Security 4323 final exam 74 Questions with Verified Answers
Infosec Competencies - CORRECT ANSWER Information security professionals are to anticipate
... [Show More] information-related problems and to minimize their impact.
Watershed moments in infused history - CORRECT ANSWER The internet allows people from all over the world to get connected.
Gang of 414 - CORRECT ANSWER Group of computer hackers who broke into dozens of high-profile computer systems.
Morris Worm - CORRECT ANSWER One of the first computer worms distributed through the Internet. According to Robert Morris, it was created to highlight security flaws. It could infect a computer multiple times until the PC was unusable.
Windows 95 - CORRECT ANSWER This was a very insecure operating system.
HIPAA - CORRECT ANSWER Health Insurance Portability and Accountability Act. It requires the healthcare industry to be responsible for ensuring confidentiality of patient information. Also, it brings electronic health records (EHR).
ILOVEYOU Virus - CORRECT ANSWER - 2000
- Caused over $15 billion in damages.
- Spread through emails that had a subject of "ILOVEYOU"
- More than 3 million opened the attachment.
- Shut down email servers around the world.
- Was one of the first to attach to an email.
Sarbanes-Oxley Act - CORRECT ANSWER A law passed by Congress that requires the CEO and CFO to certify that their firm's financial statements are accurate.
TJ Maxx Debacle - CORRECT ANSWER Albert Gonzalez is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers.
Confidentiality - CORRECT ANSWER Preserving authorized restrictions on access and disclosure, including means for
protecting personal privacy and proprietary information.
Integrity - CORRECT ANSWER Guarding against improper information modification or destruction and includes ensuring
information nonrepudiation and authenticity.
Availability - CORRECT ANSWER Ensuring timely and reliable access to and use of information.
System Administrator - CORRECT ANSWER A person responsible for the day-to-day operation of a technology system.
Security officer - CORRECT ANSWER Set a lot of the things that admins implement.
System Admin Tasks - CORRECT ANSWER Analyzing logs of systems and finding potential problems with computer systems and installing new software and hardware.
virtual machine (VM) - CORRECT ANSWER An entire computer.
Access Control - CORRECT ANSWER Determines types of user access, such as read-only access
User Management - CORRECT ANSWER An operating system feature that allows user accounts to be created and managed
RBAC (Role Based Access Control) - CORRECT ANSWER The framework for implementing principle of least rights.
Hot Spare - CORRECT ANSWER Piece of hardware that can be reinstalled without taking the system down.
Cold spare - CORRECT ANSWER Piece of hardware that is kept in storage until you need it.
Active Directory - CORRECT ANSWER Your management system for user interaction with management systems. The enterprise framework as it relates to information security.
Linux distro - CORRECT ANSWER A complete Linux implementation, including kernel, shell, applications, utilities, and installation media, that is packaged, distributed, and supported by a software vendor.
operating system - CORRECT ANSWER The software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals.
Shell - CORRECT ANSWER Text-based program that allows the user to interact directly with the kernel.
kernel - CORRECT ANSWER The software which provides controls for hardware devices, manages memory, executes code on the computer's CPU, and hides the details of the underlying physical hardware from user applications.
File system root - CORRECT ANSWER /
Current folder - CORRECT ANSWER .
Parent folder - CORRECT ANSWER ..
Default Shell Prompts normal user - CORRECT ANSWER $
Default Shell Prompts super user - CORRECT ANSWER #
Absolute pathing - CORRECT ANSWER The exact location of the file that is being referenced.
Relative pathing - CORRECT ANSWER location of file in relation to the current directory. (many paths)
Folder navigation - CORRECT ANSWER cd to change directories
View the contents of a folder - CORRECT ANSWER LS
View the content of a file - CORRECT ANSWER head
copy files - CORRECT ANSWER cp
Deleting Files - CORRECT ANSWER rm
Permission sets - CORRECT ANSWER dRWXRWXRWX
Read - CORRECT ANSWER 4
Write - CORRECT ANSWER 2
Execute - CORRECT ANSWER 1
rwxr-xr-x - CORRECT ANSWER 755
CVE (Common Vulnerabilities and Exposures) - CORRECT ANSWER Dictionary type list of standardized names for vulnerabilities to security exposure.
NVD (national vulnerability database) - CORRECT ANSWER Government repository of standards-based vulnerability information.
Lack of input validation - CORRECT ANSWER when a system is not checking input for vulnerability.
unrestricted uploads - CORRECT ANSWER occurs when files are accepted by software without verifying that the file follows strict specifications
Cross-Site Scripting (XSS) - CORRECT ANSWER An attack that injects scripts into a Web application server to direct attacks at clients.
Buffer Overflow - CORRECT ANSWER A technique for crashing by sending too much data to the buffer in a computer's memory
SQL Injection - CORRECT ANSWER An attack that targets SQL servers by injecting commands to be manipulated by the database.
missing authorization - CORRECT ANSWER happens when a software program allows users access to privileged parts of the program without verifying the credentials of the user.
Denial of Service - CORRECT ANSWER Result of any action or series of actions that prevents any part of an information system from functioning.
Zombie - CORRECT ANSWER A remote machine that has been compromised acting under the behalf of a troll mechanism.
Infosec incident reporting - CORRECT ANSWER Reported by a third party
Asset Sensitivity - CORRECT ANSWER how much damage would the release of this info cause?
Asset Criticality - CORRECT ANSWER A measure of the importance of an asset to the immediate survival of an organization. Essential, required, or deferrable.
Ciphertext - CORRECT ANSWER A string of text that has been converted to a secure form using encryption.
Plaintext - CORRECT ANSWER normal text that has not been encrypted
Public Key Encryption - CORRECT ANSWER Used prevalently on the web, it allows for secure messages to be sent between parties without having to agree on, or share, a secret key. It uses an asymmetric encryption scheme in which the encryption key is made public, but the decryption key is kept private.
hash function - CORRECT ANSWER Accepts an input message of any length and generates, through a one-way operation, a fixed-length output. Out is fixed length.
Modulus Math - CORRECT ANSWER 10 mod 5 = 0, 11 mod 5 = 1
Authentication - CORRECT ANSWER Are you who you say you are?
Authorization - CORRECT ANSWER is who you say you are allowed to access this thing?
Patching - CORRECT ANSWER The process by which corporate executives routinely "remap" their businesses to match rapidly changing market opportunities - adding, splitting, transferring, exiting, or combining chunks of businesses
shell script - CORRECT ANSWER A executable file that contains an ordered list of commands
pwd - CORRECT ANSWER present working directory
Cd - CORRECT ANSWER change directory
CP - CORRECT ANSWER copy a file or directory
Comment line - CORRECT ANSWER starts with #
Variables - CORRECT ANSWER A simple way to refer to a chunk of data in memory that can be modified.
environmental variables - CORRECT ANSWER Describes the state of the system
for loop - CORRECT ANSWER Loops that have a predetermined beginning, end, and increment (step interval).
while loop - CORRECT ANSWER A control flow statement that allows code to be executed repeatedly.
7..1..3 - CORRECT ANSWER this will sound from 7 to 1 by 3s [Show Less]