Cyber Security
What is a type of law that represents all of the laws that apply to a citizen (or subject) of a jurisdiction? a. Civil law b. Criminal Law c. Private Law d. Public Law
a. Civil law
_____ is created by combining pieces of non private data—often collected during software updates, and via cookies—that when combined may violate privacy. a. Contextual information b. Aggregate information c. Profile data d. Privacy data
b. Aggregate information
Mr. Lim, a student at a local University is only allowed to view his grades, however he is able to view grades of his friends as well. This attack is against the ------------------ security goal. A. Confidentiality B. Integrality C. Availability
A. Confidentiality
---------- attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. A. DDoS B. directly-propagating worm
A. DDoS
Signature based ID works on similar concept like anti-virus program and it needs regular updating of signature database A. True B. False
A. True
You visit an organization's website and you realized that you are able to view sensitive files on their web server. Despite the fact that it is not your fault, it is still considered a security breach. breach A. True B. False
A. True (Since you were not allowed to access sensitive files, it is still considered a security breach)
Verifying that users are who they say they are and that each input arriving at the system came from a trusted source. A. authenticity B. integrity C. confidentiality
A. authenticity (Genuine and Original)
An interruption in an authorized user's access to a computer network, typically one caused with malicious intent is called -------------- A. A virus attack B. DOS attack C. Hoax Attack
B. DOS attack (Virus only causes attack on systems)
Multipartite virus can change its signature every time it infects a new file. A. True . B.False
B. False (Only Polymorphic virus can change signature)
Adware is a general term to describe software that violates a user's personal information/data. A. True B. False
B. False (Only Spyware)
The main difference between a virus and a worm is that worm needs a host program, while virus doesn't need a host program. A. True B. False
B. False Worm doesn't need a host program; however, virus needs a host program. (Piggyback)
Elite hackers have the least amount of technical skills while script kiddies due to their large numbers possess the best technical expertise? A. True B. False
B. False (Elite hackers are masters of programming)
You logged into your organization's e-mail system at odd hours and were still able to access your own e-mails. This is considered a security breach due to abnormality. A. True B. False
B. False (Since it is your email system you can access it at any time)
Mr. Tan, an undergraduate student at a local University was supposed to view only his grades, however, he realized that he is able to modify some of his grades as well. Even though he tried to delete the whole file, he was not successful. This attack is against the ------------------ security goal. A. Confidentiality B. Integrality C. Availability
B. Integrality
A _________ approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. A. Triple DES This is symmetric encryption algorithm based on DES. B. brute-force C. block cipher
B. brute-force
_____ ensures that critical business functions continue if a catastrophic incident or disaster occurs. a. Business continuity planning (BCP) b. Incident response planning (IRP) c. Contingency planning (CP) d. Crisis management
a. Business continuity planning (BCP)
One of the foundations of security architectures is the requirement to implement security in layers. This layered approach is referred to as _____. a. Defense in depth b. Perimeter defense c. Top down defense d. Bottom up defense
a. Defense in depth
When a program tries using all commonly used passwords, this is known as a ______. a. Dictionary attack b. Brute Force attack
a. Dictionary attack
. _____ consists of the actions taken to prepare for and recovery from the impact of an incident on information assets. a. Disaster recovery planning b. Incident response c. Contingency step d. Crisis management action
a. Disaster recovery planning
____ occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. a. Information extortion b. Technological extortion c. Insider trading d. Information hording
a. Information extortion
Which one of the following about a computer worm is not true? a. It crawls to another system only when a user accidently runs it. b. The worm creator seeks out system vulnerabilities to get the worm started. c. The Internet may have to shut down due to a worm infestation. d. None of the above.
a. It crawls to another system only when a user accidently runs it. (DO not need to run it, automatically travels)
. The generally recognized term for the government protection afforded to intellectual property (written and electronic) is copyright law. a. True b. False
a. True
If information has a state of being genuine or original and is not a fabrication, it has the characteristic of authenticity. a. True b. False
a. True
Information security programs that begin at a grassroots level by system administrators to improve security are often called a bottom-up approach. a. True b. False
a. True
Warnings of attacks that are not valid are usually called hoaxes. a. True b. False
a. True
The earliest form of cyber security, especially over the ARPANET, is physical security. a. True b. False
a. True (Mainframes)
The characteristic of information that deals with preventing disclosure is ______. a. confidentiality b. possession c. authenticity d. integrity
a. confidentiality
Malwares are usually written by __________________. a. expert programmers b. scripts kiddies c. terrorists/spies d. all of the above
a. expert programmers
Another name for TCP hijacking is _____. a. man-in-the-middle b. mail bombing c. spoofing d. denial of service
a. man-in-the-middle
A centralized network computer on which programs and data can be stored is called a__________. a. server b. client c. Web proxy d. Network device authentication (NDA)
a. server
What is a type of law that addresses violations harmful to society and that is enforced by prosecution by the state? a. Civil law b. Criminal Law c. Private Law d. Public Law
b. Criminal Law
_____ define socially acceptable behaviors. a. Culture b. Ethics c. Tradition d. Law
b. Ethics
A computer worm consists of segments of code that perform malicious actions. a. True b. False
b. False (Only Virus contain code segments)
Network security addresses the issues needed to protect items, objects, or areas. a. True b. False
b. False (Physical Security)
_____ is planning for the identification, classification and response to an incident. a. Business continuity planning (BCP) b. Incident response planning (IRP) c. Contingency planning (CP) d. Crisis management
b. Incident response planning (IRP)
A(n) _____ addresses specific areas of technology, requires frequent updates, and contains a statement on the organization's position on a specific issue. a. IT Laws b. Issue-specific security policies (ISSP) c. System-specific security policies (SysSP) d. Management policies
b. Issue-specific security policies (ISSP)
Which of the following is not true about policies a. Policies should never contradict law b. It is used as a guide c. For a policy to be effective, it must be properly disseminated and understood by all members of organization and uniformly enforced d. None of the above
b. It is used as a guide
____ security encompasses the protection of voice and data networking components, connections, and content. a. Information b. Network c. Physical d. Communications
b. Network
What direct how issues should be addressed and technologies used? a. Laws b. Policies c. Standards d. Management
b. Policies
____ are hackers of limited skill who use expertly written software to attack a system a. System programmers b. Script kiddies c. Terrorists d. End users
b. Script kiddies
A computer Trojan horse is ________________________________ a. not structured to exist by itself. b. a program that hides its malicious intent behind the façade of offering something useful or interesting. c. a program that piggybacks on other executable program. d. all of the above.
b. a program that hides its malicious intent behind the façade of offering something useful or interesting.
A ____ is an application error that occurs when more data is sent to a program buffer than it is designed to handle. a. buffer underrun b. buffer overrun c. heap overflow d. heap attack
b. buffer overrun
Ownership or control of information is called the characteristic of _____. a. confidentiality b. possession c. authenticity d. integrity
b. possession ( Data's ownership or control legitimacy)
. _____ is conducted by the organization to prepare for, react to, and recover from events that threaten the security of information and information assets in the organization, and the subsequent restoration to normal modes of business operations. a. Business continuity planning (BCP) b. Incident response planning (IRP) c. Contingency planning (CP) d. Crisis management
c. Contingency planning (CP)
____ hack systems to conduct terrorist activities via network or Internet pathways. a. Cyberhackers b. Electronic terrorists c. Cyberterrorists d. Electronic hackers
c. Cyberterrorists
What legal actions an inventor can take against a company, who is responsible to fabricate his new design, of a security breach in his design? a. Failure in care of duty. b. Privacy invasion. c. Disclosure of confidence information. d. All of the above.
c. Disclosure of confidence information
. ____ is "the redirection of legitimate Web traffic to an illegitimate site for the purpose of obtaining private information." a. Sniffer b. Phishing c. Pharming d. Social Engineering
c. Pharming
_____ is a type of law that regulates the relationship between an individual and an organization. a. Civil law b. Criminal Law c. Private Law d. Public Law
c. Private Law
_____ are detailed statements of what must be done to comply with policy. a. Laws b. Policies c. Standards d. Management
c. Standards
. _____ are frequently codified as standards and procedures to be used when configuring or maintaining systems. a. IT Laws b. Issue-specific security policies (ISSP) c. System-specific security policies (SysSP) d. Management policies
c. System-specific security policies (SysSP)
A computer virus _________________________ a. is created by a flaw in the CPU (Central Processing Unit). b. is executed when its host program is stored in the hard disk. c. runs when the file it is attached to is opened. d. is not a computer program.
c. runs when the file it is attached to is opened.
When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow a(n) ____ approach. a. executive led b. trickle down c. top-down d. bottom-up
c. top-down
________________ are probable sources of security threats. a. Hackers and expert programmers b. Terrorists and hackers c. Lawyers, social/political activists and disgruntled employees d. All of the above
d. All of the above
____ security addresses the protection of all communications media, technology, and content. a. Information b. Network c. Physical d. Communications
d. Communications
. _____ is a type of law that regulates the structure and administration of government agencies. a. Civil law b. Criminal Law c. Private Law d. Public Law
d. Public Law
A(n) _____ defines the edge between the outer limit of an organization's security and the beginning of the outside world. a. Gateway b. Router c. Firewall d. Security perimeter
d. Security perimeter
Which of the following is true about DMZ? a. between inside (local area network or LAN) and outside networks (the Internet) b. neither as secure as the internal network, nor as insecure as the public Internet c. contains web servers, email servers, routers d. all of the above
d. all of the above
Using a known or previously installed access mechanism is called using a _____. a. hidden bomb b. vector c. spoof d. back door
d. back door