Once it infects a system, a __________ is very hard to detect, because it installs itself at a low level.

A __________ virus uses scripting code, typically embedded in a document and triggered when the document is viewed or edited, to run and replicate itself into other such documents.

Which of the following stages of hardening an OS should be done before the others?

A firewall can protect against attacks that bypass the firewall.

A fixed pattern of bytes that anti-virus uses to identify a known piece of malware is called a(n) _______________.

A defensive technology used in Unix-based systems such as BSD and Linux, which restricts a particular application’s view of the filesystem to a specified portion, is called __________.

Linux configuration settings are typically stored in _________.

A personal firewall will by default reject all new ______ connections.

Researchers have found that a rich source of sensor data for Unix host-based IDSs, obtained at the interface between application code and operating system code, is ____________.

The Snort IDS does not use anomaly detection; rather, it is a _______-based IDS.