CSCI 290 Final
What information would provide the most accurate results for locating a person?
First name, last name, and state
Which of the following should not be recommended as acceptable email attachments?
Flash animations
In Windows the log that contains events collected from remote computers is the ____________ log.
Forwardedevents
What is in the Index.dat file?
General Internet history, file browsing history, and so on for a Windows machine
Which of the following is most likely to be true of an encryption method that is advertised as unbreakable?
It is likely to be exaggerated
What differentiates cyber terrorism from other computer crimes?
It is politically or ideologically motivated
What is the main problem with simple substitution?
It maintains letter and word frequency
Why do you not want too much personal data about you on the Internet?
It might be used by an identity thief to impersonate you
Which of the following is a likely reason that an organization might be reluctant to admit it has been a victim of corporate espionage?
It might cause stock value to decline
Which of the following is a disadvantage to using an application gateway firewall?
It uses a great deal of resources
What is a major weakness with a network host-based firewall?
Its security is depended on the underlying operating system
What is the most basic rule of computer security?
Keep systems patched
What is one way of checking emails for virus infections?
Look for subject lines that are from known virus attacks
Which of the following military/government systems would most likely be the target of a successful computer hack?
Low-security logistical system
In 1996 a hacker allegedly associated with the white supremacist movement temporarily disabled a ___________ ISP.
Massachusetts
Microsoft Windows includes BitLocker in some editions, so entire hard drives can be encrypted.
True
One technique of disinformation is to pad a message with noise that the enemy will perceive as valuable information.
True
Radio Free Europe was supported by Western democracies during the Cold War.
True
The U.S. Patriot Act specifically deals with cyberterrorism.
True
The most widely used symmetric key algorithm is Advanced Encryption Standard.
True
There are no restrictions on information you can post on Usenet.
True
There should be a firewall between your network and the outside world.
True
When an administrator proactively seeks out intelligence on potential threats or groups, this is called infiltration.
True
Windows stores web browsing information in a file called index.dat.
True
Using Linux to wipe the target drive, the command-line command would be ___ .
dd
What is the name of the Standard Linux command that is also available as a Windows application that can be used to create bitstream images and make a forensic copy?
dd
The Linux log file that can reveal attempts to compromise the system or the presence of a virus or spyware is
/var/log/apport.log
Where does Linux store email server logs?
/var/log/mail.*
If your machine is not used as a server and is not on a local network, what packet-filtering strategy should you use?
Block all ports except 80
What is the rule about ports?
Block all unused ports
Which of the following is a cyber attack that would likely cause imminent loss of life?
Disruption of chemical plant control systems
A(n) ________attack on data can include stealing or destroying data.
Economic
What is the most likely damage from an act of cyber terrorism?
Economic loss
Which of the following is not a significant security risk posed by instant messaging?
Employees may send harassing messages
Which of the following does not demonstrate the need for policies?
End users are generally not particularly bright and must be told everything
A digital signature is used to guarantee who sent a message. This is referred to as non-repudiation.
False
A good password should contain only letters and numbers.
False
For individual computers not running firewall software, you should directly close ports.
False
Most Windows logs are turned on automatically.
False
Snort is an open-source firewall.
False
The Patriot Act was the first U.S. law to criminalize theft of commercial trade secrets.
False
The method to attract an intruder to a subsystem setup for the purpose of observing him is called intrusion deterrence.
False
www.yahoo.people.com is the website for Yahoo! People Search.
False
The Windows command fc lists all active sessions to the computer.
False Ñ The command net sessions lists any active sessions connected to the computer you run it on
Using Linux to backup your hard drive, if you want to create a hash, you would use the command-line command
md5sum
A password policy for a 90- or 180-day replacement schedule is called password
Age
Which of the following methods uses a variable-length symmetric key?
Blowfish
A propaganda agent can manage multiple online personalities, posting to many different
Bulletin boards and discussion groups
Which of the following is not one of the basic types of firewalls?
Heuristic firewall
What is the rule in access control?
The least access job requirements allow
What is most important to learn about a person listed in a sex offender registry?
The nature of her specific crime
Frequently the first responder to a computer crime is
The network administrator
Which of the following conflicts had a cyber warfare component?
1990 Kosovo crisis
What size key does a DES system use?
56 Bit
A good password has at least ______ characters.
8
Which of the following would be least important to know about a potential business partner?
A 15-year-old marijuana possession arrest
Which of the following is the most accurate description of Usenet?
A global collection of bulletin boards
What is the highest level of security you can expect to obtain?
A level of security that makes the effort required to get information more than the value of the information
Which of the following is a list of items that should be implemented in all secure code?
All code checked for backdoors or Trojans, all buffers have error handling to prevent buffer overruns, all communication adheres to organizational guidelines, all communication activity thoroughly documented
How could a hacker use information about you found through Internet searches?
All of the above
If you are hiring a new employee, which of the following should you do?
All of the above
Which of the following are important to the investigator regarding logging?
All of the above
Which of the following is true of the room in which the server is located?
All of the above
In the context of preventing industrial espionage, why might you wish to limit the number of company CD burner and control access to them in your organization?
An employee could use such media to take sensitive data out
What method do most IDS software implementations use?
Anomaly detection
The command Openfiles shows what?
Any shared files that are opened
Which of the following is the appropriate sequence for a change request?
Business unit manager requests change > IT unit verifies request > security unit verifies request > request is scheduled with rollback plan > request is implemented
How do most antispyware packages work?
By looking for known spyware
Which of the following agencies has allegedly had one of its cyber spies actually caught?
CIA
Which of the following certifications is the most prestigious?
CISSP
Which of the following is the oldest encryption method discussed in this text?
Caesar cipher
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
Chain of custody
What should an employee do if she believes her password has been revealed to another party?
Change your own password immediately
Which of the following most accurately defines encryption?
Changing a message so it can only be easily read by the intended recipient
Which web search approach is best when checking criminal backgrounds?
Check the current and previous state of residence
Chinese hackers whose stated goal is to infiltrate Western computer systems are called the
China Eagle Union
________ can include logs, portable storage, emails, tablets, and cell phones.
Computer evidence
Most companies perform the same _________ background check of network administrators as they do of any other person.
Cursory
Which of the following is a symmetric key system using 64-bit blocks?
DES
Which of the following is not an example of financial loss due to cyber terrorism?
Damage to facilities including computers
"Interesting data" is what?
Data relevant to your investigation
What is the greatest security risk to any company?
Disgruntled employees
Sending a false message with weak encryption, intending it to be intercepted and deciphered, is an example of what?
Disinformation
The process to make a system as secure as it can be without adding on specialized software or equipment is
Hardening
How might an identity thief use the Internet to exploit his victim?
He might find even more information about the target and use this information to conduct his crime
What is the name for scanning that depends on complex rules to define what is and is not a virus?
Heuristic scanning
What is the term for a fake system designed to lure intruders?
Honey pot
What is password age?
How long a user has had a password
What should you be most careful of when looking for an encryption method to use?
How long the algorithm has been around
Which of the following is the appropriate sequence of events for a departing employee?
IT is notified of the departure > all logon accounts are shut down > all access (physical and electronic) is disabled > the employee's workstation is searched/scanned
Which of the following is the appropriate sequence of events for a new employee?
IT is notified of the new employee and the requested resources > employee is granted access to those resources > employee is briefed on security/acceptable use > employee signs acknowledging receipt of a copy of security rules
A discarded credit card receipt or utility bill could be the starting point from which a perpetrator finds enough information to assume a victim's
Identity
Which of the following is not an area that user policies need to cover?
If and when to share passwords
Why should you note all cable connections for a computer you want to seize as evidence?
In case other devices were connected
Of the websites listed in this chapter, which would be the most useful in obtaining the address and phone number of someone who does not live in the United States?
Infobel
What would be most important to block end users from doing on their own machine?
Installing software or changing system settings
Which of the following is a political group that has already used the Internet for political intimidation?
Internet Black Tigers
Which of the following is the correct term for simply making your system less attractive to intruders?
Intrusion deterrence
Why is binary mathematical encryption not secure?
It does not change letter or word frequency
What advantage does a symmetric key system using 64-bit blocks have?
It is fast
Which of the following is an encryption method using two or more different shifts?
Multi-alphabet encryption
Which of the following might be an example of domestic cyber terrorism?
MyDoom virus
On a server, you should create your own accounts with ________ that do not reflect their level of permission.
Names
What is the difference between corporate and industrial espionage?
None: they are interchangeable terms
After dealing, on a technical level, with any security breach, what is the last thing to be done for a security breach?
Notify management
What is the preferred method for storing backups?
Offsite in a secure location
Probing your network for security flaws should occur once a quarter, and a complete audit of your security should be completed ________ per year.
Once
What is the minimum frequency for system probing and audits?
Once per year
What is the rule on downloading from the Internet?
Only download from well-known, reputable sites
What is the rule of thumb on data access?
Only those with a need for the specific data should have access
Which of the following methods is available as an add-in for most email clients?
PGP
Although the Cyberterrorism Preparedness Act of 2002 was not passed, many of its goals were addressed by the
Patriot Act
Which of the following is not an ideal place to seek out phone numbers and addresses?
People Search
An audit should check what areas?
Perform system patches, probe for flaws, check logs, and review policies
Any _________ you do not explicitly need should be shut down.
Ports
What are the six Ps of security?
Ports, patch, protect, probe, policies, physical
Which of the following is the most helpful data you might get from Usenet on a person you are investigating?
Postings by the individual you are investigating
What is the term for blocking an IP address that has been the source of suspicious activity?
Preemptive blocking
When cataloging digital evidence, the primary goal is to do what?
Preserve evidence integrity
What is PGP?
Pretty Good Privacy, a public key encryption method
Which of the following is the least essential device for protecting your network?
Proxy server
What type of encryption uses different keys to encrypt and decrypt the message?
Public key
Which would you use to begin a search for information on a United States court case?
The National Center for State Courts Website
Which of the following is a common way to establish security between a web server and a network?
Put a firewall between the web server and the network
What is the first step when discovering a machine(s) has been infected with a virus?
Quarantine infected machine(s)
Which of the following would most likely be considered an example of information warfare?
Radio Free Europe during the Cold War
The rule that packets not originating from inside your LAN should not be forwarded relates to
Routers
According to the October 2002 InfoWorld magazine article, which of the following systems may be vulnerable to attack?
Satellites
What is the term for a firewall that is simply software installed on an existing server?
Screened host
Which of the following is the most basic type of firewall?
Screening firewall
Which of the following is a step you might take for large networks but not for smaller networks?
Segment the network with firewalls between the segments
Many states have online __________ registries.
Sex offender
There have been cases of mistaken identity with _________lists
Sex offender
What is information warfare?
Spreading disinformation or gathering information
What is SPI?
Stateful packet inspection
Hackers want information about a target person, organization, and _______ to assist in compromising security.
System c. Clothing size System
Which of the following set of credentials would be best for a security consultant?
Ten years of experience as a hacker and cracker, MCSE/CIW and Security +, Ph.D. in computer science
What are TSR programs?
Terminate and Stay Resident programs that actually stay in memory after you shut them down
Where would you go to find various state sex offender registries?
The FBI website
Which of the following is most true regarding certified encryption methods?
There is no such thing as certified encryption
Which of the following is most true regarding binary operations and encryption?
They can form a part of viable encryption methods
What advantages are there to commercial web search services?
They can get the information faster than you can
Which of the following is the best reason users should be prohibited from installing software?
They may install software that circumvents security
What must all user policies have in order to be effective?
They must have consequences
Which of the following is the most common way for a virus scanner to recognize a virus?
To compare a file to known virus attributes
Which of the following is a good reason to check dependencies before shutting down a service?
To determine whether shutting down this service will affect other services
What is the best outcome for a spy attempting an espionage activity?
To obtain information without the target even realizing he did so
What is the reason for encrypting hard drives on laptop computers?
To prevent a thief from getting data off a stolen laptop
Which of the following best describes the communication goal of any intelligence agency?
To send clear communications to allies and noise only to the enemy
Which of the following is a likely use of Internet newsgroups in information warfare?
To spread propaganda
A discarded credit card receipt may become the starting point from which an identity fraud perpetrator finds enough information to assume the victim's identity.
True
Frequently the first responder to a computer crime is the network administrator.
True
Hiding a message in images is an example of stenography.
True
Information warfare is any attempt to manipulate information in pursuit of a military or political goal.
True
Kerberos is an authentication protocol that uses a ticket granting system that sends an encrypted ticket to the user's machine.
True
Which of the following is a step you would definitely take with any server but might not be required for a workstation?
Uninstall all unneeded programs/software
How might you ensure that system patches are kept up to date?
Use an automated patching system
Which of the following is not an example of a user password policy?
Users may only share passwords with their assistant
The ________ War was the first modern war in which there was strong and widespread domestic opposition.
Vietnam
It would be advisable to obtain __________ before running a background check on any person.
Written permission
Which binary mathematical operation can be used for a simple encryption method?
XOR
Which of the following is most true regarding new encryption methods?
You can use them, but you must be cautious
A website that may help locate federal prison records is
www.bop.gov/
