StudyXY
RegisterLog in
Information Technology /Cyber-Security: Chapter 8

Cyber-Security: Chapter 8

Information Technology30 CardsCreated about 2 months ago

This deck covers key concepts and questions from Chapter 8 of a Cyber-Security course, focusing on SQL vulnerabilities, file system protocols, security mechanisms, and tools for managing and securing systems.

PrintEmbedImportReport

Which of the following is considered to be the most critical SQL vulnerability?

null SA password
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30

Key Terms

Term
Definition
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
Which standardized remote file system protocol replaced SMB in Windows 2000 Server and later?
Common Internet File System
Which of the following programs includes several buffer overflow exploit plug-ins?
Metasploit
Which of the following is an OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
User-level security
In Windows Server 2016, the administrator must enable IIS manually to use it. True or False?
True
Log in to view all terms

Related Flashcard Decks

Information Technology

Security+ (SY0-701): Additional Knowledge

This flashcard set explores various cybersecurity topics including credential-stuffing attacks, data classification (e.g., private data), and key disaster recovery metrics like RTO. It also highlights protective measures such as hashing for data integrity, automation support challenges, and the use of URL scanning in web filtering to prevent malware infections.

10 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 5.0 Security Program Management and Oversight

This flashcard set covers key concepts in cybersecurity governance frameworks, including centralized governance, data stewardship roles, and compliance laws like SOX. It also addresses environments supporting development and change management, as well as recovery strategies like Recovery Point Objective (RPO) to minimize data loss during system failures.

8 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 4.0 Security Operations

This flashcard set explores advanced cybersecurity practices including refining SIEM alert handling, email security protocols (DKIM, DMARC), secure authentication methods, and strategic threat-hunting. It emphasizes how to enhance incident response efficiency and leverage proactive defense techniques like maneuvering to counteract potential threats.

11 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 2.0 Threats, Vulnerabilities, and Mitigations

This deck covers key concepts related to threats, vulnerabilities, and mitigations in cybersecurity, focusing on virtual machine security.

1 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 1.0 General Security Concepts

This flashcard deck covers key concepts from the Security+ (SY0-701) exam, focusing on general security concepts such as technical and operational controls, policy enforcement, and tokenization.

6 cards
View Deck
Information Technology

Security+ (SY0-701): Lesson 16: Summarize Data Protection Part 2

This flashcard deck covers key concepts from the Security+ (SY0-701) Lesson 16, focusing on data protection methods, DLP components, and security awareness training.

25 cards
View Deck

Study Tips

  • Press F to enter focus mode for distraction-free studying
  • Review cards regularly to improve retention
  • Try to recall the answer before flipping the card
  • Share this deck with friends to study together
Cyber-Security: Chapter 8
TermDefinition
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
Which standardized remote file system protocol replaced SMB in Windows 2000 Server and later?
Common Internet File System
Which of the following programs includes several buffer overflow exploit plug-ins?
Metasploit
Which of the following is an OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
User-level security
In Windows Server 2016, the administrator must enable IIS manually to use it. True or False?
True

Which of the following is a well-known SMB hacking tool? (Choose all that apply.)

SMBRelay

L0phtcrack’s SMB Packet Capture utility

An interprocess communication mechanism that allows a program running on one host to run code on a remote host is known as which of the following?
remote procedure call (RPC)
NetBios is not available in Windows Vista, Server 2008, and later versions of Windows. However, NetBios should be understood by a security professional because it is used for which of the following?
backward compatibility
Which of the following is the most efficient way to determine which OS a company is using?
Call the company and ask.
SMB is used to share files and usually runs on top of NetBIOS, NetBEUI, or which of the following?
TCP/IP
What is the current file system that Windows utilizes that has strong security features?
NTFS

MBSA performs which of the following security checks? (Choose all that apply.)

Security update checks

IIS checks

NetBIOS over TCP/IP is called which of the following in Windows Server 2003?
NetBT
Windows 10, Windows 8, Windows Server 2016, and Windows Server 2012 have most services and features enabled by default.
False
Which of the following are more difficult to detect today because programmers develop them to make legitimate calls on outbound ports that an IDS or firewall wouldn’t detect?
Trojan programs
Which of the following commands would you enter from the directory you want to analyze to display any alternate data streams?
dir /r
Which program can detect rootkits on *nix systems?
chkrootkit

A good password policy should include which of the following? (Choose all that apply.)

Mandates password complexity

Specifies a minimum password length

Ubuntu and Debian Linux use what command to update and manage their RPM packages?
apt-get
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
Which of the following is an interprocess communication mechanism that allows a program running on one host to run code on a remote host?
RPC
SMB2 was released with which version of Windows?
Windows Vista
Which organization offers free benchmark tools for Windows and Linux?
Center for Internet Security
Which of the following is a Window's client/server technology designed to manage patching and updating systems software from the network?
WSUS
When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?
Share-level security
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
The MSBA tool can quickly identify missing patches and misconfigurations.
True
Which of the following is a common Linux rootkit?
Linux Rootkit 5
Which of the following is an open-source implementation of CIFS?
Samba