INFORMATION SECURITY MIDTERM EXAM QUESTIONS
Match the terms to their definitions: - Trojan Horse - Rootkit - Computer Virus - Worm - Bot
Trojan Horse - a program with an overt (documented or known) purpose and a covert (undocumented or unexpected) purpose. Rootkit - a rootkit is a pernicious (subtle/hidden) Trojan horse. Computer Virus - a Trojan horse that can propagate freely and insert a copy of itself into another file. Worm - program that copies itself from one computer to another. Bot - malware that carries out some action in coordination with other like entities.
(T/F) "Secure" and "Trust" are relative notions.
True
(T/F) A DMZ web server will have a highly restrictive security policy.
True
(T/F) A VPN creates a secure "tunnel" which encrypts traffic between two locations.
True
(T/F) A botmaster, controls bots from one or more systems called command and control (C&C) servers or motherships.
True
(T/F) A firewall helps protect an organization's network from unwanted traffic.
True
(T/F) A message digest is generated from a mathematical function and is created to ensure the message contents have not changed.
True
(T/F) A security policy is a statement of what is, and what is not, allowed.
True
(T/F) A threat is a potential violation of security.
True
(T/F) Access control mechanisms support confidentiality.
True
(T/F) An "International Domain Name Homograph Attack" uses similar looking characters, possibly from different international character sets, to convince a user to click on a link with what appears to be a legitimate domain name.
True
(T/F) Backups need to be tested occasionally to ensure that they are backing up the correct data and that the files can be restored.
True
(T/F) Behavioral signatures focus on the actions taken by the malware. The suspected malware is placed in an environment that emulates the one it will execute in, typically a sandbox of some kind. The suspected malware is then executed, and the execution monitored for some period of time. If the program does anything considered bad, it is identified as malware.
True
(T/F) Confidentiality is the concealment of information or resources.
True
(T/F) Digital forensics is the science of identifying and analyzing entities, states, and state transitions of events that have occurred or are occurring.
True
(T/F) Humans are the weakest link in any information security environment.
True
(T/F) If group "developers" can read and write the contents of a directory, and user "A" is a member of the developers group, then user A can read and write the contents in that directory.
True
(T/F) Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change.
True
(T/F) It is considered best practice to maintain and review logs of all system activity, including user actions.
True
(T/F) Jailing of attackers is an approach that allows the attackers to think that their attacks have succeeded, but places them in a confined area in which their observed behavior can be controlled and, if necessary, manipulated.
True
(T/F) One of the goals of computer viruses is to remain undiscovered until executed, and possibly even after that.
True
(T/F) Prevention mechanisms seek to maintain the integrity of the data by blocking any unauthorized attempts to change the data or any attempts to change the data in unauthorized ways.
True
(T/F) Revealing a public key is safe because the functions used for encryption and decryption have a one way property. That is, telling someone the public key does not allow the person to forge a message that is encrypted with the private key.
True
(T/F) Sometimes a Cost-Benefit analysis will determine that it's not worth protecting an asset.
True
(T/F) Spearphishing is a phishing attack tailored for a particular victim.
True
(T/F) The boot sector is the part of a disk used to bootstrap the system or mount adisk. When the system boots, any virus in that sector is executed.
True
(T/F) The three security services—confidentiality, integrity, and availability—counter threats to the security of a system.
True
(T/F) The use of a public key system provides a way to block repudiation of origin.
True
(T/F) The word "cryptography" comes from two Greek words meaning "secret writing".
True
(T/F) Trust cannot be quantified precisely.
True
(T/F) When hardening a system, you should change system defaults and disable built-in accounts.
True
(T/F) When two host trust each other (i.e. "trusted hosts"), each can rely on the other to authenticate users.
True
(T/F) You should uninstall or disable unneeded application software on your servers.
True
Longer passwords are harder to crack and therefore strong and better to use.
True
(Multiple Answers) Which of the following are valid key lengths for the Advanced Encrypt Standard (AES) cipher?
- 128 - 192 - 256
(Multiple Answers) Which of the following are true statements for a DMZ web server:
- All incoming web connections come through the outer firewall, and all replies are sent through the outer firewall. - Very few, if any, connections are allowed inbound to internal network segments. - Only connections from internal trusted administrative server over SSH, should be accepted.
(Multiple Answers) Which of the following are motives for cyber attacks?
- Cash/Money - Challenge - Hacktivism - Revenge - Subversion - Infamy
(Multiple Answers) Botnets can be organized in the following ways:
- Centralized - Peer-to-Peer - Very High Latency Random Approach
(Multiple Answers) Which are valid file-level permissions?
- Create - Read - Write - Execute - Delete
(Multiple Answers) Cryptography is a fundamental tool in security because encryption can guarantee:
- Data Confidentiality/Privacy - Message Authenticity - Data Integrity - Protection from replay attacks
(Multiple Answers) When you step away from your computer you should always:
- Logout - Lock your screen
(Multiple Answers) Critical information assets can include:
- Patents/Copyrights - Corporate financial data - Customer sales information - Human resource information - Proprietary software - Scientific research - Schematics - Internal manufacturing processes
(Multiple Answers) Goals of security include:
- Prevention - Detection - Recovery
Match the following terms to their definitions: - Principle of Economy of Mechanism - Principle of Psychological Acceptability - Principle of Complete Mediation - Principle of Open Design
- Principle of Economy of Mechanism - security mechanisms should be as simple as possible. Principle of Psychological Acceptability - security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present. Principle of Complete Mediation - all accesses to objects be checked to ensure that they are allowed. Principle of Open Design - the security of a mechanism should not depend on the secrecy of its design or implementation.
(Multiple Answers) Which of the following data/system classifications are common in a corporate environment:
- Public - Sensitive - Private - Confidential
(Multiple Answers) Which of the following are common indicators of a phishing attempt?
- Suspicious sender's address - Generic greetings and signature - Spoofed hyperlinks - Spelling and layout - Suspicious attachments
(Multiple Answers) Which of the following data/system classifications are common in a government environment:
- Unclassified - Confidential - Secret - Top Secret
(Multiple Answers) Which of the following are ways of encrypting files on disk?
- Whole disk encryption - Whole volume/partition encryption - Pretty Good Privacy - Gnu Privacy Guard
(Fill in the blank) _______ analysis requires that something about the malware's structure be known, or be derivable; _________ analysis examines what the program does as it executes, and so can identify previously unknown malware if the malicious action occurs during the analysis.
1) static, 2) behavior
(Multiple Choice) VPN stands for:Virtual Private Network
Virtual Private Network
(Fill in the Blank) System specification, design, and implementation can provide a basis for determining "how much" to trust a system. This aspect of trust is called .
Assurance
(Multiple Choice) An actual security violation that results from a threat is called an:
Attack
(Fill in the Blank) _______________ refers to the ability to use information or resources.
Availability
(Multiple Choice) A SYN Flood attack impacts which of the following:
Availability
Match the terms to their definitions: - Cipher - Cryptanalysis - Transposition cipher - Substitution cipher - Onetime pad - Digital signature
Cipher - a secret or disguised way of writing; a code. Cryptanalysis - the science of breaking codes Transposition cipher - rearranges the characters in the plaintext to form the ciphertext. The letters are not changed. Substitution cipher - changes characters in the plaintext to produce the ciphertext. Onetime pad - a cipher that has a key that is at least as long as the message and is chosen at random, so it does not repeat. Digital signature - a construct that authenticates both the origin and contents of a message in a manner that is provable to a disinterested third party.
(Fill in the Blank) One access control mechanism for preserving _______________ is cryptography, which transforms data to make it incomprehensible.
Confidentiality
(Multiple Choice) The components of the CIA triad are:
Confidentiality, Integrity, Availability
(Multiple Choice) A mail server belongs on which network segment:
DMZ
(Multiple Choice) A web server belongs on which network segment:
DMZ
(Multiple Answers) Integrity includes:
Data Integrity - Content of the Information Origin Integrity - Authentication
(Multiple Choice) DMZ stands for:
Demilitarized Zone
(Multiple Choice) A developer web server belongs on which network segment:
Development
(T/F) A DMZ web server has a policy very similar to that of a development system.
False
(T/F) A hash algorithm takes data and converts it to a unique numerical value in a way that makes it easy to recover back the original text.
False
(T/F) A security violation must actually occur for there to be a threat.
False
(T/F) Eradicating an attack means allowing the attack to continue in order to analyze it.
False
(T/F) Firewalls should be configured to allow all traffic unless specifically denied.
False
(T/F) Inside servers typically have a fixed public IP address, or are mapped to a public address using Network Address Translation.
False
(T/F) Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: private keys which may be disseminated widely, and public keys which are known only to the owner.
False
(T/F) Risks do not change over time.
False
(T/F) Security mechanisms must be technical in nature.
False
(T/F) Security provides direct financial rewards to the user.
False
(T/F) Small businesses do not need to worry about cyber attacks.
False
(T/F) The Data Encryption Standard (DES) cipher is still considered secure.
False
(T/F) The aspect of availability that is relevant to security is that someone may deliberately arrange to allow access to data or to a service by making it unavailable or unusable.
False
(T/F) To protect critical assets, mitigation strategies are prioritized and implemented to ensure the lowest value assets have the most comprehensive security. True
False
(T/F) When a file is deleted, the data is gone for good and there is no way to recover it.
False
(T/F) When using cloud services and software, the cloud provider is responsible for all security of the network and systems.
False
(T/F) You don't need to use encrypted communications on inside networks.
False
Match the terms to their definitions: - Goal - Target - Multistage Attack
Goal - that which the attacker hopes to achieve. Target - the entity that the attacker wishes to affect. Multistage Attack - an attack that requires several steps to achieve its goal.
(Fill in the Blank) A _______________ network in a wireless network system allows visitors to connect to the Internet while not allowing them to access corporate computing resources.
Guest
(Fill in the Blank) The activity take to make a system as safe as possible is called _______________.
Hardening
(Multiple Choice) A disgruntled employee is an example of a _______________ threat.
Insider
(Fill in the Blank) Evaluating ___________ is often very difficult, because it relies on assumptions about the source of the data and about trust in that source
Integrity
(Multiple Choice) A _______________ virus is a virus composed of a sequence of instructions that is interpreted, rather than executed directly.
Macro
(Fill in the Blank) Malicious logic, more commonly called _______________, is a set of instructions that cause a site's security policy to be violated.
Malware
(Multiple Choice) A _______________ virus is one that can infect both boot sectors and applications.
Multipartite
(Multiple Choice) A _______________ threat are people who might attack an organization and are not authorized to use that organization's systems.
Outsider
(Multiple Choice) A typical _______________ attack requires that the attackers create a web site displaying a page that looks like it belongs to a bank. Thus, when victims visit the web site, they will believe they are at the bank's web site and not the false one.
Phishing
Match the terms to their definitions: - Phishing - Vishing - Smishing
Phishing - an attack that uses email or malicious websites to solicit personal information by posing as a trustworthy organization. Vishing - a social engineering approach that leverages voice communication. Smishing - a social engineering approach that exploits SMS, or text, messages.
Match the following terms with their definition. - Plaintext - Cyphertext - Encryption key - Decryption key
Plaintext- an original message before it has been encrypted Cyphertext - a message after it has been encrypted Encryption key - a short bit string used to encrypt a message Decryption key - a short bit string used to decrypt a message
Number the steps in the Asset lifecycle: Planning Acquiring Deploying Managing Retiring
Planning - Step 1 Acquiring - Step 2 Deploying - Step 3 Managing - Step 4 Retiring - Step 5
(Multiple Choice) _______________ is at the heart of every decision involving security.
Policy
Match the terms to their definitions: - Rabbit / Bacteria - Logic Bomb - Adware - Spyware - Ransomware
Rabbit / Bacteria- a program that absorbs all of some class of resource. Logic Bomb - a program that performs an action that violates the security policy when some external event occurs. Adware - a Trojan horse that gathers information for marketing purposes and displays advertisements. Spyware - a Trojan horse that records information about the use of a computer, usually resulting in confidential information such as keystrokes, passwords, credit card numbers, and visits to web sites. Ransomware - malware that inhibits the use of resources until a money is paid.
(Multiple Choice) _______________ is when an attacker watches the target enter their password.
Shoulder Surfing
(Fill in the Blank) A digital _______________ is a construct that authenticates both the origin and contents of a message in a manner that is provable.
Signature
(Fill in the Blank) _______________ engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.
Social
(Multiple Choice) Which of the following are typically considered as parts of multi-factor authentication?
Something you know; Something you have; Something you are
Match the terms to their definitions: - Specification - Design - Implementation
Specification - a (formal or informal) statement of the desired functioning of the system. Design - translates the specifications into components that will implement them. Implementation - creates a system that satisfies that design.
Match the terms to their definitions: - Stealth virus - Encrypted virus - Polymorphic virus - Metamorphic virus
Stealth virus - viruses that conceal the infection of files. Encrypted virus - a virus that encrypts all of the virus except the cryptographic key and a decryption key. Polymorphic virus - a virus that changes the form of its decryption routine each time it inserts itself into another program. Metamorphic virus - a virus that changes its internal structure but performs the same actions each time it is executed.
