CS 450 - Computer Security
reconnaissance
After a penetration test is planned, ________ is the first step in performing that test; the objective is to obtain an understanding of the system and its components that someone wants to attack.
sufficient evidence
Evidence that is convincing or measures up without question is known as ________.
False
If your organization is highly sensitive to sharing resources, you might want to consider the use of a public cloud to reduce exposure and increase your control over security, processing, and handling of data.
True
Information criticality is defined as the relative importance of specific information to the business.
magic number
The term "________" describes a series of digits near the beginning of the file that provides information about the file format.
True
There is no recovery from data that has been changed.
knowledge of one's own systems and knowledge of the adversary
What two components are necessary for successful incident response?
True
When an infrastructure is established "on premises," the unit of computing power is a server.
Complete mediation
A Reference Monitor enforces which of the following security design principles
True
A common technical mistake during the initial response to an incident is "killing" rogue processes.
cloud service provider
Cloud-based systems are made up of machines connected using a network. Typically, this network is under the control of the ________.
False
Clouds can be created by many entities, but must be internal to an organization.
free space
Clusters on a hard disk that are marked by the operating system as usable when needed are referred to as ________.
True
Escalation of privilege is the movement to an account that enables root or higher-level privilege.
Least privilege refers to removing all controls from a system.
False
penetration
Final code can be subjected to ________ tests, designed specifically to test configuration, security controls, and common defenses such as input and output validation and error handling.
False
From a forensics perspective, Linux systems have the same artifacts as Windows systems.
Most APTs begin through a phishing or spear phishing attack.
How do most advanced persistent threats (APTs) begin?
Which cloud computing service model describes cloud-based systems that are delivered as a virtual solution for computing that allows firms to contract for utility computing as needed rather than build data centers?
Infrastructure as a Service (IaaS)
True
Nearly half of all exploits of computer programs stem historically from some form of buffer overflow.
direct evidence
Oral testimony that proves a specific fact with no inferences or presumptions is which type of evidence?
True
Platform as a Service (PaaS) offerings generally focus on security and scalability.
True
Recovery is the returning of the asset into the business function.
____ is a term for the execution of computer code in an environment designed to isolate the code from direct content with the target system.
Sandboxing
Which computing service model is used for the outsourcing of security functions to a vendor that has advantages in scale, costs, or speed?
Security as a Service
Which cloud computing service model involves the offering of software to end users from within the cloud?
Software as a Service (SaaS)
False
Testing for security requires a much broader series of tests than functional testing does.
False
The generation of a real random number is a trivial task.
attack surface
Using the ________ analysis information, penetration testers can emulate adversaries and attempt a wide range of known attack vectors in order to verify that the known methods of attack are all mitigated.
Which term describes the hosting of a desktop environment on a central server?
Virtual Desktop Infrastructure
True
Vulnerabilities are known entities; otherwise, the scanners would not have the ability to scan for them.
Data classification and quantity of data involved
What are the two components comprising information criticality?
Include appropriate business personnel
What is a key guideline to follow when designing incident response procedures?
software that can destroy or modify files when commands are executed on the computer
What is a software bomb?
It allows a relation to contain multiple rows with the same primary key
What is polyinstantiation?
to provide a local user or a remote system an assurance that unaltered configuration is in use
What is the purpose of Trusted System Certification Service?
ip
Which command in Linux is used to show and manipulate routing, devices, policy routing, and tunnels?
Cyber Observable Expression (CybOX)
Which indicator of compromise (IOC) standard is a method of information sharing developed by MITRE?
OpenIOC
Which indicator of compromise (IOC) standard is an open-source initiative established by Mandiant that is designed to facilitate rapid communication of specific threat information associated with known threats?
watering hole attack
Which infection method involves planting malware on a website that the victim employees will likely visit?
Clark-Wilson Integrity Model
Which of the following security models is focused primarily on data integrity in commercial applications?
employing use cases
Which proven method of testing software involves comparing program responses to known inputs and the resulting program output to the desired output?
Exclusionary rule
Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution?
Chinese Wall Model
Which security model is designed to avoid conflicts of interest by prohibiting one person, such as a consultant, from accessing multiple conflict of interest (Col) categories?
Agile Model
Which software engineering process model is characterized by iterative development, where requirements and solutions evolve through an ongoing collaboration between self-organizing cross-functional teams?
Scanning
Which term refers to the examination of machines to determine what operating systems, services, and vulnerabilities exist?
canonicalization
Which term refers to the process by which application programs manipulate strings to a base form, creating a foundational representation of the input?
Containers
________ are a form of operating system virtualization; they are a packaged-up combination of code and dependencies that help applications run quickly in different computing environments.
STIX
________ is a structured language for cyberthreat intelligence information.
Tcpreplay
________ is the name for both a tool and a suite of tools: as a suite, it is a group of free, open-source utilities for editing and replaying previously captured network traffic; as a tool, it specifically replays a PCAP file on a network.
Host forensics
________ refers to the analysis of a specific system, including the analysis of file systems and artifacts of the operating system.
Which type of computing brings processing closer to the edge of the network, which optimizes web applications and IoT devices?
edge
A ____ system is a system that, once deployed, is never modified, patched, or upgraded.
immutable
The term ____ cloud refers to a cloud service rendered over a system that is open for public use.
public
True
Baselining is the process of determining a standard set of functionality and performance.
False
All data is equally important, and thus equally damaging in the event of loss.
managed security service provider
A(n) ________ is a company that remotely manages security services for customers based on a contractual arrangement.
hypervisor
A(n) ________ is a low-level program that allows multiple operating systems to run concurrently on a single host computer.
authenticated boot service
In which of the following processes does TC hardware check that valid software has been brought in by verifying a digital signature associated with the software?
True
The logger command works from the command line, from scripts, or from other files, thus providing a versatile means of making log entries.
Fourth
The ________ Amendment to the U.S. Constitution precludes illegal search and seizure.
Common Vulnerabilities and Exposures (CVE) enumeration
The ________ is a list of known vulnerabilities in software systems.
evolutionary
The ________ model is an iterative model designed to enable the construction of increasingly complex versions of a project.
virtual
The ________ network in a cloud environment can be used and manipulated by users, whereas the actual network underneath cannot.
tcpdump
The ________ utility is designed to analyze network packets either from a network connection or a recorded file.
hash
The hashing algorithm applies mathematical operations to a data stream (or file) to calculate some number, the ________, that is unique based on the information contained in the data stream (or file).
segmentation
The network process of separating network elements into segments and regulating traffic between the segments is called ________.
covert channel analysis
This type of analysis attempts to identify any potential means for bypassing security policy and ways to reduce or eliminate such possibilities.
passive
Tools that do not interact with the system in a manner that would permit detection through sending packets or altering traffic are called ________ tools.
Code injection
Unvalidated input that changes the code's functioning in an unintended way is which type of application attack?
NetFlow
What tool is the protocol/standard for the collection of network metadata on the flows of network traffic?
A portion of a system that enforces a particular policy, is resistant to tampering and circumvention and small enough to be analyzed systematically
Which of the following best defines Trusted computing base (TCB)?
Bell-LaPadula Model
Which of the following prevents the leaking/transfer of classified info to less secure clearance levels?
Execution engine
Which of the following runs program code to execute the TPM commands received from the I/O port?
load testing
Which type of testing involves running the system under a controlled speed environment?
spoliation
The most common cause of digital evidence from an investigation being excluded from court proceedings is ________, the unauthorized alteration of that evidence.
escalation of privilege
The movement to an account that enables root or higher-level privilege is known as ________.
workstation
When analyzing computer storage components, a system specially designed for forensic examination, known as a forensic ________, can be used.
False
When the nmap tool is used, the sending of packets cannot be detected.
cloud access security brokers (CASB)
Which term is used for an integrated suite of tools or services offered as Security as a Service, or a third-party managed security service provider (MSSP), focused on cloud security?
Transit Gateway
Which term refers to a network connection used to interconnect virtual private clouds and on-premises networks?
anything as a service
With the growth of cloud services, applications, storage, and processing, the scale provided by cloud vendors has opened up new offerings that are collectively called ________.
The routine to clean up memory that has been allocated in a program but is no longer needed is called ____.
garbage collection
record time offset
A(n) ________ is calculated by measuring system time with an external clock such as a Network Time Protocol (NTP) server.
Which process involves implementing security tools and policies to ensure your container is running as intended?
Container security
False
If you test something and it comes back negative, but it was in fact positive, then the result is a false positive.
False
Running memdump to dump system memory to the standard output stream does not actually use memory.
false negative
What term is used for a situation where a scanner fails to report a vulnerability that actually does exist—that is, where the scanner simply missed the problem or didn't report it as a problem?
ping[options] targetname/address
Which is the correct syntax for the ping command?
authenticated boot, certification, and encryption
Which of the following is provided by a Trusted Platform Module?
NIST and NSA
Who operates the Common Criteria Evaluation and Validation Scheme in the U.S.?
True
Encryption is a failsafe—even if security configurations fail and the data falls into the hands of an unauthorized party, the data can't be read or used without the keys.
to prevent inference
In a DBMS using Multilevel Security, what would be the primary reason for allowing polyinstantiation?
real evidence
Tangible objects that prove or disprove facts are what type of evidence?
requirements
The ________ phase of software development should define the specific security requirements if there is any expectation of them being designed into the project.
requirements phase
The design of use cases to test specific functional requirements occurs based on the requirements determined in which phase of the secure development lifecycle?
No Write Down
The rule that a subject can only write into an object of greater or equal security level is known as
False
The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.
virtualization
The technology used to enable a computer to have more than one OS present and, in many cases, operating at the same time is ________.
The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.
What should an incident response team do when they are notified of a potential incident?
