Q&A Hero

Media Study

Q: Spam over VoIP is called ________. A) VAM B) SOVI C) SPIT D) SPIP
Q: Someone breaks into a corporate VoIP system to place free long-distance and international toll calls. This is referred to by security professionals as ________. A) toll fraud B) VoIP hacking C) phone phreaking D) blue boxing
Q: DoS attacks against VoIP can be successful even if they increase latency only slightly.
Q: A PSTN gateway translates between a VoIP network's ________ protocols and those of the public switched telephone network. A) signaling B) transport C) Both A and B D) Neither A nor B
Q: Like the public switched telephone network, VoIP technology is a closed system.
Q: SIP proxy servers are used in ________. A) transport transmissions B) signaling transmissions C) Both A and B D) Neither A nor B
Q: A VoIP caller wishing to contact another sends an INVITE message to ________. A) the caller's H.323 proxy server B) the receiver's H.323 proxy server C) the receiver directly D) None of the above
Q: Signaling does not consist of communication to manage the network.
Q: Transport consists of communication to manage the network.
Q: Signaling is the carriage of voice between two parties.
Q: Which of the following is not a signaling protocol? A) RTP B) SIP C) H.323 D) All of the above ARE signaling protocols.
Q: RTP stands for ________. A) Real Transfer Protocol B) Real Time Protocol C) Real Transport Protocol D) None of the above
Q: RTP is used in ________. A) signaling B) transport C) Both A and B D) Neither A nor B
Q: RTP adds ________ to UDP. A) security B) sequence numbers C) Both A and B D) Neither A nor B
Q: Which comes third in a VoIP packet? A) RTP header B) UDP header C) IP header D) codec byte stream
Q: PKI uses circles of trust.
Q: Which of the following uses a PKI? A) S/MIME B) PGP C) Both A and B D) Neither A nor B
Q: What e-mail standard provides end-to-end security? A) SSL/TLS B) S/MIME C) Both A and B D) Neither A nor B
Q: SSL/TLS provides security ________. A) between the sender and his or her e-mail server B) all the way between the sender and the receiver C) Both A and B D) Neither A nor B
Q: Encryption is heavily used in commercial e-mail.
Q: Spammers are one reason that some companies have outsourced e-mail filtering.
Q: The prevention of sensitive information from being sent out of a company is called ________. A) unified threat management B) antivirus filtering C) attachment deletion D) extrusion prevention
Q: Spammers use sticky spam, which presents their message as a graphical image.
Q: Companies are responsible for filtering sexually or racially harassing messages and can be sued for not doing so.
Q: E-mail filtering can be done at which of the following? A) The user's PC B) The corporate e-mail servers C) E-mail managed service providers D) All of the above
Q: A down side of spam filtering is the deletion of some legitimate messages.
Q: Under what Internet Options tabs are cookies controlled? A) Privacy B) Security C) Protection D) Advanced
Q: In Internet Explorer, the Security tab controls the website's pop-up blocker.
Q: With Active-X controls, active scripting is enabled by default.
Q: Under what Internet Options tabs are general security settings for websites controlled? A) Privacy B) Security C) Protection D) Advanced
Q: Scripts do not have the ability to permanently change your computer registry.
Q: Cookies are dangerous because they ________. A) allow a website to track what pages you have visited B) may contain sensitive private information about you C) Both A and B D) Neither A nor B
Q: On a compromised computer, if you mistype the name of a URL, you may be taken to a malicious website even if you set your browser security to high.
Q: To take advantage of user typing errors, attackers register site names that are similar to those of legitimate domain names.
Q: JavaScript is a scripted form of Java.
Q: Compared to full programming languages, scripts are ________ in what they can do. A) more limited B) less limited C) about as limited (but easier to use) D) not limited at all
Q: Which of the following is the most dangerous because it can do more on a computer when it is executed? A) Active-X B) Java C) Javascript D) VBscript
Q: Accepting cookies is necessary to use many websites.
Q: Cookies can used to track users at a website.
Q: Users usually must click on malicious links in order to execute them.
Q: Java applets are large Java programs.
Q: Code on a webpage that is executed on the client PC is ________. A) a Trojan horse B) a Virus C) mobile code D) an XSS attack
Q: Testers have permissions on the ________. A) development server B) testing server C) production server D) Both A and B
Q: ________ errors may indicate that an attacker is trying to send invalid data to the server. A) 404 B) 303 C) 500 D) 512
Q: Developers have permissions on the ________. A) development server B) testing server C) production server D) Both A and B
Q: Whisker is a popular tool for ________. A) reading website error logs B) providing a webserver proxy in front of the webserver C) conducting vulnerability testing on webservers D) All of the above
Q: E-commerce software is not complex and has few subsystems.
Q: In a URL, ".." (without the quotes) means ________. A) move one directory up B) move one directory down C) move to the operating system's root directory D) ignore the last entry
Q: Website defacement occurs when attackers take over a computer and produce false web pages.
Q: Most firms do a satisfactory job overseeing the deployment of custom programs used to supplement packaged software.
Q: Which of the following are reasons to ensure WWW Service and E-Commerce security? A) Cost of disruptions B) Customer fraud C) Exposure of sensitive private information D) All of the above
Q: Blind SQL injection uses a series of SQL statements that produce different responses based on true/false questions, or timed responses.
Q: Attacks in which a user reaches a directory outside of the WWW root directory and its subdirectories is called a(n) ________ attack. A) cross-site scripting B) SQL injection C) mobile code D) directory traversal
Q: Custom programs generally are safe because attackers do not know the code.
Q: In a(n) ________ attack, the user enters part of a database query instead of giving the expected input. A) login screen bypass B) buffer overflow C) XSS D) SQL injection attack
Q: In a SQL injection attack, attackers may use lookup commands to obtain unauthorized information.
Q: In a(n) ________ attack, information that a user enters is sent back to the user in a webpage. A) login screen bypass B) buffer overflow C) XSS D) SQL injection attack
Q: The user reaches a webpage before logging in. This is a(n) ________ attack. A) login screen bypass B) buffer overflow C) XSS D) SQL injection attack
Q: Programmers can trust user input if the person is strongly authenticated.
Q: For all applications, a basic rule is ________. A) always trust user input B) sometimes trust user input C) never trust user input D) None of the above
Q: Operating system account passwords provide limited protection.
Q: When securing application configuration settings, default password settings should not be changed.
Q: Baselines are used to go beyond default installation configurations for high-value targets.
Q: The first task in security is to understand the environment to be protected.
Q: Generally speaking, vendors use similar mechanisms for downloading and installing patches.
Q: To prevent eavesdropping, applications should ________. A) be updating regularly B) use electronic signatures C) use encryption for confidentiality D) use encryption for authentication
Q: Experts advise firms to turn on most or all applications and then harden them.
Q: Overall for firms, which is more time consuming to patch? A) Applications B) Operating systems C) Both are about equally time consuming to patch D) None of the above
Q: When executing attack code, if the attacker has skillfully overwritten the return address, the return address will not point back to "data" in the buffer.
Q: In a stack overflow attack, to where does the return address point? A) To the beginning of the stack entry's data area B) To the end of the stack entry's data area C) To the next command in the program being hacked D) To the return address entry in the stack entry
Q: An attacker types more data in a field than the programmer expected. This is a(n) ________ attack. A) denial-of-service B) directory traversal C) buffer overflow D) XSS
Q: Operating system hardening is more total work than application hardening.
Q: The most popular way for hackers to take over hosts today is ________. A) by taking over the operating system B) by taking over an application C) by guessing the root password D) by taking over the user interface
Q: If a hacker takes over an application program, he or she receives the permissions with which the program runs.
Q: ________ allows many different groups to be assigned different permissions. A) Windows B) UNIX C) Both A and B D) Neither A nor B
Q: UNIX allows permissions to be assigned to ________. A) the account that owns the file or directory B) a group associated with the directory C) everyone else D) All of the above
Q: UNIX offers more directory and file permissions than Windows.
Q: Windows offers only 3 directory permissions.
Q: UNIX offers ________ directory and file permissions than (as) Windows. A) fewer B) more C) about the same number of D) None of the above
Q: In UNIX, the Execute permission gives the permission to make changes.
1 2 3 27

Subjects

Accounting Anthropology Archaeology Art History Banking Biology & Life Science Business Business Communication Business Development Business Ethics Business Law Chemistry Communication Computer Science Counseling Criminal Law Curriculum & Instruction Design Earth Science Economic Education Engineering Finance History & Theory Humanities Human Resource International Business Investments & Securities Journalism Law Management Marketing Medicine Medicine & Health Science Nursing Philosophy Physic Psychology Real Estate Science Social Science Sociology Special Education Speech Visual Arts