CIS 377 Midterm/Final Quiz Questions
What does cyber security protect?
1. Identity: Someone's personal information 2. Devices and Infrastructure: Computing and network resources 3. Data: Most valuable organizational asset
A person who hacks into phone systems is referred to as what? A hacker, A gray hat hacker, A phreaker, A cracker
A phreaker
Exploit
A technique to compromise a system.
Which is not one of the three A's for digital methodology? Acquire Authenticate Accessibility Analyze
Accessibility
Incident response is defined as _________ Data loss, Phishing, Actions taken to deal with an incident, All of the above
Actions taken to deal with an incident
Which is not a component of Digital Forensics? Preparation, Containment, Eradication, All are components
All are components
An incident Response consideration is _______________________________. Actual and potential financial loss, Need for efficiency, Potential for adverse exposure, All of the above
All of the above
In the recovery phase of incident response, one step is ________________________________ Restore data from clean backups, Rebuild systems from scratch, Restore confidence, All of the above
All of the above
Which is not true about digital forensics? Used to investigate what happened during attack on assets, Used to determine how the attack occurred, Involved the preservation of computer media for evidential analysis, All of the above are true
All of the above are true
What is a cyber-attack?
An attack, via cyberspace, targeting an enterprise's use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information
Vulnerability
An identified weakness of a controlled system whose controls are not present or are no longer effective
What initial steps should be taken when a potential incident is identified? Analyze and validate, documenting steps, Establish communication policy, Determine the impact of an incident, Delete malicious code
Analyze and validate, documenting steps
CIA Triad: Confidentiality
Assures that confidential information is not disclosed to unauthorized individuals
Which of these is the process to determine if the credentials given by a user or another system are authorized to access the network resource in question? Confidentiality, Integrity, Availability, Authentication
Authentication
_________ attacks are becoming less common in modern operating systems. Denial of service, SYN flood, Buffer overflow, None of the above
Buffer overflow
What is the most common way for a virus to spread? By copying to shared folders, By email attachment By FTP, By downloading from a website
By email attachment
Which of the following is the first official recognition of computer forensics as a separate field? Digital Forensic Research Workshop (DFRWS) Computer Analysis and Response Team (CART) An international treaty of Convention on Cybercrime Scientific Working Group on Digital Evidence (SWGDE)
Computer Analysis and Response Team (CART)
Which of these was the first computer incident-response team? Computer Emergency Response Team, F-Secure, SANS Institute, Microsoft Security Advisor
Computer Emergency Response Team
____________________ can include logs, portable storage, emails, tablets, and cell phones. Computer evidence, Ancillary hardware, Network devices, None of the above
Computer evidence
Attacks are classified as incidents if they ____________ Are directed against personnel, Could threaten confidentiality, integrity or availability of information resources, Have a low probability of success, All of the above
Could threaten confidentiality, integrity or availability of information resources
A black hat hacker is also called a ___________ Thief, Cracker, Sneaker None of the above
Cracker
SQL injection is based on what? Having database admin privileges, Creating an SQL statement that is always true, Creating an SQL statement that will force access, Understanding web programming
Creating an SQL statement that is always true
When an attacker injects client-side scripts into web pages viewed by other users so that those users interact with it, it is an example of _______________. Cross-site scripting, Phreaking, Phishing, None of the above
Cross-site scripting
CIA Triad: Integrity
Data integrity: assures that information and programs are changed only in a specified and authorized manner System integrity: Assures that a system performs its operations in unimpaired manner
Which type of attack attempts to overload the system with requests, denying legitimate users access? Denial of service, ip spoofing, Phishing, None of the above
Denial of service
In preparing to collect incident data, _____________________________. Collect only subjective data, Collect all data available, Pass all information onto management, Document all information on the data that was acquired, such as location
Document all information on the data that was acquired, such as location
A Business Continuity Planning is to establish critical business operations after a disaster impacts operations. True, False
False
A Disaster Recover plan is very useful but not necessary. True, False
False
A documentation trail is beneficial but not required. True, False
False
An incident response team should be formed once an incident is confirmed. True, False
False
Auditing is the process to determine if a user's credentials are authorized to access a network resource. True, False
False
Black hat hackers are also know as script kiddies. True, False
False
Digital evidence is not volatile. True, False
False
Incident response is proactive. True, False
False
Most Windows logs are turned on automatically. True, False
False
Once evidence is contaminated, it can be recovered and used as evidence for a legal case. True, False
False
Once files are deleted, they can't be recovered permanently. True, False
False
Reacting to incidents is lost costly and more effective than preventing incidents. True, False
False
With a computer, always work on the original since when a person commits a crime something is always left behind. True, False
False
How can you prevent cross-site scripting? Filer user input, Use an IDS, Use a firewall, It cannot be prevented
Filter user input
A(n) ______ is a basic security device that filters traffic and is a barrier between a network and the outside world or between a system and other systems. Firewall, Proxy server, Intrusion detection system, Network Monitor
Firewall
You may use Linux to make a ______________ of the hard drive. Bootable copy, Screen shot, New version, Forensically valid copy
Forensically valid copy
An alternate site configuration that would allow the company to move right in and continue operations is _________ Hot, Cold, Warm, None of the above
Hot
Passing structured query language commands to a web application and getting the website to execute it is call SQL script ______________________. Injection, Processing, Attacking, Execution
Injection
Which is NOT an action that is taken as part of preparing for an incident? Create a policy, Create and train a response team, Involve Law enforcement, Establish notification mechanisms
Involve Law enforcement
Types of Threats and Attacks
Malware: MALicious softWARE Security Breaches DoS: Denial of Service attacks Web Attacks Session Hijacking DNS Poisoning Insider Threats
Which of the following is true regarding emailed security alerts? You must follow them, Most companies do not send alerts via email, You can trust attachments on security alerts, Most companies send alerts via email
Most companies do not send alerts via email
Which of the following is a way that any person can use to protect against virus attacks? Set up a firewall, Use encrypted transmissions, Use security email software, Never open unknown email attachments
Never open unknown email attachments
The most popular port scanner in the hacking and security community is ________ Nmap, Portscan, Servport, NetBIOS
Nmap
Which of the following is a popular port scanner? Nessus Ophrack MBSA Nmap
Nmap
Testing an organization's security is known as _____________testing. Penetration, Location, Virus, None of the above
Penetration
Blocking incoming ICMP packets will prevent what type of scan? SYN, Ping, FIN, Stealth
Ping
There are 4 phases in the Incident Response Life Cycle, what is the first phase? Containment, Eradication & Recovery, Detection and Analysis, Post-Incident Activity, Preparation
Preparation
What is a buffer-overflow attack? Overflowing a port with too many packets, Putting more email in an email system than it can hold, Overflowing the system, Putting more data in a buffer than it can hold
Putting more data in a buffer than it can hold
Which of these is a repository of security-related documentation and also sponsors a number of security research projects? Computer Emergency Response Team, F-Secure, SANS Institute, Microsoft Security Advisor
SANS Institute
A key logger is what type of malware? Virus, Buffer overflow, Trojan horse, Spyware
Spyware
Adversarial Thinking
The ability to embody the technological capabilities, the unconventional perspectives, and the strategic reasoning of hackers.
Attacks
The deliberate act that exploits vulnerability. It is accomplished by a threat agent to damage or steal an organization's information or physical asset.
Which activity is not usually included in computer forensics? The secure collection of computer data, The examination of physical systems, the identification of suspect data, The application of laws to computer practice
The examination of physical systems
Threats
The likelihood that something harmful could occur.
Which of the following are important to the investigator regarding logging? The logging methods, Log retention, Location of stored logs, All of the above
The logging methods
Frequently, the first responder to a computer crime is ________. The network administrator, A law enforcement officer, The news media, None of the above
The network administrator
Why should a cybercrime law be specific? To prevent defendants from finding loopholes, So it will be internationally recognized, So that multiple laws will not be necessary, None of the above
To prevent defendants from finding loopholes
A denial-of-service attack is one of the most common attacks on a system. True, False
True
A firewall can be configured to disallow certain types of incoming traffic that may be attacking. True, False
True
After a virus is on your system, it can do anything a legitimate program can do. True, False
True
Confidentiality, integrity, and availability are three pillars of the CIA triangle. True, False
True
Crisis management team is responsible for managing event from and enterprise perspective. True, False
True
Hacking into phone systems is also known as phreaking True, False
True
Incidents create pandemonium if not prepared. True, False
True
Information security personnel should be trained to understand the forensics process. True, False
True
Law enforcement should be involved when an incident constitutes a violation of law. True, False
True
Malware is a generic term for software that has a malicious purpose. True, False
True
Malware that executes when a specific criteria is met is a logic bomb. True, False
True
Single loss expectation is used to determine the total cost of an incident. True, False
True
The Window Registry contains a list of USB devices that have been connected to the machine. True, False
True
The chain of custody accounts for the handling of evidence and documents that handling. True, False
True
The most common method to deliver spyware to a target system is by using a Trojan horse. True, False
True
The objective in the eradication phase of incident response is to eliminate the cause of the incident. True, False
True
Which is NOT a possible indicator of an incident? Unusual consumption of computing resources, Execution of unknown programs or processes, Unknown people, Unfamiliar files
Unknown people
Your company is instituting a new security awareness program. You are responsible for educating end users on a variety of threats, including social engineering. Which of the following best defines social engineering? Illegal copying of software, Gathering information from discarded manuals and printouts, Using people skills to obtain proprietary information Destruction or alteration of data
Using people skills to obtain proprietary information Destruction or alteration of data
Defense in Depth
abstraction layering modularity resource encapsulation process isolation domain separation
CIA Triad: Availability
assure that systems works promptly and service is not denied to authorized users
denial of service attacks affect which part of the CIA triad? confidentiality, integrity, availability
availability
Data theft affects which part of the CIA Triad? confidentiality integrity availability
confidentiality
Encryption is a means of protecting ________ confidentiality, integrity, availability
confidentiality
Espionage affects _______________________ confidentiality, integrity, availability
confidentiality
In a power grid: A(n) ____________________ breach exposes system operating information confidentiality, integrity, availability
confidentiality
In the military: A(n) __________________ breach would mean hackers could obtain data about sensitive systems. confidentiality, integrity, availability
confidentiality
_____________________ means protecting and keeping your secrets confidentiality, integrity, availability
confidentiality
Windows stores information on web address, search queries, and recently opened files in a file called___________. internet.txt index.dat default.dat explore.exe
index.dat
Data modification attacks affect ______ confidentiality, integrity, availability
integrity
In a power grid: A(n) _________________ breach would compromise critical systems, risking failure or shutdown confidentiality, integrity, availability
integrity
Viruses and malware compromise the _________________ of the systems they infect. confidentiality, integrity, availability
integrity
Given your automobile: A(n) _____________________ breach means they could take over your brakes. confidentiality, integrity, availability
integrity and availability
In the military: If they made a(n) ______________________ breach, they could gain control over these weapons systems. confidentiality, integrity, availability
integrity and availability
Cybersecurity
measures taken to protect a computer or computer system against unauthorized access or attack
One classic denial-of-service attack distributed by email was _____________. myDoom, Linux, pingflood, None of the above
myDoom
The Windows command to list any shared files that are currently open is ___________. openfiles fc netstat None of the above
openfiles
A program that can propagate without human interference is a _________________. virus, worm, trojan horse, none of the above
worm