the above. !127. Which of the following security protections are provided by recent versions of Windows Server?
a) The ability to encrypt data.
b) Server software firewalls.
c) Both A and B
d) Neither A nor B !128. A(n) ______ is defined as an attack that comes before fixes are released.
a) anomaly attack
b) zero-day attack
c) worm
d) exploit !!
!129. In UNIX, the ________ permission allows the user to make changes.
a) Modify
b) Execute
c) Write
d) Read !130. The policies for protecting sensitive information should be applied to all mobile data on ________.
a) MP3 players
b) mobile hard drives
c) USB RAM drives
d) All of the above. !131. Which of the following are elements of host hardening?
a) Read operating system log files.
b) Encrypting data on the host.
c) Both A and B
d) Neither A nor B !132. ________ are sets of specific actions to be taken to harden all hosts of a particular type and of
particular versions within each type.
a) Processes
b) Security baselines
c) Procedures
d) None of the above !133. Which of the following is not a type of fix for vulnerabilities?
a) Version upgrades.
b) Work-arounds.
c) Patches.
d) All of the above are types of fixes for vulnerabilities. !134. Assigning security measures to groups is ________ than assigning security measures to individuals
within groups.
a) less accurate
b) cheaper
c) Both A and B
d) Neither A nor B !135. Which of the following is not a standard Windows privilege?
a) All
b) Modify
c) Read & Execute.
d) List Folder Contents. !136. If a PC fails its initial network access control (NAC) health assessment, it may be ________.
a) refused access
b) allowed to go to a remediation server.
c) Either A or B
d) Neither A nor B !137. ________ allows for very recent file changes to be restored.
a) Image backup
b) Shadowing
c) File backup
d) File/folder backup !138. Compared to local backup, centralized backup ________.
a) is more capable of auditing backup policy
b) is more capable of enforcing backup policy
c) Both A and B
d) Neither A nor B !139. Trusting users to do encryption key escrow is risky because ________.
a) the user may refuse to give it up if fired
b) the user may not do it
c) the user may not be able to find the key later
d) All of the above. !140. Data on hard drives should be destroyed by ________.
a) running a drive wiping program against the disk
b) deleting the data
c) shredding the disk
d) None of the above !141. If a hacker takes over an application program, he or she receives the permissions with which the
program runs.
a) True
b) False !142. The courts generally have ruled that users generally have reasonable expectations of privacy when
they use corporate e-mail for personal reasons.
a) True
b) False !143. On a compromised computer, if you mistype the name of a URL, you may be taken to a malicious
website even if you set your browser security to high.
a) True
b) False !144. Network Address Translation (NAT) adds latency to VoIP packets.
a) True
b) False !145. Experts advise firms to turn on most or all applications on a server and then harden them.
a) True
b) False !146. Developers have permissions on the ________.
a) testing server
b) development server
c) production server
d) Both A and B !147. Testers have permissions on the ________.
a) testing server
b) development server
c) production server
d) Both A and B !!
!148. In a URL, ".." (without the quotes) means ________.
a) ignore the last entry
b) move one directory up
c) move one directory down
d) move to the operating system's root directory !149. Which of the following statements accurately describes Skype?
a) Skype's proprietary software and protocols have not been publically studied and approved.
b) Skype controls who can register a particular person's name.
c) Skype cannot decrypt or read user traffic.
d) None of the above. !150. In IM, ________ servers allow two users to locate each other.
a) index
b) presence
c) relay
d) All of the above !151. Cookies are dangerous because they ________.
a) allow a website to track what pages you have visited
b) may contain sensitive private information about you
c) Both A and B
d) Neither A nor B !152. Spam over VoIP is called ________.
a) SOVI
b) SPIT
c) SPIP
d) VAM !153. In VoIP, firewalls are a problem because they tend to ________.
a) make traffic unreadable
b) increase latency
c) increase jitter
d) reduce throughput !154. Which of the following uses a public key infrastructure (PKI)?
a) PGP
b) S/MIME
c) Both A and B
d) Neither A nor B !155. In IM, all messages pass through a ________ server.
a) relay
b) presence
c) Both A and B
d) Neither A nor B !156. Code on a webpage that is executed on the client PC is ________.
a) an XSS attack
b) a Virus
c) mobile code
d) a Trojan horse !157. Someone breaks into a corporate VoIP system to place free long-distance and international toll calls.
This is referred to by security professionals as ________.
a) VoIP hacking
b) toll fraud
c) blue boxing
d) phone phreaking !158. Attacks in which a user reaches a directory outside of the WWW root directory and its subdirectories
is called a(n) ________ attack.
a) directory traversal
b) cross-site scripting
c) SQL injection
d) mobile code !159. Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests
may miss.
a) True
b) False !160. Incident response is defined as reacting to incidents according to plan.
a) True
b) False !161. International laws about cybercrime are fairly uniform.
a) True
b) False !162. In distributed IDSs, the ________ is responsible for integrating the information from the multiple
agents that run on multiple monitoring devices.
a) manager
b) agent
c) Both A and B
d) Neither A nor B !163. ________ is the act of actually stopping an incident's damage.
a) Termination
b) Gapping
c) Disconnection
d) Containment !164. ________ are failures to report true attack activities.
a) False positives
b) False negatives
c) Both A and B
d) Neither A nor B !165. Which of the following is one of the four steps in business process analysis?
a) Prioritizing business processes
b) Specifying resource needs
c) Both A and B
d) Neither A nor B !
!
!166. In distributed IDSs, in ________ transfers, the agent waits until it has several minutes or several
hours of data and then sends a block of log file data to the manager.
a) real-time
b) batch
c) Both A and B
d) Neither A nor B !167. ________ are the same as false alarms.
a) False positives
b) False negatives
c) Both A and B
d) Neither A nor B !168. Which of the following groups of attackers is easier to punish?
a) Outside attackers
b) Employees.
c) Both A and B are equally easy to punish. !169. In distributed IDSs, the ________ collects event data and stores them in log files on the monitoring
devices.
a) manager
b) agent
c) Both A and B
d) Neither A nor B !170. A ________ is a fake network segment with multiple clients and servers.
a) IDS
b) trap
c) honeypot
d) virtual network !171. Which of the following is not one of the three rules for apologies after a computer incident?
a) Use wording aimed at reducing lawsuits
b) Explain what happened.
c) Acknowledge responsibility and harm.
d) Explain what action will be taken to compensate victims, if any. !172. Communication between IDS ________ must be secure.
a) managers and agents
b) vendors and managers
c) Both A and B
d) Neither A nor B !173. Walkthroughs are ________ table-top exercises
a) just as good as
b) the same thing as
c) better than
d) worse than !174. Which of the following is one of the three major recovery options?
a) Repair during continuing server operation
b) Restoration from backup tapes.
c) Both A and B
d) Neither A nor B !!
!175. In IDSs, integrated log files ________.
a) tend to have time synchronization problems
b) tend to have problems with format incompatibilities
c) Both A and B
d) Neither A nor B !176. Which of the following is a function of IDSs?
a) Strike-back.
b) Automated analysis.
c) Both A and B
d) Neither A nor B !177. A ________ IDS sends data from many devices to a central management console.
a) distributed
b) decentralized
c) fragmented
d) centralized !178. ________ allows a response team to determine an incident's damage potential and to gather
information needed to begin containment and recovery.
a) Detection
b) Analysis
c) Both A and B
d) Neither A nor B !179. A(n) ________ is a professional who is trained to collect and evaluate computer evidence in ways
that are likely to be admissible in court.
a) computer forensics expert
b) expert witness
c) Both A and B
d) Neither A nor B !180. Companies achieve time synchronization for integrated log files by using ________.
a) the Network Time Protocol
b) the Greenwich mean time protocol
c) Both A and B
d) Neither A nor B !181. Network IDSs look at ________.
a) all network traffic in a network
b) all host traffic in a network
c) Both A and B
d) Neither A nor B !182. In IDSs, what information should alarms give the security staff?
a) Advice about what the security administrator should do
b) A way to test the alarm for accuracy
c) Both A and B
d) Neither A nor B
