CSCI 290 Final Exam
A digital signature is used to guarantee who sent a message. This is referred to as non-repudiation.
False
A good password should contain only letters and numbers.
False
An on-demand virus scanner runs in the background and is constantly checking your PC.
False
IPsec can only encrypt the packet data but not the header information.
False
Sending a forged email asking for sensitive data is an example of steganography.
False
The Patriot Act was the first U.S. law to criminalize theft of commercial trade secrets
False
The Stuxnet virus was directed against Iraqi nuclear facilities.
False
You may use Linux to make a ______________ of the hard drive.
Forensically valid copy
In Windows the log that contains events collected from remote computers is the ____________ log.
Forwardedevents
What is the term for a fake system designed to lure intruders?
Honey Pot
If you experience a denial-of-service attack, you can use firewall logs to determine the _______ from which the attack originated.
IP address
A discarded credit card receipt or utility bill could be the starting point from which a perpetrator finds enough information to assume a victim's _______________.
Identity
The principal that users have access to only network resources when an administrator explicitly grants them is called ___________.
Implicit deny
Use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for ______
Instant messaging
What advantage does a symmetric key system using 64-bit blocks have?
It is fast
What is the main problem with simple substitution?
It maintains letter and word frequency
Which of the following is a likely reason that an organization might be reluctant to admit it has been a victim of corporate espionage?
It might cause stock value to decline
Which of the following is a disadvantage to using an application gateway firewall?
It uses a great deal of resources
What is a major weakness with a network host-based firewall?
Its security is depended on the underlying operating system
When an employee leaves, all _______ should be terminated.
Logins
You would set a ___________ to prevent users from immediately changing their password several times in one day to return to the current password. This is particularly important if your password policy has a history depth of five.
Minimum password age
On a server, you should create your own accounts with ________ that do not reflect their level of permission.
Names
Which of the following is most true regarding new encryption methods?
Never use them until they have been proven
What is the difference between corporate and industrial espionage?
None: they are interchangeable terms
In 1998, ethnic Tami guerrillas swamped _________ embassies with 800 emails a day.
Sri Lankan
What is SPI?
Stateful packet inspection
The virus that infected Iranian nuclear facilities was exploiting vulnerability in SCADA systems.
Stuxnet
Hackers want information about a target person, organization, and _______ to assist in compromising security.
System
Procedures for adding users, removing users, and dealing with security issues are examples of ___________ policies.
System administration
Usually, the first thing you do to a computer to prevent further tampering is to _________.
Take it offline.
Probing your network for security flaws should occur once a quarter, and a complete audit of your security should be completed ________ per year.
Once
The first rule of computer security is to check ___________.
Patches
Although the Cyberterrorism Preparedness Act of 2002 was not passed, many of its goals were addressed by the ___________.
Patriot Act
Any _________ you do not explicitly need should be shut down.
Ports
What is the term for blocking an IP address that haws been the source of suspicious activity?
Preemptive blocking
What type of encryption uses different keys to encrypt and decrypt the message?
Public key
You can calculate the value of information by what formula?
Resources needed to produce the information, plus resources gained from the information.
New employees should receive a copy of the company 's __________ policies.
Security/acceptable use
Many states have online __________ registries.
Sex offender
There have been cases of mistaken identity with _________lists.
Sex offender
If a company purchases a high-end UNIX server to use for its research and developement department what is probably the most valuable part of the system?
The information on the server
Why would you want to scan an employee's computer when he leave the organization?
To check for signs of corporate espionage
Which of the following is the most common way for a virus scanner to recognize a virus?
To compare a file to know virus attributes
What is the reason for encrypting hard drives on laptop computers?
To prevent a thief from getting data off a stolen laptop
A discarded credit card receipt may become the starting point from which an identity fraud perpetrator finds enough information to assume the victim's identity.
True
A good rule of thumb for a password history policy is a history depth of five.
True
A server with fake data used to attract an attacker is a honeypot.
True
Binary numbers are made up of 0s and 1s.
True
CNE, MCITP, CISSP, and CCNA are examples of industry certifications.
True
Hactivists means individuals who work for a cause using cyberterrorism.
True
Heuristic scanning uses rules to determine whether a file or program behaves like a virus.
True
Information warfare is any attempt to manipulate information in pursuit of a military or political goal.
True
Microsoft Windows includes BitLocker in some editions, so entire hard drives can be encrypted.
True
Nessus is the premiere network vulnerability scanner
True
The FBI maintains a list of individual state sex registries at www.fbi.gov/scams-safety/registry
True
The U.S. Patriot Act specifically deals with cyberterrorism
True
The Windows Registry contains a list of USB devices that have been connected to the machine
True
The Windows Registry lists USB devices that have been connected to the machine.
True
The chain of custody accounts for the handling of evidence and documents that handling
True
www.yellowpages.com, www.whowhere.com, and www.LinkedIn.com are good websites to locate a person's home address or telephone number.
True
The joint task force representing components of all four U.S armed services is the ____________.
U.S. Cyber Command
If you determine a virus has struck a system, the first step is to _________.
Unplug the machines from the network
You can use the service Yahoo!People Search by going to _________.
people.yahoo.com
The Linux log file that contains activity related to the web server is ______.
/var/log/apache2/
A good password has at least ______ characters.
8
What method do most IDS software implementations use?
Anomaly detection
In Windows, the log that stores events from a single application or component rather than events that might have system wide impact is the ____________ log.
Applications and services
Which binary mathematical operation can be used for a simple encryption method?
Bit shift
Which of the following methods uses a variable-length symmetric key?
Blowfish
Documentation of every person who had access to evidence, how they interacted with it, and where it was stored is called the ________________.
Chain of custody
Chinese hackers whose stated goal is to infiltrate Western computer systems are called the ___________.
China Eagle Union
During the ___________ War, Western democracies invested time and money for radio broadcasts into communist nations.
Cold
Which of the following is a symmetric key system using 64-bit blocks?
DES
A _________ involves setting up two firewalls: an outer and an inner firewall
DMZ (demilitarized zone)
What is the greatest security risk to any company?
Disgruntled employees
It would be advisable to obtain __________ before running a background check on any person.
Written permission
Using Linux to wipe the target drive, the command-line command would be ___ .
dd
A website that may help locate federal prison records is ________.
www.bop.gov/