Download CIST 1601 Final Exam Review: Information Security Fundamentals and more Exams Information Security and Markup Languages in PDF only on Docsity!
CIST 1601 Final Exam Final Review -
CIST1601-Information Security Fund 996
Revision Questions with Answers 2025.
To assist in the footprint intelligence collection process, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses. A) True B) False - Answer:::✔✔A) True __________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. A) Buzz B) Fuzz C) Spike D) Black - Answer:::✔✔B) Fuzz The ability to detect a target computer's __________ is very valuable to an attacker.
A) manufacturer B) operating system C) peripherals D) BIOS - Answer:::✔✔B) operating system An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS. A) True B) False - Answer:::✔✔A) True The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. A) True B) False - Answer:::✔✔A) True A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. A) True B) False - Answer:::✔✔B) False
Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization.
A) True B) False - Answer:::✔✔B) False A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. A) IDPS B) WiFi C) UDP D) DoS - Answer:::✔✔A) IDPS A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________ A) True B) False - Answer:::✔✔A) True
A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. A) True B) False - Answer:::✔✔A) True Port explorers are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information.
A) True B) False - Answer:::✔✔B) False A(n) event is an indication that a system has just been attacked or is under attack. _________________________ A) True B) False - Answer:::✔✔B) False
All IDPS vendors target users with the same levels of technical and security expertise. A) True B) False - Answer:::✔✔B) False A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing.
A) True B) False - Answer:::✔✔B) False Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. A) True B) False - Answer:::✔✔B) False A(n) __________ is an event that triggers an alarm when no actual attack is in progress. A) false neutral
B) false attack stimulus C) false negative D) noise - Answer:::✔✔B) false attack stimulus Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________ A) True B) False - Answer:::✔✔B) False A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________ A) True B) False - Answer:::✔✔A) True To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False - Answer:::✔✔B) False
A) True B) False - Answer:::✔✔B) False A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. A) passive B) aggressive C) active D) secret - Answer:::✔✔A) passive A(n) monitoring vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. _________________________ A) True B) False - Answer:::✔✔B) False Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization.
A) True B) False - Answer:::✔✔B) False A(n) __________ IDPS is focused on protecting network information assets. A) network-based B) host-based C) application-based D) server-based - Answer:::✔✔A) network-based Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________. A) port knocking B) doorknob rattling C) footprinting D) fingerprinting - Answer:::✔✔D) fingerprinting Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard.
When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. _________________________ A) True B) False - Answer:::✔✔B) False The process of entrapment is when an attacker changes the format and/or timing of their activities to avoid being detected by an IDPS.
A) True B) False - Answer:::✔✔B) False __________ are decoy systems designed to lure potential attackers away from critical systems. A) Honeypots B) Bastion Hosts C) Wasp Nests D) Designated Targets - Answer:::✔✔A) Honeypots
Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected. A) True B) False - Answer:::✔✔B) False The disadvantages of using the honeypot or padded cell approach include the fact that the technical implications of using such devices are not well understood. _________________________ A) True B) False - Answer:::✔✔B) False The primary advantages of a a centralized IDPS control strategy are cost and ease-of-use. _________________________ A) True B) False - Answer:::✔✔B) False To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True
The activities that gather information about the organization and its network activities and assets is called fingerprinting.
A) True B) False - Answer:::✔✔B) False A(n) log file monitor is similar to a NIDPS.
A) True B) False - Answer:::✔✔A) True When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. _________________________ A) True B) False - Answer:::✔✔A) True A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. A) True
B) False - Answer:::✔✔B) False A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic. A) packet scanner B) packet sniffer C) honey pot D) honey packet - Answer:::✔✔C) signatures Network Behavior Analysis system __________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. A) inline B) offline C) passive D) bypass - Answer:::✔✔A) inline __________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
A) True B) False - Answer:::✔✔A) True A(n) partially distributed IDPS control strategy combines the best of the other two strategies. _________________________ A) True B) False - Answer:::✔✔A) True To use a packet sniffer legally, the administrator must __________. A) be on a network that the organization owns B) be under direct authorization of the network's owners C) have knowledge and consent of the content's creators D) all of the above - Answer:::✔✔C) signatures A false positive is the failure of an IDPS system to react to an actual attack event. A) True B) False - Answer:::✔✔B) False
Security tools that go beyond routine intrusion detection include honeypots, honeynets and padded cell systems. A) True B) False - Answer:::✔✔A) True A HIDPS can monitor systems logs for predefined events. A) True B) False - Answer:::✔✔A) True In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network. A) True B) False - Answer:::✔✔A) True A padded cell is a hardened honeynet. _________________________ A) True B) False - Answer:::✔✔B) False
