CSCI 290
1. How might an identity thief use the Internet to exploit his victim? A. He might find even more information about the target and use this information to conduct his crime. B. He could find out how much the target has in her savings account. C. The identity thief usually does not use the Internet to accomplish his task. D. He could use the Internet to intercept your email and thus get access to your personal life.
A
1. Which of the following is the most common way for a virus scanner to recognize a virus? A. To compare a file to known virus attributes B. To use complex rules to look for virus-like behavior C. To only look for TSR programs D. To look for TSR programs or programs that alter the Registry
A
1. Which of the following most accurately defines encryption? A. Changing a message so it can only be easily read by the intended recipient B. Using complex mathematics to conceal a message C. Changing a message using complex mathematics D. Applying keys to a message to conceal it
A
10. What is a major weakness with a network host-based firewall? A. Its security is dependent on the underlying operating system. B. It is difficult to configure. C. It can be easily hacked. D. It is very expensive.
A
11. What advantage does a symmetric key system using 64-bit blocks have? A. It is fast. B. It is unbreakable. C. It uses asymmetric keys. D. It is complex.
A
11. What is the term for blocking an IP address that has been the source of suspicious activity? A. Preemptive blocking B. Intrusion deflection C. Proactive deflection D. Intrusion blocking
A
12. What is the term for a fake system designed to lure intruders? A. Honey pot B. Faux system C. Deflection system D. Entrapment
A
13. Which of the following is the correct term for simply making your system less attractive to intruders? A. Intrusion deterrence B. Intrusion deflection C. Intrusion camouflage D. Intrusion avoidance
A
13. Which would you use to begin a search for information on a United States court case? A. The National Center for State Courts Website B. Infobel C. Yahoo! People Search D. Google Groups
A
14. What method do most IDS software implementations use? A. Anomaly detection B. Preemptive blocking C. Intrusion deterrence D. Infiltration
A
14. Which of the following methods uses a variable-length symmetric key? A. Blowfish B. Caesar C. DES D. RSA
A
15. Which of the following is a step you would definitely take with any server but might not be required for a workstation? A. Uninstall all unneeded programs/software. B. Shut down unneeded services. C. Turn off the screensaver. D. Block all Internet access.
A
15. Which of the following is the most helpful data you might get from Usenet on a person you are investigating? A. Postings by the individual you are investigating B. Security tips to help you investigate C. Criminal records posted D. Negative comments made by others about your target
A
18. Which of the following is most true regarding new encryption methods? A. Never use them until they have been proven. B. You can use them, but you must be cautious. C. Only use them if they are certified. D. Only use them if they are rated unbreakable.
A
19. Which of the following certifications is the most prestigious? A. CISSP B. PE C. MCSA D. Security+
A
2. What is the most basic rule of computer security? A. Keep systems patched. B. Always use an IDS. C. Install a firewall. D. Always use antispyware.
A
2. Where does Linux store email server logs? A. /var/log/mail.* B. /etc/log/mail.* C. /mail/log/mail.* D. /server/log/mail.*
A
3. How might you ensure that system patches are kept up to date? A. Use an automated patching system. B. Patch anytime you receive a vendor notification of a new patch. C. Patch whenever a new threat is announced. D. Use periodic scheduled patching.
A
5. Which of the following should not be recommended as acceptable email attachments? A. Flash animations B. Excel spreadsheets from a colleague C. Attachments you were expecting D. Plain text attachments from known sources
A
6. If your machine is not used as a server and is not on a local network, what packet-filtering strategy should you use? A. Block all ports except 80. B. Do not block any ports. C. Block all ports. D. Do not block well-known ports.
A
6. Which of the following is a political group that has already used the Internet for political intimidation? A. Internet Black Tigers B. Al Qaeda C. Mafia D. IRA
A
6. Which of the following is the most basic type of firewall? A. Screening firewall B. Application gateway C. Heuristic firewall D. Circuit-level gateway
A
6. Why is binary mathematical encryption not secure? A. It does not change letter or word frequency. B. It leaves the message intact. C. It is too simple. D. The mathematics of it is flawed.
A
7. Which of the following is not a significant security risk posed by instant messaging? A. Employees may send harassing messages. B. Employees might send out confidential information. C. A virus or worm might infect the workstation via instant messaging. D. An instant messaging program could actually be a Trojan horse.
A
8. What is PGP? A. Pretty Good Privacy, a public key encryption method B. Pretty Good Protection, a public key encryption method C. Pretty Good Privacy, a symmetric key encryption method D. Pretty Good Protection, a symmetric key encryption method
A
8. What is SPI? A. Stateful packet inspection B. System packet inspection C. Stateful packet interception D. System packet interception
A
8. Which of the following would most likely be considered an example of information warfare? A. Radio Free Europe during the Cold War B. Radio political talk show C. Normal news reports D. Military press releases
A
9. What is password age? A. How long a user has had a password B. The length of the password history C. A reference to the sophistication (maturity) of the password D. A reference to a password's length
A
9. Where would you go to find various state sex offender registries? A. The FBI website B. The national sex offender online database C. The interstate online sex offender database D. The special victims unit website
A
9. Which of the following is a likely use of Internet newsgroups in information warfare? A. To spread propaganda B. To monitor dissident groups C. To send encoded messages D. To recruit supporters
A
9. Which of the following is the appropriate sequence of events for a new employee? A. IT is notified of the new employee and the requested resources > employee is granted access to those resources > employee is briefed on security/acceptable use > employee signs acknowledging receipt of a copy of security rules. B. IT is notified of the new employee and the requested rights > employee is given access to those resources > employee signs acknowledging a receipt of a copy of security rules. C. IT is notified of the new employee and assigns default rights > employee is briefed on security/acceptable use > employee signs acknowledging receipt of a copy of security rules. D. IT is notified of the new employee and assigns default rights > employee signs acknowledging receipt of company security rules.
A
1. What are the six Ps of security? A. Patch, ports, personnel, privacy, protect, policies B. Ports, patch, protect, probe, policies, physical C. Physical, privacy, patch, ports, probe, protect D. Ports, patch, probe, physical, privacy, policies
B
10. What is the minimum frequency for system probing and audits? A. Once per month B. Once per year C. Every other year D. Every other month
B
10. Which of the following is a symmetric key system using 64-bit blocks? A. RSA B. DES C. PGP D. Blowfish
B
10. Which of the following is the appropriate sequence of events for a departing employee? A. IT is notified of the departure > all logon accounts are shut down > all access (physical and electronic) is disabled. B. IT is notified of the departure > all logon accounts are shut down > all access (physical and electronic) is disabled > the employee's workstation is searched/scanned. C. IT is notified of the departure > all physical access is shut down > all electronic access is shut down. D. IT is notified of the departure > all electronic access is shut down > all physical access is shut down.
B
11. Which of the following best describes the communication goal of any intelligence agency? A. To send clear communications to allies and noise to all other parties B. To send clear communications to allies and noise only to the enemy C. To send disinformation to the enemy D. To send clear communications to allied forces
B
11. Which of the following is the appropriate sequence for a change request? A. Business unit manager requests change > IT unit verifies request > request is implemented. B. Business unit manager requests change > IT unit verifies request > security unit verifies request > request is scheduled with rollback plan > request is implemented. C. Business unit manager requests change > IT unit verifies request > request is scheduled with rollback plan > request is implemented. D. Business unit manager requests change > IT unit verifies request > security unit verifies request > request is implemented.
B
12. What advantages are there to commercial web search services? A. They can get information you cannot. B. They can get the information faster than you can. C. They can do a more thorough job than you can. D. They are legally entitled to do searches; you are not.
B
12. Which of the following conflicts had a cyber warfare component? A. 1989 invasion of Panama B. 1990 Kosovo crisis C. 1990 Somalia crisis D. Vietnam War
B
13. What is the rule in access control? A. The most access you can securely give B. The least access job requirements allow C. Standard access for all users D. Strictly limited access for most users
B
13. What type of encryption uses different keys to encrypt and decrypt the message? A. Private key B. Public key C. Symmetric D. Secure
B
14. What is the preferred method for storing backups? A. Near the server for quick restore if needed B. Offsite in a secure location C. In the IT manager's office for security D. At the home of one of the IT staff
B
15. How do most antispyware packages work? A. By using heuristic methods B. By looking for known spyware C. The same way antivirus scanners work D. By seeking out TSR cookies
B
15. Which of the following is a list of items that should be implemented in all secure code? A. All code checked for backdoors or Trojans, all buffers have error handling to prevent buffer overruns, all communication activity thoroughly documented B. All code checked for backdoors or Trojans, all buffers have error handling to prevent buffer overruns, all communication adheres to organizational guidelines, all communication activity thoroughly documented C. All code checked for backdoors or Trojans, all buffers have error handling to prevent buffer overruns, all communication adheres to organizational guidelines D. All code checked for backdoors or Trojans, all communication adheres to organizational guidelines, all communication activity thoroughly documented
B
16. Which of the following is a step you might take for large networks but not for smaller networks? A. Use an IDS. B. Segment the network with firewalls between the segments. C. Use antivirus software on all machines on the network. D. Do criminal background checks for network administrators.
B
2. Which of the following is not an ideal place to seek out phone numbers and addresses? A. Yahoo! People Find B. People Search C. The international phone registry D. Infobel
B
3. Why do you not want too much personal data about you on the Internet? A. It might reveal embarrassing facts about you. B. It might be used by an identity thief to impersonate you. C. It might be used by a potential employer to find out more about you. D. There is no reason to worry about personal information on the Internet.
B
4. What is the name for scanning that depends on complex rules to define what is and is not a virus? A. Rules-based scanning (RBS) B. Heuristic scanning C. TSR scanning D. Logic-based scanning (LBS)
B
4. What should an employee do if she believes her password has been revealed to another party? A. If it is a trusted employee or friend, just ignore it. B. Change your own password immediately. C. Notify the IT department. D. Ignore it.
B
4. Which of the following is an encryption method using two or more different shifts? A. Caesar cipher B. Multi-alphabet encryption C. DES D. PGP
B
5. What differentiates cyber terrorism from other computer crimes? A. It is organized. B. It is politically or ideologically motivated. C. It is conducted by experts. D. It is often more successful.
B
5. Which of the following is a good reason to check dependencies before shutting down a service? A. To determine whether you will need to shut down other services as well B. To determine whether shutting down this service will affect other services C. To find out what this service does D. To find out whether this service is critical to system operations
B
12. What size key does a DES system use? A. 64 bit B. 128 bit C. 56 bit D. 256 bit
C
14. According to the October 2002 InfoWorld magazine article, which of the following systems may be vulnerable to attack? A. NORAD nuclear weapons control B. Low-level logistical systems C. Satellites D. CIA computers
C
2. What is one way of checking emails for virus infections? A. Block all emails with attachments. B. Block all active attachments (for example, ActiveX, scripting). C. Look for subject lines that are from known virus attacks. D. Look for emails from known virus sources.
C
2. Which of the following is not an area that user policies need to cover? A. Minimum length of passwords B. What websites one can or cannot visit C. If and when to share passwords D. What to do if you believe your password has been compromised
C
2. Which of the following is not an example of financial loss due to cyber terrorism? A. Lost data B. Transferring money from accounts C. Damage to facilities including computers D. Computer fraud
C
2. Which of the following is the oldest encryption method discussed in this text? A. PGP B. Multi-alphabet encryption C. Caesar cipher D. Cryptic cipher
C
3. Which of the following is not an example of a user password policy? A. Users may not keep copies of passwords in their office. B. Passwords must be eight characters long. C. Users may only share passwords with their assistant. D. Passwords may not be shared with any employee.
C
3. Which of the following military/government systems would most likely be the target of a successful computer hack? A. The most sensitive systems of the CIA B. Nuclear systems at NORAD C. Low-security logistical system D. Military satellite control systems
C
4. What is the rule about ports? A. Block all incoming ports. B. Block ICMP packets. C. Block all unused ports. D. Block all nonstandard ports.
C
5. Which binary mathematical operation can be used for a simple encryption method? A. Bit shift B. OR C. XOR D. Bit swap
C
5. Which of the following is not one of the basic types of firewalls? A. Screening firewall B. Application gateway C. Heuristic firewall D. Circuit-level gateway
C
8. Of the websites listed in this chapter, which would be the most useful in obtaining the address and phone number of someone who does not live in the United States? A. The FBI website B. Yahoo! C. Infobel D. Google
C
15. Which of the following is a cyber attack that would likely cause imminent loss of life? A. Disruption of banking system B. Disruption of water C. Disruption of security systems D. Disruption of chemical plant control systems
D
17. Which of the following is most true regarding certified encryption methods? A. These are the only methods you should use. B. It depends on the level of certification. C. It depends on the source of the certification. D. There is no such thing as certified encryption.
D
20. Which of the following set of credentials would be best for a security consultant? A. Ten years of IT experience, one year in security, CIW Security analyst, MBA B. Eight years of IT experience, three years in security, CISSP, B.S. in computer science C. Eleven years of IT experience, three years in security, MCSE and CISSP, MS in information systems D. Ten years of experience as a hacker and cracker, MCSE/CIW and Security +, Ph.D. in computer science
D
14. After dealing, on a technical level, with any security breach, what is the last thing to be done for a security breach? A. Quarantine infected machines. B. Study the breach to learn how to prevent a recurrence. C. Notify management. D. Log the incident.
C
16. Which of the following is most likely to be true of an encryption method that is advertised as unbreakable? A. It is probably suitable for military use. B. It may be too expensive for your organization. C. It is likely to be exaggerated. D. It is probably one you want to use.
C
17. Which of the following is a common way to establish security between a web server and a network? A. Block all traffic between the web server and the network. B. Place virus scanning between the network and the web server. C. Put a firewall between the web server and the network. D. Do not connect your network to the web server.
C
18. What is the rule on downloading from the Internet? A. Never download anything. B. Only download if the download is free of charge. C. Only download from well-known, reputable sites. D. Never download executables. Only download graphics.
C
6. Which of the following is the best reason users should be prohibited from installing software? A. They may not install it correctly, which could cause security problems for the workstation. B. They may install software that circumvents security. C. Software installation is often complex and should be done by professionals. D. If a user's account does not have privileges to install, then it is likely that a Trojan horse will not be inadvertently installed under their account.
B
6. Which of the following would be least important to know about a potential business partner? A. Past bankruptcies B. A 15-year-old marijuana possession arrest C. A lawsuit from a former business partner D. A recent DUI
B
7. What information would provide the most accurate results for locating a person? A. First name and state B. First name, last name, and state C. Last name and state D. First name and last name
B
7. What is information warfare? A. Only spreading disinformation B. Spreading disinformation or gathering information C. Only gathering information D. Spreading disinformation or secure communications
B
7. Which of the following is a disadvantage to using an application gateway firewall? A. It is not very secure. B. It uses a great deal of resources. C. It can be difficult to configure. D. It can only work on router-based firewalls.
B
7. Which of the following is most true regarding binary operations and encryption? A. They are completely useless. B. They can form a part of viable encryption methods. C. They are only useful as a teaching method. D. They can provide secure encryption
B
8. What must all user policies have in order to be effective? A. They must be reviewed by an attorney. B. They must have consequences. C. They must be notarized. D. They must be properly filed and maintained.
B
1. In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court? A. Rules of evidence B. Law of probability C. Chain of custody D. Policy of separation
C
1. What is the most likely damage from an act of cyber terrorism? A. Loss of life B. Military strategy compromised C. Economic loss D. Disrupted communications
C
1. Which of the following does not demonstrate the need for policies? A. Antivirus software cannot prevent a user from downloading infected files. B. The most secure password is not at all secure if it's posted on a note by the computer. C. End users are generally not particularly bright and must be told everything. D. Technological security measures are dependent upon the employees' implementation.
C
10. Sending a false message with weak encryption, intending it to be intercepted and deciphered, is an example of what? A. Poor communications B. Need for better encryption C. Disinformation D. Propaganda
C
11. An audit should check what areas? A. Perform system patching, review polices, check personnel records of all managers, and probe for flaws B. Only probe for flaws C. Perform system patches, probe for flaws, check logs, and review policies D. Check all machines for illicit software, perform complete system virus scan, and review firewall polices
C
11. Which web search approach is best when checking criminal backgrounds? A. Check primarily the person's state of residence. B. Check primarily federal records. C. Check the current and previous state of residence. D. Check as many places as might have information.
C
8. What is the rule of thumb on data access? A. Data must be available to the widest range of people possible. B. Only administrators and supervisors should access sensitive data. C. Only those with a need for the specific data should have access. D. All employees should have access to any data used in their department.
C
10. What is most important to learn about a person listed in a sex offender registry? A. The extent of his punishment B. How old she was when she committed her crime C. How long he has been out of prison D. The nature of her specific crime
D
12. What is the first step when discovering a machine(s) has been infected with a virus? A. Log the incident. B. Scan and clean infected machine(s). C. Notify appropriate management. D. Quarantine infected machine(s).
D
12. Which of the following is true of the room in which the server is located? A. It should be in the most fire-resistant room in the building. B. It should have a strong lock with a strong door. C. It should be accessible only to those who have a need for access. D. All of the above
D
13. What would be most important to block end users from doing on their own machine? A. Running programs other than those installed by the IT staff B. Surfing the Web and using chat rooms C. Changing their screensaver and using chat rooms D. Installing software or changing system settings
D
13. Which of the following agencies has allegedly had one of its cyber spies actually caught? A. NSA B. KGB C. FBI D. CIA
D
14. Which of the following is the most accurate description of Usenet? A. A nationwide bulletin board B. A repository of computer security information C. A large-scale chat room D. A global collection of bulletin boards
D
15. What should you be most careful of when looking for an encryption method to use? A. Complexity of the algorithm B. Veracity of the vendor's claims C. Speed of the algorithm D. How long the algorithm has been around
D
3. What are TSR programs? A. Terminal Signal Registry programs that alter the system Registry B. Terminate and System Remove programs that erase themselves when complete C. Terminate and Scan Remote programs that scan remote systems prior to terminating D. Terminate and Stay Resident programs that actually stay in memory after you shut them down
D
3. What is the main problem with simple substitution? A. It does not use complex mathematics. B. It is easily broken with modern computers. C. It is too simple. D. It maintains letter and word frequency.
D
4. How could a hacker use information about you found through Internet searches? A. It could be used to guess passwords if your passwords are linked to personal information such as your birth date, address, or phone number. B. It could be used to guess passwords if your passwords are linked to your interests or hobbies. C. It could be used in social engineering to ascertain more information about you or your computer system. D. All of the above.
D
4. Which of the following might be an example of domestic cyber terrorism? A. Sasser virus B. Mimail virus C. Sobig virus D. MyDoom virus
D
5. If you are hiring a new employee, which of the following should you do? A. Verify degrees and certifications. B. Call references. C. Perform an Internet search to verify contact information and to check for a criminal record. D. All of the above.
D
7. Which of the following is the least essential device for protecting your network? A. Firewall B. Virus scanners on all machines C. IDS system D. Proxy server
D
9. What is the term for a firewall that is simply software installed on an existing server? A. Network host based B. Dual-homed C. Router based D. Screened host
D
9. Which of the following methods is available as an add-in for most email clients? A. DES B. RSA C. Caesar cipher D. PGP
D
