itn 262 mid-
Impact x Likelihood = ______________
Relative Significance of Risk
The following are file-permission situations in Unix. Match the access scenario with the action taken by a Unix system as a result. CoCorrect!The root user accesses a file System grants full access to file Crrect!The root user accesses a file System grants full access to file Correct!The file's owner accesses a file System applies the owner rights Correct!A group member who is not the file's owner accesses a file System applies the group rights Correct!A user who is neither the owner nor a group member accesses a file System applies the world rights
CoCorrect!The root user accesses a file System grants full access to file Crrect!The root user accesses a file System grants full access to file Correct!The file's owner accesses a file System applies the owner rights Correct!A group member who is not the file's owner accesses a file System applies the group rights Correct!A user who is neither the owner nor a group member accesses a file System applies the world rights
The _____________ remains an integral part of manufacturing and distribution of DVDs and DVD players.
DVD-CSS
Briefly explain the difference between deleting a file from a computer's hard disk and overwriting the file.
Deleting a file only removes the pointers from the directory. The file is still there. Overwriting a file makes the data unusable.
True or False? A script kiddy is sharing with someone who visits our living or working space, getting physical access to the computer. True False
False
True or False? A threat agent is a person who did attack our assets, while an attacker might attack an asset. True False
False
True or False? A vulnerability is a security measure intended to protect an asset. True False
False
True or False? A zero-day vulnerability is one that has been reported to the software's vendor and the general public. True False
False
True or False? An operating system provides six access rights for files. True False
False
True or False? Application programs are the only executable files on a typical operating system. True False
False
True or False? Average attack space measures the time until success is certain. True False
False
True or False? Biometrics and tokens are a good choice for a household environment. True False
False
True or False? Biometrics are a favored form of authentication, as they are immune to sniffing attacks. True False
False
True or False? Biometrics have a fault tolerance of 0. True False
False
True or False? Both Windows and Unix include permission flags in their file security mechanisms. True False
False
True or False? Entropy refers to the strength of a password system. True False
False
True or False? In the early 1980s, a rumored macro virus infected Microsoft Word documents. When executed, the virus copied itself to other Word files it could find and also posted the document to the Usenet News system. True False
False
True or False? Information security architecture often relies on boundaries outside the computer to protect important information or programs from error-prone or malicious programs. True False
False
True or False? Isolation policy grants read access to other user's files. True False
False
True or False? Microsoft's built in encryption protects the user's file against a Trojan Horse. True False
False
True or False? Modus operandi applies only to criminal organizations. True False
False
True or False? Offline attacks are easily detected. True False
False
True or False? Owner rights are privileged processes run by the system. True False
False
True or False? Passive tokens are favored, as they are immune to sniffing attacks. True False
False
True or False? SHA-1024 is the latest hash algorithm. True False
False
True or False? Storage state is the information that is being used by an active process to make decisions or to transform the information into another form. True False
False
True or False? The effort nicknamed DESCHALL used a collection of tens of thousands of computers to crack a DES message by trial and error in 7 months. True False
False
True or False? The programmer who creates a program has all three rights—read, write, and execute—which yields "RX." True False
False
True or False? The programmer who creates a program has two rights—read and execute—which yields "RX." True False
False
True or False? The security process and the Information engineering process find their origin in the concept of Continuous Improvement. True False
False
True or False? The two primary types of symmetric algorithms are public and cipher. True False
False
True or False? True randomness is easily achieved with the random function of an application like Excel. True False
False
True or False? Two factor authentication is using two passwords True False
False
True or False? Using a personal computer with full admin rights enables the user to minimize security threats. True False
False
True or False? Victims can protect themselves against zero-day attacks. True False
False
True or False? When a system process starts another, the parent process often inherits the child's access rights. True False
False
True or False? When selecting a password, random collections of letters contain far less entropy than written words. True False
False
True or False? When we click on a folder icon within a folder on our desktop, we go "up" a level in the directory hierarchy. True False
False
True or False? When we look in our directories at the files, we distinguish between three file types: 1. Data files, like a word-processing file containing an essay, a spreadsheet, or a configuration file used by a program or the operating system. 2. Read a directory—this right allows listing of the directory as well as seeking files in it. 3. Executable files that contain application programs or other programs. True False
False
True or False? When you are biased in selecting a password, you choose your password from the entire search space. True False
False
True or False? Your fingerprint is a "something you have" factor. True False
False
rue or False? USB tokens are weak because if the public key becomes lost or stolen, the private key can be derived from it. True False
False
ACL implementation in Microsoft windows provides flexible and sophisticated inheritance. Files and folders automatically inherit changes made to an enclosing folder's access rights. True False
True
__________ define a user group, which serves as another set of users for whom we specify access rights.
Group rights
True or False? A DVD player handles all key managements. True False
True
True or False? A strong threat is willing to spend money, but not willing to leave evidence. True False
True
True or False? A supervisory control and data acquisition (SCADA) device is a computer that controls motors, valves, and other devices in industrial applications. True False
True
True or False? A vulnerability is a weakness in the boundary that protects the assets from the threat agents. True False
True
True or False? After encrypting a plaintext file, it should actively erase the plaintext file's context and save the encryption. True False
True
True or False? All modern computer-based file systems use a hierarchical directory to organize files into groups. True False
True
True or False? An encryption application program, from a user's point of view, protects a file with a memorized password. True False
True
True or False? Authentication associates an individual with an identity. True False
True
True or False? Botnets can (often) perform distributed denial of service (DDoS) attacks in which thousands of individual computers send overwhelming amounts of traffic at a victim's computer. True False
True
True or False? By the late 1980s, some virus writers were inclined toward destruction. The Jerusalem virus, which appeared in 1987 in the city of Jerusalem, contained a "destructive payload" that would delete all executable files on the system on Friday the 13th, starting in 1988. True False
True
True or False? Credit reports are a treasured target among identity thieves. True False
True
True or False? Dictionary attacks differ from trial and error attacks because dictionary attacks focus on likely passwords. True False
True
True or False? Directories (folders) tie together files in different parts of the hard drive. True False
True
True or False? Edward Hebern developed a rotor machine, also called the Enigma. True False
True
True or False? Every executable file begins with a "file header" that describes the structure and format of the program. True False
True
True or False? File access rights may include create, read, update, and delete. True False
True
True or False? Hacktivists are threat agents who are usually a loosely organized source of widespread attacks. True False
True
True or False? If the "root" user accesses a file, the system grants full access. True False
True
True or False? In a default permit, everything is allowed except sites on the prohibited list. True False
True
True or False? In requirement-based security, we identify and prioritize our security needs in a risk assessment process. True False
True
True or False? Keyloggers can be hardware or software based. True False
True
True or False? Low-hanging fruit refers to the easiest targets in an attack. True False
True
True or False? Mac OS-X allows you to add ACL entries for groups as well as users. True False
True
True or False? Many users think of files as living in file folders instead of directories. True False
True
True or False? Microsoft Windows Professional editions include an encryption feature. True False
True
True or False? Modern operating systems protect files according to user identity. True False
True
True or False? Never choose a password with a strong personal association. True False
True
True or False? Once we have filled in the attack likelihoods and impacts, we compute the significance by multiplying these values together. True False
True
True or False? PCI DSS is a set of standards, not a law, that applies to merchants who handle customer credit card information. True False
True
True or False? Part of the unique identifier for every file on a hard drive, which includes the list of directories from the root to that file, is called the directory path. True False
True
True or False? People can be threat agents in some cases, but trustworthy in others. True False
True
True or False? Regarding access permissions in Windows, the owner of a shared folder may read, modify, and delete other user's files. True False
True
True or False? Security Category RMF begins with a high-level estimate of the impact caused by cyber security failures. True False
True
True or False? Sharing on a computer system includes two main types of policies: global and tailored. True False
True
True or False? Some operating systems provide ways of temporarily granting administrative to people logged in to regular accounts. True False
True
True or False? Some systems provide very specific rights for managing directories, while others provide minimal rights, like read, write, and seek. True False
True
True or False? The Advanced Encryption Standard (AES) is stronger than the Data Encryption Standard (DES). True False
True
True or False? The computer keeps record of what it does, and those set of files are called the event log or the audit trail. True False
True
True or False? The one-way hash is a cryptographic function. True False
True
True or False? The term "security theater" refers to security measures intended to make potential victims feel safe and secure without regard to their effectiveness. True False
True
True or False? The window of vulnerability is the period of time during which a system is unprotected from an exploit. True False
True
True or False? To analyze a risk, we review it against the threat agents behind the risk. True False
True
True or False? We call scripts macros, especially when we embed them in other documents. True False
True
True or False? When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely. True False
True
True or False? When the fault tolerance goes up, so do the false positives. True False
True
True or False? Windows does not deny an access right by omitting it, but it allows you to explicitly deny a right. True False
True
Biometric scanners are often connected by ________; this poses a security risk, as sniffed credentials can be fed down this line.
USB
Using a Caesar cipher that shifts letters three places, so that A becomes D, decode this phrase: zhoo grqh.
Well done well done Well done. Well Done
If we combine "10101" with "01011" using Exclusive Or, which result do we get? a) 11110 b) 100000 d) 100001 c) 00001
a) 11110
AES was introduced in what year? b) 1989 a) 2002 c) 2007 d) 1975
a) 2002
Which of the following produces a risk to an asset? d) A threat agent and a script kiddy c) A vulnerability and an attack that implements that vulnerability a) A threat agent and an attack the agent can perform b) A threat and a vulnerability
a) A threat agent and an attack the agent can perform
Select the controls from the list below that can implement a tailored access policy. d) Control of system-based access rights a) Access control lists c) Control of world-based access rights b) Control of user group-based access rights
a) Access control lists b) Control of user group-based access rights
Why do event logs record both normal and abnormal activities? Select all that apply. b) Normal activities are so rarely logged that they do not add enough overhead to justify removing them. a) An activity may look normal when it occurs and abnormal when analyzed in context with other activities c) Normal activities help track side effects of abnormal activities
a) An activity may look normal when it occurs and abnormal when analyzed in context with other activities c) Normal activities help track side effects of abnormal activities
We are estimating the impact of an individual attack. Which of the following has the greatest estimated impact? a) An attack with a $100 loss that could happen once a week. b) An attack with a $400 loss that could happen once a month c) An attack with a $2000 loss that could happen twice a year d) An attack with a $5000 loss that could happen once a year
a) An attack with a $100 loss that could happen once a week.
What does authentication do? a) Associates an individual with an identity d) All of these are correct. b) Checks access rights c) Grants access rights
a) Associates an individual with an identity
Bob and Alice are typical users who share a computer. Which of the following are true of a user isolation policy? Assume no tailoring takes place. Select all that apply. a) Bob can create, read, and modify his own files. e) Bob and Alice can read files that others can't read. c) Bob can modify Alice's files. b) Bob can read Alice's files. d) Bob and Alice can share files (read and write) that others can't read. f) Alice can read and write application files.
a) Bob can create, read, and modify his own files.
Bob and Alice are typical users who share a computer. The computer has an isolation policy, but Bob and Alice have implemented a tailored policy for shared reading. Which of the following are true? Select all that apply. f) Alice can read and write application files. a) Bob can create, read, and modify his own files. d) Bob and Alice can share particular files (read and write) that others can't read b) Bob can read typical files that Alice creates. e) Bob and Alice can read particular files that others can't read. c) Bob can modify typical files that Alice creates.
a) Bob can create, read, and modify his own files. e) Bob and Alice can read particular files that others can't read.
An interpreter is a program that interprets the text of a program in a symbolic form and performs the actions specified in the text. The following are examples of interpreters, except: b) PHP. a) C++. c) Javascript. d) Lisp.
a) C++.
Which of the following is a person who has learned specific attacks on computer systems and can use those specific attacks? a) Cracker b) Script kiddy c) Phone phreak d) Hacker
a) Cracker
The law that establishes security measures that must be taken on health-related information is: c) SOX. d) FISMA. b) GLBA. a) HIPAA.
a) HIPAA.
A risk assessment involves which of the following? Select all that apply. b) Mitigating risks a) Identifying risks d) Prioritizing risks c) Purchasing protection solutions
a) Identifying risks d) Prioritizing risks
Which of the following describes the effect of the Digital Millennium Copyright Act (DMCA) on the investigation and publication of security flaws in commercial equipment? b) It restricts the disclosure of national security information. a) It restricts the publication of techniques to reverse-engineer copy protection schemes. c) It protects the legitimate disclosure of vulnerabilities in copy protection schemes. d) It establishes a 30-day waiting period before the publication of a vulnerability in commercial equipment.
a) It restricts the publication of techniques to reverse-engineer copy protection schemes.
Alice is using a system that uses very simple file and directory access rights. The system doesn't have directory-specific access rights. Instead, it uses simple read and write permissions to restrict what users can do to a directory. Alice has read-only access to the "project" directory. Select which of the following operations Alice can perform on that directory. a) List files in the directory b) Seek files in that directory d) Delete files for which she has "write" access e) Create files to which she will have "write" access c) Read files in the directory for which she has "read" access
a) List files in the directory b) Seek files in that directory c) Read files in the directory for which she has "read" access
Which of the following is an example of a rule-based security decision? a) Locking a car's ignition b) Performing a step-by-step security analysis c) Applying "security theater" d) Trying to outdo a neighbor's security measures
a) Locking a car's ignition
What is a worm? d) Denial of service b) Sends spam a) Malware c) Blocks flow of computer traffic
a) Malware
Moore's Law observed that computing power doubled every: d) None of these is correct. c) 24 months. a) 12 months. b) 18 months.
b) 18 months.
DES was unveiled in what year? d) 1965 a) 1935 c) 1875 b) 1975
b) 1975
Cyber vulnerabilities became a public issue in the __________ as new internet users struggled to understand the technology's risks. d) 2000s b) 1990s a) 1970s c) 1980s
b) 1990s
Section 7.3 notes that in 1997, using DESCHALL, a desktop computer could crack 1 million keys per second. If we apply Moore's Law to estimate the improvement in cracking speed, how many million keys per second could we crack 6 years later? a) 3 d) 6 c) 5 b) 4
b) 4
We need to create a three-factor authentication system. The system already uses a USB device that is unlocked with the user's fingerprint. Which of the following can we add to implement three separate factors? a) A file of secret information stored on the user's authorized computers d) A process that requires the user's cell phone b) A PIN entered via a built-in PIN pad c) Signature recognition
b) A PIN entered via a built-in PIN pad
What is "SuperBob," a Windows user described in Section 4.1.2? c) A Windows administrative group: all members of this group have administrative privileges a) The SYSTEM user on Windows, similar to the "root" user on Unix. d) A separate user ID for Bob with no particular privileges b) A Windows user that is a member of an administrative group
b) A Windows user that is a member of an administrative group
Which of the following most often forbids people from performing trial-and-error attacks on computer systems? c) Nondisclosure agreements b) Acceptable use policies a) Laws against "doorknob rattling" d) Secrecy agreements for national security information
b) Acceptable use policies
Which of the following provides special privileges for managing the system? a) Owner groups c) User groups d) Special groups b) Administrative groups
b) Administrative groups
Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial device or product. Assume that we have discovered a vulnerability in a commercial product. The vendor has not acknowledged our initial vulnerability report or communicated with us in any other way. They have not announced the vulnerability to the public. We wish to warn the public of the vulnerability as soon as is ethically defensible. Given the procedure in Section 1.6.2, which of the following is the best course of action? d) After 7 days, announce that the vulnerability exists. c) After 30 days, announce that the vulnerability exists, and provide enough details so that end users can develop their own techniques to reduce the risk of attack. b) After 30 days, announce that the vulnerability exists, and describe how to reduce a system's risk of attack through that vulnerability. a) After 7 days, announce that the vulnerability exists, and describe how to reduce a system's risk of attack through that vulnerability.
b) After 30 days, announce that the vulnerability exists, and describe how to reduce a system's risk of attack through that vulnerability.
Bob and Alice are typical users who share a computer. Which of the following are true of a file sharing policy? Assume no tailoring takes place. Select all that apply. d) Bob and Alice can share files (read and write) that others can't read. c) Bob can modify Alice's files. b) Bob can read Alice's files. e) Bob and Alice can read files that others can't read. f) Alice can read and write application files. a) Bob can create, read, and modify his own files.
b) Bob can read Alice's files. a) Bob can create, read, and modify his own files.
Which of the following are considered "objects" in an access matrix? Select all that apply. b) Bob's word processing file a) User "bob" e) A device driver buffer f) A device driver while it is running c) The file containing the word processing program d) The word processing program while it executes
b) Bob's word processing file e) A device driver buffer c) The file containing the word processing program
Unix users have several commands. Which of the following commands is short for the command "Change group"? a) Chmod d) None of these is correct. c) Chown b) Chgrp
b) Chgrp
Which of the following are features of a Trojan? Select all that apply. b) Computer software performs a malicious action. e) Computer software performs a drive-by download. d) Computer software performs a DOS attack against its computer every time it runs. c) The operator does not detect misbehavior by the computer software. a) Computer software performs an unexpected action.
b) Computer software performs a malicious action. c) The operator does not detect misbehavior by the computer software. a) Computer software performs an unexpected action.
Which of the following are threat agents? b) Cracker e) White-hat hacker d) Black-hat hacker a) Script kiddy c) Phone phreak
b) Cracker d) Black-hat hacker a) Script kiddy c) Phone phreak
An apartment has a large window that is provided in part as an emergency exit in case of a fire. The window is generally left locked, but it may be opened. When analyzing the boundary, is the window considered a wall or a doorway? b) Doorway a) Wall
b) Doorway
How default settings (default permit or deny by default) affect an access matrix? Select all that apply. d) If we implement default permit, a smaller matrix can describe all access rights. b) If we implement default permit, the matrix must list all subject and object rights to be complete. c) If we implement deny by default, the matrix must list all subject and object rights to be complete. a) If we implement deny by default, a smaller matrix can describe all access rights.
b) If we implement default permit, the matrix must list all subject and object rights to be complete. a) If we implement deny by default, a smaller matrix can describe all access rights.
Which of the following is an example of security theater? b) Installing a fake video camera d) Choosing a defense based on a systematic, step-by-step process a) Locking a car's ignition c) Trying to outrun a hungry bear
b) Installing a fake video camera
Alice has performed a security assessment for Acme Widget. The resulting assessment is treated as confidential and is not shared with Alice's coworkers. Only specific employees are allowed to read it. Which basic security principle does this illustrate? b) Least privilege a) Continuous improvement c) Defense in depth
b) Least privilege
Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the following most accurately describes Lynn's action? d) Lynn did not follow ethical guidelines because he disclosed details of how the vulnerability worked. c) Although Lynn's talk provided details of how the vulnerability worked, he acted ethically because Cisco had already announced the vulnerability and provided a patch. b) Lynn acted ethically because the vulnerability had already been reported and patched, and he did not describe how to exploit the vulnerability. a) Lynn did not follow the ethical guidelines because he did not wait 30 days before disclosing the vulnerability.
b) Lynn acted ethically because the vulnerability had already been reported and patched, and he did not describe how to exploit the vulnerability.
The following is a list of properties of "macro" viruses. Select all that are typical. b) Macro viruses rely on an interpreter program to execute. a) Macro viruses are always converted to machine language or bytecodes before being distributed to potential victims. c) Macro viruses can only run if the file is marked as "execute" by the file system. d) Macro viruses use scripting languages. e) Macro viruses could be distributed by infected word processing documents
b) Macro viruses rely on an interpreter program to execute. d) Macro viruses use scripting languages. e) Macro viruses could be distributed by infected word processing documents
Users with which of the following can both read and write files in the folder? Select all that apply. a) Reader rights b) Owner rights c) Read/write rights
b) Owner rights c) Read/write rights
Which of the following authentication techniques are vulnerable to sniffing attacks that replay the sniffed credential? Select all that apply. c) Challenge-response tokens b) Passive tokens d) Biometric readers a) Passwords
b) Passive tokens d) Biometric readers a) Passwords
Below is a list of different access right settings. We want to implement shared update of certain files between Bob and Alice, but with no one else. Which of the following settings achieve this? Select all that apply. b) Put Bob and Alice is a user group, and give the group RWX access to the shared files. c) Use Windows basic file sharing and make Bob and Alice co-owners of the files. a) Assign Bob ownership to Alice's files, and Alice ownership to Bob's files. d) Set world access of the shared files to RWX.
b) Put Bob and Alice is a user group, and give the group RWX access to the shared files. c) Use Windows basic file sharing and make Bob and Alice co-owners of the files.
Users with the right to read files in the folder have which of the following? Select all that apply. b) Read/write rights c) Reader rights a) Owner rights
b) Read/write rights c) Reader rights a) Owner rights
Alice transmits a message to Bob using a stream cipher. During transmission, an error causes a single bit in the ciphertext to change. How does this affect the decrypted message? b) The decrypted message contains a 1-bit error in the same location. d) The entire message is unreadable after it is decrypted. a) The decryption process corrects the error. c) The message is readable up to the bit containing the error and scrambled after that point.
b) The decrypted message contains a 1-bit error in the same location.
The product that creates financial-fraud botnets using Zbot malware and is offered for sale on the black market is: c) Pushdo. a) Conficker. d) Stuxnet. b) ZeuS.
b) ZeuS.
A security database that contains entries for users and their access rights for a specific file or folder is a(n): b) access control list (ACL). c) security policy. a) access security list (ASL). d) administrative group.
b) access control list (ACL).
A zero-day exploit: d) refers to an exploit that never occurs. a) occurs immediately after a software patch is applied. b) has no software patch. c) does not pose a security threat.
b) has no software patch.
When disclosing a security vulnerability in a system or software, the manufacturer should avoid: d) All of these are correct. a) patching the system or software. b) including enough detail to allow an attacker to exploit the vulnerability. c) notifying customers.
b) including enough detail to allow an attacker to exploit the vulnerability.
In a hierarchical file system directory, the topmost directory is called the: b) root. a) base. c) top. d) child.
b) root.
We draft the __________ requirements to address the risks we identified. d) hardware b) security a) network c) storage
b) security
A primary use of event logs is to: a) determine when software should be upgraded. b) serve as an audit trail. d) All of these are correct. c) identify file ownership.
b) serve as an audit trail.
A security analyst is performing a security assessment. The analyst should not: d) securely erase all collected information that's not needed for business purposes. a) get written authorization from the organization to verify that the assessment should take place. b) take actions to mitigate a serious risk. c) protect all working notes.
b) take actions to mitigate a serious risk.
An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of: c) three-factor authentication. b) two-factor authentication. a) single-factor authentication. d) None of these is correct.
b) two-factor authentication.
Supervisory control and data acquisition (SCADA) devices are most often associated with: c) business offices. d) universities. b) utilities. a) retail stores.
b) utilities.
Risk Management Framework is a way to assess _______________ risks when developing large-scale computer systems.
cybersecurity
Typical retail businesses expect a _____ rate of loss due to theft, damages, and other causes. c) 0 percent b) 7 percent d) 3 percent a) 15 percent
d) 3 percent
We need to create a three-factor authentication system. The system already requires the user's fingerprint and memorized password. Which of the following can we add to implement three separate factors? c) Signature recognition d) A procedure that requires the user's cell phone a) Require the answer to a secret question b) A PIN entered via a built-in PIN pad
d) A procedure that requires the user's cell phone
What does AUP stand for? d) Acceptable Use Policy a) Active Use Personnel c) Active User PC b) All Unscheduled Plans
d) Acceptable Use Policy
An example of a capability-based system is: c) a process page table that provides capabilities to use specific areas of RAM. a) Kerberos. b) public-key certificates. d) All of these are correct.
d) All of these are correct.
Unix implements three file-access rights (read, write, and execute/search) for which identities? b) Group c) World a) Owner d) All of these are correct.
d) All of these are correct.
What are the risks of logging into a system routing as "root" or some other administrative identity? b) Files could be altered. d) All of these are correct. c) Exposing the system to a virus or malicious website a) Files could be erased.
d) All of these are correct.
Which of the following would be considered insider threats? f) Administrators g) Con artists c) Embezzlers d) Suite/room/housemates and family b) Botnet operators e) Maintenance crew a) Vandals
f) Administrators c) Embezzlers d) Suite/room/housemates and family e) Maintenance crew
An extreme threat is _________ motivated and is _________ to leave evidence.
highly; willing
The average attack space estimates the number of guesses required before success is ________.
likely
By default ,most systems only record the most ______ events.
significant
A(n) __________ cipher is an algorithm that generates the _____________ stream, a hard-to-predict sequence of binary.
stream/key stream / key stream, key stream; key stream key
A __________ is someone who is motivated to attack our assets.
threat agent
True or False? A compiler is a program that "interprets" the text of our program one word at a time. True False
False
A CPU implements "execute" access on RAM. We have restricted the control sections to "execute" access, while allowing full access to data sections. Which of the following are thus allowed? Select all that apply. c) The CPU can store bytes in the control section while executing the instruction. a) The CPU can retrieve bytes from the control section while executing the instruction. d) The CPU can store bytes in data sections while executing the instruction. b) The CPU can retrieve bytes from data sections while executing the instruction.
Correct Answer a) The CPU can retrieve bytes from the control section while executing the instruction. Correct! d) The CPU can store bytes in data sections while executing the instruction. Correct! b) The CPU can retrieve bytes from data sections while executing the instruction.
We are trying to protect a household computer. We have implemented password-based authentication to protect sensitive data. Which levels of attacker motivation can this authentication typically protect against in this situation? Select all that apply. c) Stealth motivation a) No motivation b) Scant motivation d) Medium motivation
Correct Answer c) Stealth motivation Correct! a) No motivation Correct! b) Scant motivation
The steps below describe how to use an encryption program. Arrange the steps in their proper order. You Answered1 Provide the key to encrypt the file. Correct AnswerSelect the file to encrypt. You Answered4 Select the file to encrypt. Correct AnswerThe program erases the plaintext version of the file and erases the key from RAM. Correct!3 The program encrypts the file and saves the encrypted copy. You Answered2 The program erases the plaintext version of the file and erases the key from RAM. Correct AnswerProvide the key to encrypt the file.
Correct AnswerSelect the file to encrypt. Correct AnswerProvide the key to encrypt the file. Correct!3 The program encrypts the file and saves the encrypted copy. Correct AnswerThe program erases the plaintext version of the file and erases the key from RAM.
Apple's OS-X implements a "padlock" control on critical system settings. A user must provide administrative login credentials in order to unlock the lock and access the settings. Which of the following are true? Select all that apply. c) It is similar to Windows UAC because it unlocks a single function or application. e) It allows a non-administrative user with proper rights to perform an administrative action. a) It applies Least Privilege by limiting the effects of an approved administrative operation. d) It is similar to logging in to a Unix system as "root" because it provides a command shell. b) It is similar to logging in to a Windows account that is in the administrative group, as it provides a command shell.
Correct! c) It is similar to Windows UAC because it unlocks a single function or application. Correct! e) It allows a non-administrative user with proper rights to perform an administrative action. Correct! a) It applies Least Privilege by limiting the effects of an approved administrative operation.
The phrases below describe types of authentication factors. Match the type of authentication factor with its description. Correct!Something you know Memorized information like a password Correct!Something you have An object containing a base secret, like the magnetic stripe on a cash card Correct!Something you are A biometric measurement
Correct!Something you know Memorized information like a password Correct!Something you have An object containing a base secret, like the magnetic stripe on a cash card Correct!Something you are A biometric measurement
The phrases below describe common types of executable files. Match the file type with its description. Correct!Application program File that executes applications Correct!Operating system kernel The file the basic input/output system (BIOS) reads into RAM during bootstrap process Correct!Device drivers Custom procedures for using I/O devices Correct!Shared libraries Useful functions, such as DLLs, that may be shared among multiple programs
Correct!Application program File that executes applications Correct!Operating system kernel The file the basic input/output system (BIOS) reads into RAM during bootstrap process Correct!Device drivers Custom procedures for using I/O devices Correct!Shared libraries Useful functions, such as DLLs, that may be shared among multiple programs
Bob has set up three user IDs on his computer. Match his login with what happens when he creates a file. Correct!Files belong to "Superbob" Logged in as "Superbob" Correct!Files belong to "Suitemates" Logged in as "Suitemates" Correct!Files belong to "Bob" Logged in as " Bob "
Correct!Files belong to "Superbob" Logged in as "Superbob" Correct!Files belong to "Suitemates" Logged in as "Suitemates" Correct!Files belong to "Bob" Logged in as " Bob "
The phrases below describe common types of malware propagation techniques. Match the technique with its description. Correct!Infect USB/Flash drives Copies itself to external flash drive, then configures the drive to execute malware when the drive is inserted into a computer Correct!Drive-by download User visits a web page or clicks on a pop-up window, unintentionally transferring malware to the user's computer Correct!Worm propagation Exploits a computer vulnerability to install itself and replicate across a network Correct!Trojan infection Appears benign but contains malware; tricks user into executing the infected file Correct!Email infection Arrives via email; the user executes the malware from e-mail and infects computer
Correct!Infect USB/Flash drives Copies itself to external flash drive, then configures the drive to execute malware when the drive is inserted into a computer Correct!Drive-by download User visits a web page or clicks on a pop-up window, unintentionally transferring malware to the user's computer Correct!Worm propagation Exploits a computer vulnerability to install itself and replicate across a network Correct!Trojan infection Appears benign but contains malware; tricks user into executing the infected file Correct!Email infection Arrives via email; the user executes the malware from e-mail and infects computer
The phrases below describe cryptanalysis techniques. Match the technique with its description. Correct!Known ciphertext or ciphertext-only Analyst works with ciphertext only; plaintext and encrypting device not available You AnsweredKnown plaintext Analyst can select plaintexts to be encrypted with the target's secret key Correct AnswerAnalyst has both plaintext and ciphertext You AnsweredChosen plaintext Analyst has both plaintext and ciphertext Correct AnswerAnalyst can select plaintexts to be encrypted with the target's secret key
Correct!Known ciphertext or ciphertext-only Analyst works with ciphertext only; plaintext and encrypting device not availableCorrect AnswerAnalyst has both plaintext and ciphertextCorrect AnswerAnalyst can select plaintexts to be encrypted with the target's secret key
The phrases below describe types of tokens. Match the type of token with its description. Correct!Passive token Transmits the same credential every time Correct!Challenge-response token Transmits credentials that vary according to an unpredictable challenge from the computer Correct!One-time password token Transmits different credentials based on an internal clock or counter
Correct!Passive token Transmits the same credential every time Correct!Challenge-response token Transmits credentials that vary according to an unpredictable challenge from the computer Correct!One-time password token Transmits different credentials based on an internal clock or counter
The phrases below describe types of attacks on information. Match the type of attack with its description. Correct!Physical theft The computing resource itself is removed Correct!Denial of service (DoS) The use of computing data or services is lost temporarily or permanently, without damage to the physical hardware Correct!Subversion A program is modified to operate on the behalf of a threat agent Correct!Masquerade A person takes on the identity of another when using a computer Correct!Disclosure Data that should be kept confidential is disclosed Correct!Forgery Someone composes a bogus message and sends it to a computer
Correct!Physical theft The computing resource itself is removed Correct!Denial of service (DoS) The use of computing data or services is lost temporarily or permanently, without damage to the physical hardware Correct!Subversion A program is modified to operate on the behalf of a threat agent Correct!Masquerade A person takes on the identity of another when using a computer Correct!Disclosure Data that should be kept confidential is disclosed Correct!Forgery Someone composes a bogus message and sends it to a computer
Match the following definitions to the best-fitting terms. Correct!Plaintext A message before its contents are hidden using a code or cipher. Correct!Ciphertext A message after its contents are hidden using a code or cipher You AnsweredAlgorithm The changeable part of the encryption process that remains secret Correct AnswerThe part of the encryption process that never changes You AnsweredKey The part of the encryption process that never changes Correct AnswerThe changeable part of the encryption process that remains secret
Correct!Plaintext A message before its contents are hidden using a code or cipher. Correct!Ciphertext A message after its contents are hidden using a code or cipher Correct AnswerThe part of the encryption process that never changes Correct AnswerThe changeable part of the encryption process that remains secret
Match the terms: Correct!Shared libraries Useful functions that may be shared among multiple programs (dynamic link libraries in Windows). Correct!Device drivers Custom procedures for using I/O devices. Correct!Operating system kernel The file the BIOS reads into RAM during the bootstrap process. This contains the machine instructions that make up the operating system's main procedures. Correct!Application programs The files we execute to run useful applications. Some "system utility" programs, like those for managing and formatting hard drives, are application programs.
Correct!Shared libraries Useful functions that may be shared among multiple programs (dynamic link libraries in Windows). Correct!Device drivers Custom procedures for using I/O devices. Correct!Operating system kernel The file the BIOS reads into RAM during the bootstrap process. This contains the machine instructions that make up the operating system's main procedures. Correct!Application programs The files we execute to run useful applications. Some "system utility" programs, like those for managing and formatting hard drives, are application programs.
Match the following descriptions with the appropriate terms. Correct!Transposition cipher Cipher that changes the order in which the messages symbols appear. Correct!Substitution cipher Cipher that changes the symbols in the message, while retaining their order in the message. Correct!Symmetric cipher Cipher that uses the same key for both encryption and decryption.
Correct!Transposition cipher Cipher that changes the order in which the messages symbols appear. Correct!Substitution cipher Cipher that changes the symbols in the message, while retaining their order in the message. Correct!Symmetric cipher Cipher that uses the same key for both encryption and decryption.
The phrases below describe Unix commands used for adjusting a file's rights. Match the command with its description. Correct!chmod Changes the rights granted to the owner, group, or rest of the world for a file Correct!chown Changes the identity of a file's owner Correct!chgrp Changes the identity of the group associated with a file
Correct!chmod Changes the rights granted to the owner, group, or rest of the world for a file Correct!chown Changes the identity of a file's owner Correct!chgrp Changes the identity of the group associated with a file
In 1988, researcher Fred Cohen performed a series of studies in which he constructed programs that replicated themselves. He used the term computer infection to describe them. True False
False
Bob has bought a DVD and a DVD player. He owns both and has complete physical access, inside and out, to the disk and player. Does Bob have unrestricted access to everything the hardware and software contains? d) Yes, because Bob can use DVD cracking software to look at the DVD's encrypted contents. b) No, because there is no practical way to decrypt the encrypted data on the DVD. a) No, because a security boundary inside the DVD player protects its player key from physical access by Bob. c) Yes, because Bob use screwdrivers and digital probes to crack open the DVD player's case and inspect signals inside.
a) No, because a security boundary inside the DVD player protects its player key from physical access by Bob.
Which of the following are the primary file-access rights in Unix? Select all that apply. a) Read d) Execute b) Control c) Write
a) Read d) Execute c) Write
Kevin wants to attack Bob's computing resources. He is motivated at the "stealth" level. Which of the following attacks might Bob face? Select all that apply. c) Torture Bob to try to retrieve his password. d) Physically damage Bob's computer. a) Search for written copies of Bob's passwords b) Borrow Bob's one-time password token
a) Search for written copies of Bob's passwords b) Borrow Bob's one-time password token
Are base secrets the same as credentials? b) Base secrets never serve as credentials. a) Some base secrets are also credentials, while others are not.
a) Some base secrets are also credentials, while others are not.
Here is a list of features of various authentication tokens. Indicate all that are true for one-time password tokens. a) Some tokens use a built-in clock to generate nonces. b) Some tokens use a built-in counter to generate nonces. c) Some tokens require the user to type in the nonce by hand. d) The token contains a base secret. e) The authentication credential and the base secret are always identical.
a) Some tokens use a built-in clock to generate nonces. b) Some tokens use a built-in counter to generate nonces. d) The token contains a base secret.
People who interpret event logs do not like administrators to use privileged accounts with a fixed name, like "root." Which of the following is the best explanation for this? b) Auditors who review event logs believe they should have the same access rights as other administrative personnel a) The "root" user ID is shared by many people; the event log can't easily tell which user really performed a logged action d) The "root" user ID can modify event logs, while other privilege mechanisms, like "sudo," can't modify event logs c) Overuse of the "root" user ID increases the risk that someone will execute malicious software by mistake
a) The "root" user ID is shared by many people; the event log can't easily tell which user really performed a logged action
We have a drive that contains several old files and directories that we wish to delete. We delete everything at once by doing a "quick format" of the drive. Which of the following data areas on the drive will be affected? Select all that apply. a) The drive's root directory b) All other directories containing the files we want to delete d) "Bad blocks" on the drive that have been assigned to different locations c) The files' data blocks
a) The drive's root directory
Anonymous is an example of what kind of agent? b) Military a) Threat d) Secret c) Intelligence
a) Threat
Section 6.1.2 describes doorknob-rattling attacks. This is most similar to which of the following attacks? d) Retrieve from backup c) Denial of service b) Sniffing a) Trial and error
a) Trial and error
Which of the following are considered "subjects" in an access matrix? Select all that apply. c) The file containing the word processing program a) User "bob" b) Bob's word processing file f) A device driver while it is running. e) A device driver buffer. d) The word processing program while it executes
a) User "bob" f) A device driver while it is running. d) The word processing program while it executes
Which of the following are true about a one-time pad? Select all that apply. a) Uses a random stream of bits for its key stream c) Is commonly used for different types of encryption b) Does not use a random stream of bits for its key stream d) Is theoretically impossible to crack
a) Uses a random stream of bits for its key stream d) Is theoretically impossible to crack
An apartment has a large window, which is covered with metal bars to prevent people from going through the window. When analyzing the apartment's boundary, is the window considered a wall or a doorway? a) Wall b) Doorway
a) Wall
An attempt by a threat agent to exploit assets without permission is referred to as: c) a safeguard. a) an attack. d) a trade-off. b) a vulnerability.
a) an attack.
In Windows 10, the basic file-sharing permission level that grants users the right to read, modify, or delete a file they don't own is: c) contributor. b) reader. a) co-owner. d) None of these is correct.
a) co-owner.
Two mechanisms to apply initial access rights are: d) object and directory. b) read rights and write rights. c) mandatory access control rights and role-based access rights. a) default rights and inherit rights.
a) default rights and inherit rights.
An attack that blocks access to a system by other users is called: c) sniffing. a) denial of service. b) social engineering. d) trial and error.
a) denial of service.
An algorithm is a type of: b) security principle. a) procedure. d) unreadable data. c) readable data.
a) procedure.
A security decision, such as locking your vehicle when not in use, is an example of: a) rule-based security. b) the hunter's dilemma. d) None of these is correct. c) integrity.
a) rule-based security.
General security access controls refer to objects, rights, and: d) activity. c) content. a) subjects. b) files.
a) subjects.
An encryption algorithm that uses the same key for both encryption and decryption is: b) asymmetric. d) None of these is correct. a) symmetric. c) ciphertext.
a) symmetric.
The character that separates directories in a Windows directory path is: d) None of these is correct. a) the back slash (\). c) the colon (:). b) the slash (/).
a) the back slash (\).
The directory access right that allows a user to search for a name in a file's path, but not examine the directory as a whole, is called: b) create. d) delete. a) read. c) seek.
c) seek.
Both forms of the RMF illustrate a(n) _______ engineering process as a way to plan, design, and build a complicated system. b) security d) information a) computer c) systems
c) systems
The information state associated with data in motion is: a) storage. d) All of these are correct. c) transmission. b) processing.
c) transmission.
Which decryption procedure requires two inputs? Select all that apply. c) A key a) Ciphertext b) Plaintext d) An algorithm
c) A key a) Ciphertext
Bob lives at home during the summer. His little brother, Tom, is fascinated by computers and with everything his big brother does. Tom loves to watch Bob log in to his summer job's remote site and do things. Tom often goes into Bob's room and looks through his things. Given this, which authentication technique—by itself—resists the risk of Tom masquerading as Bob? a) A static token d) A direct-connect challenge-response token b) A one-time password token c) A memorized, hard-to-guess password
c) A memorized, hard-to-guess password
Which of the following most effectively resists a trial-and-error guessing attack? All sizes are in terms of decimal digits. d) A passive authentication token with a 6-digit base secret b) A one-time password token with a 7-digit response and a 10-digit base secret c) A passive authentication token with a 9-digit base secret a) A challenge-response token with a 4-digit response and 8-digit base secret
c) A passive authentication token with a 9-digit base secret
Which of the following is a list of access rights for each file, where each entry identifies a specific user and contains a list of access rights granted to that user. a) Group rights b) Reader rights c) Access control list (ACL) d) All of these are correct.
c) Access control list (ACL)
Which cipher replaces A with D and B with E? d) Vigenère c) Caesar a) Confederate b) Potter
c) Caesar
Which of the following are often used to "monetize" a botnet, either directly for the operator or through selling the botnet services to others? Select all that apply. f) Create popup windows. c) Enable masquerades on bank websites to withdraw cash. a) Infect USB drives. b) Deliver spam email. e) Implement spoofed versions of social networking sites. d) Collect money for selling bogus anti-virus software.
c) Enable masquerades on bank websites to withdraw cash. b) Deliver spam email. d) Collect money for selling bogus anti-virus software.
Passed in 2002, __________ requires U.S. government agencies to implement agency-wide information security programs. c) FISMA (Federal Information Security Management Act) d) PCI DSS (Payment Card Industry Data Security Standard) b) HIPAA (Health Insurance Portability and Accountability Act) a) SOX (Sarbanes-Oxley Act)
c) FISMA (Federal Information Security Management Act)
The Enigma was used by the _________ in World War II. b) Americans a) British c) Germans d) Japanese
c) Germans
Which of the following types of threat agents is most typically associated with masquerade attacks? b) Administrators c) Identity thieves d) Competitors a) Property thieves
c) Identity thieves
In a password system, increasing the work factor results in which of the following? Select all that apply. b) Decreases the length of the password c) Increases the size of the character set from which users choose passwords a) Increases the length of the password d) Decreases the size of the character set from which users choose passwords
c) Increases the size of the character set from which users choose passwords a) Increases the length of the password
Which of the following is a formal review of the systems integrity and of the data it maintains regarding the organization's business. a) Security event log c) Information systems audit d) None of these is correct. b) Event logging
c) Information systems audit
Encryption protects information by presenting which of the following? d) Bug b) Puzzle c) Key a) Riddle
c) Key
Which threat agent is most often associated with denial of service attacks? b) Con artists c) Natural threats d) Embezzlers a) Identity thieves
c) Natural threats
There are three types of tokens; which of the following is not a correct type? b) Challenge-response tokens c) Offensive tokens a) Passive tokens d) One-time password tokens
c) Offensive tokens
The person who owns the folder, who has full rights to read, modify, or delete anything in the folder, has which of the following? a) Read/write rights c) Owner rights b) Reader rights
c) Owner rights
What is the principle behind Microsoft's operating systems using a UAC (user account control)? b) Change user password c) Provide temporary admin privileges d) Acceptable Use Policy a) Provide total admin privileges
c) Provide temporary admin privileges
Car ignition locks are an example of what type of decision? b) Relativistic-based d) Hunter's dilemma a) Requirement-based c) Rule-based
c) Rule-based
The video stored on DVDs is encrypted. Where do we get the key to decrypt the DVD when we play it? d) The key is stored on the DVD itself. c) The key is stored in the player. a) The key is included in DVD software that we download from the internet. b) The key is included in the DVD's package and we enter it separately when we play the video.
c) The key is stored in the player.
After encrypting a plaintext file and saving its ciphertext in a new file, what should the file encryption program do next? Select the safest alternative. b) The program writes zeroes over the data at the beginning of the plaintext file. d) The program writes zeroes over the file's directory entry. c) The program writes zeroes over every data block in the plaintext file. a) The program deletes the plaintext file.
c) The program writes zeroes over every data block in the plaintext file.
The Enigma was: d) a U.S. encryption standard. b) a type of ciphertext. a) an algorithm. c) a rotor machine.
c) a rotor machine.
CIA properties do not include: a) confidentiality. b) integrity. c) authentication. d) availability.
c) authentication.
The term _________ was used in operating systems research to describe the access rights a particular subject or process had for a particular object or resource. b) permission a) cluster c) capability d) objects
c) capability
Permission flags used in Unix to protect folders are called: b) access permissions. d) links. a) roots. c) directories.
c) directories.
In a password system, the total number of possible passwords is called the: b) hash space. d) work factor. a) passphrase. c) search space.
c) search space.
Encryption transfers readable plaintext into _____________ using secret information called a(n) ________.
ciphertext / key ciphertext key ciphertext/key ciphertext; key ciphertext, key
Sections 7.4.1 and 7.4.2 compare built-in file encryption to application-based file encryption. When we compare key handling in the two approaches, which of the following statements are true about application-based encryption? Select all that apply. d) An attacker could intercept the key by sniffing keystrokes. b) The computer always stores the key for the user. a) The user can be locked out of the encrypted file by losing the key. c) A harder-to-guess key increases the work factor for a trial-and-error attack.
d) An attacker could intercept the key by sniffing keystrokes. a) The user can be locked out of the encrypted file by losing the key. c) A harder-to-guess key increases the work factor for a trial-and-error attack.
Which of the following yields a more specific set of attacks tied to our particular threat agents? c) Risk matrix d) Attack matrix b) Security matrix a) Threat matrix
d) Attack matrix
Which of the following are the CIA properties? d) Availability b) Confidentiality c) Integrity e) Identity a) Authentication f) Implementation
d) Availability b) Confidentiality c) Integrity
Polish cryptanalysts developed strategies to attack the rotor machine ciphers in the 1930s. Cryptanalysts from other Allied countries improved on these techniques at what location? b) Berlin, Germany c) Krakow, Poland d) Blechley, United Kingdom a) Washington, DC, United States
d) Blechley, United Kingdom
Bob and Alice are typical users who share a computer. The computer has a file sharing policy, but Bob and Alice have implemented a tailored policy for shared updating. Which of the following are true? e) Alice can read and write application files. d) Bob and Alice can share particular files (read and write) that others can't read. a) Bob can create, read, and modify his own files. c) Bob can modify typical files that Alice creates. b) Bob can read typical files that Alice creates.
d) Bob and Alice can share particular files (read and write) that others can't read. a) Bob can create, read, and modify his own files. b) Bob can read typical files that Alice creates.
The security framework that replaced the U.S. DOD Orange Book is called: c) PCI DSS. d) Common Criteria. a) Common Conduct. b) Red Book.
d) Common Criteria.
Which of the following software can encrypt individual files? Select all that apply. b) VeraCrypt d) PGP a) Windows built-in encryption c) PKZIP
d) PGP a) Windows built-in encryption c) PKZIP
Desktop malware may not represent a direct threat to ________- or PLC-based equipment, but practical attacks exist on these systems. c) PLC b) FRA d) SCADA a) DOS
d) SCADA
Bob and Kevin are both using crypto to communicate with other people. Bob doesn't want Kevin eavesdropping on his messages, and vice versa. They each need to choose algorithms and keys. Which of the following choices will protect one from eavesdropping by the other? Select all that apply. d) Use different algorithms and different keys. a) Use the same algorithm and the same key. b) Use different algorithms and the same key. c) Use the same algorithm and different keys.
d) Use different algorithms and different keys. c) Use the same algorithm and different keys.
Gilbert Vernam's bit combination operation for encrypting digital teletype transfer is now referred to as: c) half remove. a) nonexclusive and (nxand). b) full add. d) exclusive or (xor).
d) exclusive or (xor).
The main purpose of a software patch is to: c) alert users to an error in a program. a) enhance the functionality of a program. b) test the functionality of a program. d) fix a bug in a program.
d) fix a bug in a program.
The following are fundamental strategies for authenticating people on computer systems, except: a) something you know. c) something you are. d) something you make. b) something you have.
d) something you make.
The type of cipher that rearranges the text of a message is called: a) substitution. b) asymmetric. c) AES. d) transposition.
d) transposition.
A person skilled in attacking computer systems, who uses those skills as a security expert to help protect systems, is a: d) white-hat hacker. a) script kiddy. b) cracker. c) black-hat hacker.
d) white-hat hacker.