Chapters 1-2

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which confidentiality model is defined by controlling read and write access based on conflict of interest rules?

Brewer-Nash security model

In April 2009, Homeland Security Secretary Janet Napolitano told reporters

China and Russia made attempts to break into the US electric power grid

Which security principle refers to the concept that each and every request should be verified?

Complete mediation

Which Internet worm created infected systems that were part of what is known as a bot network (or botnet) and could be used to cause a DoS attack on a target or to forward spam e-mail to millions of users?

Conficker

Which term refers to the design and operation of elements to ensure the proper functional environment of a system?

Configuration Management

In the Clark-Wilson security model, what are the two levels of integrity?

Constrained data items (CDIs) and unconstrained data items (UDIs)

In most security circles, security through obscurity is considered a good approach, especially if it is the only approach to security.

False

What name was given to the advanced persistent threat (APT) style spy network responsible for bugging the Dalai Lama's office?

GhostNet

What target did the teenage hacker who went by the name "Jester" attack in March 1997?

He cut off telephone services to the FAA control tower as well as the emergency services at the Worcester Airport and the community of Rutland, Massachusetts.

Into which threat category does information warfare fall?

Highly Structured

Which security principle states that if you have not specifically been allowed access, then it should be denied?

Implicit deny

What was the primary lesson learned from the Slammer worm?

It drove home the point that the Internet could be adversely impacted in a matter of minutes.

How did the Code Red worm spread?

It made use of a buffer-overflow condition in Microsoft's IIS web servers that had been known for a month.

Which Internet criminal is famous for conducting his attacks using a number of different "tools" and techniques, including social engineering, sniffers, and cloned cellular telephones? B. Kevin Mitnick

Kevin Mitnick

What is one of the most fundamental principles in security?

Least Privilege

What name was given to an intellectual property attack executed against oil, gas, and petrochemical companies in the United States?

Operation Night Dragon

Which equation describes the operational model of security?

Protection = Prevention + (Detection + Response)

Which term describes the process where individuals analyze the binaries for programs to discover embedded passwords or cryptographic keys?

Reverse-engineering

What are the policies of the Biba model?

Ring (no read down) and Low-Water-Mark (no write up)

Which term describes a means of separating the operation of an application from the rest of the operating system?

Sandboxing

The entity that implements a chosen security policy and enforces those characteristics deemed most important by the system designers is known as the __________.

Security Model

What are the three operational tenets found in secure deployments?

Session management, exception management, and configuration management

Which term refers to an attack conducted against a site with software that is vulnerable to a specific exploit?

Target of opportunity

Which Internet worm, released in 1988, is considered to be one of the first real Internet crime cases?

The Morris Worm

Which statement applies to viruses?

They typically are highly visible once released.

Encapsulation is the concept of separating items so that they cannot interfere with each other.

True

Exception handling is an important consideration during software development.

True

In the Biba security model, instead of security classifications, integrity levels are used.

True

In the early days of computers, security was considered to be a binary condition in which your system was either secure or not secure

True

Melissa is the best known of the early macro-type viruses that attach themselves to documents for programs that have limited macro programming capability.

True

Most current ransomware attacks use a hybrid encrypting scheme, locking the files on a victim's computer until a ransom is paid.

True

Today, the data stored and processed by computers is almost always more valuable than the hardware.

True

In 2014, on how many different threat actors, including criminals, hactivists, state-sponsored groups, and nation states, did CrowdStrike report?

39

The term "script kiddies" refers to

A hacker of low-end technical ability.

Where do changes in trust occur?

At the trust boundary.

Criminal activity on the Internet, at its most basic, is quite different from criminal activity in the physical world.

False

In many early cases of computer crime, the perpetrator of the crime intended to cause damage to the computer.

False

Which term refers to making different layers of security dissimilar so that even if attackers know how to get through a system that comprises one layer, they may not know how to get through a different type of layer that employs a different system for security?

Diversity of defense

Who is considered to be the ultimate insider, with his name being synonymous with the insider threat issue?

Edward Snowden

Because of malware's nefarious purpose, there is no criminal distinction between the writers of malware and those who release malware.

False

Because of the nature of trust and its high-risk opportunity, the sage advice is to develop and maintain a culture embracing trust.

False


Conjuntos de estudio relacionados

Chapter 17: Postpartum Physiologic Adaptations

View Set

Chapter 23 - High Renaissance & Mannerism

View Set

PNE 103. Ch 66 - Caring for Clients with Burns. Intro Medical-Surgical Nursing. Timby/Smith 12th. Ed.

View Set

110 - Ch 1-11 + 46 +47 Test 1 - Questions - Basic Pharmacology For PN - TCR Fall 2017 not finished

View Set

SUICIDE: PREVENTION AND INTERVENTION

View Set

Network Pro Ch 9.2, Network+ Domain 4: Troubleshooting, part 3 network exam, 10.7.9 Practice exam, CompTIA Network+ Certification, CompTIA Network+ Certification Practice Test 1, CompTIA Network+ Certification Practice Test 3, CompTIA Network+ Certif...

View Set

supply chain multiple choice answers

View Set