This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 1. Social engineering attacks are: a. an example of technical attacks requiring software or systems knowledge. b. are a combination of technical and nontechnical attacks. c. take advantage of Web 2.0 applications like social networking sites, blogs, wikis and RSS feeds. <523> d. no longer considered to be serious Internet threats due to the increased security of MySpace, LinkedIn, and YouTube. 2. Which of the following does not correctly describe what firewalls protect against? a. Some programs have bugs or special features that create application backdoors , which allowing for remote access. b. Spammers often use SMTP session hijacking to redirect e-mail through the SMTP server of an unsuspecting host, which helps hide their identity. c. Macros are the electronic equivalent of junk mail <533> d. Remote logins occur when an unauthorized users connects to a PC and gains control of it. 3. All of the following are important security functions of proxy servers except: a. They help control inbound traffic to a network. b. They help control outbound traffic to a network. c. They hide the IP addresses of a companys internal computers. d. They improve network performance. <534> 4. A vulnerability a. is a software bug. b. is the probability that a weakness will be known and used. c. is the estimated cost, loss, or damage that can result if a threat exploits a vulnerability d. is a weakness in software or other mechanisms that a hacker can use directly to gain access to a system or network. <512> 5. A host-based intrusion detection system (IDS): a. Resides on the server that is being monitored where it can detect whether critical or security-related files have been tampered with or whether a user has attempted to access files that he or she is not authorized to use. <536> b. Uses rules to analyze suspicious activity at the perimeter of a network or at key locations in the network. c. Can perform certain actions when an attack occurs, such as terminating network connections based on security policies. d. Consists of information system resourcesfirewalls, routers, Web servers, database servers, and files that look like production systems, but do no real work. 6. The protection of information systems against unauthorized access to or modification of information that is stored, processed, or being sent over a network is referred to as ________. a. Information assurance. <516> b. Information defense. c. Information security triad. d. Information integrity. 7. The advantages of virtual private networks (VPN) for data communications include all of the following except: a. They are less expensive than private leased lines because they use the public Internet to carry information....
View Full Document
- Summer '10