Cyber security Quiz Answers (midterm)
Which of the following is a description of what a "zero-day exploit" is?
A previously unknown vulnerability which is now being used in an attack.
Which of the following Security Policies or Models are based on maintaining the confidentiality of information as opposed to the integrity?
Bell and La Padula
Which of the following Security Policies is focused on protection against conflicts of interest?
Chinese Wall
Which NSA design principle states that access rights should be completely validated every time an access occurs?
Complete Mediation
Which design principle states access rights should be validated every time an access occurs.
Complete Mediation
In the beginning when they were first formed, what type of entities were the original ISACs organized around?
Critical Infrastructures.
Which of the following is the term used to describe the ability of a nation-state to establish control and exert influence within and through cyberspace, in support of and in conjunction with the other domain-elements of national power?
Cyber Power
Which of the following includes not only technical issues such as viruses and denial of service attacks, but also human matters such as insider deception as well as normal human mistakes?
Cyber Security
The term used to refer to all activities conducted in and through cyberspace in support of the military, intelligence, and business operations of the Department of Defense is known as which of the following?
Cyberspace Operations
What is the name given to the strategy for making sure that end users do not send sensitive or critical information outside of the corporate network?
Data Loss Prevention (DLP)
In which domain of the BSIMM model would you find Penetration Testing?
Deployment
Which of the following is the NIST Cyber Security Framework core function that is aimed at developing and implementing the appropriate activities to identify the occurrence of a cybersecurity event?
Detect
In the calculation of a nation's digital power, which of the following was the measure used to represent the quality of the nation's potential cyber warfare units?
Economic and Social Context
"A simple design is easier to test and validate" is the hallmark of what principle?
Economy of Mechanism
"If a security measure or control has failed for whatever reason, the system is not rendered to an insecure state" is a statement of what security principle?
Fail-Safe Default
True or False: The United States has stated that it will respond to cyberattacks with equivalent cyberattacks at a time and choosing of its own.
False
True or False: The importance of cyberspace today has led to a uniform definition for what cyberspace is. Basically, it is a global domain within the information environment whose character is defined by the use of electronics and the electromagnetic spectrum.
False
True or False: Information Communications Technology (ICT) has had little impact on the spread of democratic ideas as well as a limited ability to enhance national security but has been the driving force behind reducing the interdependencies between infrastructures.
False
Which one of the following countries did NOT have a large percentage of individuals using the Internet?
India
In the lesson on the key concepts of cyber, the situation in Turkmenistan was discussed. In 2016 the government prohibited the distribution of foreign press and suppressed freedom of speech. They also launched a campaign to destroy all satellite antennas and dishes. These efforts were described using which of the following terms?
Information Blockade
The aggregate of individuals, organizations, or systems that collect, process, or disseminate information is known as which of the following?
Information Environment
"Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key" is a statement closely related to which NSA design principle?
Isolation, Separation, and Encapsulation
"When you log into a computer, it is a good practice to do so as a regular user instead of as an administrator or super user. A normal user can perform most of the common tasks and does not need to be an administrator. It also protects a computer from increased harm if there is a virus present" is a statement of what security principle?
Least Privilege
The military security rule of need-to-know is most closely associated with which NSA design principle?
Least Privilege
Which of the following was NOT one of the attributes that was discussed as differentiating cyberspace from the more conventional domains of military and intelligence?
Military domains need to be completely separate in order to be considered a different
"Users should not share system mechanisms except when absolutely necessary" is a statement closely related to which NSA design principle?
Minimize Common Mechanism
If an encryption key is compromised, it must be replaced. If few people know the key, then replacing it is easier than if a large number of people know the key. Which design principle is this an example of?
Minimize Secrets
Which of the following is a design method that minimizes losses when a risk is realized?
Passive Safety
Which of the following was NOT one of the pillar of national security discussed?
Physical Security
Which of the following is the term used to describe the strategic/tactical advantages one country has over another? From a cyber perspective, it specifically refers to the potential vulnerabilities present with an opponent's systems.
Positive Asymmetry
Which of the following is the name for a program that holds a computer "hostage" while demanding a ransom?
Ransomware
Which of the following is the NIST Cyber Security Framework core function that is aimed at developing and implementing the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event?
Recover
Which of the following is the name given to an abstract machine which mediates all access subjects have to objects to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification?
Reference Monitor
Which of the following is the BSIMM domain is aimed at practices associated with analysis and assurance of particular software development artifacts and processes?
SSDL Touchpoints
As employees move up and around in your organization, they likely end up with more (or different) responsibilities. Often their access to previous information is not revoked even if their new duties do not require them to maintain this access. This phenomenon is commonly referred to as which of the following?
Scope Creep
In the calculation of a nation's digital power, which of the following was the measure used to represent the robustness of a country's cyber domain, measuring networks, access, and information communications technology spending as a percentage of the GDP?
Technological Infrastructure & Industrial Application
Which of the following was NOT one of the original critical infrastructures that we discussed in class?
The Retail Sector
In politics and international relations, which of the following is the one primary type of power nations are concerned with?
The ability to get one's way
In which NIST CSF Tier have risk management practices been approved by management but may not be established as organizational-wide policy at this time?
Tier 2 Risk Informed
The two types of covert channels are:
Timing and Storage
True or False: A nation such as North Korea can develop an offensive cyber unit and ignore the need for a defensive cyber unit because it has little to no reliance on cyber technologies in its homeland. This is an example of a situation where a small state wielding cyber weapons might have a greater degree of relative power than a large state as it has significant theoretical and demonstrated capabilities but few vulnerabilities.
True
True or False: Command and control warfare (C2W) is an application of IW in military operations and employs various techniques and technologies to attack or protect a specific target set — command and control (C2). C2W is the integrated use of psychological operations (PSYOP), military deception, operations security (OPSEC), electronic warfare (EW), and physical destruction, mutually supported by intelligence, to deny information to, influence, degrade, or destroy adversary C2 capabilities while protecting friendly C2 capabilities against such actions)
True
True or False: Cyber warfare could be the archetypal illustration of asymmetric warfare - a struggle in which one opponent might be weak in conventional terms but is clever and agile, while the other is strong but complacent and inflexible.
True
True or False: In 2016 a group of non-profit organizations attempted to break the hold of the North Korean government on information that its citizens were able to access. Since the government tightly controlled sources like radio, TV, and the Internet, this group elected to utilize thumb drives which were loaded with Western TV and movies and smuggled them into the country. This campaign was known as "Flash Drives for Freedom".
True
True or False: The TCP/IP Protocol Suite was a tremendous step in the evolution of networking. It provided an efficient mechanism to conduct packet switching in an often unreliable networking environment. One thing that was not emphasized in the original designs of the protocol suite was security. The goal was reliable transmission of packets/messages in as an efficient manner as possible.
True
Based on our discussion of what constitutes a good password, which of the following would be considered a good password?
UTSAisthec00lest!
What is the most common form of authentication for computer systems and networks?
Userid and Password.
Which disclosure paradigm has as its assumptions that 1) an attacker will learn little or nothing from disclosure; 2) Disclosure will prompt designers to improve the design of defenses, and 3) Disclosure will prompt other defenders to take action?
provides an opportunity for others to view it and many eyes will help to find flaws before attackers find them.
