3200 Final
What is the Gramm-Leach-Bliley Act? - Implements the principle that a signature, contract, or other record may not be deleted - Denies legal effect, validity, or enforceability solely because it is electronic form - Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications - Makes it a violation of federal law to knowingly use another's identity - A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
A signature database contains a list of the contents of the IP packet header's signature block, for every type of packet the IDS monitors. True or False
A signature database contains a list of the contents of the IP packet header's signature block, for every type of packet the IDS monitors.
What does a host-based IDS monitor? - A single system - Networks - Physical intrusions into facilities - A system and all its surrounding systems
A single system
Simple rule sets that are applied to port number and IP addresses are called - Network address translation - Stateful packet filtering - Access control lists - Basic packet filtering
Access control lists
The Electronic Communications Privacy Act (ECPA) of 1986 - Implements the principle that a signature, contract, or other record may not be - Denies legal effect, validity, or enforceability solely because it is electronic form - Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications - Makes it a violation of federal law to knowingly use another's identity - A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications
What are laws and regulations created by government-sponsored agencies such as the EPA, the FAA, and the FCC? - Statutory laws - Administrative laws - Common laws - Blue laws
Administrative laws
Your boss would like you to implement a network device that will monitor traffic and turn off processes and reconfigure permissions as necessary. To do this you would use - A firewall - A sniffer - A passive HIDS - An active HIDS
An active HIDS
The Wassenaar Arrangement can be described as which of the following? - An international arrangement on export controls for conventional arms as well as dual-use goods and technologies - An international arrangement on import controls - A rule governing import of encryption in the United States - A rule governing export of encryption in the United States
An international arrangement on export controls for conventional arms as well as dual-use goods and technologies
Which component of an IDS examines the collected network traffic and compares it to known patterns of suspicious or malicious activity? - Traffic collector - Analysis engine - Signature database - Examination collector
Analysis engine
The difference between misuse and anomaly IDS models is - Misuse models require knowledge of normal activity, whereas anomaly models don't. - Anomaly models require knowledge of normal activity, whereas misuse models don't. - Anomaly models are based on patterns of suspicious activity. - Anomaly model-based systems suffer from many false negatives
Anomaly models require knowledge of normal activity, whereas misuse models don't.
The security tool that will hide information about the requesting system and make the browsing experience secret is a - Web proxy - Reverse proxy - Anonymizing proxy - Open proxy
Anonymizing proxy
What is a software bomb? - A firework that destroys all the disks and CDs in your library - Any commands executed on the computer that have an adverse effect on the data being investigated - Screensavers that show fireworks going off - Software trying to access a computer
Any commands executed on the computer that have an adverse effect on the data being investigated
Antivirus products do all of the following EXCEPT: - Automated updates - Media scanning - Block network traffic based on policies - Scan e-mail for malicious code and attachments
Block network traffic based on policies
The law that regulates unsolicited commercial e-mail is the - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
CAN-SPAM Act
Which law prohibits the collection of information from children on web sites? - VPPA - FERPA - COPPA - CFAA
COPPA
Which of the following countries has a long reputation of poor privacy practices? - England - Japan - China - United States
China
What do you call a law based on previous events or precedents? - Statutory law - Administrative law - Common law - Blue law
Common law
Which law makes it a crime to knowingly access a computer that is either considered a government computer or used in interstate commerce, or to use a computer in a crime that is interstate in nature? - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
Computer Fraud and Abuse Act
_____________ is the unauthorized entry into a computer system via any means. - Computer trespass - Computer entry - Computer hacking - Cyber crime
Computer trespass
The EU has developed a comprehensive concept of privacy, which is administered via a set of statutes known as what? - Privacy protection - Data protection - PII protection - ID theft protection
Data protection
What type of evidence is used to aid a jury and may be in the form of a model, experiment, chart, and so on, to indicate that an event occurred? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Demonstrative evidence
Which law makes it illegal to develop, produce, and trade any device or mechanism designed to circumvent technological controls used in copy protection? - Sarbanes-Oxley Act - Digital Millennium Copyright Act - US Digital Signatures Law - Computer Fraud and Abuse Act
Digital Millennium Copyright Act
Oral testimony that proves a specific fact with no inferences or presumptions is what type of evidence? - Hearsay - Real evidence - Direct evidence - Demonstrative evidence
Direct evidence
Business records, printouts, and manuals are what type of evidence? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Documentary evidence
What must you do in order to sniff the traffic on all ports on a switch? - Nothing; you can see all the traffic on a switch by default. - Nothing; a switch does not allow you do see all traffic. - Enable port mirroring. - Run a cable to each port.
Enable port mirroring.
Which of the following rules applies to evidence obtained in violation of the Fourth Amendment of the Constitution? - Best evidence rule - Exclusionary rule - Hearsay rule - Evidentiary rule
Exclusionary rule
Which of the following is NOT a component of an IDS? - Traffic collector - Signature database - Expert knowledge database - User interface and reporting
Expert knowledge database
A principal reference for rules governing the export of encryption can be found in the - Bureau of Industry and Security - U.S. Department of Commerce - Export Administration Regulations - State Department
Export Administration Regulations
Which of the following is a characteristic of the Patriot Act? - Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet - A major piece of legislation affecting the financial industry, and also one with significant privacy provisions for individuals - Makes it a violation of federal law to knowingly use another's identity - Implements the principle that a signature, contract, or other record may not be deleted - Denies legal effect, validity, or enforceability solely because it is electronic form
Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet
Which law mandates that information that is no longer needed must be properly disposed of, either by burning, pulverizing, or shredding? - FCRA - PCI DSS - FACTA - GBLA
FACTA
Which act requires credit agencies to perform timely investigations on inaccuracies reported by consumers? - FCRA - PCI DSS - FACTA - GBLA
FCRA
A school principle allows for student information to be accessed by a marketing company in exchange for goods and services for the school. The principle may have violated which law? - Privacy Act of 1974 - FOIA - FERPA - FACTA
FERPA
Which law was designed to enable public access to US government records? - Privacy Act of 1974 - FOIA - FERPA - FACTA
FOIA
Deploying, maintaining, and upgrading host-based IDSs in a large network is cheaper than NIDSs. True or False
False
FCRA is designed to protect educational records of students at the K-12 level. True or False
False
FERPA was designed to enable public access to US government records. True or False
False
Falsifying header information is not covered by the CAN-SPAM Act. True or False
False
Hostile activity that does not match an IDS signature and goes undetected is called a false positive. True or False
False
In order to identify a specific individual, the entire set of PII must be disclosed. True or False
False
Network-based IDS examines activity on a system such, as a mail server or web server. True or False
False
Privacy laws as they relate to education are very recent phenomena. True or False
False
Privacy laws in Europe are built around the concept that privacy is not a fundamental human right. True or False
False
The governments in Europe and the United States have taken the same approach to controlling privacy through legislation. True or False
False
The low risk of being caught is one of the reasons that criminals are turning to computer crime. True or False
False
The misuse detection IDS model is more difficult to implement than the anomaly detection model, and is not as popular as a result. True or False
False
While NIDS are able to detect activities such as port scans and brute force attacks, it is unable to detect tunneling. True or False
False
Clusters that are marked by the operating system as usable is referred to as which of the following? - Free space - Slack space - Open space - Unused space
Free space
A patient's medical records are shared with a third party who is not a medical professional and without the patient's approval. Which law may have been violated? - FERPA - FOIA - HIPAA - The Medical Records Security and Safety Act
HIPAA
A new breed of IDS that is designed to identify and prevent malicious activity from harming a system. - Dynamic IDS - Preventive IDS - Active IDS - HIPS
HIPS
Which of the following has the least volatile data? - CPU storage - RAM - Hard drive - Kernel tables
Hard drive
Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, fall under which rule of evidence? - Best evidence rule - Exclusionary rule - Hearsay rule - Relevant evidence rule
Hearsay rule
What device would you use to attract potential attacks, so that you could safely monitor the activity and discover the intentions of the attacker? - Firewall - Antivirus - IDS - Honeypot
Honeypot
How does IPS differ from an IDS? - IPS is passive and IDS is active. - IPS uses heuristics and IDS is signature based. - IPS will block, reject, or redirect unwanted traffic; an IDS will only alert. - IDS will block, reject, or redirect unwanted traffic; an IPS will only alert.
IPS will block, reject, or redirect unwanted traffic; an IDS will only alert.
The electronic signatures in the Global and National Commerce Act - Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form - Address a myriad of legal privacy issues resulting from the increased use of computers and other technology specific to telecommunications - Make it a violation of federal law to knowingly use another's identity - Are a major piece of legislation affecting the financial industry, and contains significant privacy provisions for individuals
Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form
Your boss is concerned about employees viewing in appropriate or illegal web sites in the workplace. Which device would be the best at addressing this concern? - Antivirus - Firewall - Protocol analyzer - Internet content filter
Internet content filter
The model that most modern intrusion detection systems use is largely based upon a model created by Dorothy Denning and Peter Neumann called: - Intrusion Detection Interface System (IDIS) - Intrusion Response Interdiction system (IRIS) - Intrusion Detection Expert System (IDES) - Discovery, Haystack, Multics Intrusion Detection and Alerting System (MIDAS)
Intrusion Detection Expert System (IDES)
What is a message digest? - It is a hash function that can be used to compare two files to see if they are identical. - A condensed version of the messages that the computer receives. - Messages that the computer sends to other computers - Availability protocol that establishes links to other computers.
It is a hash function that can be used to compare two files to see if they are identical.
According to SANS Internet Storm Center, the average survival time of an unpatched Windows PC on the Internet is - Less than two minutes - Less than two hours - Less than two days - Less than two weeks
Less than two hours
Antispam does all of the following EXCEPT: - Blacklisting - Malicious code detection - Language filtering - Trapping
Malicious code detection
Which of the following is a standard that provides guidance on the elements of a credit card transaction that needs protection and the level of expected protection? - FCRA - PCI DSS - FACTA - GBLA
PCI DSS
Zone Alarm, Windows ICF, and iptables are all examples of - Antivirus - Antispyware - Antispam - Personal firewalls
Personal firewalls
When taking photographs for use as evidence, what type should be taken? - Digital camera pictures - Film with a high speed shutter - Film with a low speed shutter - Polaroid
Polaroid
The nuisance of web pages that automatically appear on top of your current web page can be remedied with - Antivirus - Antispam - Pop-up blockers - Firewalls
Pop-up blockers
A privacy-enhancing technology called cookie cutter does which of the following? - Makes copies of your information for safe keeping - Makes sure when you connect to sites you use the same appropriate information - Prevents the transfer of cookies between browsers and web servers. - Is used by server to prevent the use of unnecessary cookies
Prevents the transfer of cookies between browsers and web servers.
A structured approach to determining the gap between desired privacy performance and actual privacy performance is called - Personal impact assessment - Privacy information assessment - Personal privacy assessment - Privacy impact assessment
Privacy impact assessment
Which of the following is true about the Family Education Records and Privacy Act of 1974? - Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandated certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet - Protects student records from being accessed by anyone other than the student or student's family - Makes it a violation of federal law to knowingly use another's identity - Implements the principle that a signature, contract, or other record may not be - Denies legal effect, validity, or enforceability solely because it is electronic form
Protects student records from being accessed by anyone other than the student or student's family
Tangible objects that prove or disprove fact are what type of evidence? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Real evidence
Evidence that is material to the case or has bearing on the matter at hand is what standard of evidence? - Sufficient evidence - Competent evidence - Relevant evidence - Real evidence
Relevant evidence
What is the mechanism for self-regulation that can be enforced through trade practice law via the FTC called? - PII protection - Safe sailing - Safe Harbor - Harbor protection
Safe Harbor
What is the law that overhauled the financial accounting standards for publicly traded firms in the United States? - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
Sarbanes-Oxley Act
Egress filtering - Scans incoming mail to catch spam - Scans outgoing mail to catch spam - Messages are scan for specific words or phrases - Filters out POP traffic
Scans outgoing mail to catch spam
What is the space in a cluster that is not occupied by a file called? - Free space - Slack space - Open space - Unused space
Slack space
Windows Defender does all of the following EXCEPT: - Spyware detection and removal - Real-time malware protection - Spam filtering - Examine programs running on your computer
Spam filtering
How does stateful packet filtering differ from basic packet filtering? - Stateful packet filtering looks only at each packet individually. - Stateful packet filtering looks at the packets in relation to other packets. - Stateful packet filtering looks at the destination address. - Stateful packet filtering looks at the source address.
Stateful packet filtering looks at the packets in relation to other packets
What is a law passed by a legislative branch of government called? - Statutory law - Administrative law - Common law - Blue law
Statutory law
Evidence that is convincing or measures up without question is what standard of evidence? - Sufficient evidence - Competent evidence - Relevant evidence - Real evidence
Sufficient evidence
Which of the following is NOT a disadvantage of host-based IDS? - The IDS uses local system resources. - The IDS can have a high cost of ownership and maintenance. - The IDS must have a process on every system you want to watch. - The IDS is ineffective when traffic is encrypted.
The IDS is ineffective when traffic is encrypted.
What is the Convention on Cybercrime? - A convention of black hats who trade hacking secrets Correct Answer - The first international treaty on crimes committed via the Internet and other computer networks - A convention of white hats who trade hacker prevention knowledge - A treaty regulating international conventions
The first international treaty on crimes committed via the Internet and other computer networks
Which of the following is NOT an advantage of network-based IDS? - It takes fewer systems to provide IDS coverage. - They can reduce false positive rates. - Development, maintenance, and upgrade costs are usually lower. - Visibility into all network traffic and can correlate attacks among multiple systems.
They can reduce false positive rates.
One of the advantages of HIDS is that - They can reduce false-positive rates - Their signatures are broader - They can examine data before it has been decrypted - They are inexpensive to maintain in the enterprise
They can reduce false-positive rates
The main purpose of a honeypot is - To identify hackers so they can be tracked down by the FBI - To slow hackers down by providing an additional layer of security that they must pass before accessing the actual network - To distract hackers away from attacking an organization's live network - To help security professionals better understand and protect against threats to the system
To help security professionals better understand and protect against threats to the system
A sniffer must use a NIC in promiscuous mode; otherwise it will not see all the network traffic coming into the NIC. True or False
True
Carnivore is an eavesdropping program for the Internet. True or False
True
Computer trespass is treated as a crime in many countries. True or False
True
Content-based signatures detect character patterns and TCP flag settings. True or False
True
FACTA mandates that information that is no longer needed must be properly disposed of. True or False
True
In the United States, the primary path to privacy is via opt-out, whereas in Europe and other countries, it is via opt-in. True or False
True
Only active intrusion detection systems (IDS) can aggressively respond to suspicious activity, whereas passive IDS cannot. True or False
True
The CAN-SPAM Act allows unsolicited e-mail as long as there is an unsubscribe link; the content must not be deceptive and not harvest emails. True or False
True
The DMCA protects the rights of recording artists and the music industry. True or False
True
The NIDS signature database is usually much larger than that of a host-based system. True or False
True
The Patriot Act permits the Justice Department to proceed with its rollout of the Carnivore program, an eavesdropping program for the Internet. True or False
True
The development of a privacy policy is an essential foundational element of a company's privacy stance. True or False
True
The sale of some types of encryption overseas is illegal. True or False
True
The three things that should govern how good citizenry collects PII are notice, choice, and consent. True or False
True
Two laws that provide wide-sweeping tools for law enforcement to convict people who hack into computers—or use them to steal information—are the ECPA and the CFAA. True or False
True
VPAA is considered to be the strongest US privacy law by many privacy advocates. True or False
True
A video rental store shares its customer database with a private investigator. The rental store may have violated which law? - COPPA - VPPA - FERPA - CFAA
VPPA
In the United States the primary path to privacy is _______. In Europe the primary path to privacy is _________. - opt-in; opt-in - opt-in; opt-out - opt-out; opt-out - opt-out; opt-in
opt-out; opt-in
The term forensics relates to the application of ____________ knowledge to ___________ problems. - legal; computer - complete; software - scientific; legal - familiar; unfamilia
scientific; legal
