Module 5 - Information Security Basics - AWR-173-W
TRUE or FALSE Any executing program, including services, daemons or applications is a process.
TRUE
TRUE or FALSE A user on any system should be given just enough permissions for him or her to complete their duties.
True
What is a host based intrusion detection system? a. A software package that monitors a single computer system, watching for abnormal activity b. A software package that watches all of the hosts on a network, monitoring them for abnormal activity c. A software package that watches all incoming network traffic for indications of an attack d. None of the above
a. A software package that monitors a single computer system, watching for abnormal activity
In the context of information security, what is policy? Select one: a. A written list detailing the rules of an organization b. A list detailing practices that are to be observed regarding information c. A document assigning particular responsibilities to specific individuals or offices in an organization d. All of the above
a. A written list detailing the rules of an organization
Why does hashing prevent hackers from stealing the contents of a password file? a. Because, practically speaking, the hashes cannot be reversed to reveal the original password b. Because the passwords are encrypted and cannot be decrypted without the private key c. The passwords themselves are stored in cleartext. Other required information, such as the username, are hashed and not reversible d. Passwords are not hashed; they are encrypted
a. Because, practically speaking, the hashes cannot be reversed to reveal the original password
Which of the following are goals of an Access Control System in an operating system? Select all that apply. Select one or more: a. Check permissions on every access b. Enforce least privilege c. Ensure acceptable usage d. Remove credible threats
a. Check permissions on every access b. Enforce least privilege c. Ensure acceptable usage
Which of the following are goals of an Access Control System in an operating system? Select all that apply. a. Enforce least privilege b. Remove credible threats c. Check permissions on every access d. Ensure acceptable usage
a. Enforce least privilege c. Check permissions on every access d. Ensure acceptable usage
Which of the following is not a goal of an access control mechanism? a. Ensure accurate usage b. Ensure that permissions are enforced c. Enforce least privilege d. Ensure acceptable usage
a. Ensure accurate usage
Which of the following is not a goal of an access control mechanism?a. Ensure accurate usage b. Ensure acceptable usage c. Ensure that permissions are enforced d. Enforce least privilege
a. Ensure accurate usage
Which of the following is an API? Select all that apply Select one or more: a. Something used when an application wishes to use a service offered by the operating system b. An interface that allows one application to directly manipulate the memory system of other applications c. An interface that allows the programmer to directly access the hardware when needed d. Something that allows applications to perform the tasks they need without giving them direct access to the underlying hardware
a. Something used when an application wishes to use a service offered by the operating system d. Something that allows applications to perform the tasks they need without giving them direct access to the underlying hardware
How do user permissions impact the damage caused by malware? a. The malware inherits permissions from the user. The malware can only perform the same actions as the user b. The damage cause by malware is not impacted by user permissions c. Malware will sometimes adjust the permissions assigned to a particular user d. None of the above
a. The malware inherits permissions from the user. The malware can only perform the same actions as the user
What is the trusted computing base? a. The portions of a computer system that together serve to satisfy the stated security policy b. The systems in an organization that are considered to be most secure c. The users of the most heavily fortified computer systems in an organization d. None of the above
a. The portions of a computer system that together serve to satisfy the stated security policy
What is a file system? a. The storage schemes used by different operating systems to organize data on a hard disk or other permanent storage device b. A collection of all of the permanent storage devices (Hard disks, USB drives, CDRWs, etc.) on the system c. A proprietary technology used on Windows to organize files d. A listing of all files stored on a hard disk
a. The storage schemes used by different operating systems to organize data on a hard disk or other permanent storage device
Which of the following portions of the operating system typically do NOT make up the TCB (Trusted Computing Base)? Select all that apply. a. User protection b. Inter-process communication c. File protection d. Kernels e. Memory protection
a. User protection d. Kernels
Is a virus scanner required for each host if a network has a firewall and the email is scanned for malware? a. Yes: Malware may bypass these two controls and enter the network through another path b. No: These two measures cover the only way that a virus might infiltrate the organization c. No: These two measures offer sufficient defense d. No: A firewall is all you really need to be protected against malware
a. Yes: Malware may bypass these two controls and enter the network through another path
Which of the following is an example of a host based intrusion detection system? Select one: a. A system installed on a user's computer that compares currently running code against large databases of known viruses b. A system installed on a user's computer that monitors CPU utilization, memory utilization and running processes, searching for anomalies c. A system installed on a user's computer that keeps track of every permission list and notes any variances d. Hardware that is designed to prevent unauthorized access to a computer system
b. A system installed on a user's computer that monitors CPU utilization, memory utilization and running processes, searching for anomalies
Which of the following is an example of a layered defense? a. An attacker is outrightly prevented from exploiting a network through multiple layer of defensive measures. b. After defeating an initial defense, an attacker is confronted with a different form of defense that must be overcome before further penetration can occur. c. An attacker prevents counterattacks through the use of proxy networks and other means, thereby involving a layer of defensive measures. d. None of the above
b. After defeating an initial defense, an attacker is confronted with a different form of defense that must be overcome before further penetration can occur.
How do anti-virus products work? Select all that apply. Select one or more: a. By data captures and port monitoring, among other methods b. By identifying any suspicious behavior from a computer application that might show some form of malicious intent/infection c. By examining files and comparing their code to known viruses in a dictionary d. By examining the user's input
b. By identifying any suspicious behavior from a computer application that might show some form of malicious intent/infection c. By examining files and comparing their code to known viruses in a dictionary
A piece of hardware or software that captures a user's keystrokes is known as a . Select one: a. Informant b. Keystroke logger c. Trojan d. Virus
b. Keystroke logger
How does a signature based scanner find malware? a. Malware is detected by analyzing process activity and compares that to a known history of acceptable use in some artificially intelligent way b. Malware is detected by comparing an application's code to a database of known malware c. Malware is detected by looking for suspicious behavior of applications through various means d. Malware is detected by monitoring network activity coming into and out of the computer, watching for patterns that are known to be associated with viruses
b. Malware is detected by comparing an application's code to a database of known malware (?)
Why are strong passwords required to protect a system? Select one: a. To alleviate pressure on the firewall b. To prevent dictionary attacks c. To allow users access to more systems d. Strong passwords are not required
b. To prevent dictionary attacks
The systems in the computer that are used to satisfy the organization's security policy combine to form the . a. IT foundation b. Trusted Computing Base (TCB) c. Core Network d. High-assurance processing system (HPS)
b. Trusted Computing Base (TCB)
What is an Application Program Interface (API)? a. A way of accessing all of the software installed on a computer system b. A way of interfacing with a particular application c. A mechanism by which a program may interact with the operating system d. A way of accessing the program code for applications that have been loaded on the system
c. A mechanism by which a program may interact with the operating system
In regard to trusted computing, what is a policy? a. A policy is a statement that describes the matrix that is rendered from the rights granted by an operating system b. A policy is the rights granted to a user from an operating system, provided in a policy matrix c. A policy is a statement that describes the information security a system is expected to provide d. A policy is the rights granted to a process within the trusted computing architecture Feedback
c. A policy is a statement that describes the information security a system is expected to provide
What is an operating system? a. A system that is used to track the progress of IT managers and resources b. A system used to optimize distribution of network resources c. A software system that manages all of the hardware and other software in a system d. A system that is used to track the monetary disbursements
c. A software system that manages all of the hardware and other software in a system
Why should firewalls be used both at the host and network level? Select one: a. As part of a layered defense strategy b. Because host firewalls protect against a different type of threat, threats inside the network. Network firewalls protect against attacks originating outside of the network c. All of the above d. None of the above
c. All of the above (?)
Which of the following is not an example of a layered defense? Select all that apply Select one or more: a. After defeating an initial defense, an attacker is confronted with a different type of defense that must be overcome before further penetration can occur b. An attacker is isolated after his initial entry into a network, thereby preventing further damage c. An attacker prevents counterattacks through the use of proxy networks and other means, thereby involving a layer of defense measures d. After defeating the primary defense, an attacker has complete access to a network
c. An attacker prevents counterattacks through the use of proxy networks and other means, thereby involving a layer of defense measures d. After defeating the primary defense, an attacker has complete access to a network
Why are strong passwords important? a. If a password can be guessed, no technological device will protect the system or information b. Password cracking is more likely to occur using weak passwords c. Both A and B d. None of the above
c. Both A and B
How do anti-virus products work? Select all that apply. Select one or more: a. By data captures and port monitoring, among other methods b. By examining the user's input c. By examining files and comparing their code to known viruses in a dictionary d. By identifying any suspicious behavior from a computer application that might show some form of malicious intent/infection
c. By examining files and comparing their code to known viruses in a dictionary d. By identifying any suspicious behavior from a computer application that might show some form of malicious intent/infection
The orange book was a member of what series of government security standards? Select one: a. Secure Series b. Multi-Color Series c. Rainbow Series d. Prism Series
c. Rainbow Series
Which of the following is an API? Select all that apply Select one or more: a. An interface that allows one application to directly manipulate the memory system of other applications b. Something used when an application wishes to use a service offered by the operating system c. Something that allows applications to perform the tasks they need without giving them direct access to the underlying hardware d. An interface that allows the programmer to directly access the hardware when needed
c. Something that allows applications to perform the tasks they need without giving them direct access to the underlying hardware
Which of the following is an example of a host based intrusion detection system? a. Hardware that is designed to prevent unauthorized access to a computer system b. A system installed on a user's computer that compares currently running code against large databases of known viruses c. A system installed on a user's computer that keeps track of every permission list and notes any variances d. A system installed on a user's computer that monitors CPU utilization, memory utilization and running processes, searching for anomalies
d. A system installed on a user's computer that monitors CPU utilization, memory utilization and running processes, searching for anomalies
Why do files need protection (access control) by the operating system? a. Malicious users may attempt to access the personal files of another user b. Malicious users may attempt to modify the files that belong to another user c. Malicious users may attempt to access and sell personal data belonging to another user d. All of the above
d. All of the above
Which of the following is not an object type that requires protection by the operating system? a. Files b. Memory c. Users (user authentication) d. All of the above are objects that require protection by the operating system
d. All of the above are objects that require protection by the operating system (?)
How does hashing prevent passwords that are stored by the operating system on a hard drive from being stolen by attackers? Select one: a. By acting much like a non-random function b. By hiding the location of the password in the file system c. By changing the password in a non-random way that is possible to reverse into the original password d. By providing a cryptographic key so that only the author can reserve the passwords
d. By providing a cryptographic key so that only the author can reserve the passwords
An operating system interfaces with hardware's firmware through: a. Kernels b. Applications c. The keyboard d. Device drivers
d. Device drivers
The storage scheme used by an operating system to organize data on a hard disk is known as a _____. a. Control matrix b. Task manager c. File manager d. File system
d. File system
Which of the following is not a best practice for virus scanner configuration? a. Scanning of programs as they are executed b. Complete scans of all files on a weekly basis c. Automatic updates downloaded multiple times a day d. Monthly removal and re-installation to ensure that the scanner itself has not been compromised by malware
d. Monthly removal and re-installation to ensure that the scanner itself has not been compromised by malware
Information security professionals prefer the term "trust" to "secure" because a. Secure is not totally possible, while trust is b. Trust is a simple to use and understand word for the non-technical c. Trust is not preferred to the term secure d. Secure is a cut-and-dry yes/no quality. While trust can have varying degrees
d. Secure is a cut-and-dry yes/no quality. While trust can have varying degrees
Anti-virus systems should have their libraries updated regularly. Select one: a. Software b. File c. Password libraries d. Signature
d. Signature
Which of the following describes how most anti-virus products work? a. The software watches all network traffic into and out of a system, comparing it to prior traffic patterns, watching for changes b. The software monitors all of the programs on a system, watching for "virus like" characteristics c. The software compares prior behavior of programs to the current behavior, watching for changes that could indicate infection by a virus. d. The software uses signatures to compare the contents of the files on the system to known viruses
d. The software uses signatures to compare the contents of the files on the system to known viruses
What is a file system? Select one: a. A listing of all files stored on a hard disk b. A collection of all of the permanent storage devices (Hard disks, USB drives, CDRWs, etc.) on the system c. A proprietary technology used on Windows to organize files d. The storage schemes used by different operating systems to organize data on a hard disk or other permanent storage device
d. The storage schemes used by different operating systems to organize data on a hard disk or other permanent storage device