CS 450 - Computer Security

reconnaissance

After a penetration test is planned, ________ is the first step in performing that test; the objective is to obtain an understanding of the system and its components that someone wants to attack.

sufficient evidence

Evidence that is convincing or measures up without question is known as ________.

False

If your organization is highly sensitive to sharing resources, you might want to consider the use of a public cloud to reduce exposure and increase your control over security, processing, and handling of data.

True

Information criticality is defined as the relative importance of specific information to the business.

magic number

The term "________" describes a series of digits near the beginning of the file that provides information about the file format.

True

There is no recovery from data that has been changed.

knowledge of one's own systems and knowledge of the adversary

What two components are necessary for successful incident response?

True

When an infrastructure is established "on premises," the unit of computing power is a server.

Complete mediation

A Reference Monitor enforces which of the following security design principles

True

A common technical mistake during the initial response to an incident is "killing" rogue processes.

cloud service provider

Cloud-based systems are made up of machines connected using a network. Typically, this network is under the control of the ________.

False

Clouds can be created by many entities, but must be internal to an organization.

free space

Clusters on a hard disk that are marked by the operating system as usable when needed are referred to as ________.

True

Escalation of privilege is the movement to an account that enables root or higher-level privilege.

Least privilege refers to removing all controls from a system.

False

penetration

Final code can be subjected to ________ tests, designed specifically to test configuration, security controls, and common defenses such as input and output validation and error handling.

False

From a forensics perspective, Linux systems have the same artifacts as Windows systems.

Most APTs begin through a phishing or spear phishing attack.

How do most advanced persistent threats (APTs) begin?

Which cloud computing service model describes cloud-based systems that are delivered as a virtual solution for computing that allows firms to contract for utility computing as needed rather than build data centers?

Infrastructure as a Service (IaaS)

True

Nearly half of all exploits of computer programs stem historically from some form of buffer overflow.

direct evidence

Oral testimony that proves a specific fact with no inferences or presumptions is which type of evidence?

True

Platform as a Service (PaaS) offerings generally focus on security and scalability.

True

Recovery is the returning of the asset into the business function.

____ is a term for the execution of computer code in an environment designed to isolate the code from direct content with the target system.

Sandboxing

Which computing service model is used for the outsourcing of security functions to a vendor that has advantages in scale, costs, or speed?

Security as a Service

Which cloud computing service model involves the offering of software to end users from within the cloud?

Software as a Service (SaaS)

False

Testing for security requires a much broader series of tests than functional testing does.

False

The generation of a real random number is a trivial task.

attack surface

Using the ________ analysis information, penetration testers can emulate adversaries and attempt a wide range of known attack vectors in order to verify that the known methods of attack are all mitigated.

Which term describes the hosting of a desktop environment on a central server?

Virtual Desktop Infrastructure

True

Vulnerabilities are known entities; otherwise, the scanners would not have the ability to scan for them.

Data classification and quantity of data involved

What are the two components comprising information criticality?

Include appropriate business personnel

What is a key guideline to follow when designing incident response procedures?

software that can destroy or modify files when commands are executed on the computer

What is a software bomb?

It allows a relation to contain multiple rows with the same primary key

What is polyinstantiation?

to provide a local user or a remote system an assurance that unaltered configuration is in use

What is the purpose of Trusted System Certification Service?

ip

Which command in Linux is used to show and manipulate routing, devices, policy routing, and tunnels?

Cyber Observable Expression (CybOX)

Which indicator of compromise (IOC) standard is a method of information sharing developed by MITRE?

OpenIOC

Which indicator of compromise (IOC) standard is an open-source initiative established by Mandiant that is designed to facilitate rapid communication of specific threat information associated with known threats?

watering hole attack

Which infection method involves planting malware on a website that the victim employees will likely visit?

Clark-Wilson Integrity Model

Which of the following security models is focused primarily on data integrity in commercial applications?

employing use cases

Which proven method of testing software involves comparing program responses to known inputs and the resulting program output to the desired output?

Exclusionary rule

Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution?

Chinese Wall Model

Which security model is designed to avoid conflicts of interest by prohibiting one person, such as a consultant, from accessing multiple conflict of interest (Col) categories?

Agile Model

Which software engineering process model is characterized by iterative development, where requirements and solutions evolve through an ongoing collaboration between self-organizing cross-functional teams?

Scanning

Which term refers to the examination of machines to determine what operating systems, services, and vulnerabilities exist?

canonicalization

Which term refers to the process by which application programs manipulate strings to a base form, creating a foundational representation of the input?

Containers

________ are a form of operating system virtualization; they are a packaged-up combination of code and dependencies that help applications run quickly in different computing environments.

STIX

________ is a structured language for cyberthreat intelligence information.

Tcpreplay

________ is the name for both a tool and a suite of tools: as a suite, it is a group of free, open-source utilities for editing and replaying previously captured network traffic; as a tool, it specifically replays a PCAP file on a network.

Host forensics

________ refers to the analysis of a specific system, including the analysis of file systems and artifacts of the operating system.

Which type of computing brings processing closer to the edge of the network, which optimizes web applications and IoT devices?

edge

A ____ system is a system that, once deployed, is never modified, patched, or upgraded.

immutable

The term ____ cloud refers to a cloud service rendered over a system that is open for public use.

public

True

Baselining is the process of determining a standard set of functionality and performance.

False

All data is equally important, and thus equally damaging in the event of loss.

managed security service provider

A(n) ________ is a company that remotely manages security services for customers based on a contractual arrangement.

hypervisor

A(n) ________ is a low-level program that allows multiple operating systems to run concurrently on a single host computer.

authenticated boot service

In which of the following processes does TC hardware check that valid software has been brought in by verifying a digital signature associated with the software?

True

The logger command works from the command line, from scripts, or from other files, thus providing a versatile means of making log entries.

Fourth

The ________ Amendment to the U.S. Constitution precludes illegal search and seizure.

Common Vulnerabilities and Exposures (CVE) enumeration

The ________ is a list of known vulnerabilities in software systems.

evolutionary

The ________ model is an iterative model designed to enable the construction of increasingly complex versions of a project.

virtual

The ________ network in a cloud environment can be used and manipulated by users, whereas the actual network underneath cannot.

tcpdump

The ________ utility is designed to analyze network packets either from a network connection or a recorded file.

hash

The hashing algorithm applies mathematical operations to a data stream (or file) to calculate some number, the ________, that is unique based on the information contained in the data stream (or file).

segmentation

The network process of separating network elements into segments and regulating traffic between the segments is called ________.

covert channel analysis

This type of analysis attempts to identify any potential means for bypassing security policy and ways to reduce or eliminate such possibilities.

passive

Tools that do not interact with the system in a manner that would permit detection through sending packets or altering traffic are called ________ tools.

Code injection

Unvalidated input that changes the code's functioning in an unintended way is which type of application attack?

NetFlow

What tool is the protocol/standard for the collection of network metadata on the flows of network traffic?

A portion of a system that enforces a particular policy, is resistant to tampering and circumvention and small enough to be analyzed systematically

Which of the following best defines Trusted computing base (TCB)?

Bell-LaPadula Model

Which of the following prevents the leaking/transfer of classified info to less secure clearance levels?

Execution engine

Which of the following runs program code to execute the TPM commands received from the I/O port?

load testing

Which type of testing involves running the system under a controlled speed environment?

spoliation

The most common cause of digital evidence from an investigation being excluded from court proceedings is ________, the unauthorized alteration of that evidence.

escalation of privilege

The movement to an account that enables root or higher-level privilege is known as ________.

workstation

When analyzing computer storage components, a system specially designed for forensic examination, known as a forensic ________, can be used.

False

When the nmap tool is used, the sending of packets cannot be detected.

cloud access security brokers (CASB)

Which term is used for an integrated suite of tools or services offered as Security as a Service, or a third-party managed security service provider (MSSP), focused on cloud security?

Transit Gateway

Which term refers to a network connection used to interconnect virtual private clouds and on-premises networks?

anything as a service

With the growth of cloud services, applications, storage, and processing, the scale provided by cloud vendors has opened up new offerings that are collectively called ________.

The routine to clean up memory that has been allocated in a program but is no longer needed is called ____.

garbage collection

record time offset

A(n) ________ is calculated by measuring system time with an external clock such as a Network Time Protocol (NTP) server.

Which process involves implementing security tools and policies to ensure your container is running as intended?

Container security

False

If you test something and it comes back negative, but it was in fact positive, then the result is a false positive.

False

Running memdump to dump system memory to the standard output stream does not actually use memory.

false negative

What term is used for a situation where a scanner fails to report a vulnerability that actually does exist—that is, where the scanner simply missed the problem or didn't report it as a problem?

ping[options] targetname/address

Which is the correct syntax for the ping command?

authenticated boot, certification, and encryption

Which of the following is provided by a Trusted Platform Module?

NIST and NSA

Who operates the Common Criteria Evaluation and Validation Scheme in the U.S.?

True

Encryption is a failsafe—even if security configurations fail and the data falls into the hands of an unauthorized party, the data can't be read or used without the keys.

to prevent inference

In a DBMS using Multilevel Security, what would be the primary reason for allowing polyinstantiation?

real evidence

Tangible objects that prove or disprove facts are what type of evidence?

requirements

The ________ phase of software development should define the specific security requirements if there is any expectation of them being designed into the project.

requirements phase

The design of use cases to test specific functional requirements occurs based on the requirements determined in which phase of the secure development lifecycle?

No Write Down

The rule that a subject can only write into an object of greater or equal security level is known as

False

The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.

virtualization

The technology used to enable a computer to have more than one OS present and, in many cases, operating at the same time is ________.

The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.

What should an incident response team do when they are notified of a potential incident?