final final cis

The best defense against being an unwitting participant in a DDoS attack is to prevent your systems from being compromised

True

There is very little that can be done to prevent a flash crowd

True

C. Environment variables A. Deadlocks B. Privileges C. Environment variables D. Race conditions

_________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

Replay, masquerade, modification of messages, and denial of service are example of ______________ attacks.

active

A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.

attack

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________.

attack

The four lines of defense against DDoS attacks are: attack prevention and preemption attack detection and filtering, attack source traceback and identification and ______

attack reaction

A loss of _________ is the disruption of access to or use of information or an information system.

availability

A characteristic of reflection attacks is the lack of ______ traffic

backscatter

2. Data is simply an array of _________ .

bytes

11. A _________ value is named after the miner's bird used to detect poisonous air in a mine and warn miners in time for them to escape.

canary

A ______ is a graphical puzzle used to attempt to identify legitimate human initiated interactions

captcha

A loss of _________ is the unauthorized disclosure of information.

confidentiality

Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________________ plan.

contingency

A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.

countermeasure

A(n) _____________ is any means taken to deal with a security attack.

countermeasure

The assurance that data received are exactly as sent by an authorized entity is ________________.

data integrity

Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.

deception

The _________ prevents or inhibits the normal use or management of communications facilities.

denial of service

A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.

digital signature

A threat action in which sensitive data are directly released to an unauthorized entity is __________.

exposure

14. Gaps, or __________ , are flagged in the MMU as illegal addresses, and any attempt to access them results in the process being aborted.

guard pages

13. The _________ is typically located above the program code and global data and grows up in memory (while the sack grows down toward it).

heap

A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

high

When a DoS attack is detected, the first step is to

identifying the attack

To respond successfully to a DoS attack a good _______ plan is needed that includes details of how to contact technical personal for your ISP(s)

incident response

A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.

inside attack

An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

masquerade

The OSI security architecture focuses on security attacks, __________, and services.

mechanisms

Release of message contents and traffic analysis are two types of _________________ attacks.

passive

6. Shellcode has to be __________, which means it cannot contain any absolute address referring to itself.

position independent

Modifying the system's TCP/IP network code to selectively drop an entry for an incomplete connection form the TCP connections table when it overflows , allowing a new connection attempt to proceed is_______

random drop

Security implementation involves four complementary courses of action: prevention, detection, response, and _________.

recovery

If an organzation is dependent on network services it should consider mirroring and _____ these servers over multiple sites with multiple network connections

replicated

A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.

risk

A __________ is any action that compromises the security of information owned by an organization.

security attack

5. An essential component of many buffer overflow attacks is the transfer of execution to code supplied by the attacker and often saved in the buffer being overflowed. This code is known as _________ .

shellcode

15. In the classic __________ overflow, the attacker overwrites a buffer located in the local variable area of a stack frame and then overwrites the saved frame pointer and return address.

stack buffer

3. A ___________ overflow occurs when the targeted buffer is located on the stack, usually as a local variable in a function's stack frame.

stack buffer

Misappropriation and misuse are attacks that result in ____________ threat consequences.

usurpation

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________.

vulnerability

True

Injection attacks variants can occur whenever one program invokes the services of another program, service, or function and passes to it externally sourced, potentially untrusted information without sufficient inspection and validation of it.

12. _________ attacks can occur in a binary buffer copy when the programmer has included code to check the number of bytes being transferred, but due to a coding error, allows just one more byte to be copied than there is space available.

Off-by-one

9. The __________ project produces a free, multiplatform 4.4BSD-based UNIX-like operating system.

OpenBSD

__________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Privacy

8. __________ defenses aim to detect and abort attacks in existing programs.

Run-time

It is possible to specifically defend against the ____ by using a modified version of the TCP connection handling code

SYN spoofing attack

In both direct flooding attacks and _____ the use of spoofed source addresses result in response packets being scattered across the internet and thus detectable

SYN spoofing attacks

______ attempts to monopolize all available request handling threads on the web server by sending HTTP requests that never complete

Slowloris

10. __________ is one of the best known protection mechanisms that is a GCC compiler extension that inserts additional function entry and exit code.

Stackguard

________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

System Integrity

Availability assures that systems works promptly and service is not denied to authorized users. True or False

T

Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. True or False

T

Computer security is protection of the integrity, availability, and confidentiality of information system resources. True or False

T

Data integrity assures that information and programs are changed only in a specified and authorized manner. True or False

T

Hardware is the most vulnerable to attack and the least susceptible to automated controls. True or False

T

In the context of security our concern is with the vulnerabilities of system resources. True or False

T

Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system. True or False

T

The first step in devising security services and mechanisms is to develop a security policy. True or False

T

The more critical a component or service, the higher the level of availability required. True or False

T

X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications. True or False

T

1. The buffer overflow type of attack has been known since it was first widely used by the __________ Worm in 1988. A. Code Red B. Slammer C. Morris Internet D. Alpha One

C

10. The __________ used a buffer overflow exploit in "fingerd" as one of its attack mechanisms. A. Code Red Worm B. Sasser Worm C. Morris Internet Worm D. Slammer Worm

C

B. secure programming A. variable programming B. secure programming C. interpretive programming D. chroot programming

3. Defensive programming is sometimes referred to as _________.

11. In 2003 the _________ exploited a buffer overflow in Microsoft SQL Server 2000. A. Slammer worm B. Morris Internet Worm C. Sasser worm D. Code Red worm

A

15. Traditionally the function of __________ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program. A. shellcode B. C coding C. assembly language D. all of the above

A

5. The function of ________ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program. A. shellcode B. stacking C. no-execute D. memory management

A

7. __________ aim to prevent or detect buffer overflows by instrumenting programs when they are compiled. A. Compile-time defenses B. Shellcodes C. Run-time defenses D. All of the above

A

14. _________ is a tool used to automatically identify potentially vulnerable programs. A. Slamming B. Sledding C. Fuzzing D. All of the above

C

13. The buffer is located __________ . A. in the heap B. on the stack C. in the data section of the process D. all of the above

D

2. A buffer _________ is a condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. A. overflow B. overrun C. overwrite D. all of the above

D

3. A consequence of a buffer overflow error is __________ . A. corruption of data used by the program B. unexpected transfer of control in the program C. possible memory access violation D. all of the above

D

The best defense against broadcast amplification attacks is to block the use of broadcasts

IP-directed

4. "Smashing the Stack for Fun and Profit" was a step by step introduction to exploiting stack-based buffer overflow vulnerabilities that was published in Phrack magazine by _________ .

Aleph One

12. A buffer overflow in Microoft Windows 2000/XP Local Security Authority Subsystem Service was exploited by the _________ . A. Aleph One B. Sasser worm C. Slammer worm D. none of the above

B

4. A stack buffer overflow is also referred to as ___________ . A. stack framing B. stack smashing C. stack shocking D. stack running

B

8. __________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table. A. MMUs B. Guard pages C. Heaps D. All of the above

B

6. The Packet Storm Web site includes a large collection of packaged shellcode, including code that can: A. create a reverse shell that connects back to the hacker B. flush firewall rules that currently block other attacks C. set up a listening service to launch a remote shell when connected to D. all of the above

D

9. _________ is a form of overflow attack. A. Heap overflows B. Return to system call C. Replacement stack frame D. All of the above

D

Since filtering needs to be done as close to the source as possible by routers or gateways knowing the valid address randges of incoming packets, and ________ is best placed to ensure that valid source addresses are used in all packets form its customers

ISP

1. A __________ can occur as a result of a programming error when a process attempts to store data beyond the limits of a fixed-size buffer and consequently overwrites adjacent memory locations.

Buffer overflow (can also accept buffer overrun or buffer overwrite as the answer)

__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Traffic padding

7. __________ defenses aim to harden programs to resist attacks in new programs.

Compile-time

A SIP flood attacks exploits the fact that a single INVITE request triggers considerable resource consumption

True

. ___________________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

Computer Security

Confidentiality, Integrity, and Availability form what is often referred to as the _____.

CIA triad

Flooding attacks take a variety of forms based on which network protocol is being used to implement the attack

True

In a _____ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system

DNS amplification

A _______ is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units, memory, band width, and disk space.

DoS

Assurance is the process of examining a computer product or system with respect to certain criteria. True or False

F

Contingency planning is a functional area that primarily requires computer security technical measures. True or False

F

Security mechanisms typically do not involve more than one particular algorithm or protocol. True or False

F

The "A" in the CIA triad stands for "authenticity". True or False

F

Threats are attacks carried out. True or False

F

In the United States, student grade information is an asset whose confidentiality is regulated by the __________.

FERPA (Family Educational Rights and Privacy Act)

Reflector and amplifier attacks use compromised systems running the attacker's programs

False

Slowloris is a form of ICMP flooding

False

The attacker needs access to a high-volume network connection for a SYN spoof attack

False

False

The correct implementation in the case of an atomic operation is to test separately for the presence of the lockfile and to not always attempt to create it.

A. lock A. lock B. code injection C. chroot jail D. privilege escalation

The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _______ on the shared file, ensuring that each process has appropriate access in turn.