Cyber Security Final

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

This systems engineering tool is a diagram that is also used in Systems Analysis and Design; it takes a large process and divides it into smaller, manageable processes Use-Case Diagram Work Breakdown Structure (WBS) Port Scanner Data Flow Diagram (DFD)

Work Breakdown Structure (WBS)

In the Unified Modeling Language, an activity to be performed is represented by a) a "stick man" b) an oval c) a square encompassing other symbols d) an arrow

an oval

Reliability analysis can be applied to cybersecurity engineering. It is the process of a) determining how often a system will fail b) determining how dependable a system is c) determining how systems interact with each other d) determining the frequency of repairs that have to be made to a system

determining how dependable a system is

Which of the following is the most accurate description of Usenet? A global collection of bulletin boards A repository of computer security information A large-scale chat room A nationwide bulletin board

A global collection of bulletin boards

The conflict between the users' goal for unfettered access to data and the security administrator's goal to protect that data is an issue of ______________. Password protection Access control Social engineering System administration

Access control

A(n) ___________is a mathematical process for doing something Cipher Algorithm None of these Formula

Algorithm

Windows stores passwords using a method called __________. Cipher Algorithm None of these Formula

Algorithm

In 2021, the water treatment facility in Oldsmar, FL, which is just north of Tampa, was hit by a ransomware attack. Specifically, this is an example of a(n)? a) A utility attack b) A misinformation attack c) An economic attack d) Attack on a SCADA system

Attack on a SCADA system

Using the __________ cipher you choose some number by which to shift each letter of a text. Caesar DC4 ASCII Multi-alphabet substitution

Caesar

When applying requirements engineering to penetration testing, which of the following is NOT one of the possible techniques that could be used Review past incidents the organization has had Review specific requirements from regulatory bodies and industry standards Create a Cybersecurity Sequence Diagram Create a Use-Case diagram to create a misuse case to model potential misuses of the client system

Create a Cybersecurity Sequence Diagram

Which of the following cybersecurity activities would be most accurately described as engineering? a) Conducting a forensic investigation b) Implementing complex IPS rules c) Creating a requirements traceability matrix d) Implementing asymmetric cryptography

Creating a requirements traceability matrix

__________ is the art to write in or decipher secret code. Encryption Cryptography Decryption Keying

Cryptography

A _________ involves setting up two firewalls: an outer and an inner firewall. DNS server proxy server SSL server DMZ (demilitarized zone)

DMZ (demilitarized zone)

The plan to return a business to full normal operations is ____________ BIA BCP ALE DRP

DRP

Java and ActiveX codes should be scanned before they are _________. Infected Downloaded to your computer None of these Known about

Downloaded to your computer

In which firewall configuration is the firewall running on a server with at least two network interfaces? Router-based Network host-based Screened host Dual-homed host

Dual-homed host

__________ is the most obvious reason for organizations to provide their users with Internet access. Emergency communications E-mail Web meetings Job searching

E-mail

A good password should have at least eight characters and use all lowercase letters.

False

IPsec can only encrypt the packet data but not the header information.

False

If a computer you need to inspect is running, you should first turn it off

False

In Linux the command to set up a target forensics server to receive a copy of a drive is dd.

False

Linux and Windows typically are not shipped with firewalls

False

Only the well-known ports, such as 25 (SMTP), and 80 (HTTP) on a router are possible avenues of entry for a malware or intruder.

False

Principal of least privilege means that no one person can perform critical tasks.

False

Snort is an open-source firewall.

False

Standards are specific instructions on how to handle a specific issue

False

The Windows command fc lists all active sessions to the computer.

False

Mistaking a legitimate program for a virus is a ____________. False negative False positive Heuristic error Sandboxed error

False positive

You may use Linux to make a ______________ of the hard drive Screen shot Forensically valid copy Bootable copy New version

Forensically valid copy

Which of these is NOT one of the two basic types of cryptography? Forward Asymmetric Symmetric

Forward

Pedro is examining a Windows 7 computer. He has extracted the index.dat file and is examining that file. What is in the Index.dat file? Internet Explorer information General Internet history, file browsing history, and so on for a Windows machine All web history for Firefox General Internet history, file browsing history, and so on for a Linux machine

General Internet history, file browsing history, and so on for a Windows machine

The Mean Squared Deviation (MSD) formula gives us insight into a) How the mean of any system model's errors compare to actual values b) How any system diverges from expectations c) How any system meets expectations d) The mean time before a system component will fail

How any system diverges from expectations

Use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for _______ USB drives Desktop configuration Instant messaging Use of VPNs

Instant messaging

Which of the following is the correct term for simply making your system less attractive to attackers? Intrusion deterrence Intrusion detection Intrusion avoidance Intrusion camouflage

Intrusion deterrence

What differentiates Cyber Terrorism from other computer crimes? a) It is politically or ideologically motivated b) It is organized c) It is often more successful d) It is conducted by experts

It is politically or ideologically motivated

You would set a ___________ to prevent users from immediately changing their password several times in one day to return to the current password. This is particularly important if your password policy has a history depth of five. Minimum password length Maximum password length Minimum password age Maximum password age

Minimum password age

On a server, you should create your own accounts with ________ that do not reflect their level of permission. Names Numbers None of these Passwords

Names

Which of the following should NOT be a part of an organization's policy regarding email attachments? It appears to be a legitimate business document It was an expected attachment It came from a known source, and the source is confirmed None of these

None of these

Probing your network for security flaws should occur once a quarter, and a complete audit of your security should be completed ________ per year. Three times Once Twice Four times

Once

Any _________ you do not explicitly need should be shut down. Probes Ports Patches Policies

Ports

Which of the following is the most helpful data you might get from Usenet on a person you are investigating? Postings by the individual you are investigating Criminal records posted Security tips to help you investigate Negative comments made by others about your target

Postings by the individual you are investigating

Using asymmetric encryption, I want to encrypt a message I'm sending to you. So I will obtain your ______ key, which is available to anyone, to encrypt the message, and you will use your ______ key to read it. Private, public Public, private Hashed, unique Asymmetric, symmetric

Public, private

The rule that packets not originating from inside your LAN should not be forwarded relates to ___________. Workstations Servers Switches Routers

Routers

This type of diagram shows how objects interact over time. Security Sequence diagram Data Flow diagram (DFD) Use-Case diagram Timing diagram

Security Sequence diagram

Which of the following is a step you might take for large networks but not for smaller networks? Segment the network with firewalls between the segments Do criminal background checks for network administrators Use antivirus software on all machines on the network Use a IDS

Segment the network with firewalls between the segments

Which modeling language is used by systems engineers? a) UML b) SysML c) DML d) SecML

SysML

A file that stays in memory after it executes is a(n) _____________. Bug Terminate and Stay Resident program Executable Text file

Terminate and Stay Resident program

Frequently the first responder to a computer crime is ________. The news media Law enforcement personnel The network administrator A systems analyst

The network administrator

What is the primary advantage to using a commercial web search service? They are legally entitled to searches, you are not They can do a more thorough job than you can They can get information you cannot They can get the information faster than you can

They can get the information faster than you can

What is the most appropriate tool for capturing the requirements of any security process or system? Sequence diagram Use-Case diagram SysML Traceability matrix

Traceability matrix

A digital signature is used to guarantee who sent a message. This is referred to as nonrepudiation.

True

A good rule of thumb for a password history policy is a history depth of five.

True

A server with fake data used to attract an attacker is a honeypot

True

Cipher text is encrypted text.

True

Kerberos is an authentication protocol that uses a ticket granting system that sends an encrypted ticket to the user's machine.

True

One reason allowing a user to change the desktop configuration poses a security problem is that to change a desktop the user must also be given rights to change other system settings

True

Passwords are an area of user policies.

True

The Windows Registry contains a list of USB devices that have been connected to the machine.

True

There are no restrictions on information you can post on Usenet.

True

There should be a firewall between your network and the outside world

True

VPNs that encrypt BOTH the header AND the payload (data) of a packet are said to be running in _________ mode SSL Transport Security Association Tunnel

Tunnel

What type of diagram is used to show how any entity might interact with a system? Data interface diagram Use-Case diagram Sequence diagram Requirements diagram

Use-Case diagram

Passwords, Internet use, email attachments, software installation, instant messaging, and desktop configuration are areas of ______. Computer policies User policies Network policies Documentation

User Policies

As described in class, which of the following Wi-Fi Security protocols does NOT use a bit-stream cipher WPA2 TKIP WEP WPA

WPA2

This lists all of the USB devices that have been connected to a Windows PC Windows registry Security logs Windows log files Cache memory

Windows registry

It would be advisable to obtain __________ before running a background check on any person. A Social Security Number Verbal permission An IP address Written permission

Written permission

Procedures for adding users, removing users, and dealing with security issues are examples of ___________ policies. Computer User System administration Network administration

System administration


Ensembles d'études connexes

Argument in George Orwell's "Politics and the English Language" Quiz

View Set

Bio 113 Midterm #3 Chapters 7-11 Integrating and Review Questions

View Set

Emerging Infectious Diseases Final

View Set

INCD 1 Practice Exam 1 (3/30/19)

View Set