Cyber Security Final
This systems engineering tool is a diagram that is also used in Systems Analysis and Design; it takes a large process and divides it into smaller, manageable processes Use-Case Diagram Work Breakdown Structure (WBS) Port Scanner Data Flow Diagram (DFD)
Work Breakdown Structure (WBS)
In the Unified Modeling Language, an activity to be performed is represented by a) a "stick man" b) an oval c) a square encompassing other symbols d) an arrow
an oval
Reliability analysis can be applied to cybersecurity engineering. It is the process of a) determining how often a system will fail b) determining how dependable a system is c) determining how systems interact with each other d) determining the frequency of repairs that have to be made to a system
determining how dependable a system is
Which of the following is the most accurate description of Usenet? A global collection of bulletin boards A repository of computer security information A large-scale chat room A nationwide bulletin board
A global collection of bulletin boards
The conflict between the users' goal for unfettered access to data and the security administrator's goal to protect that data is an issue of ______________. Password protection Access control Social engineering System administration
Access control
A(n) ___________is a mathematical process for doing something Cipher Algorithm None of these Formula
Algorithm
Windows stores passwords using a method called __________. Cipher Algorithm None of these Formula
Algorithm
In 2021, the water treatment facility in Oldsmar, FL, which is just north of Tampa, was hit by a ransomware attack. Specifically, this is an example of a(n)? a) A utility attack b) A misinformation attack c) An economic attack d) Attack on a SCADA system
Attack on a SCADA system
Using the __________ cipher you choose some number by which to shift each letter of a text. Caesar DC4 ASCII Multi-alphabet substitution
Caesar
When applying requirements engineering to penetration testing, which of the following is NOT one of the possible techniques that could be used Review past incidents the organization has had Review specific requirements from regulatory bodies and industry standards Create a Cybersecurity Sequence Diagram Create a Use-Case diagram to create a misuse case to model potential misuses of the client system
Create a Cybersecurity Sequence Diagram
Which of the following cybersecurity activities would be most accurately described as engineering? a) Conducting a forensic investigation b) Implementing complex IPS rules c) Creating a requirements traceability matrix d) Implementing asymmetric cryptography
Creating a requirements traceability matrix
__________ is the art to write in or decipher secret code. Encryption Cryptography Decryption Keying
Cryptography
A _________ involves setting up two firewalls: an outer and an inner firewall. DNS server proxy server SSL server DMZ (demilitarized zone)
DMZ (demilitarized zone)
The plan to return a business to full normal operations is ____________ BIA BCP ALE DRP
DRP
Java and ActiveX codes should be scanned before they are _________. Infected Downloaded to your computer None of these Known about
Downloaded to your computer
In which firewall configuration is the firewall running on a server with at least two network interfaces? Router-based Network host-based Screened host Dual-homed host
Dual-homed host
__________ is the most obvious reason for organizations to provide their users with Internet access. Emergency communications E-mail Web meetings Job searching
A good password should have at least eight characters and use all lowercase letters.
False
IPsec can only encrypt the packet data but not the header information.
False
If a computer you need to inspect is running, you should first turn it off
False
In Linux the command to set up a target forensics server to receive a copy of a drive is dd.
False
Linux and Windows typically are not shipped with firewalls
False
Only the well-known ports, such as 25 (SMTP), and 80 (HTTP) on a router are possible avenues of entry for a malware or intruder.
False
Principal of least privilege means that no one person can perform critical tasks.
False
Snort is an open-source firewall.
False
Standards are specific instructions on how to handle a specific issue
False
The Windows command fc lists all active sessions to the computer.
False
Mistaking a legitimate program for a virus is a ____________. False negative False positive Heuristic error Sandboxed error
False positive
You may use Linux to make a ______________ of the hard drive Screen shot Forensically valid copy Bootable copy New version
Forensically valid copy
Which of these is NOT one of the two basic types of cryptography? Forward Asymmetric Symmetric
Forward
Pedro is examining a Windows 7 computer. He has extracted the index.dat file and is examining that file. What is in the Index.dat file? Internet Explorer information General Internet history, file browsing history, and so on for a Windows machine All web history for Firefox General Internet history, file browsing history, and so on for a Linux machine
General Internet history, file browsing history, and so on for a Windows machine
The Mean Squared Deviation (MSD) formula gives us insight into a) How the mean of any system model's errors compare to actual values b) How any system diverges from expectations c) How any system meets expectations d) The mean time before a system component will fail
How any system diverges from expectations
Use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for _______ USB drives Desktop configuration Instant messaging Use of VPNs
Instant messaging
Which of the following is the correct term for simply making your system less attractive to attackers? Intrusion deterrence Intrusion detection Intrusion avoidance Intrusion camouflage
Intrusion deterrence
What differentiates Cyber Terrorism from other computer crimes? a) It is politically or ideologically motivated b) It is organized c) It is often more successful d) It is conducted by experts
It is politically or ideologically motivated
You would set a ___________ to prevent users from immediately changing their password several times in one day to return to the current password. This is particularly important if your password policy has a history depth of five. Minimum password length Maximum password length Minimum password age Maximum password age
Minimum password age
On a server, you should create your own accounts with ________ that do not reflect their level of permission. Names Numbers None of these Passwords
Names
Which of the following should NOT be a part of an organization's policy regarding email attachments? It appears to be a legitimate business document It was an expected attachment It came from a known source, and the source is confirmed None of these
None of these
Probing your network for security flaws should occur once a quarter, and a complete audit of your security should be completed ________ per year. Three times Once Twice Four times
Once
Any _________ you do not explicitly need should be shut down. Probes Ports Patches Policies
Ports
Which of the following is the most helpful data you might get from Usenet on a person you are investigating? Postings by the individual you are investigating Criminal records posted Security tips to help you investigate Negative comments made by others about your target
Postings by the individual you are investigating
Using asymmetric encryption, I want to encrypt a message I'm sending to you. So I will obtain your ______ key, which is available to anyone, to encrypt the message, and you will use your ______ key to read it. Private, public Public, private Hashed, unique Asymmetric, symmetric
Public, private
The rule that packets not originating from inside your LAN should not be forwarded relates to ___________. Workstations Servers Switches Routers
Routers
This type of diagram shows how objects interact over time. Security Sequence diagram Data Flow diagram (DFD) Use-Case diagram Timing diagram
Security Sequence diagram
Which of the following is a step you might take for large networks but not for smaller networks? Segment the network with firewalls between the segments Do criminal background checks for network administrators Use antivirus software on all machines on the network Use a IDS
Segment the network with firewalls between the segments
Which modeling language is used by systems engineers? a) UML b) SysML c) DML d) SecML
SysML
A file that stays in memory after it executes is a(n) _____________. Bug Terminate and Stay Resident program Executable Text file
Terminate and Stay Resident program
Frequently the first responder to a computer crime is ________. The news media Law enforcement personnel The network administrator A systems analyst
The network administrator
What is the primary advantage to using a commercial web search service? They are legally entitled to searches, you are not They can do a more thorough job than you can They can get information you cannot They can get the information faster than you can
They can get the information faster than you can
What is the most appropriate tool for capturing the requirements of any security process or system? Sequence diagram Use-Case diagram SysML Traceability matrix
Traceability matrix
A digital signature is used to guarantee who sent a message. This is referred to as nonrepudiation.
True
A good rule of thumb for a password history policy is a history depth of five.
True
A server with fake data used to attract an attacker is a honeypot
True
Cipher text is encrypted text.
True
Kerberos is an authentication protocol that uses a ticket granting system that sends an encrypted ticket to the user's machine.
True
One reason allowing a user to change the desktop configuration poses a security problem is that to change a desktop the user must also be given rights to change other system settings
True
Passwords are an area of user policies.
True
The Windows Registry contains a list of USB devices that have been connected to the machine.
True
There are no restrictions on information you can post on Usenet.
True
There should be a firewall between your network and the outside world
True
VPNs that encrypt BOTH the header AND the payload (data) of a packet are said to be running in _________ mode SSL Transport Security Association Tunnel
Tunnel
What type of diagram is used to show how any entity might interact with a system? Data interface diagram Use-Case diagram Sequence diagram Requirements diagram
Use-Case diagram
Passwords, Internet use, email attachments, software installation, instant messaging, and desktop configuration are areas of ______. Computer policies User policies Network policies Documentation
User Policies
As described in class, which of the following Wi-Fi Security protocols does NOT use a bit-stream cipher WPA2 TKIP WEP WPA
WPA2
This lists all of the USB devices that have been connected to a Windows PC Windows registry Security logs Windows log files Cache memory
Windows registry
It would be advisable to obtain __________ before running a background check on any person. A Social Security Number Verbal permission An IP address Written permission
Written permission
Procedures for adding users, removing users, and dealing with security issues are examples of ___________ policies. Computer User System administration Network administration
System administration