Chapter 1 Quiz

An apartment has a large window that is provided in part as an emergency exit in case of a fire. The window is generally left locked, but it may be opened. When analyzing the boundary, is the window considered a wall or a doorway?

Doorway

Which of the following would be considered insider threats?

Embezzlers

A risk assessment involves which of the following?

Identifying risks

Which of the following types of threat agents is most typically associated with masquerade attacks?

Identity thieves

Which of the following is an example of security theater?

Installing a fake video camera

Which of the following are the CIA properties?

Integrity

Which of the following describes the effect of the Digital Millennium Copyright Act (DMCA) on the investigation and publication of security flaws in commercial equipment?

It restricts the publication of techniques to reverse-engineer copy protection schemes.

Alice has performed a security assessment for Acme Widget. The resulting assessment is treated as confidential and is not shared with Alice's coworkers. Only specific employees are allowed to read it. Which basic security principle does this illustrate?

Least privilege

Which of the following is an example of a rule-based security decision?

Locking a car's ignition

Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the following most accurately describes Lynn's action?

Lynn acted ethically because the vulnerability had already been reported and patched, and he did not describe how to exploit the vulnerability.

Which of the following would be considered insider threats?

Maintenance crew

What is a worm?

Malware

Which threat agent is most often associated with denial of service attacks?

Natural threats

Which of the following are threat agents?

Phone phreak

A risk assessment involves which of the following?

Prioritizing risks

Impact x Likelihood = ______________

Relative Significance of Risk

Car ignition locks are an example of what type of decision?

Rule-based

Desktop malware may not represent a direct threat to ________- or PLC-based equipment, but practical attacks exist on these systems.

SCADA

Which of the following are threat agents?

Script kiddy

The phrases below describe types of attacks on information. Match the type of attack with its description. Forgery

Someone composes a bogus message and sends it to a computer

Which of the following would be considered insider threats?

Suite/room/housemates and family

The phrases below describe types of attacks on information. Match the type of attack with its description. Physical theft

The computing resource itself is removed

The phrases below describe types of attacks on information. Match the type of attack with its description. Denial of service (DoS)

The use of computing data or services is lost temporarily or permanently, without damage to the physical hardware

Anonymous is an example of what kind of agent?

Threat

True or False? A supervisory control and data acquisition (SCADA) device is a computer that controls motors, valves, and other devices in industrial applications.

True

True or False? Botnets can (often) perform distributed denial of service (DDoS) attacks in which thousands of individual computers send overwhelming amounts of traffic at a victim's computer.

True

True or False? Hacktivists are threat agents who are usually a loosely organized source of widespread attacks.

True

True or False? In requirement-based security, we identify and prioritize our security needs in a risk assessment process.

True

True or False? Once we have filled in the attack likelihoods and impacts, we compute the significance by multiplying these values together.

True

True or False? People can be threat agents in some cases, but trustworthy in others.

True

True or False? To analyze a risk, we review it against the threat agents behind the risk.

True

An apartment has a large window, which is covered with metal bars to prevent people from going through the window. When analyzing the apartment's boundary, is the window considered a wall or a doorway?

Wall

Risk Management Framework is a way to assess _______________ risks when developing large-scale computer systems.

cybersecurity

When disclosing a security vulnerability in a system or software, the manufacturer should avoid:

including enough detail to allow an attacker to exploit the vulnerability.

A security decision, such as locking your vehicle when not in use, is an example of:

rule-based security.

Cyber vulnerabilities became a public issue in the __________ as new internet users struggled to understand the technology's risks.

1990s

Typical retail businesses expect a _____ rate of loss due to theft, damages, and other causes.

3 percent

The phrases below describe types of attacks on information. Match the type of attack with its description. Masquerade

A person takes on the identity of another when using a computer

The phrases below describe types of attacks on information. Match the type of attack with its description. Subversion

A program is modified to operate on the behalf of a threat agent

Which of the following produces a risk to an asset?

A threat agent and an attack the agent can perform

What does AUP stand for?

Acceptable Use Policy

Which of the following most often forbids people from performing trial-and-error attacks on computer systems?

Acceptable use policies

Which of the following would be considered insider threats?

Administrators

Which of the following are the CIA properties?

Confidentiality

Which of the following are threat agents?

Cracker

Which of the following is a person who has learned specific attacks on computer systems and can use those specific attacks?

Cracker

The phrases below describe types of attacks on information. Match the type of attack with its description. Disclosure

Data that should be kept confidential is disclosed

We draft the __________ requirements to address the risks we identified.

security

By default ,most systems only record the most ______ events.

significant

Both forms of the RMF illustrate a(n) _______ engineering process as a way to plan, design, and build a complicated system.

systems

A security analyst is performing a security assessment. The analyst should not:

take actions to mitigate a serious risk.

A __________ is someone who is motivated to attack our assets.

threat agent

True or False? A vulnerability is a weakness in the boundary that protects the assets from the threat agents.

true

True or False? Security Category RMF begins with a high-level estimate of the impact caused by cyber security failures.

true

True or False? The term "security theater" refers to security measures intended to make potential victims feel safe and secure without regard to their effectiveness.

true

Supervisory control and data acquisition (SCADA) devices are most often associated with:

utilities.

A person skilled in attacking computer systems, who uses those skills as a security expert to help protect systems, is a:

white-hat hacker.

Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial device or product. Assume that we have discovered a vulnerability in a commercial product. The vendor has not acknowledged our initial vulnerability report or communicated with us in any other way. They have not announced the vulnerability to the public. We wish to warn the public of the vulnerability as soon as is ethically defensible. Given the procedure in Section 1.6.2, which of the following is the best course of action?

After 30 days, announce that the vulnerability exists, and describe how to reduce a system's risk of attack through that vulnerability.

We are estimating the impact of an individual attack. Which of the following has the greatest estimated impact?

An attack with a $100 loss that could happen once a week

Which of the following yields a more specific set of attacks tied to our particular threat agents?

Attack matrix

Which of the following are the CIA properties?

Availability

Which of the following are threat agents?

Black-hat hacker

True or False? A threat agent is a person who did attack our assets, while an attacker might attack an asset.

False

True or False? A vulnerability is a security measure intended to protect an asset.

False

True or False? A zero-day vulnerability is one that has been reported to the software's vendor and the general public.

False

True or False? Information security architecture often relies on boundaries outside the computer to protect important information or programs from error-prone or malicious programs.

False

True or False? Modus operandi applies only to criminal organizations.

False

True or False? The security process and the Information engineering process find their origin in the concept of Continuous Improvement.

False

True or False? Victims can protect themselves against zero-day attacks.

False

An attempt by a threat agent to exploit assets without permission is referred to as:

an attack.

CIA properties do not include:

authentication.