CS 450 Final

__________ defenses aim to harden programs to resist attacks in new programs.

Compile-time

A consequence of a buffer overflow error is __________ .

All: -corruption of data used by the program -unexpected transfer of control in the program -possible memory access violation

A buffer _________ is a condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information.

All: overflow overrun overwrite

Which indicator of compromise (IOC) standard is a method of information sharing developed by MITRE?

Cyber Observable Expression (CybOX)

__________ is the monitoring, protecting, and verifying the security of data at rest, in motion, and in use.

Data loss prevention

________ is a combination of development and operations—in other words, a blending of tasks performed by a company's application development and systems operations teams.

DevOps

What is the first rule of incident response investigation?

Do no harm

Which of the following account types would have access to a network printer in Windows?

Domain

Clouds can be created by many entities, but must be internal to an organization.

False

Cryptography is the universal solution to all security problems.

False

If your organization is highly sensitive to sharing resources, you might want to consider the use of a public cloud to reduce exposure and increase your control over security, processing, and handling of data.

False

The generation of a real random number is a trivial task.

False

The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.

False

The use of legacy code in current projects should exempt that code from security reviews.

False

__________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table.

Guard pages

After a user logs in correctly, a ______ is assigned to each process they run.

Kerberos token

________ security protects computer-based data from software- based and communication-based threats.

Logical

How do most advanced persistent threats (APTs) begin?

Most APTs begin through a phishing or spear phishing attack.

______ virtualization systems are typically seen in servers, with the goal of

Native

Which indicator of compromise (IOC) standard is an open-source initiative established by Mandiant that is designed to facilitate rapid communication of specific threat information associated with known threats?

OpenIOC

Which marketing term is used to describe the offering of a computing platform combining multiple sets of software in the cloud?

PaaS

______ software is a centralized logging software package similar to, but much more complex than, syslog.

SIEM

A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server.

SQL injection

Which cloud computing service model involves the offering of software to end users from within the cloud?

SaaS

The ________ is a set of tools that can be used to target attacks at the people using systems; it has applets that can be used to create phishing e-mails, Java attack code, and other social engineering-type attacks.

Social-Engineering Toolkit

______ is the identification of data that exceed a particular baseline value.

Thresholding

Encryption is a failsafe—even if security configurations fail and the data falls into the hands of an unauthorized party, the data can't be read or used without the keys.

True

Information criticality is defined as the relative importance of specific information to the business.

True

The logger command works from the command line, from scripts, or from other files, thus providing a versatile means of making log entries.

True

Windows allows the creation of a local admin account without a password.

True

What does the term waterfall reference?

a software engineering process model

Which software engineering process model is characterized by iterative development, where requirements and solutions evolve through an ongoing collaboration between self-organizing cross-functional teams?

agile model

With the growth of cloud services, applications, storage, and processing, the scale provided by cloud vendors has opened up new offerings that are collectively called ________.

anything as a service

The ______ process retains copies of data over extended periods of time in order to meet legal and operational requirements.

archive

As an Administrator, you create a new user account, but do not add an integrity level. What will Windows do if an integrity check is required for that user?

automatically assign medium integrity

The ______ process makes copies of data at regular intervals for recovery of lost or corrupted data over short time periods.

backup

The first critical step in securing a system is to secure a ______.

base operating system

The ________ command is the Linux command used to change access permissions of a file.

chmod

A __________ is a person or organization that maintains a business relationship with, and uses service from, cloud providers.

cloud carrier

Unvalidated input that changes the code's functioning in an unintended way is which type of application attack?

code injection

Which cloud system is defined as one where several organizations with a common interest share a cloud environment for the specific purposes of the shared endeavor?

community

What are the two components comprising information criticality?

data classification and quantity of data involved

The needs and policy relating to backup and archive should be determined ______.

during the system planning stage

The range of logging data acquired should be determined _______.

during the system planning stage

A prevalent concern that is often overlooked is ________.

dust

A virtual private cloud ________ allows connections to and from a virtual private cloud instance.

endpoint

The routine to clean up memory that has been allocated in a program but is no longer needed is called ________.

garbage collection

A __________ interconnects the IoT-enabled devices with the higher-level communication networks.

gateway

A(n) ________ system is a system that, once deployed, is never modified, patched, or upgraded.

immutable

Which capability must be enabled on firewalls, secure web gateways, and cloud access security brokers to determine if the next system in a communication chain is legitimate or not?

instance awareness

A steady reduction in memory available on the heap to the point where it is completely exhausted is known as a ________.

memory leak

Which command is used to monitor network connections to and from a system?

netstat

The ________ is the element that connects all the computing systems together, carrying data between the systems and users.

network

To examine a DNS query for a specific address, you can use the ________ command.

nslookup

The ________ command sends echo requests to a designated machine to determine if communication is possible.

ping

Which is the correct syntax for the ping command?

ping [options] targetname/address

The first step in deploying new systems is _________.

planning

A __________ cloud provides service to customers in the form of a platform on which the customer's applications can run.

platform as a service

If the characteristics of an incident include a large number of packets destined for different services on a machine, a(n) ________ is occurring.

port scan

The term "________ cloud" refers to a cloud service rendered over a system that is open for public use.

public

A ________ occurs when multiple processes and threads compete to gain uncontrolled access to some resource.

race condition

The network process of separating network elements into segments and regulating traffic between the segments is called ________.

segmentation

The most vulnerable part of an IoT is the __________ .

smart objects/embedded systems

A stack buffer overflow is also referred to as ___________ .

stack smashing

________ is a structured language for cyberthreat intelligence information.

structured threat information expression

In Windows, when an object is assigned a DACL, it contains

the SID of the object owner

Eavesdropping and wiretapping fall into the ________ category.

theft

Which testing technique is performed by testers who have detailed knowledge of the application and can thus test the internal structures within an application for bugs, vulnerabilities, and so on?

white box testing

In ________ testing, the test team has access to the design and coding elements.

white-box

The design of use cases to test specific functional requirements occurs based on the requirements determined in which phase of the secure development lifecycle?

**coding

__________ comprise measures and mechanisms to ensure operational resiliency in the event of any service interruptions.

Business continuity and disaster recovery

Which cloud computing service model describes cloud-based systems that are delivered as a virtual solution for computing that allows firms to contract for utility computing as needed rather than build data centers?

IaaS

Persistence is one of the key elements of a whole class of attacks referred to as ________; they place two elements at the forefront of all activity: invisibility from defenders and persistence.

Advanced Persistent threats

________ threats are specifically designed to overcome prevention measures and seek the most vulnerable point of attack.

Human-caused

Data items to capture for a security audit trail include:

All of the below: -events related to the security mechanisms on the system -operating system access -remote access

The role of physical security is affected by the operating location of the information system, which can be characterized as ______ .

All: static portable mobile

________ security provides perimeter security, access control, smoke and fire detection, fire suppression, some environmental protection, and usually surveillance systems, alarms, and guards.

Premises

_________ audit trails are generally used to monitor and optimize system performance.

System-level

The first order of business in security audit trail design is the selection of data items to capture.

True

In the computer security world, ________ is a process of assessing the security state of an organization compared against an established standard.

auditing

What term is used for a situation where a scanner fails to report a vulnerability that actually does exist—that is, where the scanner simply missed the problem or didn't report it as a problem?

false negative

What two components are necessary for successful incident response?

knowledge of one's own systems and knowledge of the adversary

A __________ infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

public cloud

Cheryl is a member of the group Developers. What access will she have based on the security descriptor below: Owner: CORP\Blake ACE[0]: Deny Guests Full Control ACE[1]: Allow CORP\Paige Full Control ACE[2]: Allow Administrators Full Control ACE[3]: Allow CORP\Cheryl Read, Write, and Delete ACE[4]: Deny Developers Full Control

read, write, and delete

A ________ is a pattern composed of a sequence of characters that describe allowable input variants.

regular expression

________ is the name for both a tool and a suite of tools: as a suite, it is a group of free, open-source utilities for editing and replaying previously captured network traffic; as a tool, it specifically replays a PCAP file on a network.

tcpreplay

The ________ command provides a list of the hosts, switches, and routers in the order in which a packet passes through them, providing a trace of the network route from source to target.

tracert

Which term describes the hosting of a desktop environment on a central server?

virtual desktop infrastructure

The ________ model is an iterative model designed to enable the construction of increasingly complex versions of a project.

evolutionary

Which type of testing involves running the system under a controlled speed environment?

load testing

__________ applications is a control that limits the programs that can execute on the system to just those in an explicit list.

White listing

The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability.

XSS reflection

The ________ is a list of known vulnerabilities in software systems.

Common Vulnerabilities and Exposures (CVE) enumeration

_________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

Environment variables

__________ defenses aim to detect and abort attacks in existing programs.

Run-time

_____ is a database that stores accounts data and relevant security information about local principals and local groups

SAM

What should an incident response team do when they are notified of a potential incident?

The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.

Which term refers to a network connection used to interconnect virtual private clouds and on-premises networks?

Transit Gateway

Baselining is the process of determining a standard set of functionality and performance.

True

One of the characteristics of cloud computing is transparency to the end user.

True