CS 450 Final
__________ defenses aim to harden programs to resist attacks in new programs.
Compile-time
A consequence of a buffer overflow error is __________ .
All: -corruption of data used by the program -unexpected transfer of control in the program -possible memory access violation
A buffer _________ is a condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information.
All: overflow overrun overwrite
Which indicator of compromise (IOC) standard is a method of information sharing developed by MITRE?
Cyber Observable Expression (CybOX)
__________ is the monitoring, protecting, and verifying the security of data at rest, in motion, and in use.
Data loss prevention
________ is a combination of development and operations—in other words, a blending of tasks performed by a company's application development and systems operations teams.
DevOps
What is the first rule of incident response investigation?
Do no harm
Which of the following account types would have access to a network printer in Windows?
Domain
Clouds can be created by many entities, but must be internal to an organization.
False
Cryptography is the universal solution to all security problems.
False
If your organization is highly sensitive to sharing resources, you might want to consider the use of a public cloud to reduce exposure and increase your control over security, processing, and handling of data.
False
The generation of a real random number is a trivial task.
False
The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.
False
The use of legacy code in current projects should exempt that code from security reviews.
False
__________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table.
Guard pages
After a user logs in correctly, a ______ is assigned to each process they run.
Kerberos token
________ security protects computer-based data from software- based and communication-based threats.
Logical
How do most advanced persistent threats (APTs) begin?
Most APTs begin through a phishing or spear phishing attack.
______ virtualization systems are typically seen in servers, with the goal of
Native
Which indicator of compromise (IOC) standard is an open-source initiative established by Mandiant that is designed to facilitate rapid communication of specific threat information associated with known threats?
OpenIOC
Which marketing term is used to describe the offering of a computing platform combining multiple sets of software in the cloud?
PaaS
______ software is a centralized logging software package similar to, but much more complex than, syslog.
SIEM
A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server.
SQL injection
Which cloud computing service model involves the offering of software to end users from within the cloud?
SaaS
The ________ is a set of tools that can be used to target attacks at the people using systems; it has applets that can be used to create phishing e-mails, Java attack code, and other social engineering-type attacks.
Social-Engineering Toolkit
______ is the identification of data that exceed a particular baseline value.
Thresholding
Encryption is a failsafe—even if security configurations fail and the data falls into the hands of an unauthorized party, the data can't be read or used without the keys.
True
Information criticality is defined as the relative importance of specific information to the business.
True
The logger command works from the command line, from scripts, or from other files, thus providing a versatile means of making log entries.
True
Windows allows the creation of a local admin account without a password.
True
What does the term waterfall reference?
a software engineering process model
Which software engineering process model is characterized by iterative development, where requirements and solutions evolve through an ongoing collaboration between self-organizing cross-functional teams?
agile model
With the growth of cloud services, applications, storage, and processing, the scale provided by cloud vendors has opened up new offerings that are collectively called ________.
anything as a service
The ______ process retains copies of data over extended periods of time in order to meet legal and operational requirements.
archive
As an Administrator, you create a new user account, but do not add an integrity level. What will Windows do if an integrity check is required for that user?
automatically assign medium integrity
The ______ process makes copies of data at regular intervals for recovery of lost or corrupted data over short time periods.
backup
The first critical step in securing a system is to secure a ______.
base operating system
The ________ command is the Linux command used to change access permissions of a file.
chmod
A __________ is a person or organization that maintains a business relationship with, and uses service from, cloud providers.
cloud carrier
Unvalidated input that changes the code's functioning in an unintended way is which type of application attack?
code injection
Which cloud system is defined as one where several organizations with a common interest share a cloud environment for the specific purposes of the shared endeavor?
community
What are the two components comprising information criticality?
data classification and quantity of data involved
The needs and policy relating to backup and archive should be determined ______.
during the system planning stage
The range of logging data acquired should be determined _______.
during the system planning stage
A prevalent concern that is often overlooked is ________.
dust
A virtual private cloud ________ allows connections to and from a virtual private cloud instance.
endpoint
The routine to clean up memory that has been allocated in a program but is no longer needed is called ________.
garbage collection
A __________ interconnects the IoT-enabled devices with the higher-level communication networks.
gateway
A(n) ________ system is a system that, once deployed, is never modified, patched, or upgraded.
immutable
Which capability must be enabled on firewalls, secure web gateways, and cloud access security brokers to determine if the next system in a communication chain is legitimate or not?
instance awareness
A steady reduction in memory available on the heap to the point where it is completely exhausted is known as a ________.
memory leak
Which command is used to monitor network connections to and from a system?
netstat
The ________ is the element that connects all the computing systems together, carrying data between the systems and users.
network
To examine a DNS query for a specific address, you can use the ________ command.
nslookup
The ________ command sends echo requests to a designated machine to determine if communication is possible.
ping
Which is the correct syntax for the ping command?
ping [options] targetname/address
The first step in deploying new systems is _________.
planning
A __________ cloud provides service to customers in the form of a platform on which the customer's applications can run.
platform as a service
If the characteristics of an incident include a large number of packets destined for different services on a machine, a(n) ________ is occurring.
port scan
The term "________ cloud" refers to a cloud service rendered over a system that is open for public use.
public
A ________ occurs when multiple processes and threads compete to gain uncontrolled access to some resource.
race condition
The network process of separating network elements into segments and regulating traffic between the segments is called ________.
segmentation
The most vulnerable part of an IoT is the __________ .
smart objects/embedded systems
A stack buffer overflow is also referred to as ___________ .
stack smashing
________ is a structured language for cyberthreat intelligence information.
structured threat information expression
In Windows, when an object is assigned a DACL, it contains
the SID of the object owner
Eavesdropping and wiretapping fall into the ________ category.
theft
Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on?
white box testing
In ________ testing, the test team has access to the design and coding elements.
white-box
The design of use cases to test specific functional requirements occurs based on the requirements determined in which phase of the secure development lifecycle?
**coding
__________ comprise measures and mechanisms to ensure operational resiliency in the event of any service interruptions.
Business continuity and disaster recovery
Which cloud computing service model describes cloud-based systems that are delivered as a virtual solution for computing that allows firms to contract for utility computing as needed rather than build data centers?
IaaS
________ threats are specifically designed to overcome prevention measures and seek the most vulnerable point of attack.
Human-caused
Data items to capture for a security audit trail include:
All of the below: -events related to the security mechanisms on the system -operating system access -remote access
The role of physical security is affected by the operating location of the information system, which can be characterized as ______ .
All: static portable mobile
_________ audit trails are generally used to monitor and optimize system performance.
System-level
The first order of business in security audit trail design is the selection of data items to capture.
True
In the computer security world, ________ is a process of assessing the security state of an organization compared against an established standard.
auditing
What term is used for a situation where a scanner fails to report a vulnerability that actually does exist—that is, where the scanner simply missed the problem or didn't report it as a problem?
false negative
What two components are necessary for successful incident response?
knowledge of one's own systems and knowledge of the adversary
A __________ infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
public cloud
Cheryl is a member of the group Developers. What access will she have based on the security descriptor below: Owner: CORP\Blake ACE[0]: Deny Guests Full Control ACE[1]: Allow CORP\Paige Full Control ACE[2]: Allow Administrators Full Control ACE[3]: Allow CORP\Cheryl Read, Write, and Delete ACE[4]: Deny Developers Full Control
read, write, and delete
A ________ is a pattern composed of a sequence of characters that describe allowable input variants.
regular expression
________ is the name for both a tool and a suite of tools: as a suite, it is a group of free, open-source utilities for editing and replaying previously captured network traffic; as a tool, it specifically replays a PCAP file on a network.
tcpreplay
The ________ command provides a list of the hosts, switches, and routers in the order in which a packet passes through them, providing a trace of the network route from source to target.
tracert
Which term describes the hosting of a desktop environment on a central server?
virtual desktop infrastructure
The ________ model is an iterative model designed to enable the construction of increasingly complex versions of a project.
evolutionary
Which type of testing involves running the system under a controlled speed environment?
load testing
__________ applications is a control that limits the programs that can execute on the system to just those in an explicit list.
White listing
The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability.
XSS reflection
The rule that a subject can only write into an object of greater or equal security level is known as
"No Write Down"
Which of the following best defines Trusted computing base (TCB)?
A portion of a system that enforces a particular policy, is resistant to tampering and circumvention and small enough to be analyzed systematically
_________ is a form of overflow attack.
All: -Heap overflows -Return to system call -Replacement stack frame
Which of the following is provided by a Trusted Platform Module?
All: -authenticated boot -certification -encryption
Which of the following is provided by the Common Criteria for Information Technology Security Evaluation?
All: -sets of IT requirements of known validity that can be used to establish the security requirements of prospective products and systems -details how a specific product can be evaluated against known requirements -details a process for responding to changes, and possibly reevaluating the product
The following steps should be used to secure an operating system:
All: -test the security of the basic operating system -remove unnecessary services -install and patch the operating system
______ is the process of defining normal versus unusual events and patterns.
Baselining
Which of the following was created by the DoD 1970's and prevents the leaking/transfer of classified info to less secure clearance levels?
Bell-LaPadula Model
Program input data may be broadly classified as textual or ______.
Binary
Which of the following Windows features encrypts individual files and folders?
Encrypting File System
Which of the following runs program code to execute the TPM commands received from the I/O port?
Execution engine
It is possible to conduct risk management that is purely quantitative.
F
All risks need to be mitigated or controlled.
False
Always analyze a seized system directly on the device.
False
An attacker can generally determine in advance exactly where the targeted buffer will be located in the stack frame of the function in which it is defined.
False
Changing a file's extension will alter the contents of a file.
False
From a forensics perspective, Linux systems have the same artifacts as Windows systems.
False
Most large software systems do not have security weaknesses.
False
Security flaws occur as a consequence of sufficient checking and validation of data and error codes in programs.
False
When analyzing computer storage components, the original system should be analyzed.
False
__________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table.
Guard pages
What is polyinstantiation?
It allows a relation to contain multiple rows with the same primary key;
This function assigns a security level to each subject and object.
Level function f
Which action is an example of transferring risk?
Management purchases insurance for the occurrence of an attack.
Windows Trusted Platform Module _____
Moves sensitive cryptographic operations to hardware
Who operate the Common Criteria Evaluation and Validation Scheme in the U.S.?
NIST and the NSA
What tool is the protocol/standard for the collection of network metadata on the flows of network traffic?
NetFlow
________ security provides perimeter security, access control, smoke and fire detection, fire suppression, some environmental protection, and usually surveillance systems, alarms, and guards.
Premises
In Windows, every permission check is performed by
SRM
Oral testimony that proves a specific fact with no inferences or presumptions is which type of evidence?
direct evidence
Business records, printouts, and manuals are which type of evidence?
documentary evidence
The range of logging data acquired should be determined _______.
during the system planning stage
With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected.
dynamically linked shared libraries
Which event is an example of a tangible impact?
endangerment of staff or customers
________ consists of the documents, verbal statements, and material objects that are admissible in a court of law.
evidence
Which term refers to a measure of the magnitude of loss of an asset?
exposure factor (EF
Although important, security auditing is not a key element in computer security.
false
Large organizations typically have the resources to protect everything against all threats.
false
The purpose of the system does not need to be taken into consideration during the system security planning process.
false
The term ________ relates to the application of scientific knowledge to legal problems.
forensics
Clusters on a hard disk that are marked by the operating system as usable when needed are referred to as ________.
free space
The major advantage of ________ is its simplicity and its freedom from assumptions about the expected input to any program, service, or function.
fuzzing
Microsoft's 80/20 rule recommends
if a feature is not used by 80% of the population, it should be disabled by default
The term "________" describes a series of digits near the beginning of the file that provides information about the file format.
magic number
Which attack type is common, and to a degree, relatively harmless?
port scan
Which term refers to the process of subjectively determining the impact of an event that affects a project, program, or business?
qualitative risk assessment
Tangible objects that prove or disprove facts are what type of evidence?
real evidence
A(n) ________ is calculated by measuring system time with an external clock such as a Network Time Protocol (NTP) server.
record time offset
Evidence that is material to the case or has bearing on the matter at hand is known as ________.
relevant evidence
Which term refers to a risk that remains after implementing controls?
residual risk
Which term refers to the possibility of suffering harm or loss?
risk
Which term refers to a list of the risks associated with a system
risk register
The aim of the specific system installation planning process is to maximize _______ while minimizing costs.
security
A _______ is an independent review and examination of a system's records and activities.
security audit
The final step in the process of initially securing the base operating system is ________.
security testing
________ audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions.
User-level
________ is an iterative process of proactively searching out threats inside the network.
threat hunting
______ is the identification of data that exceed a particular baseline value.
thresholding
How is quarantine accomplished?
through the erection of firewalls that restrict communication between machines
In a DBMS using Multilevel Security, what would be the primary reason for allowing polyinstantiation?
to allow multiple roles to read data**
What is the purpose of Trusted System Certification Service?
to provide a method for creating digital certificates
A very common configuration fault seen with Web and file transfer servers is for all the files supplied by the service to be owned by the same "user" account that the server executes as.
true
According to ISO 27002, the person(s) carrying out the audit should be independent of the activities audited.
true
Injection attacks variants can occur whenever one program invokes the services of another program, service, or function and passes to it externally sourced, potentially untrusted information without sufficient inspection and validation of it.
true
Means are needed to generate and record a security audit trail and to review and analyze the audit trail to discover and investigate attacks and security compromises.
true
PowerShell Core is a cross platform version of PowerShell that runs on Windows, Linux and MacOS.
true
Protection of the audit trail involves both integrity and confidentiality.
true
The first order of business in security audit trail design is the selection of data items to capture.
true
The foundation of a security auditing facility is the initial capture of the audit data.
true
Windows allows the creation of a local admin account without a password.
true
The three operating system security layers are: physical hardware, operating system kernel, and _________.
user applications and utilities
________ refers to a technology that provides an abstraction of the computing resources that run in a simulated environment.
virtualization
Which term refers to characteristics of resources that can be exploited by a threat to cause harm?
vulnerabilities
A(n) ________ is any characteristic of an asset that can be exploited by a threat to cause harm.
vulnerability
______ is detection of events within a given set of parameters, such as within a given time period or outside a given time period.
windowing
When analyzing computer storage components, a system specially designed for forensic examination, known as a forensic ________, can be used.
workstation
The ________ is a list of known vulnerabilities in software systems.
Common Vulnerabilities and Exposures (CVE) enumeration
_________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.
Environment variables
__________ defenses aim to detect and abort attacks in existing programs.
Run-time
_____ is a database that stores accounts data and relevant security information about local principals and local groups
SAM
What should an incident response team do when they are notified of a potential incident?
The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.
Which term refers to a network connection used to interconnect virtual private clouds and on-premises networks?
Transit Gateway
Baselining is the process of determining a standard set of functionality and performance.
True
One of the characteristics of cloud computing is transparency to the end user.
True
A Reference Monitor enforces which of the following security design principles
Complete mediation
How many labels are provided by Windows Integrity Control?
4
Persistence is one of the key elements of a whole class of attacks referred to as ________; they place two elements at the forefront of all activity: invisibility from defenders and persistence.
Advanced Persistent threats
Which formula represents the annualized loss expectancy (ALE)?
ALE = single loss expectancy (SLE) × annualized rate of occurrence (ARO)
__________ aim to prevent or detect buffer overflows by instrumenting programs when they are compiled.
Compile-time defenses
______ systems should not run automatic updates because they may possibly introduce instability.
Change controlled
Which security model is designed to avoid conflicts of interest by prohibiting one person, such as a consultant, from accessing multiple conflict of interest (Col) categories?
Chinese Wall Model
Blocking assignment of form field values to global variables is one of the defenses available to prevent a __________ attack.
PHP remote code injection
"Incorrect Calculation of Buffer Size" is in the __________ software error category.
Risky Resource Management
A qualitative risk assessment relies on judgment and experience.
True
At the basic machine level, all of the data manipulated by machine instructions executed by the computer processor are stored in either the processor's registers or in memory.
True
Defensive programming requires a changed mindset to traditional programming practices.
True
Key issues from a software security perspective are whether the implemented algorithm correctly solves the specified problem, whether the machine instructions executed correctly represent the high level algorithm specification, and whether the manipulation of data values in variables is valid and meaningful.
True
Programmers often make assumptions about the type of inputs a program will receive.
True
There is a problem anticipating and testing for all potential types of nonstandard inputs that might be exploited by an attacker to subvert a program.
True
There is no recovery from data that has been changed.
True
System conditions requiring immediate attention is a(n) _______ severity.
alert
Security concerns that result from the use of virtualized systems include ______.
all: -guest OS isolation -guest OS monitoring by the hypervisor -virtualized environment security
What is Microsoft SmartScreen?
an Edge browser feature that warns users of malicious sites before they are loaded
The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail.
audit trail collector
In which of the following processes does TC hardware check that valid software has been brought in by verifying a digital signature associated with the software?
authenticated boot service
Which of the following privileges is assigned to all Windows users by default?
bypass traverse checking
The process of transforming input data that involves replacing alternate, equivalent encodings by one common value is called _________.
canonicalization
Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure?
change management
Unix and Linux systems use a ________ which restricts the server's view of the file system to just a specified portion.
chroot jail
Once the system is appropriately built, secured, and deployed, the process of maintaining security is ________.
continuous
A(n) ________ is a measure taken to detect, prevent, or mitigate the risk associated with a threat.
control
This type of analysis attempts to identify any potential means for bypassing security policy and ways to reduce or eliminate such possibilities.
covert channel analysis
