Chapter 1 & 2 Quiz
How did the Code Red Worm spread? A. It made use of a buffer-overflow condition in Microsoft's IIS web servers that had been known for a month. B. It entered through the victim's Outlook address book software and then replicated itself by sending infected emails to the first 50 contacts. C. It collected key-strokes, screenshots, and network traffic from open ports. D. It exploited a buffer-overflow vulnerability in computers running Microsoft SQL Server or SQL Server Desktop Engine.
A - It made use of a buffer-overflow condition in Microsoft's IIS web servers that had been known for a month.
Which internet worm, released in 1988, is considered to be one of the first real internet crime cases? A. The Morris Worm B. The Slammer Worm C. The Jester Worm D. The Code Red Worm
A - The Morris Worm
Which security principle is characterized by the use of multiple different defense mechanisms with a goal of improving the defensive response to an attack? A. Sandboxing B. Defense in depth C. Reverse-engineering D. Complete mediation
B. Defense in depth
Which security principle states that if you have not specifically been allowed access, then it should be denied? A. Complete mediation B. Implicit deny C. Least privilege D. Security through obscurity
B. Implicit deny
What security design principle states that secrecy itself cannot be relied upon as a means of protection? A. Defense in depth B. Open design C. Encapsulation D. Economy of mechanism
B. Open design
Which attacks represent examples of state-sponsored malware? A. Melissa, Shamoon, and Operation Night Dragon B. Stuxnet, Duqu, and Flame C. "Jester" and Melissa D. Slammer, Code Red, and Melissa
B. Stuxnet, Duqu, and Flame
Which term describes a category of attacks that generally are conducted over short periods of time (lasting at most a few months), involve a smaller number of individuals, have little financial backing, and are accomplished by insiders or outsiders who do not seek collusion with insiders? A. Critical infrastructure category B. Unstructured threat category C. Highly structured threat category D. Structured threat category
B. Unstructured threat category
Which security concept uses the approach of protecting something by hiding it? A. Economy of mechanism B. Least common mechanism C. Security through obscurity D. Open design
C. Security through obscurity
Today the focus of security should be on prevention.
False
Today, the data stored and processed by computers is almost always more valuable than the hardware?
True