InfoSec Final Exam
Which of the following are motives for cyber attacks?
- Cash/Money - Challenge - Hacktivism - Revenge - Subversion - Infamy
Which of the following are common indicators of a phishing attempt?
- Generic greetings and signature. - Suspicious sender's address. - Suspicious attachments. - Spelling and layout. - Spoofed hyperlinks.
Critical information assets can include:
- Patents/Copyrights - Corporate financial data - Customer sales information - Human resource information - Proprietary software - Scientific research - Schematics - Internal manufacturing processes
(Multiple Answers) in public key encryption:
1. A private key is created by each entity and must be kept secret 2. A public key is create which is published for everyone to see 3. Assigns each entity a pair of keys
Cryptography is a fundamental tool in security because encryption can guarantee:
1. Data Confidentiality/Privacy 2. Data integrity 3. Protection from replay attacks 4. Message Authenticity
Match the terms to their definitions: adware, spyware, and ransomware.
Adware - A Trojan Horse that gathers information for marketing purposes and displays advertisements. Spyware - A Trojan Horse that records information about the use of a computer, usually resulting in confidential information. Ransomware - Malware that inhibits the use of resources until money is paid.
Motives for cyber security attacks include: Challenge Infamy Subversion Hacktivism Revenge Cash
All
A/An _______________ is a sequence of actions that create a violation of a security policy.
Attack
An actual security violation that results from a threat is called an:
Attack
A/An _______________ is the set of entry points and data that attackers can use to compromise a system.
Attack surface
One who attempts to exploit a security vulnerability is called a:
Attacker
White-box testing
Based on knowledge of the application's design and source code.
Botnets can be organized in the following ways:
Centralized Peer-to-Peer Very High Latency Random Approach
Select the correct Audit Data Collection Methods
Checklists Reviewing Polcy Questionnaires
One access control mechanism for preserving _______________ is cryptography, which transforms data to make it incomprehensible.
Confidentiality
The components of the CIA triad are:
Confidentiality, Integrity, Availability
Which are valid file-level permissions?
Create, Read, Write, Delete, Execute
Classes of threat include:
Disclosure Usurpation Deception Disruption
A hash algorithm takes data and converts it to a unique numerical value in a way that makes it easy to recover back the original text.
False
A password manager is a person who keeps track of all of your passwords at work.
False
A security violation must actually occur for there to be a threat.
False
Analysis of a policy model usually discusses particular policies.
False
Data/Information hiding is not an important aspect of confidentiality.
False
Detection mechanisms try to prevent violations of integrity.
False
Malware cannot attempt to evade being detected by behavioral analysis when the analysis occurs in a sandbox or a virtual machine.
False
Risks do not change over time.
False
Security mechanisms must be technical in nature.
False
The aspect of availability that is relevant to security is that someone may deliberately arrange to allow access to data or to a service by making it unavailable or unusable.
False
The role of trust is not crucial to understanding the nature of computer security.
False
To protect critical assets, mitigation strategies are prioritized and implemented to ensure the lowest value assets have the most comprehensive security.
False
Match the terms to their definitions:
Goal - that which the attacker hopes to achieve. Target - the entity that the attacker wishes to affect. Multistage Attack - an attack that requires several steps to achieve its goal.
Evaluating ___________ is often very difficult, because it relies on assumptions about the source of the data and about trust in that source
Integrity
When you step away from your computer you should always:
Logout and Lock your screen
A _______ virus is a virus composed of a sequence of instructions that is interpreted, rather than executed directly.
Macro
Malicious logic, more commonly called _____________ , is a set of instructions that cause a site's security policy to be violated.
Malware
A _______________ virus is one that can infect both boot sectors and applications.
Multipartite
A typical _______________ attack requires that the attackers create a web site displaying a page that looks like it belongs to a bank. Thus, when victims visit the web site, they will believe they are at the bank's web site and not the false one.
Phishing
Match the terms to their definitions:- Phishing- Vishing- Smishing
Phishing - an attack that uses email or malicious websites to solicit personal information by posing as a trustworthy organization.Vishing - a social engineering approach that leverages voice communication.Smishing - a social engineering approach that exploits SMS, or text, messages.
Match the following terms with their definition: Plaintext Cyphertext Encryption Key Decryption Key
Plaintext - an original message before it has been encrypted Cyphertext - a message after it has been encrypted Encryption Key - a short bit string used to encrypt a message Decryption Key - a short bit string used to decrypt a message
Number the steps in the Asset lifecycle: Planning Acquiring Deploying Managing Retiring
Planning - Step 1 Acquiring - Step 2 Deploying - Step 3 Managing - Step 4 Retiring - Step 5
Match the following terms to their definitions: - Principle of Least Privilege / Principle of Least Authority - Principle of Separation of Privilege - Principle of Fail-Safe Defaults - Principle of Least Common Mechanism - Principle of Least Astonishment
Principle of Least Privilege / Principle of Least Authority - a subject should be given only those privileges that it needs in order to complete its task Principle of Separation of Privilege - a system should not grant permission based on a single condition Principle of Fail-Safe Defaults - unless a subject is given explicit access to an object, it should be denied access to that object Principle of Least Common Mechanism - mechanisms used to access resources should not be shared Principle of Least Astonishment - security mechanisms should be designed to that users understand the reason that the mechanisms work the way it does and that using the mechanism is simple
A "safe" environment where code can be executed to test its behavior is called a _______________.
Sandbox
Wiping files means ...
Securely deleting file data by overwriting with zeros, ones and/or other random characters.
Which of the following are ways to avoid social engineering attacks?
Separation of Duties, Testing your users, Training your users
A digital _______________ is a construct that authenticates both the origin and contents of a message in a manner that is provable.
Signature
Match the terms to their definitions: Snooping/Eavesdropping Modification/Alteration Masquerading/Spoofing Repudiation of Origin Denial of Receipt Delay Denial of Service
Snooping/Eavesdropping - The unauthorized interception of information Modification/Alteration - An unauthorized change of information Masquerading/Spoofing - impersonation of one entity by another Repudiation of Origin - a false denial that an entity sent (or created) something Denial of Receipt - a false denial that an entity received some information or message Delay - a temporary inhibition of a service Denial of Service - a long-term inhibition of service
Like adware, _______________ gathers information about a user, system, or other entity and transmits it or stores it for later retrieval. Unlike adware, its presence is supposed to be invisible to the user and system, so its function is truly covert.
Spyware
Match the terms to their definitions:- Stealth virus - Encrypted virus - Polymorphic virus - Metamorphic virus
Stealth virus - viruses that conceal the infection of files. Encrypted virus - a virus that encrypts all of the virus except the cryptographic key and a decryption key. Polymorphic virus - a virus that changes the form of its decryption routine each time it inserts itself into another program. Metamorphic virus - a virus that changes its internal structure but performs the same actions each time it is executed.
Repudiation of origin means:
The originator/sender of a message/data/file denies that they are the sender.
Match the terms to their definitions: - Trojan Horse - Rootkit - Computer Virus - Worm - Bot
Trojan Horse - a program with an overt (documented or known) purpose and a covert (undocumented or unexpected) purpose. Rootkit - a rootkit is a pernicious (subtle/hidden) Trojan horse. Computer Virus - a Trojan horse that can propagate freely and insert a copy of itself into another file. Worm - program that copies itself from one computer to another. Bot - malware that carries out some action in coordination with other like entities.
"Secure" and "Trust" are relative notions.
True
A bot-master/bot-herder/bot-controller controls bots from one or more systems called command and control (C&C) servers.
True
A drive-by download occurs when a user visits a web page and a download occurs without the user knowing it, or when the user knows it but does not understand the effects of the download.
True
A message digest is generated from a mathematical function and is created to ensure the message contents have not changed.
True
A multistage attack is an attack that requires several steps to achieve its goal.
True
A security mechanism is a method, tool, or procedure for enforcing a security policy.
True
A security policy is a statement of what is, and what is not, allowed.
True
Access control mechanisms support confidentiality.
True
An "International Domain Name Homograph Attack" uses similar looking characters, possibly from different international character sets, to convince a user to click on a link with what appears to be a legitimate domain name.
True
Availability is an important aspect of reliability as well as of system design because an unavailable system is at least as bad as no system at all.
True
Behavioral signatures focus on the actions taken by the malware. The suspected malware is placed in an environment that emulates the one it will execute in, typically a sandbox of some kind. The suspected malware is then executed, and the execution monitored for some period of time. If the program does anything considered bad, it is identified as malware.
True
Confidentiality is the concealment of information or resources.
True
Humans are the weakest link in any information security environment.
True
Identifying your assets is not easy.
True
If group "developers" can read and write the contents of a directory, and user "A" is a member of the developers group, then user A can read and write the contents in that directory.
True
In theory, formal verification can prove the absence of vulnerabilities.
True
Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change.
True
Malware that triggers on midnight of Friday the 13th is an example of a logic bomb.
True
Once you identify your critical assets, you must determine which ones are at the most risk of being attacked by authorized insiders and how these assets should be protected and monitored.
True
One of the goals of computer viruses is to remain undiscovered until executed, and possibly even after that.
True
Penetration testing is a testing technique, not a proof technique.
True
Revealing a public key is safe because the functions used for encryption and decryption have a one way property. That is, telling someone the public key does not allow the person to forge a message that is encrypted with the private key.
True
Sometimes a Cost-Benefit analysis will determine that it's not worth protecting an asset.
True
Symmetric cryptosystems (also called single key or secret key cryptosystems) are cryptosystems that use the same key for encoding and decoding of messages.
True
The White Team is made up of all-knowing, neutral, third-party individuals who set the rules of engagement, organizes teams, makes plans and monitors progress.
True
The boot sector is the part of a disk used to bootstrap the system or mount a disk. When the system boots, any virus in that sector is executed.
True
The goal of a penetration study/test is to violate the site security policy.
True
The primary goal of a Purple Team is to maximize the results of Red Team engagements and improve Blue Team capability.
True
The specific failure of the security controls of a system or software is called a vulnerability or security flaw.
True
The three security services—confidentiality, integrity, and availability—counter threats to the security of a system.
True
The use of a public key system provides a way to block repudiation of origin.
True
The word "cryptography" comes from two Greek words meaning "secret writing".
True
Trust cannot be quantified precisely.
True
Unlike other testing and verification technologies, a penetration test examines procedural and operational controls as well as technological controls.
True
When two hosts trust each other (i.e. "trusted hosts"), each can rely on the other to authenticate users.
True
Gray Box Testing
Uses limited knowledge of the program's internals. This might mean the tester knows about some parts of the source code and not others
administrator
accounts generally have unrestricted access to a system.
A SYN Flood attack impacts which of the following:
availability
The idea behind _____________ in ______________ is to manage risk with diverse defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense will hopefully prevent a full breach.
defense , depth
Security provides direct financial rewards to the user.
false
Small businesses do not need to worry about cyber attacks.
false
A disgruntled employee is an example of a/an _______________ threat.
insider
Shoulder Surfing
is when an attacker watches the target enter their password.
A _______________ threat are people who might attack an organization and are not authorized to use that organization's systems.
outsider
engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.
social
Spearphishing is a phishing attack tailored for a particular victim.
true
Black-box testing
uses test methods that aren't based directly on knowledge of a program's architecture or design