MIdterm 1 CEN4078 study guide

¡Supera tus tareas y exámenes ahora con Quizwiz!

What does Access Control List Restrict? a. Access to the Network b. Access to the Server c. Access to the Database d. Access to the Computer

Access to the network

match the substitution ciphers Caesar cipher keyword mixed alphabet cipher vigenere (vee-zhen-AIR) cipher simple substitution cipher

Caesar cipher- each letter in the English alphabet a fixed number of positions, with a Z wrapping around back to A Keyword mixed alphabet cipher- uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet vigenere cipher- encrypts ever letter with its own substitution scheme simple substitution cipher- allows any letters to uniquely map to any other letter.

Match the phrases below to the primary aspect of security to which it corresponds. confidentiality integrity availability

Confidentiality- information is not disclosed to unintended recipients Integrity- The information in a system is not corrupted or changed outside proper usage Availability- The system maintains functionality even when under attack

Select the Trinity of Trouble items (select all that apply). Connectivity Extensibility Complexity Defects Bugs Flaws

Connectivity, Extensibility, and Complexity

2023 Prediction: How will security proffessinal reduce the volume of attacks (select all that apply) Increased adoption of advanced threat protection platforms with AI/ML detections engines increased adoption of risk-based vulnerability management (RBVM) Increased outsourcing of cyberthreat prevention MSSPs embracing zero trust architectures increased malware scanning paying ransomware attackers with insurance money increased outsourcing to MSPs

Increased adoption of advanced threat protection platforms with AI/ML detections engines , increased adoption of risk-based vulnerability management (RBVM), Increased outsourcing of cyberthreat prevention MSSPs, embracing zero trust architectures

Match the driving factors of cybersecurity with respect to legal terms Due Diligence Due Care

Due Diligence- Doing everything you are capable of performing or leading others to prevent an adverse risk or enable a positive risk Due Care- Determining what a reasonable and competant person. when placed in your scenario, would do, and then you do it.

What is an Organization's first line of defense for their computer security? a. Antivirus Software b. Their Personnel c. Shredding d. Both A and C

Their Personnel

The Primary purpose of a vulnerability scanner is ___.

To identify known issues and problems in a system.

True or False? A message digest can only guarantee integrity when it has an added layer of security to prevent its modification.

True

True or False? A passphrase is easier to remember and more secure than a traditional password.

True

True or False? All operating system vendors provide some secure way to gather and install system updates

True

True or False? Also known as Rijndael (RAIN-doll), AES is a block cipher

True

True or False? Architecture, design, or implementation changes for impedance mismatch may functionally address the problem at the expense of scope creep and security.

True

True or False? Checkpoints are milestones in code that assert whether execution is proceeding correctly.

True

True or False? Hacktivism is the use of computer skills and technology for political purposes.

True

True or False? Hashes are Numeric

True

True or False? Minimizing the attack surface of a system means eliminating as many potential channels of attack as possible.

True

True or False? Nonrepudiation is a reliable means of authentication.

True

True or False? Prevention is the assertion that an attack cannot happen to or through a system.

True

True or False? Security may be a lower priority than functionality for a software development organization.

True

True or False? The Benefit of replay attacks is when the attacker has already broken the session key presented in the replayed messages

True

True or False? The First line of defense towards a secure information systems infrastructure begins with the organization's personnel

True

True or False? The key distribution problem is the difficulty of sharing a key between a sender and a receiver.

True

True or False? The rise in mobile platforms will pose increased security risks.

True

True or False? Validation testing is the determination of whether the correct project is being built

True

True or False? When a software system prints too much information about itself, it can allow an attacker to learn enough information to compromise a system.

True

True or False? A logic bomb can remain dormant for an extended period of time without activity or detection.

True.

Match the Hypervisor types Type 1 hypervisor type 2 hypervisor

Type 1 Hypervisor- Bare metal architecture Type 2 Hypervisor- Hosted Architecture

Match the Security Practice for data with the correct definition User Management Authentication Logging

User Management- Who wants to access the asset? Authentication- What can the subject do to the object? Logging- How actions traced to make sure the changes a subject makes to the object are identified?

The four responses to attack are outlines below. Match the Response type to the definitions and characteristic Recovery Avoidance Prevention Detection

Recovery- The system will allow an attack to happen Avoidance- The system will go to lengths to make sure attacks do not happen to it Prevention- The system will assert that no attack is possible Detection- The system will determine an attack is happening

Mark each hash algorithm which is not obsolete and deprecated(select all that apply) SHA-2 Family SHA-3 Family SHA-1 Family SHA-256 CRC-32 MD-4 MD-5 RIPEMD-128 RIPEMD-160

SHA-2 Family, SHA-3 Family, SHA-256

information is defined as ____ that has been organized into a format thagt is useful and actionable. a. data b. code c. requiremnts d. testing

a data

What is a very basic form of network security? a. access control list b. access security plan c. firewall d. cheif security officer

a. Access control list

A Socket is a. An IP Number and a Port number b. An IP Number c. A Port Number d. a UDP or TCP Communications channel

a. An IP and a Port Number

________________ uses two mathematically related keys to encrypt and decrypt data a. asymmetric b. symmetric c. AES d. DES

a. Asymmetric

A cryptographic algorithm in which the sender and receiver agree upon the session key a. Diffie-Hellman b. RSA c. Euler's Totient d. AES

a. Diffie-Hellman

Once a developer determines the ideal batch and window sizes, the developer must make an impedance adapter which may very well be a. dynamic b. static c. viable d. non-viable

a. Dynamic

__________ is the relegation of security issues and patches to a later time due to other more immediate constraints. a. procrastination b. insufficient resources c. complexity d. funding

a. Procrastination

Premutation ciphers a. rearranges plaintext bits, characters, or character blocks b. transforms plaintext into ciphertext by replacing plain-text bits, characters, or character blocks with alternate bits, characters, or character blocks to form a cipher text c. uses a symmetric key to convert from plaintext to ciphertext one block at a time d. uses symmetric cryptography to encrypt plaintext digits one at a time

a. Rearranges plaintext bit, characters, or character blocks

A _____ is an attack designed to use an old message to create a new connection to its recipient. a. replay attack b. multicast c. relay attack d. man-in-the-middle

a. Replay attack

Information security training is in the hands on training session where the users learn how to do their jobs in a _______ fashion. a. secure b. complete c. remote d. on-premise

a. Secure

The national initiative for cybersecurity education (NICE) emphasizes the importance of _______. a. security b. training c. education d. certification

a. Security

______________ needs to be the consistent policy for anything that is not pure public information. a. shredding b. deleting c. erasing d. archiving

a. Shredding

____ is a protocol that allows for transmission from a sender to a receiver without establishing a connection between the two hosts a. UDP b. TCP c. IP d. IPX

a. UDP

A block cipher a. uses a symmetric key to convert from plaintext to cipher text one block at a time b. uses symmetric cryptography to encrypt plaintext digits one at a time c. Transforms plaintext into ciphertext by replacing plaintext bits, characters, or character blocks with alternate bits, characters, or character blocks to form a ciphertext d. rearranges plaintext bits, characters or character blocks.

a. Uses a symmetric key to convert from plaintext to ciphertext one block at a time

if security interfaces with the _______ process, then the company is not viable a. business b. development c. funding d. testing

a. business

Hash algorithm developers can address the _________ problem with designs to reduce the probability of ______- a. collision b. collaboration c. byte size d. block size

a. collision

What are the Two central goals of software? a. managing and securing data at rest b. managing and securing data in motion c. managing and securing information at rest d. managing and securing information in motion

a. managing and securing data at rest

__________ means that ciphertext should hav a complex relationship to the plaintext that produced it. a. confusion b. diffusion c. secrecy d. complexity e. None of the above

b. Diffusion

In public key encryption, the ___ key must be kept secret to prevent unauthorized access to the encrypted information. a. Public key b. Private key c. Secret key d. All of the above e. None of the above

b. Private key

_________ testing is the determination of whether a product is being built correctly. a. Validation b. Verification c. Assurance d. Assertion

b. Verification

A ___ is a design flaw or implementation bug that allows for the possibility of attack against a system. a. Mitigation b. Vulnerability c. Threat d. Hack

b. Vulnerability

Accounts should be given an inherent for a period of inactivity. a. Password Change b. Timeout c. System cleanup d. Log-in Reassignment

b. timeout

substitution cipher a. rearranges plaintext bits, characters, or character blocks b. transforms plaintext into ciphertext by replacing plain-text bits, characters, or character blocks with alternate bits, characters, or character blocks to form a cipher text c. uses a symmetric key to convert from plaintext to ciphertext one block at a time d. uses symmetric cryptography to encrypt plaintext digits one at a time

b. transforms plaintext into ciphertext by replacing plain-text bits, characters, or character blocks with alternate bits, characters, or character blocks to form a cipher text

___________ states that ciphertext should have a complex, nonlinear relationship to the plaintext. a. Cryptography b. Encryption c. Confusion d. Diffusion

c. Confusion

The goal of an IATP should be to a. Promote culture b. Promote software c. Promote security d. Promote computers

c. Promote security

A ____is an attack designed to use routing paths to reach a recipient with a modified message faster then the real message can arrive. a. replay attack b. multicast c. relay attack d. man-in-the-middle

c. Relay attack

where does a modern organization's value come form? a. data b. information c. transformation of data to information d. transformation of information to data

c. Transformation of data to information

__________ is when the router is configured to enforce security. a. ACL b. DBMS c. SQL d. ALTBS

d. ALTBs

The following is an example of a possible threat agent: ___. a. Malware b. Human intentional c. human Unintentional d. All of the above e. None of the above

d. All of the above

What forms the Bridge between the Software and the database environment? a. Third party interface b. second party interface c. standardized query d. Both a And c

d. Both A and C

Network security is primarily concerned with protecting. a. data at rest b. the host machine c. the client machine d. data in transit

d. Data in transit

The only current cipher to achieve perfect secrecy is ____. a. RSA b. DES c. Enigma d. One-Time pad e. None of the Above

d. One-Time Pad

a stream cipher a. rearranges plaintext bits, characters, or character blocks b. transforms plaintext into ciphertext by replacing plain-text bits, characters, or character blocks with alternate bits, characters, or character blocks to form a cipher text c. uses a symmetric key to convert from plaintext to ciphertext one block at a time d. uses symmetric cryptography to encrypt plaintext digits one at a time

d. Uses symmetric cryptography to encrypt plaintext digits one at a time

The Problem with social engineering is___. a. It circumvents software systems and the security in place. b. it exploits human weakness and sympathies. c. it does not require sophisticated software to compromise a system d. all of the above e. none of the above.

d. all of the above

What often forms the bridge between the software environment and the database environment? a. third party interface b. Second party interface c. Standard query d. Both a and b e. both a and C

e. Both a and c

A cryptosystem consists of the following algorithms (select all that apply) key generation encryption decryption substitution transportation

key generation, encryption, decryption

The following terms are associated with cryptography. match the term to its definition or characteristics. private secret public asymmetric symmetric

private- A key used to sign messages and undo encryption from its partner key secret- A key used to encrypt and decrypt a message in the system public- a key that can safely shared as long as its partner is kept safe Asymmetric- a system that uses two keys, one of which can be shared and one that must be kept secret symmetric- a system that uses the same key for both parties

match the cipher categories symmetric aasymmetric

symmetric- those that use the same key to encrypt and decrypt are private key ciphers asymmetric- those that use different keys and decrypt are public key ciphers

referring to the Software impedance formula below, match the following impedance terms to their definition T= WxB/t

t=Finite time to invoke a method B=arbitrary (but limited) amount of data sent per invocation W=can control the number of concurrent invocations by limiting window size of pending responses T= How much processing a method can perform

True or False? Security is both a top-down and bottom-up concern

true

True or False? A zero-day attack is named because it has yet to be deployed, but it is can be used repeatedly once it is deployed.

False

True or False? Checksums must be numeric.

False

True or False? DBMS vendors do not support XML

False

True or False? Diffusion states that ciphertext should have a complex, non-linear relationship with plaintext.

False

True or False? Dumpster diving is the act of gaining privacy data unlawfully by removing them from locked filing cabinets

False

True or False? Hash Algorithms are bi- directional

False

True or False? Hash function is bi-directional mathematical process that converts an arbitrary length numerical input value into compressed numerical value of fixed length is called a hash function

False

True or False? In Denial of Service Attack, the attacker floods the network with solicited traffic until the network is disabled.

False

True or False? Information security and awareness are unrelated concepts

False

True or False? Many of the common faults in linux, MacOS and Windows operating system are malware compromises.

False

True or False? People acting unintentionally to compromise the security of a system cannot cause as much damage as those acting intentionally.

False

True or False? RSA became the first national standard for encryption.

False

True or False? Security budgets are increasing and secure software development is a top-five.

False

True or False? The DES symmetric cryptography is one of the ealiest algorithms and has been great even to this day

False

True or False? The Diffie-Hellman key exchange system is used to create a single use public key shared by two parties

False

True or False? UDP allows for confirmation of delivery for a message

False

True or False? XML is used to define the structure of bits at the data link layer.

False

True or False? Zero Trust explicitly assumes trust for any device, process, user, subject, or object which is interacting with an information system

False

True or False? data encryption does not need to be supported within the database

False

True or False? you can rely on an end user to enable security mechanisms so you do not need to establish them in the default instillation of a software system.

False

Match the OSI layers to their descriptions application presentation session transport network data link physical

Application- 7 User interface Presentation- 6 Data format; encryption Session- 5 Proccess to process communication Transport- 4 End-To-End Communication and maintenance Network- 3 Routing Data; logical addressing; WAN delivery Data Link- 2 Physical Addressing; LAN delivery Physical- 1 Signalling

Match the OSI Layers to their descriptions Application Presentation Sessin Transport Network Data Link Physical

Application- User interface Presentation- Data format; encryption Session- process to process communication Transport- End-To-End communication and maintenance Network- Routing Data; logical addressing WAN delivery Data Link- Physical addessing; LAN Delivery Physical- Signalling

True or False? A brute force attack is an efficient means of breaking a system by trying every possibility for passwords or keys.

False

Match the cryptography terms cryptanalysis unencrypted information encrypted information encryption decryption algorithm cipher

Cryptanalysis- The science of using mathematics, tools, and patterns finding in breaking cryptography unencrypted information- information in understandable form (plaintext or cleartext) encrypted information- information in scrambled form (ciphertext) encryption- the process of scrambling plaintext into cipher text decryption- the process of unscrambling ciphertext into plaintext algorithm- a repeatable process the same result when it recieves the same input cipher- and algorithm to encrypt or decrypt information

True or False? A secret key and a private key in cryptography are the same thing.

False

a PKI provides all necessary to create, manage, distribute, use, store, and revoke digital certificates (select all that apply) policies roles software hardware procedures

Policies, roles, software, hardware, procedures

Match the Cryptography capabilities Privacy or confidentiality integrity entity authentication or identification message authentication signature certification timestamping witnessing access control

Privacy or confidentiality- Cryptography scrambles information so that only someone with the right cipher and key can read it. not that this person could include a clever cyber analyst integrity- cryptography protects integrity by providing checksums, or hashes. You can compare these with a known table of good values to prove that the data have not changed entity authentication or identification - someones ability to encode or decdode a message means that person has the cryptographic key or can calculate the key. if a business relationship requires that this key remain secret, possesion is proof of valid identity. message authentication- you selected similar to entity authentication a coded message with a private key proves who the messages writer is. again, this stipulation should be a part of any business contract or formal relationship signature- cryptography can provide a way to make a digital signature. this can prove that a given person sent a specfic message certification- a trusted entity can certify a message or data by adding a cryptographic checksum and a digital signature. Timestamping- using a asymmetric key cryptography, a trusted device can issue timestamps that attackers cannot forge. timestamping binds a hash to the timestamped information with the output of a secure, reliable clock. witnessing- a third party can add a cryptographic checksum to data to prove that those data exist in a given format at a particular time. access control- this involves encrypting privileged resources or data so that only authorized people can decrypt them and enforce access to them.

Match the roles and their descriptions Security manager IT director Project Manager Software Program Manager Software Architect Software Engineer Software Developer Quality Assurance Tester Penetration Tester Application Security Specialist

Security Manager- Security policies, protocols, and procedures IT Director- IT Business requirements, help desk, technology implementation, network services availability. Project manager- Project Planning, Executing, and monitoring Software Program Manager- ensures ALL software integrates and meets organizational requirements Software Architect- High Level design choices focused on strategy Software engineer- Structured design and trade-offs with respect to the system and framework Software Developer- Secure design , architecture, and documentation Quality Assurance Tester- Software Testing Software Procurement Analyst -Evaluates applications and vendors and determines best fit for the organization Penetration Testing- Reconnasiance, mapping, vulnerability assessment, penetration testing, and mitigation Application Security Specialist- Secure programming, vulnerability identification, threat, modeling, attack modeling

The following are examples of malware. match the type of malware with the definition and characteristics. Zombie Backdoor Scanner Spyware Trojan

Zombie- This is a compromised system that acts on behalf of the controller rather then the user. Backdoor- This is an unintentional which can be used to communicate with the system around established security. Scanner- this attempts to find vulnerabilities in a system by probing the system. Spyware-this type of software tracks users movements and activity and offloads it to the installer Trojan- it acts like a different program and may even function but contains a malicious payload.


Conjuntos de estudio relacionados

Civil Society and Social Capital

View Set

Chapter 9: Estimation and Confidence Intervals

View Set

Computers in Business Quiz - CGS2100

View Set

Unit 8 Lesson 1 The Early Middle Ages

View Set

EXAM 2: Nerve tissue & glial cells

View Set

Radiology: Hand and finger projections

View Set

Chapter 16: Email and Instant Messaging

View Set