ITN 263 MIDTERM PT 2. (CH. 4-6)
COMPLETE QUESTIONS AND
ANSWERS
Slack space refers to the unused portion of the last cluster allocated to a stored file.
It may contain remnants of prior files stored in that location.
True or False? - ANSWER-True
Which name is given to a rogue program that automatically dials a modem to a pre-
defined number to auto-download additional malware to the victim or to upload
stolen data from the victim?
Spyware
Dialer
Sector
Adware - ANSWER-Dialer
Redundant array of independent disks (RAID) is a disk set management technology
that gains speed and fault tolerance.
True or False? - ANSWER-True
Which of the following describes a banner?
A variant of the UNIX operating system that is supported by Windows NT 4.0, but not
subsequent version of Windows.
Persistent public messaging forums accessed over the Network News Transfer
Protocol (NNTP).
A message sent by a service in response to a valid or invalid query. Its function is to
confirm communication is functioning properly or to announce an error.
A form of unauthorized access to a system. - ANSWER-A message sent by a service
in response to a valid or invalid query. Its function is to confirm communication is
functioning properly or to announce an error.
A metacharacter is a character that has a special meaning assigned to it and is
recognized as part of a scripting or programming language. Escaping
metacharacters is a programmatic tactic to treat all characters as basic ASCII rather
than as something with special meaning or purpose.
True or False? - ANSWER-True
,Which of the following refers to the malicious insertion of scripting code onto a
vulnerable Web site?
Cross-site scripting (XSS)
Keystroke logger
Insertion attack
Upstream filtering - ANSWER-Cross-site scripting (XSS)
NTFS is a storage device file system developed by Apple Inc. for use on Macintosh
computers; it supports multiple resource forks for file objects.
True or False? - ANSWER-False
When a communication exchange that does not verify the identity of the endpoints of
a communication and accepts any properly formed response as valid, a non-
authenticating query service is in use.
True or False? - ANSWER-True
Reconnaissance is the act of learning as much as possible about a target before
attempting attacks.
True or False? - ANSWER-True
Which name is given to an exploit that allows a hacker to run any command-line
function on a compromised system?
Arbitrary code execution
ARP spoofing
Whois
Command shell - ANSWER-Arbitrary code execution
A script kiddie is an experienced hacker who uses his or her own tools or scripts.
True or False? - ANSWER-False
Which of the following us an intentional discharge made to damage or destroy
electronic equipment ranging from cell phones to computers and servers?
Chip creep
Virus
Session hijacking
Intentional electromagnetic interference (IEMI) - ANSWER-Intentional
electromagnetic interference (IEMI)
Which of the following is given to a software interface with a system that allows code
execution?
Command shell
, Proxy
National Institute of Standards and Technology (NIST)
Intentional Electromagnetic Interference (IEMI) - ANSWER-Command shell
Leetspeak is a secret form of communication or language hackers use based on
replacing letters with numbers, symbols, or other letters that resemble the original
characters.
True or False? - ANSWER-True
A worm is used to create Trojan horses by embedding malware inside of a host file
or program.
True or False? - ANSWER-False
Which term is used to describe a feature added to the NTFS file system to support
files from POSIX, OS/2, and Macintosh?
Deterrent
Hierarchical file system (HFS)
Adware
Alternate data stream (ADS) - ANSWER-Alternate data stream (ADS)
Which term describes a form of security defense that focuses on discouraging a
perpetrator with physical harm, social disgrace, and legal consequences?
Firewall
Dumpster diving
Buffer overflow
Deterrent - ANSWER-Deterrent
Social engineering is the craft of manipulating people into performing tasks or
releasing information that violates security.
True or False? - ANSWER-True
Which of the following is a form of exploitation in which the data on a DNS server is
falsified so that subsequent responses to DNS resolution queries are incorrect?
Banner grabbing
DNS poisoning
Dialer
Dumpster diving - ANSWER-DNS poisoning
Hackers can be deterred by defense methods that detect and evade. All of the
following are defense methods, except which one?
Botnet army
COMPLETE QUESTIONS AND
ANSWERS
Slack space refers to the unused portion of the last cluster allocated to a stored file.
It may contain remnants of prior files stored in that location.
True or False? - ANSWER-True
Which name is given to a rogue program that automatically dials a modem to a pre-
defined number to auto-download additional malware to the victim or to upload
stolen data from the victim?
Spyware
Dialer
Sector
Adware - ANSWER-Dialer
Redundant array of independent disks (RAID) is a disk set management technology
that gains speed and fault tolerance.
True or False? - ANSWER-True
Which of the following describes a banner?
A variant of the UNIX operating system that is supported by Windows NT 4.0, but not
subsequent version of Windows.
Persistent public messaging forums accessed over the Network News Transfer
Protocol (NNTP).
A message sent by a service in response to a valid or invalid query. Its function is to
confirm communication is functioning properly or to announce an error.
A form of unauthorized access to a system. - ANSWER-A message sent by a service
in response to a valid or invalid query. Its function is to confirm communication is
functioning properly or to announce an error.
A metacharacter is a character that has a special meaning assigned to it and is
recognized as part of a scripting or programming language. Escaping
metacharacters is a programmatic tactic to treat all characters as basic ASCII rather
than as something with special meaning or purpose.
True or False? - ANSWER-True
,Which of the following refers to the malicious insertion of scripting code onto a
vulnerable Web site?
Cross-site scripting (XSS)
Keystroke logger
Insertion attack
Upstream filtering - ANSWER-Cross-site scripting (XSS)
NTFS is a storage device file system developed by Apple Inc. for use on Macintosh
computers; it supports multiple resource forks for file objects.
True or False? - ANSWER-False
When a communication exchange that does not verify the identity of the endpoints of
a communication and accepts any properly formed response as valid, a non-
authenticating query service is in use.
True or False? - ANSWER-True
Reconnaissance is the act of learning as much as possible about a target before
attempting attacks.
True or False? - ANSWER-True
Which name is given to an exploit that allows a hacker to run any command-line
function on a compromised system?
Arbitrary code execution
ARP spoofing
Whois
Command shell - ANSWER-Arbitrary code execution
A script kiddie is an experienced hacker who uses his or her own tools or scripts.
True or False? - ANSWER-False
Which of the following us an intentional discharge made to damage or destroy
electronic equipment ranging from cell phones to computers and servers?
Chip creep
Virus
Session hijacking
Intentional electromagnetic interference (IEMI) - ANSWER-Intentional
electromagnetic interference (IEMI)
Which of the following is given to a software interface with a system that allows code
execution?
Command shell
, Proxy
National Institute of Standards and Technology (NIST)
Intentional Electromagnetic Interference (IEMI) - ANSWER-Command shell
Leetspeak is a secret form of communication or language hackers use based on
replacing letters with numbers, symbols, or other letters that resemble the original
characters.
True or False? - ANSWER-True
A worm is used to create Trojan horses by embedding malware inside of a host file
or program.
True or False? - ANSWER-False
Which term is used to describe a feature added to the NTFS file system to support
files from POSIX, OS/2, and Macintosh?
Deterrent
Hierarchical file system (HFS)
Adware
Alternate data stream (ADS) - ANSWER-Alternate data stream (ADS)
Which term describes a form of security defense that focuses on discouraging a
perpetrator with physical harm, social disgrace, and legal consequences?
Firewall
Dumpster diving
Buffer overflow
Deterrent - ANSWER-Deterrent
Social engineering is the craft of manipulating people into performing tasks or
releasing information that violates security.
True or False? - ANSWER-True
Which of the following is a form of exploitation in which the data on a DNS server is
falsified so that subsequent responses to DNS resolution queries are incorrect?
Banner grabbing
DNS poisoning
Dialer
Dumpster diving - ANSWER-DNS poisoning
Hackers can be deterred by defense methods that detect and evade. All of the
following are defense methods, except which one?
Botnet army
