202 Homework 2
List at least five physical security controls.
1) Guards 2)Mantraps 3) walls/fencing 4)Dogs 5)ID Cards and badges 5) Alarms and Alarm System
List five factors for authentication.
1) Knowledge 2) Ownership 3)Characteristics 4) Location 5) Action
List three solutions to prevent insider threats.
1) Separation of Duties 2) Least Privilege Policy 3) Strict password and account management polices
____________________ validate the identity of the owner of the public key.
Certificate Authorities
____________________ attacks leverage the fact that users are often logged into multiple sites at the same time and use one site to trick the browser into sending malicious requests to another site without the users' knowledge.
Cross-site Request Forgery (XSRF or CSRF)
____________________ attacks occur when an attacker embeds malicious scripts without permission in a third-party website that are later run by innocent visitors to that site.
Cross-site Scripting (XSS)
Which of the following wireless security mechanisms is subject to a spoofing attack? a. WEP b. WPA c. WPA 2 Enterprise d. MACaddressfiltering
D. MAC Address filtering
____________________ is to verify the integrity of the file and provide non-repudiation.
Digital Signature
Hashing functions require the use of keys. (True or False)
False
Insider attacks usually require the advance knowledge of network. (True or False)
False
Insider threat is always occurred by the insider who has malicious intention (e.g., fraud, unauthorized trading, and espionage)(True or False)
False
You should use easy-to-remember personal information to create secure passwords. (True or False)
False
Session Hijacking is the process in which a user's or organization's cloud account credentials are stolen and exploited by an unauthorized attacker. [ T / F , if F, then ]
False, Account Hijacking
Symmetric encryption uses two different keys: public key(to encipher)and private key(to decipher). (true or false if not correct)
False, Asymmetric Encryption
MAC addresses are a unique identifier allotted to communication devices and are not changeable. (True or False)
False, Changeable
Digital Certificates are the encrypted messages that can be mathematically proven to be authentic. (true or false if not correct)
False, Digital Signature
IaaS (Infrastructure as a Service) gives the customer access to applications running in the cloud. [ T / F , if F, then ]
False, Software as a Service
WEP (Wired Equivalent Privacy) is the strongest encryption protocol for the wireless network. [T/F, if F ,then ]
False, WPA2 (3)
What is the difference between MAC spoofing and ARP spoofing?
MAC Spoofing change mac address updates to hackers MAC address ARP Spoofing access to the request to the switch the vulnerability ARP tables only remember most updated mapping
The spoofed ARP packets contain the attacker's ________________ and the target's ________________.
MAC address, IP Address
____________________ enables a user to allow third-party application to access APIs on that user's behalf; for example, when Facebook asks a user if a new application can have access to his photos.
OAuth
ARP (address resolution protocol) works for mapping an IP address to a MAC address. (True or False)
True
ARP spoofing attack "poisons" the ARP table mapping an IP address to a MAC address. [ T / F, if F, then]
True
An Application Program Interface (API) refers to tools for creating software applications.(True or False)
True
An insider threat is occurred by a current or former employee, contractor or business partner who has or had authorized access to an organization's network systems, data or premises. (True or False)
True
Cloud venders expose a set of software interface or APIs in which customers use to interact with cloud services. (True or False)
True
Cookies are designed for websites to remember stateful information (e.g., items added in the cart in Amazon.com.(True or False if F change)
True
Cookies are inherently harmless. (True or False)
True
Fingerprints, palm prints and retina scans are types of biometrics. (True or False)
True
Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in clear text. ( True or False)
True
PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities. (True or False)
True
Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms.( True or False)
True
Pure asymmetric key encryption is not widely used, except with digital certificates. (True or False)
True
To be secure interfaces and APIs, strong authentication and access controls are required with encrypted transmission. (True or False)
True
WAP (wireless access point) is the connection between a wired and wireless network. (True or False)
True
____________________ is a technique used to gain unauthorized access to Wi-Fi wireless network by driving vehicle.
Wardriving
Thieves recently rammed a truck through the entrance of your company's main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again? a. Bollards b. Guards c. CCTV d. Mantrap
a. Bollards
An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it could not meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid? a. Digital signature b. Integrity c. Decryption d. Encryption
a. Digital Signature
The security manager at your company recently updated the security policy. One of the changes requires two-factor authentication. Which of the following will meet this requirement? a. Hardware token and PIN b. Finger print and retina scan c. Password and PIN d. PIN and security questions
a. Hardware Token and PIN
Homer is able to connect to his company's wireless network with his smartphone but not with his laptop computer. Which of the following is the MOST likely reason for this disparity? a. His company's network has a MAC address filter in place. b. His company's network has enabled SSID broadcast. c. His company's network has enabled WEP. d. His company's network has enabled WPA2 Enterprise.
a. His company's network has a MAC Address filter in place
You maintain a training lab with 18 computers. You have enough rights and permissions on these machines so that you can configure them as needed for classes. However, you do not have the rights to add them to your organization's domain. Which of the following choices BEST describes this example? a. Least privilege b. Need to know c. User-based privileges d. BYOU
a. Least privileges
To avoid the nefarious use of cloud computing, which of the following is the BEST safeguard? a. Rigorous registration process b. Paid service c. OAuth d. Firewall
a. Rigorous Registration Process
Jemar recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code: <body onload="document.getElementByID('myform').submit()"> <form id="myForm"action="gcgapremium.com/purchase.php"method="post" <input name="Buy Now" value="Buy Now"/> </form> </body> Which of the following is the MOST likely explanation? a. XSRF(cross-siterequestforgery) b. Bufferoverflow c. SQL injection d. ARPspoofing
a. XSRF (Cross-Site Request Forgery)
An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of characters (more data into the database application's memory than it can handle). What is MOST likely occurring? a. XSRF b. Bufferoverflow c. HTML injection d. DNS poisoning
b. Buffer Overflow
Homer wants to use digital signatures for his emails and realized he needs a certificate. Which of the following will issue Homer a certificate? a. IT department b. CA(CertificateAuthority) c. Email service company d. Recovery agent
b. CA (Certificate Authority)
Which of the following terms describes the process of making and using codes to secure the transmission of information? a. Algorithm b. Cryptography c. Steganography d. Philosophy
b. Cryptography
Which of the following choices BEST describes the organizational trigger in insider threats (TWO)? a. High level of physical access controls b. High level of time pressure c. High level of security training d. High availability and easy of acquiring information
b. Higher level of time pressure and d. high availability and easy of acquiring information
A small business owner modified his wireless router with the following settings: PERMIT 1A:2B:3C:4D:5E:6F DENY 6F:5E:4D:3C:2B:1A After saving the settings, an employee reports that he cannot access the wireless network anymore. What is the MOST likely reason that the employee cannot access the network? a. IPaddressfiltering b. MACaddressfiltering c. DNSfiltering d. URLfiltering
b. MAC Address Filtering
In what type of attack does the attacker send unauthorized commands directly to a database? a. XSS (cross-site scripting) b. SQL injection c. XSRF(cross-siterequestforgery) d. Database dumping
b. SQL Injection
Joe wants to send a secure email to Marge so he decides to encrypt it. Joe wants to ensure that Marge can verify that he sent it. Which of the following does Marge need to verify the certificate that Joe used in this process in valid? a. TheCA(CertificateAuthority)'sprivatekey b. The CA's public key c. Marge's public key d. Marge's private key
b. The CA (Certificate Authority)'s Public Key
Rachel at ABC corp. stores her public key where it can be accessed. Alex at XYZ corp. retrieves it and uses it to encrypt his session (symmetric) key. He sends it to Rachel, who decrypts Alex's session key with her private key, and then uses Alex's session key for short-term private communications. What is MOST likely occurring? a. Symmetric encryption b. Asymmetric encryption c. Hybrid encryption d. Hashing
c. Hybrid Encryption
Of the following choices, which one is a cloud computing option model that the vendor provides access to a computer, but customers must manage the system, including keeping it up to data with current patches? a. PlatformasaService b. SoftwareasaService c. InfrastructureasaService d. Private
c. Infrastructure as a Service
A code review of a web application discovered that the application is not performing boundary checking. What should the web developer add to this application to resolve this issue? a. XSRF b. XSS c. Input validation d. Antivirussoftware
c. Input Validation
Jane and Carl work in an organization that includes a PKI (public key). Carl needs to send a message to Jane. What does Carl use in this process? a. Carl's public key b. Carl's private key c. Jane's public key d. Jane's private key
c. Jane's Public Key
Malicious users inject malicious code or software in Adobe PDF and MS office and upload it to the cloud service. Customers who download the Adobe PDF and the MS office will also execute the malwares. Which of the following choices BEST describes this example? a. Account hijacking b. Session hijacking c. Nefarious use of cloud computing d. SQL injection
c. Nefarious use of cloud computing
Looking at logs for an online web application, you see that someone has entered the following phrase into several queries: 'or '1'='1'-- Which of the following is the MOST likely explanation for this? a. Bufferoverflow b. XSS (cross-site scripting) c. SQL injection d. Domain hijacking
c. SQL Injection
Your organization hosts a web site and the web site accesses a database server in the internal network. ACLs (access control list) on firewalls prevent any connections to the database sever except from the web server. Database fields hosting customer data are encrypted an all data in transit between the web site server and the database several are encrypted. Which of the following represents the GREATEST risk to the data on the server? a. Theftofthedatabaseserver b. HTML injection c. SQL injection d. Sniffing
c. SQL Injection
Sean wants to ensure that other people cannot view data on his mobile device if he leaves it unattended. What should he implement? a. Encryption b. Cable lock c. Screen lock d. Remote wiping
c. Screen Lock
A security auditor discovered that several employees in the accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. What policy is she recommending? a. Role-based access control b. BYOU c. Separation of duties d. Job rotation
c. Separation of duties
A telecommuting employee calls into his organization's IT help-desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password? a. Verifytheuser'sname b. Disable the user's account c. Verifytheuser'sidentity d. Enable the user's account
c. Verify the user's identity
While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent? a. Man-in-the-Middle b. Phishing c. XSS (cross-site scripting) d. Domain hijacking
c. XSS (Cross-Site Scripting)
What term is used to describe a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message? a. Private-key encryption b. Symmetric encryption c. Advanced Encryption Standard (AES) d. Asymmetric encryption
d. Asymmetric Encryption
Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve two factor authentication? a. Username b. PIN c. Security question d. Fingerprint scan
d. Fingerprint Scan
A function converts data into a string of characters and the string of characters cannot be reversed to re-create the original data. What type of function is this? a. Symmetric encryption b. Asymmetric encryption c. Stream cipher d. Hashing
d. Hashing
Which of the following choices BEST describes the characteristics of malicious insider? a. High loyalty toward their organization b. Highlevelofrationality c. Highlevelofethicalvalues d. High level of compulsive behavior
d. Highly Compulsive Behavior
Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be MOST effective at reducing the success of these attacks? a. Implement a BYOD (bring your own device) policy b. Update the an AUP (acceptable use policy) c. Implement a least privilege policy d. Implement a program to increase security awareness
d. Implement a program to increase security awareness
You are planning to deploy a WLAN and you want to ensure it is secure. Which of the following provides the BEST security? a. Implementing WPA b. Disabling SSID broadcast c. EnablingMACfiltering d. Implementing WPA2
d. Implementing WPA2
Which of the following terms is used to describe the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext? a. Cipher b. Code c. Cleartext d. Key
d. Key
Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren't any visitors in the conference room. You want to prevent theses connections, while maintaining easy access for visitors in the conference room. Which of the following is the BEST solutions? a. Disable SSID broadcasting b. EnableMACfiltering c. Use wireless jamming d. Reduce antenna power
d. Reduce Antenna Power
Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe? a. Spear phishing b. Vishing c. Mantrap d. Tailgating
d. Tailgating
A war driver is capturing traffic from a wireless network. When an authorized client connects, the attacker is able to implement a brute force attack to discover the encryption key. What type of attack did this war driver use? a. WPS attack b. HTML injection c. Packet injection d. WPA cracking
d. WPA Cracking