Information Security Exam Questions
A/An _______________ is the set of entry points and data that attackers can use to compromise a system.
Attack Surface
A SYN Flood attack impacts which of the following:
Availability
_______________ refers to the ability to use information or resources.
Availability
Access control mechanisms support confidentiality.
True
An "International Domain Name Homograph Attack" uses similar looking characters, possibly from different international character sets, to convince a user to click on a link with what appears to be a legitimate domain name.
True
Principle of Separation of Privilege
A system should not grant permission based on a single condition
Define: Delay
A temporary inhibition of service
Define: Substitution Cipher
Changes characters in the plaintext to produce the ciphertext
The acronym CSIRT stands for:
Computer Security Incident Response Team
Limiting the objects accessible to a given process run by the user is not a good protectiontechnique.
False
Most attacks are not multistage, rather they are a single step attack.
False
Once installed, anti-malware software doesn't need to be updated.
False
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: private keys which may be disseminated widely, and public keys which are known only to the owner.
False
Risks do not change over time
False
Security mechanisms must be technical in nature.
False
Security provides direct financial rewards to the user
False
The aspect of availability that is relevant to security is that someone may deliberately arrange to allow access to data or to a service by making it unavailable or unusable.
False
Two-factor login requires the user to solve 2 math problems (factoring) before they can login.
False
You don't need to use encrypted communications on inside networks.
False
Define: Design
Translates the specifications into components that will implement them
"Secure" and "Trust" are relative notions.
True
A DMZ web server will have a highly restrictive security policy.
True
A VPN creates a secure "tunnel" which encrypts traffic between two locations.
True
A botmaster, controls bots from one or more systems called command and control (C&C) servers or motherships.
True
A drive-by download occurs when a user visits a web page and a download occurs without the user knowing it, or when the user knows it but does not understand the effects of the download.
True
The activity take to make a system as safe as possible is called _______________.
Hardening
A firewall helps protect an organization's network from unwanted traffic.
True
A message digest is generated from a mathematical function and is created to ensure the message contents have not changed.
True
A security policy is a statement of what is, and what is not, allowed.
True
Availability is an important aspect of reliability as well as of system design because an unavailable system is at least as bad as no system at all.
True
Backups need to be tested occasionally to ensure that they are backing up the correct data and that the files can be restored.
True
Principle of Least Common Mechanism
Mechanisms used to access resources should not be shared
A _______________ virus is one that can infect both boot sectors and applications.
Multipartite
Systems should be customized based on their purpose and should only serve one need.
True
The boot sector is the part of a disk used to bootstrap the system or mount adisk. When the system boots, any virus in that sector is executed.
True
The heart of any security system is people.
True
The three security services—confidentiality, integrity, and availability—counter threats to the security of a system.
True
The use of a public key system provides a way to block repudiation of origin.
True
Trust cannot be quantified precisely.
True
Principle of Fail-Safe Defaults
Unless a subject is given explicit access to an object, it should be denied that object
VPN stands for
Virtual Private Network
Define: Target
The entity the attacker wishes to affect
Define: Cryptanalysis
The science of breaking codes
Principle of Open Design
The security of a mechanism should not depend on the secrecy of its design or implementation
Define: Snooping/Eavesdropping
The unauthorized interception of information
A mail server belongs on which network segment:
DMZ
DMZ stands for:
Demilitarized Zone
Define: Goal
That which the attacker hopes to achieve
Which of the following are valid key lengths for the Advanced Encrypt Standard (AES) cipher?
-192 -128 -256
In public key encryption:
-A private key is created by each entity and must be kept secret -A public is created which is published for everyone to see -Assigns each entity a pair of keys
A database server which stores company data belongs on which network segment:
-Corporate Data -Internal
A database server which customer data belongs on which network segment:
-Customer Data -Internal
Cryptography is a fundamental tool in security because encryption can guarantee:
-Data Integrity -Protection from replay attacks -Message authenticity -Data confidentiality/ privacy
Classes of threat include:
-Disruption -Usurpation -Deception -Disclosure
Which of the following user classifications are common in a corporate environment:
-Employees -Outsiders -Executives -Developers
Which are valid file-level permissions?
-Execute -Write -Create -Read -Delete
When you step away from your computer you should always:
-Logout -Lock your screen
Botnets can be organized in the following ways:
-Peer to Peer -Centralized -Very High Latency Random Approach
Which are considered classes of Integrity mechanisms:
-Prevention -Detection
Goals of security include:
-Prevention -Recovery -Detection
Which of the following data/system classifications are common in a corporate environment:
-Private -Confidential -Sensitive -Public
Which of the following are motives for cyber attacks?
-Revenge -Challenge -Subversion -Cash/Money -Infamy -Hacktivism
Which of the following data/system classifications are common in a government environment:
-Secret -Top Secret -Unclassified -Confidential
Which of the following are ways to avoid social engineering attacks?
-Separation of duties -Testing your users -Training your users
Which of the following are common indicators of a phishing attempt?
-Spelling and layout -Spoofed hyperlinks -Generic greetings and signature -Suspicious attachments -Suspicious senders address
Which of the following are ways of encrypting files on disk?
-Whole dis encryption -Gnu Privacy Guard -Pretty Good Privacy -Whole volume/partition encryption
Which of the following are true statements for a development system:
-Within the development network itself, users are trusted not to attack development network systems. -It is on the internal network, usually segmented into their own subnet -Only authorized users are allowed to use the system.
Principle of Least Privilege / Principle of Least Authority
A subject should be given only those privileges that it needs in order to complete its task
Define: Specification
A (formal or informal) statement of the desired functioning of the system
Define: Onetime Pad
A cipher that has a key that is at least as long as the message and is chosen at random, so it does not repeat.
Define: Digital Signature
A construct that authenticates both the origin and the contents of a message in a manner that is provable to be a disinterested third party
Define: Denial of Receipt
A false denial that an entity received some information or message
Define: Repudiation of Origin
A false denial that an entity sent (or created) something
Define: Denial of Service
A long-term inhibition of service
Define: Cyphertext
A message after it has been encrypted
Define Cipher
A secret or disguised way of writing; a code
Define: Decryption Key
A short bit key used to decrypt a message
Define: Encryption Key
A short bit string used to encrypt a message
_______________ accounts generally have unrestricted access to a system.
Administrator
Principle of Complete Mediation
All accesses to objects be checked to ensure they are allowed
Define: Multistage Attack
An attack that requires several steps to achieve its goal
Define: Plaintext
An original message before it has been encrypted
Define: Modification/Alteration
An unauthorized change of information
System specification, design, and implementation can provide a basis for determining "how much" to trust a system. This aspect of trust is called __________.
Assurance
An actual security violation that results from a threat is called an:
Attack
One access control mechanism for preserving _______________ is cryptography, which transforms data to make it incomprehensible.
Confidentiality
The components of the CIA triad are:
Confidentiality, Integrity, Availability
Define: Implementation
Creates a system that satisfies the design
A web server belongs on which network segment:
DMZ
A developer web server belongs on which network segment:
Development
A DMZ web server has a policy very similar to that of a development system.
False
A hash algorithm takes data and converts it to a unique numerical value in a way that makes it easy to recover back the original text.
False
A password manager is a person who keeps track of all of your passwords at work.
False
A security violation must actually occur for there to be a threat.
False
DMZ servers typically have a dynamic private IP address and are usually mapped for outbound traffic using Port Address Translation (PAT)
False
Detection mechanisms try to prevent violations of integrity.
False
Eradicating an attack means allowing the attack to continue in order to analyze it.
False
Firewalls should be configured to allow all traffic unless specifically denied.
False
Inside servers typically have a fixed public IP address, or are mapped to a public address using Network Address Translation.
False
Define: Masquerading/Spoofing
Impersonation of one entity by another
A disgruntled employee is an example of a _______________ threat.
Insider
A _______________ virus is a virus composed of a sequence of instructions that is interpreted, rather than executed directly.
Macro
Malicious logic, more commonly called _______________, is a set of instructions that cause a site's security policy to be violated.
Malware
A typical _______________ attack requires that the attackers create a web site displaying a page that looks like it belongs to a bank. Thus, when victims visit the web site, they will believe they are at the bank's web site and not the false one.
Phishing
_______________ is at the heart of every decision involving security.
Policy
Define: Transposition Cipher
Rearranges characters in the plaintext to form the cipher text. The letters are not changed
A "safe" environment where code can be executed to test its behavior is called a _______________.
Sandbox
Wiping files means ...
Securely deleting file data by overwriting with zeros, ones and/or other random characters
Principle of Economy of Mechanism
Security mechanisms should be as simple as possible
Principle of Least Astonishment
Security mechanisms should be design so that users understand the reason that the mechanism works the way it does, and that using the mechanism is simple
Principal of Psychological Acceptability
Security mechanisms should not make the resource more difficult to access if security mechanisms were not present
_______________ is when an attacker watches the target enter their password.
Shoulder Surfing
_______________ engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.
Social
Like adware, _______________ gathers information about a user, system, or other entity and transmits it or stores it for later retrieval. Unlike adware, its presence is supposed to be invisible to the user and system, so its function is truly covert.
Spyware
__________ analysis requires that something about the malware's structure be known, or be derivable; __________ analysis examines what the program does as it executes, and so can identify previously unknown malware if the malicious action occurs during the analysis.
Static, Behavioral
Behavioral signatures focus on the actions taken by the malware. The suspected malware is placed in an environment that emulates the one it will execute in, typically a sandbox of some kind. The suspected malware is then executed, and the execution monitored for some period of time. If the program does anything considered bad, it is identified as malware.
True
Firewalls should separate the Internet, the DMZ, and the internal network.
True
Humans are the weakest link in any information security environment.
True
It is considered best practice to maintain and review logs of all system activity, including user actions.
True
Jailing of attackers is an approach that allows the attackers to think that their attacks have succeeded, but places them in a confined area in which their observed behavior can be controlled and, if necessary, manipulated.
True
Longer passwords are harder to crack and therefore strong and better to use.
True
Many such antivirus programs exist for personal computers, but because each agent must look for particular characteristics or behaviors of virus or set of viruses, they cannot detect viruses with only characteristics or behaviors that have not yet been analyzed.
True
Once you identify your critical assets, you must determine which ones are at the most risk of being attacked by authorized insiders and how these assets should be protected and monitored.
True
Prevention mechanisms seek to maintain the integrity of the data by blocking any unauthorized attempts to change the data or any attempts to change the data in unauthorized ways.
True
Revealing a public key is safe because the functions used for encryption and decryption have a one way property. That is, telling someone the public key does not allow the person to forge a message that is encrypted with the private key.
True
Sometimes a Cost-Benefit analysis will determine that it's not worth protecting an asset.
True
Spearphishing is a phishing attack tailored for a particular victim.
True
A _______________ network in a wireless network system allows visitors to connect to the Internet while not allowing them to access corporate computing resources.
guest
A digital _______________ is a construct that authenticates both the origin and contents of a message in a manner that is provable.
signature