InfoSec Final Exam

Which of the following are motives for cyber attacks?

- Cash/Money - Challenge - Hacktivism - Revenge - Subversion - Infamy

Which of the following are common indicators of a phishing attempt?

- Generic greetings and signature. - Suspicious sender's address. - Suspicious attachments. - Spelling and layout. - Spoofed hyperlinks.

Critical information assets can include:

- Patents/Copyrights - Corporate financial data - Customer sales information - Human resource information - Proprietary software - Scientific research - Schematics - Internal manufacturing processes

(Multiple Answers) in public key encryption:

1. A private key is created by each entity and must be kept secret 2. A public key is create which is published for everyone to see 3. Assigns each entity a pair of keys

Cryptography is a fundamental tool in security because encryption can guarantee:

1. Data Confidentiality/Privacy 2. Data integrity 3. Protection from replay attacks 4. Message Authenticity

Match the terms to their definitions: adware, spyware, and ransomware.

Adware - A Trojan Horse that gathers information for marketing purposes and displays advertisements. Spyware - A Trojan Horse that records information about the use of a computer, usually resulting in confidential information. Ransomware - Malware that inhibits the use of resources until money is paid.

Motives for cyber security attacks include: Challenge Infamy Subversion Hacktivism Revenge Cash

All

A/An _______________ is a sequence of actions that create a violation of a security policy.

Attack

An actual security violation that results from a threat is called an:

Attack

A/An _______________ is the set of entry points and data that attackers can use to compromise a system.

Attack surface

One who attempts to exploit a security vulnerability is called a:

Attacker

White-box testing

Based on knowledge of the application's design and source code.

Botnets can be organized in the following ways:

Centralized Peer-to-Peer Very High Latency Random Approach

Select the correct Audit Data Collection Methods

Checklists Reviewing Polcy Questionnaires

One access control mechanism for preserving _______________ is cryptography, which transforms data to make it incomprehensible.

Confidentiality

The components of the CIA triad are:

Confidentiality, Integrity, Availability

Which are valid file-level permissions?

Create, Read, Write, Delete, Execute

Classes of threat include:

Disclosure Usurpation Deception Disruption

A hash algorithm takes data and converts it to a unique numerical value in a way that makes it easy to recover back the original text.

False

A password manager is a person who keeps track of all of your passwords at work.

False

A security violation must actually occur for there to be a threat.

False

Analysis of a policy model usually discusses particular policies.

False

Data/Information hiding is not an important aspect of confidentiality.

False

Detection mechanisms try to prevent violations of integrity.

False

Malware cannot attempt to evade being detected by behavioral analysis when the analysis occurs in a sandbox or a virtual machine.

False

Risks do not change over time.

False

Security mechanisms must be technical in nature.

False

The aspect of availability that is relevant to security is that someone may deliberately arrange to allow access to data or to a service by making it unavailable or unusable.

False

The role of trust is not crucial to understanding the nature of computer security.

False

To protect critical assets, mitigation strategies are prioritized and implemented to ensure the lowest value assets have the most comprehensive security.

False

Match the terms to their definitions:

Goal - that which the attacker hopes to achieve. Target - the entity that the attacker wishes to affect. Multistage Attack - an attack that requires several steps to achieve its goal.

Evaluating ___________ is often very difficult, because it relies on assumptions about the source of the data and about trust in that source

Integrity

When you step away from your computer you should always:

Logout and Lock your screen

A _______ virus is a virus composed of a sequence of instructions that is interpreted, rather than executed directly.

Macro

Malicious logic, more commonly called _____________ , is a set of instructions that cause a site's security policy to be violated.

Malware

A _______________ virus is one that can infect both boot sectors and applications.

Multipartite

A typical _______________ attack requires that the attackers create a web site displaying a page that looks like it belongs to a bank. Thus, when victims visit the web site, they will believe they are at the bank's web site and not the false one.

Phishing

Match the terms to their definitions:- Phishing- Vishing- Smishing

Phishing - an attack that uses email or malicious websites to solicit personal information by posing as a trustworthy organization.Vishing - a social engineering approach that leverages voice communication.Smishing - a social engineering approach that exploits SMS, or text, messages.

Match the following terms with their definition: Plaintext Cyphertext Encryption Key Decryption Key

Plaintext - an original message before it has been encrypted Cyphertext - a message after it has been encrypted Encryption Key - a short bit string used to encrypt a message Decryption Key - a short bit string used to decrypt a message

Number the steps in the Asset lifecycle: Planning Acquiring Deploying Managing Retiring

Planning - Step 1 Acquiring - Step 2 Deploying - Step 3 Managing - Step 4 Retiring - Step 5

Match the following terms to their definitions: - Principle of Least Privilege / Principle of Least Authority - Principle of Separation of Privilege - Principle of Fail-Safe Defaults - Principle of Least Common Mechanism - Principle of Least Astonishment

Principle of Least Privilege / Principle of Least Authority - a subject should be given only those privileges that it needs in order to complete its task Principle of Separation of Privilege - a system should not grant permission based on a single condition Principle of Fail-Safe Defaults - unless a subject is given explicit access to an object, it should be denied access to that object Principle of Least Common Mechanism - mechanisms used to access resources should not be shared Principle of Least Astonishment - security mechanisms should be designed to that users understand the reason that the mechanisms work the way it does and that using the mechanism is simple

A "safe" environment where code can be executed to test its behavior is called a _______________.

Sandbox

Wiping files means ...

Securely deleting file data by overwriting with zeros, ones and/or other random characters.

Which of the following are ways to avoid social engineering attacks?

Separation of Duties, Testing your users, Training your users

A digital _______________ is a construct that authenticates both the origin and contents of a message in a manner that is provable.

Signature

Match the terms to their definitions: Snooping/Eavesdropping Modification/Alteration Masquerading/Spoofing Repudiation of Origin Denial of Receipt Delay Denial of Service

Snooping/Eavesdropping - The unauthorized interception of information Modification/Alteration - An unauthorized change of information Masquerading/Spoofing - impersonation of one entity by another Repudiation of Origin - a false denial that an entity sent (or created) something Denial of Receipt - a false denial that an entity received some information or message Delay - a temporary inhibition of a service Denial of Service - a long-term inhibition of service

Like adware, _______________ gathers information about a user, system, or other entity and transmits it or stores it for later retrieval. Unlike adware, its presence is supposed to be invisible to the user and system, so its function is truly covert.

Spyware

Match the terms to their definitions:- Stealth virus - Encrypted virus - Polymorphic virus - Metamorphic virus

Stealth virus - viruses that conceal the infection of files. Encrypted virus - a virus that encrypts all of the virus except the cryptographic key and a decryption key. Polymorphic virus - a virus that changes the form of its decryption routine each time it inserts itself into another program. Metamorphic virus - a virus that changes its internal structure but performs the same actions each time it is executed.

Repudiation of origin means:

The originator/sender of a message/data/file denies that they are the sender.

Match the terms to their definitions: - Trojan Horse - Rootkit - Computer Virus - Worm - Bot

Trojan Horse - a program with an overt (documented or known) purpose and a covert (undocumented or unexpected) purpose. Rootkit - a rootkit is a pernicious (subtle/hidden) Trojan horse. Computer Virus - a Trojan horse that can propagate freely and insert a copy of itself into another file. Worm - program that copies itself from one computer to another. Bot - malware that carries out some action in coordination with other like entities.

"Secure" and "Trust" are relative notions.

True

A bot-master/bot-herder/bot-controller controls bots from one or more systems called command and control (C&C) servers.

True

A drive-by download occurs when a user visits a web page and a download occurs without the user knowing it, or when the user knows it but does not understand the effects of the download.

True

A message digest is generated from a mathematical function and is created to ensure the message contents have not changed.

True

A multistage attack is an attack that requires several steps to achieve its goal.

True

A security mechanism is a method, tool, or procedure for enforcing a security policy.

True

A security policy is a statement of what is, and what is not, allowed.

True

Access control mechanisms support confidentiality.

True

An "International Domain Name Homograph Attack" uses similar looking characters, possibly from different international character sets, to convince a user to click on a link with what appears to be a legitimate domain name.

True

Availability is an important aspect of reliability as well as of system design because an unavailable system is at least as bad as no system at all.

True

Behavioral signatures focus on the actions taken by the malware. The suspected malware is placed in an environment that emulates the one it will execute in, typically a sandbox of some kind. The suspected malware is then executed, and the execution monitored for some period of time. If the program does anything considered bad, it is identified as malware.

True

Confidentiality is the concealment of information or resources.

True

Humans are the weakest link in any information security environment.

True

Identifying your assets is not easy.

True

If group "developers" can read and write the contents of a directory, and user "A" is a member of the developers group, then user A can read and write the contents in that directory.

True

In theory, formal verification can prove the absence of vulnerabilities.

True

Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change.

True

Malware that triggers on midnight of Friday the 13th is an example of a logic bomb.

True

Once you identify your critical assets, you must determine which ones are at the most risk of being attacked by authorized insiders and how these assets should be protected and monitored.

True

One of the goals of computer viruses is to remain undiscovered until executed, and possibly even after that.

True

Penetration testing is a testing technique, not a proof technique.

True

Revealing a public key is safe because the functions used for encryption and decryption have a one way property. That is, telling someone the public key does not allow the person to forge a message that is encrypted with the private key.

True

Sometimes a Cost-Benefit analysis will determine that it's not worth protecting an asset.

True

Symmetric cryptosystems (also called single key or secret key cryptosystems) are cryptosystems that use the same key for encoding and decoding of messages.

True

The White Team is made up of all-knowing, neutral, third-party individuals who set the rules of engagement, organizes teams, makes plans and monitors progress.

True

The boot sector is the part of a disk used to bootstrap the system or mount a disk. When the system boots, any virus in that sector is executed.

True

The goal of a penetration study/test is to violate the site security policy.

True

The primary goal of a Purple Team is to maximize the results of Red Team engagements and improve Blue Team capability.

True

The specific failure of the security controls of a system or software is called a vulnerability or security flaw.

True

The three security services—confidentiality, integrity, and availability—counter threats to the security of a system.

True

The use of a public key system provides a way to block repudiation of origin.

True

The word "cryptography" comes from two Greek words meaning "secret writing".

True

Trust cannot be quantified precisely.

True

Unlike other testing and verification technologies, a penetration test examines procedural and operational controls as well as technological controls.

True

When two hosts trust each other (i.e. "trusted hosts"), each can rely on the other to authenticate users.

True

Gray Box Testing

Uses limited knowledge of the program's internals. This might mean the tester knows about some parts of the source code and not others

administrator

accounts generally have unrestricted access to a system.

A SYN Flood attack impacts which of the following:

availability

The idea behind _____________ in ______________ is to manage risk with diverse defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense will hopefully prevent a full breach.

defense , depth

Security provides direct financial rewards to the user.

false

Small businesses do not need to worry about cyber attacks.

false

A disgruntled employee is an example of a/an _______________ threat.

insider

Shoulder Surfing

is when an attacker watches the target enter their password.

A _______________ threat are people who might attack an organization and are not authorized to use that organization's systems.

outsider

engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.

social

Spearphishing is a phishing attack tailored for a particular victim.

true

Black-box testing

uses test methods that aren't based directly on knowledge of a program's architecture or design