CYSE 101 Homeworks

How do we know at what point we can consider our environment to be secure? Never; perfect security does not exist When we follow industry best practices When we spend 10% of our organization's annual budget If we make it 10 years without a reported incident

Never; perfect security does not exist

What does California's SB 1386 deal with? handling unauthorized exposure of data relating to all US residents requirements to show an individual any records kept on him or her how US federal agencies can share an individual s data with other people and agencies handling unauthorized exposure of data relating to California residents

handling unauthorized exposure of data relating to California residents

Did the formal OPSEC methodology emerge from the government/military or commercial/industrial sectors? government/military

government/military commercial/industry

The primary vulnerability in the Lodz Tram Hack case study was: Over use of encryption Lack of train speed control Interference from the surrounding environment Lack of authentication

Lack of authentication

What do we call the process in which the client authenticates to the server and the server authenticates to the client? a. Single Sign On b. Biometric authentication c. Mutual d.authentication Verification

Mutual authentication

The term operations security and the acronym OPSEC were coined by what Vietnam War-era study? Red Dragon The Tet Offensive Purple Dragon Operation Barbarossa

Purple Dragon

5. Finding installed but unlicensed software on systems is primarily a function of: a. authentication b. authorization c. auditing d. nonrepudiation

c. auditing

If we are using an 4-character password that contains only lowercase English alphabetic characters (26 different characters), how many *more* possible passwords are there if we use a 5-character password (still only lowercase English alphabetic characters? a. 11,424,400 more possibilities b. 26 more possibilities c. Same number of possibilities because still using lowercase English alphabetic characters d. 456,976 more possibilities

11,424,400 more possibilities

9. If we are using an identity card such as a driver's license as the basis for our authentication scheme, which of the following additions would *not* represent multifactor authentication? a. A fingerprint b. A PIN (personal identification number) c. A voice print d. A birth certificate

A birth certificate

QUESTION 2 Explain how Triple DES (3DES) differs from DES. 3DES encrypts each block 3 times using DES and the same key 3DES encrypts 3-character blocks instead of 1-character blocks 3DES encrypts each block 3 times using DES and a different key 3DES encrypts each block 3 times using DES and a default key of all zeros

3DES encrypts each block 3 times using DES and a different key

What is the difference between a stateful packet filtering firewall and a basic packet filtering firewall? A basic packet filtering firewall tracks sessions between systems A stateful packet filtering firewall does not track sessions between systems A stateful packet filtering firewall tracks sessions between systems A basic packet filtering firewall inspects all bytes in every packet

A stateful packet filtering firewall tracks sessions between systems

Which of the following about vulnerabilities and threats is *not* true? Vulnerability is a weakness that may be exploited by a threat Vulnerabilities and threats combine to create risk A vulnerability or a threat, but not both, are required to create risk Threat is an actor that may exploit a vulnerability

A vulnerability or a threat, but not both, are required to create risk

What is competitive counterintelligence? Actions to spy on your competition Actions your competition uses to spy on you Actions to defeat competitive intelligence activities

Actions to defeat competitive intelligence activities

Which of the following is true regarding the history of cybersecurity as presented in class and the associated document? None of the attack perpetrators were caught or identified No actual data was exposed nor harm done in any of the events Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses All of the events were perpetrated by non-US governments against the US government

Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses

Which of the following is *not* true about complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters in length, such as !Hs4(j0qO$&zn1%2SK38cn^!Ks620! ? They may cause users to write the password down For most users, they are difficult to remember Brute force password crackers will break them as quickly as a 4-digit PIN For most users, they make system access less convenient than user-chosen passwords

Brute force password crackers will break them as quickly as a 4-digit PIN

Which of the following is not part of operating system hardening? Changing the main network firewall ruleset Removing unnecessary software Making use of logging and auditing functions Applying the principle of least privilege Removing or turning off unessential services Applying software updates in a timely manner Making alterations to common accounts

Changing the main network firewall ruleset

Name the two main categories of Web security. Race conditions and input validation Buffer overflows and SQL injection Client-side attacks and server-side attacks Denial of Service (DoS) and Distributed Denial of Service (DDoS)

Client-side attacks and server-side attacks

In a data breach (such as the OPM case) which security characteristic of data has been violated? Availability Integrity Confidentiality Authenticity

Confidentiality

QUESTION 10 Which of the following is *not* true about public key cryptography? If a private (protected) key is used to encrypt the data, only the associated public (shared) key may used to decrypt the data In order to encrypt and decrypt with public key cryptography, a key pair (associated public and private key) must be used If a public (shared) key is used to encrypt the data, only the associated private (protected) key may be used to decrypt the data If data is encrypted with a public (shared) key, any private (protected) key may be used to decrypt the data

If data is encrypted with a public (shared) key, any private (protected) key may be used to decrypt the data

3. What do we call the rate at which we fail to authenticate legitimate users in a biometric system? a. True Acceptance Rate (TAR) b. False Acceptance Rate (FAR) c. True Rejection Rate (TRR) d.False Rejection Rate (FRR)

False Rejection Rate (FRR)

QUESTION 4 Decrypt this message: V qb abg srne pbzchgref. V srne gur ynpx bs gurz. -Vfnnp Nfvzbi. (hint: it's a caesar cipher with a 13-character shift, i.e., ROT-13; if stumped, try http://www.xarg.org/tools/caesar-cipher/). I do not fear computers. I fear the lack of them. -Isaac Asimov Any sufficiently advanced technology is indistinguishable from magic. -Arthur C. Clarke Real knowledge is to know the extent of one's ignorance -Confucius Never trust a computer you can't throw out a window. -Steve Wozniak

I do not fear computers. I fear the lack of them. -Isaac Asimov

What is the third law of operations security? If you are not protecting it (the information), . . . THE DRAGON WINS! If you are not protecting it (the information), . . . DON'T WORRY, SOMEONE ELSE WILL! If you are not protecting it (the information), . . . YOU ARE OK! If you are not protecting it (the information), . . . POLISH YOUR RESUME!

If you are not protecting it (the information), . . . THE DRAGON WINS!

8. Which of the following is *not* a reason why an identity card alone might not make an ideal method of authentication? a. May be spoofed b. May be duplicated c. Subject to change d. Issued by the government

Issued by the government

When we have cycled through the entire operations security process, are we finished? Yes, after one cycle we are done No, we continue to iterated through the steps

No, we continue to iterated through the steps

Which of the following would *not* be part of a solution in the Polycom case study? Off site backups Code review Firewall rules Traffic encryption

Off site backups

What does the European Union s (EU) Data Protection Directive (Directive 95/46/EC) deal with? RSA PGP XKCD AES PII

PII

Considering the CIA triad and the Parkerian hexad, which of the following is true? They both have three key elements They both have six key elements Confidentiality, integrity, and availability are only in the CIA triad Parkerian is more complete but not as widely known

Parkerian is more complete but not as widely known

5. What biometric factor describes how well a characteristic resists change over time? a. Universality b. Permanence c. Uniqueness d.Circumvention

Permanence

What does PII stand for? Protocol Independent Integrity Protocol Independent Identity Personally Identifiable Information Privacy, Identify, and Integrity

Personally Identifiable Information

What does the concept of defense in depth mean? Hide your data and systems deep underground Encrypt your data multiple times Protect your data and systems with tools and techniques from different layers Use every available tool at a particular layer to protect you data and systems

Protect your data and systems with tools and techniques from different layers

What is the purpose of a network DMZ? Isolate systems so that they cannot be reached from external networks such as the Internet Encrypt the traffic to and from sensitive systems Provide external access to systems that need to be exposed to external networks such as the Internet in order to function Encrypt the hard drives of sensitive systems

Provide external access to systems that need to be exposed to external networks such as the Internet in order to function

What does a fuzzing tool do? Decrypts poorly encrypted content Provide multiple data and inputs to discover vulnerabilities Decrypts strongly encrypted content Guesses a password to gain system access

Provide multiple data and inputs to discover vulnerabilities

What is the quantitative formula for risk presented in class? RISK = P(V|T) * Impact RISK = P(V,T|E) * Impact RISK = P(E|V,T) * Impact RISK = P(impact) * P(E|V,T)

RISK = P(E|V,T) * Impact

At a high level, what does the Federal Privacy Act of 1974 do? Provides for the electronic surveillance of US citizens without a warrant Provides algorithms for the strong encryption of data Safeguards privacy through creating four rights in personal data Proposes security standards as a condition of processing credit card transactions

Safeguards privacy through creating four rights in personal data

What does the tool Nikto do? Guesses a password to gain system access Decrypts strongly encrypted content Decrypts poorly encrypted content Scans a web server for common vulnerabilities

Scans a web server for common vulnerabilities

What is a key difference between signature and anomaly detection in IDSs? Anomaly detection uses code genealogy (derived code) to detect instructions; signature detection uses fingerprints or distinct patterns of attacks to detect intrusions Anomaly detection uses fingerprints or distinct patterns of attacks to detect intrusions; signature detection uses deviation from baseline activity to detect instructions Signature detection uses fingerprints or distinct patterns of attacks to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions Signature detection uses software behaviors to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions

Signature detection uses fingerprints or distinct patterns of attacks to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions

7. A physical key (like for a door lock) would be described as which type of authentication factor? a. Something you bought b. Something you made c. Something you have d. Something you stole

Something you have

When considering possible risk mitigation actions, which relationship between risk reduction and cost of the action would cause us to recommend the action? The reduction in risk is less than the cost of the action The relationship between reduction in risk and cost of the action is not relevant The reduction in risk is greater than the cost of the action

The reduction in risk is greater than the cost of the action

Why is it important from a security perspective to remove extraneous files from a Web server? They may provide information or vulnerabilities useful to an attacker They take up disk space They take up memory They may be misunderstood by legitimate users or customers

They may provide information or vulnerabilities useful to an attacker

10. In the fake finger video from class, what was the printed circuit board used for? a. To capture a fingerprint from a camera application b. To etch the fingerprint c. To build a circuit to bypass the phone's authentication program d.To write code that simulated the fingerprint

To etch the fingerprint

Which of the following is an example of a race condition? An attacker sends high volumes of network traffic to overwhelm a target A malicious user leaves a trojan horse program for a later user to execute Two bank transactions (withdrawals) run sequentially and the balances are not properly accumulated (recorded) Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded)

Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded)

4. What is the difference between verification and authentication of an identity? a. Verification is weaker confirmation of identity than authentication b. Authentication always includes a biometric mechanism c. Authentication is a weaker confirmation of identity than verification d. Nothing- they mean the same thing

Verification is weaker confirmation of identity than authentication

6. Which of the following is *not* true? a. Voice authentication requires speech to text capability b. Facial recognition may be used for authentication c. The human iris is unique to an individual d.Fingerprints have features such bifurcations, islands and crossovers

Voice authentication requires speech to text capability

How does an XSRF attack works? a buffer overflow on one site is executed by a remote user on a another site a link or script on one web page is executed in the context of that same web page a user's credentials compromised in one attack are used to log in to another target a link or script on one web page is executed in the context of another open web page or web application

a link or script on one web page is executed in the context of another open web page or web application

Question 3 What is the "principal of least privilege"? a. Users are only provided the level of access needed for the task b. Don't grant any users administrator or root level system access c. Provide additional logging for administrator or root level actions d. Penalize users who perform administrator or root level actions

a. Users are only provided the level of access needed for the task

2. What is the difference between vulnerability assessment and penetration testing? a. penetration testing is more in depth than vulnerability assessment b. penetration testing is automated and vulnerability assessment is manual c. they mean the same thing d. vulnerability assessment is more in depth than penetration testing

a. penetration testing is more in depth than vulnerability assessment

8. Which of the following is probably not a useful item to audit for cyber security purposes? a. typing speed and accuracy b. passwords c. physical security d. software licenses

a. typing speed and accuracy

Question 5 The Bell-LaPadula and Biba multilevel access control models each have a different primary security focus. Can these two models be used in conjunction? a. yes b. no

a. yes

QUESTION 6 ECC is classified as which type of cryptographic algorithm? asymmetric quantum symmetric one time pad

asymmetric

Question 9 Which type of access control would be used in the case where we wish to prevent users from logging in to their accounts after business hours? a. Something you know b. Attribute Based Access Control c. Something you are d. Something you have

b. Attribute Based Access Control

Question 2 What is the difference between authorization and access control? a. Access control proves a user's identify and authorization creates a log of their activities b. Authorization specifies what a user can do, and access control enforces what a user can do c. Access control specifies what a user can do, and authorization enforces what a user can do d. Authorization proves a user's identify and access control creates a log of their activities

b. Authorization specifies what a user can do, and access control enforces what a user can do

3. What is the difference between authentication and accountability? a. accountability describes what you can do, and authentication records what you did b. authentication proves who you are, and accountability records what you did c. accountability proves who you are, and authentication records what you did d. authentication describes what you can do, and accountability records what you did

b. authentication proves who you are, and accountability records what you did

1. Which of the following is *not* true about logging user and program actions on a computer? a. log files may be deleted after the fact b. every action on a system is recorded in the kernel log c. log data may be changed after the fact d. logging may act as a deterrent to user activity

b. every action on a system is recorded in the kernel log

7. What impact can good accountability mechanisms have on the admissibility of evidence in court cases? a. enables encryption of the evidence b. maintain chain of custody c. there is no impact d. prevents nonrepudiation

b. maintain chain of custody

6. What does nonrepudiation mean? a. failed logins are recorded in a log b. sufficient evidence exists such that a user cannot deny an action c. crashed processes are automatically restarted d. insufficient evidence exists to prove that a user took an action

b. sufficient evidence exists such that a user cannot deny an action

9. When dealing with legal or regulatory issues, why do we need accountability? a. to prevent malware infections b. to ensure compliance c. to support authorization d. to allow software piracy

b. to ensure compliance

QUESTION 5 What is the difference between a block and a stream cipher? stream ciphers operate on a predetermined number of bits at a time; block ciphers operate on a single bit at a time stream ciphers can only be used once; block ciphers can be used multiple times block ciphers operate on a predetermined number of bits at a time; stream ciphers operate on a single bit at a time block ciphers can only be used once; stream ciphers can be used multiple times

block ciphers operate on a predetermined number of bits at a time; stream ciphers operate on a single bit at a time

Question 7 What does the Brewer and Nash model protect against? a. Phishing b. Network traffic sniffing c. Conflict of interest d. Brute force password guessing

c. Conflict of interest

Question6 Why does access control based on the Media Access Control (MAC) address of the systems on our network not represent strong security? a. MAC addresses are not associated with specific hardware b. The MAC address is the same as the IP address c. MAC addresses can be easily spoofed or changed d. MAC addresses are commonly shared among multiple systems

c. MAC addresses can be easily spoofed or changed

10. Which if the following is not a reason that accountability is important for security? a. acts as a deterrent b. assists with preparing materials for legal proceedings c. prevents weak passwords d. enables nonrepudiation

c. prevents weak passwords

What is the primary purpose of a network firewall? control the traffic allowed in and out of a network allow connections to any internal system IP address allow connections to any internal system port number encrypt network traffic

control the traffic allowed in and out of a network

Question 10 Which should take place first, authorization or authentication? a. They should happen concurrently b. It does not matter c. Authorization d. Authentication

d. Authentication

Question 1 What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)? a. In MAC, resource access is logged; in DAC, resource access is not logged b. In DAC, the owner can only Delete the resource; in MAC, the owner can only Make (create) the resource c. In MAC, the owner of the resource determines access; in DAC, the owner of the resource does not determines access d. In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determines access

d. In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determines access

4. What is one direct benefit of logging? a. blocks certain network traffic b. blocks certain processes from executing c. enforces password changes d. provides a history of system activities

d. provides a history of system activities

Question 4 The confused deputy problem can allow unauthorized privilege escalation to take place; how does this happen? a. one user tries to access a resource already opened by a more privileged user b. one user steals or cracks another user's password c. the user has greater privilege than the software they are using d. software has greater privilege than the user of the software

d. software has greater privilege than the user of the software

Question 8 Given a file containing sensitive data and residing in a Linux operating system with some users who should not have access to the data, would setting the file's permissions to rw-rw-rw- cause a potential security issue? a. no, because no users can execute the file b. no, because other users cannot modify the file c. yes, because all users have full permissions for the file d. yes, because other users can read and modify the file

d. yes, because other users can read and modify the file

Does an SQL injection attack compromise content in the database or content in the Web application? database neither web application both

database

What is the primary purpose of a Network Intrusion Detection System? detect possible attack traffic attack (hack back) against the source of malicious traffic encrypt network traffic block malicious network traffic

detect possible attack traffic

Exploit frameworks make it... harder to recognize possible attacks on the network easier for amateurs to launch cyber attacks harder to amateurs to launch cyber attacks

easier for amateurs to launch cyber attacks

Which of the following would *not* be considered a logical (technical) control? intrusion detection systems fences firewalls passwords encryption

fences

What does applying a vendor OS update (patch) usually do? detects a vulnerability in the OS code fixes vulnerabilities in the OS code creates vulnerabilities in the OS code exploits a vulnerability in the OS code

fixes vulnerabilities in the OS code

Why might we want a (software) firewall (FW) on our host if one already exists on the network? host FWs see more network-wide traffic than network FWs host FWs know more about the local system host FWs provide no advantage over network FWs host FWs know less about the local system

host FWs know more about the local system

How can we prevent buffer overflows in our applications? only run programs on Linux use strong passwords implement proper bounds checking add network capacity

implement proper bounds checking

QUESTION 1 What is the key point of Kerckhoffs second principle (i.e., the one principle most applicable to modern cryptographic algorithms)? it is OK if the enemy knows the cryptographic system energy is conserved it is not OK if the enemy knows the cryptographic system it is OK if the enemy knows the cryptographic key

it is OK if the enemy knows the cryptographic system

Why might we want to use information classification? it helps confuse the adversary it creates extra paperwork and bureaucracy it makes the task of identifying our critical information considerably harder it makes the task of identifying our critical information considerably easier

it makes the task of identifying our critical information considerably easier

Which of the following is not a provision of the Federal Privacy Act of 1974? it lets individuals sue the government for violating its provisions it requires government agencies to show an individual any records kept on him or her it requires agencies to follow certain principles, called fair information practices, when gathering and handling personal data it provides individuals the "right to be removed from the Internet" it places restrictions on how agencies can share an individual s data with other people and agencies

it provides individuals the "right to be removed from the Internet"

Which of the following is not a protocol for wireless encryption? WPA2 WPA WEP kismet

kismet

Why might extradition be a delicate issue when prosecuting computer crimes? lack of a common world-wide operating system lack of a consistent set of laws regarding extradition currency exchange rates a consistent set of laws regarding computer crime means you can prosecute anywhere

lack of a consistent set of laws regarding extradition

Why does network segmentation generally improve security? network segmentation does not generally improve security different people are in charge of different networks traffic on each isoalted segment is faster malicious traffic cannot freely traverse the internal network

malicious traffic cannot freely traverse the internal network

QUESTION 3 Would weak physical security make cryptographic security of data more or less important? more less it doesn't matter this is not the answer you're looking for

more

What tool mentioned in the text might we use to scan for devices on a network, to include fingerprinting the operating system and detecting versions of services on open ports? wireshark honeypots nmap WPA2

nmap

QUESTION 7 How does a substitution cipher work? the letters of a plaintext message are rearranged in a consistent fashion the letters of a plaintext message are replaced with random letters all plaintext letters are exchanged for a single number one plaintext letter or block of letters is exchanged for another in a consistent fashion

one plaintext letter or block of letters is exchanged for another in a consistent fashion

For what might we use the tool Kismet? to block network traffic to patch computers to detect wired devices to detect wireless devices

to detect wireless devices

Why is input validation important from a security perspective? to catch brute force attacks to ensure bank balances are correct to authenticate users to prevent certain types of attacks

to prevent certain types of attacks

What is the difference between a port scanner and a vulnerability assessment tool? port scanners close listening ports; vulnerability assessment tools open listening ports vulnerability assessment tools close listening ports; port scanners open listening ports port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports vulnerability assessment tools discover listening ports; port scanners report known vulnerabilities on listening ports

port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports

How does the principle of least privilege apply to operating system hardening? prevents attack actions that require administrator or root privilege prevents attacks by blocking code execution on the memory stack prevents attacks by blocking known malicious code from executing allows attack actions that require administrator or root privilege

prevents attack actions that require administrator or root privilege

What does executable space protection do for us and how? prevents virus attacks from working by detecting specific byte strings in the code prevents virus attacks from working by preventing an application from running prevents buffer overflow attacks from working by allowing code execution on the memory stack prevents buffer overflow attacks from working by blocking code execution on the memory stack

prevents buffer overflow attacks from working by blocking code execution on the memory stack

Which of the following is not a reason to use a honeypot? attract the attention of attackers in order to study them and their tools release classified or PII data alert us to an attacker's presence detect, monitor, and sometimes tamper with the activities of an attacker

release classified or PII data

According to the text, which of the following is not a security professional's obligation relating to information protection and unauthorized disclosure? release test data to see where it shows up be able to catalog and categorize what information was taken if there is a leak prevent information from unauthorized release

release test data to see where it shows up

What did the PCI DSS establish? security standards as a condition of processing credit card transactions protocols for encryption on credit and debit card chips maximum dollar values for electronic financial transactions encryption algorithm performance requirements

security standards as a condition of processing credit card transactions

If an antivirus tool is looking for specific bytes in a file (e.g., hex 50 72 6F etc.) to label it malicious, what type of AV detection is this? reputation signature behavior zero-day

signature

Why is it important to identify our critical information? all information your organization has is equally important it's impossible to distinguish between critical information and the rest so we can focus on protecting those assets first it's not important

so we can focus on protecting those assets first

QUESTION 9 What type of cipher is a Caesar cipher? substitution transposition quantum one time pad

substitution

What was the primary topic of the material that Edward Snowden released? surveillance of electronic communications of US citizens nuclear weapons CIA human assets (spies) overseas Vault7 cyber tools

surveillance of electronic communications of US citizens

QUESTION 8 What are the main differences between symmetric and asymmetric key cryptography? asymmetric key cryptography allows for decryption; symmetric key cryptography does not allow for decryption symmetric key cryptography allows for decryption; asymmetric key cryptography does not allow for decryption asymmetric key cryptography uses a single key for encryption and decryption; symmetric key cryptography uses two keys, one for encryption and one for decryption symmetric key cryptography uses a single key for encryption and decryption; asymmetric key cryptography uses two keys, one for encryption and one for decryption

symmetric key cryptography uses a single key for encryption and decryption; asymmetric key cryptography uses two keys, one for encryption and one for decryption

What is a cyber attack surface? the number of vulnerabilities in the network area of security the size of the facility housing our critical systems the number of vulnerabilities in the human area of security the total of the number of available avenues through which our system might be attacked

the total of the number of available avenues through which our system might be attacked

How might we use a sniffer to increase the security of our applications? to speed up network traffic to slow down network traffic to read (decrypt) encrypted traffic to watch the network traffic being exchanged with a particular application or protocol

to watch the network traffic being exchanged with a particular application or protocol

In the operations security process, what is the difference between a vulnerability and a threat? vulnerabilities are weaknesses, threats are actors threats only affect the operating system vulnerabilities only exist in software threats are weaknesses, vulnerabilities are actors

vulnerabilities are weaknesses, threats are actors

Does an organization's location or the national origin or location of data they are transmitting or storing affect the organization's use of encryption or how they treat employee information? yes no

yes

Are nmap results always accurate, or is it sometimes necessary to verify nmap output with another tool? you do not need to verify nmap results with another tool or data source you should verify nmap results with another tool or data source

you should verify nmap results with another tool or data source