Information Security Exam Questions

A/An _______________ is the set of entry points and data that attackers can use to compromise a system.

Attack Surface

A SYN Flood attack impacts which of the following:

Availability

_______________ refers to the ability to use information or resources.

Availability

Access control mechanisms support confidentiality.

True

An "International Domain Name Homograph Attack" uses similar looking characters, possibly from different international character sets, to convince a user to click on a link with what appears to be a legitimate domain name.

True

Principle of Separation of Privilege

A system should not grant permission based on a single condition

Define: Delay

A temporary inhibition of service

Define: Substitution Cipher

Changes characters in the plaintext to produce the ciphertext

The acronym CSIRT stands for:

Computer Security Incident Response Team

Limiting the objects accessible to a given process run by the user is not a good protectiontechnique.

False

Most attacks are not multistage, rather they are a single step attack.

False

Once installed, anti-malware software doesn't need to be updated.

False

Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: private keys which may be disseminated widely, and public keys which are known only to the owner.

False

Risks do not change over time

False

Security mechanisms must be technical in nature.

False

Security provides direct financial rewards to the user

False

The aspect of availability that is relevant to security is that someone may deliberately arrange to allow access to data or to a service by making it unavailable or unusable.

False

Two-factor login requires the user to solve 2 math problems (factoring) before they can login.

False

You don't need to use encrypted communications on inside networks.

False

Define: Design

Translates the specifications into components that will implement them

"Secure" and "Trust" are relative notions.

True

A DMZ web server will have a highly restrictive security policy.

True

A VPN creates a secure "tunnel" which encrypts traffic between two locations.

True

A botmaster, controls bots from one or more systems called command and control (C&C) servers or motherships.

True

A drive-by download occurs when a user visits a web page and a download occurs without the user knowing it, or when the user knows it but does not understand the effects of the download.

True

The activity take to make a system as safe as possible is called _______________.

Hardening

A firewall helps protect an organization's network from unwanted traffic.

True

A message digest is generated from a mathematical function and is created to ensure the message contents have not changed.

True

A security policy is a statement of what is, and what is not, allowed.

True

Availability is an important aspect of reliability as well as of system design because an unavailable system is at least as bad as no system at all.

True

Backups need to be tested occasionally to ensure that they are backing up the correct data and that the files can be restored.

True

Principle of Least Common Mechanism

Mechanisms used to access resources should not be shared

A _______________ virus is one that can infect both boot sectors and applications.

Multipartite

Systems should be customized based on their purpose and should only serve one need.

True

The boot sector is the part of a disk used to bootstrap the system or mount adisk. When the system boots, any virus in that sector is executed.

True

The heart of any security system is people.

True

The three security services—confidentiality, integrity, and availability—counter threats to the security of a system.

True

The use of a public key system provides a way to block repudiation of origin.

True

Trust cannot be quantified precisely.

True

Principle of Fail-Safe Defaults

Unless a subject is given explicit access to an object, it should be denied that object

VPN stands for

Virtual Private Network

Define: Target

The entity the attacker wishes to affect

Define: Cryptanalysis

The science of breaking codes

Principle of Open Design

The security of a mechanism should not depend on the secrecy of its design or implementation

Define: Snooping/Eavesdropping

The unauthorized interception of information

A mail server belongs on which network segment:

DMZ

DMZ stands for:

Demilitarized Zone

Define: Goal

That which the attacker hopes to achieve

Which of the following are valid key lengths for the Advanced Encrypt Standard (AES) cipher?

-192 -128 -256

In public key encryption:

-A private key is created by each entity and must be kept secret -A public is created which is published for everyone to see -Assigns each entity a pair of keys

A database server which stores company data belongs on which network segment:

-Corporate Data -Internal

A database server which customer data belongs on which network segment:

-Customer Data -Internal

Cryptography is a fundamental tool in security because encryption can guarantee:

-Data Integrity -Protection from replay attacks -Message authenticity -Data confidentiality/ privacy

Classes of threat include:

-Disruption -Usurpation -Deception -Disclosure

Which of the following user classifications are common in a corporate environment:

-Employees -Outsiders -Executives -Developers

Which are valid file-level permissions?

-Execute -Write -Create -Read -Delete

When you step away from your computer you should always:

-Logout -Lock your screen

Botnets can be organized in the following ways:

-Peer to Peer -Centralized -Very High Latency Random Approach

Which are considered classes of Integrity mechanisms:

-Prevention -Detection

Goals of security include:

-Prevention -Recovery -Detection

Which of the following data/system classifications are common in a corporate environment:

-Private -Confidential -Sensitive -Public

Which of the following are motives for cyber attacks?

-Revenge -Challenge -Subversion -Cash/Money -Infamy -Hacktivism

Which of the following data/system classifications are common in a government environment:

-Secret -Top Secret -Unclassified -Confidential

Which of the following are ways to avoid social engineering attacks?

-Separation of duties -Testing your users -Training your users

Which of the following are common indicators of a phishing attempt?

-Spelling and layout -Spoofed hyperlinks -Generic greetings and signature -Suspicious attachments -Suspicious senders address

Which of the following are ways of encrypting files on disk?

-Whole dis encryption -Gnu Privacy Guard -Pretty Good Privacy -Whole volume/partition encryption

Which of the following are true statements for a development system:

-Within the development network itself, users are trusted not to attack development network systems. -It is on the internal network, usually segmented into their own subnet -Only authorized users are allowed to use the system.

Principle of Least Privilege / Principle of Least Authority

A subject should be given only those privileges that it needs in order to complete its task

Define: Specification

A (formal or informal) statement of the desired functioning of the system

Define: Onetime Pad

A cipher that has a key that is at least as long as the message and is chosen at random, so it does not repeat.

Define: Digital Signature

A construct that authenticates both the origin and the contents of a message in a manner that is provable to be a disinterested third party

Define: Denial of Receipt

A false denial that an entity received some information or message

Define: Repudiation of Origin

A false denial that an entity sent (or created) something

Define: Denial of Service

A long-term inhibition of service

Define: Cyphertext

A message after it has been encrypted

Define Cipher

A secret or disguised way of writing; a code

Define: Decryption Key

A short bit key used to decrypt a message

Define: Encryption Key

A short bit string used to encrypt a message

_______________ accounts generally have unrestricted access to a system.

Administrator

Principle of Complete Mediation

All accesses to objects be checked to ensure they are allowed

Define: Multistage Attack

An attack that requires several steps to achieve its goal

Define: Plaintext

An original message before it has been encrypted

Define: Modification/Alteration

An unauthorized change of information

System specification, design, and implementation can provide a basis for determining "how much" to trust a system. This aspect of trust is called __________.

Assurance

An actual security violation that results from a threat is called an:

Attack

One access control mechanism for preserving _______________ is cryptography, which transforms data to make it incomprehensible.

Confidentiality

The components of the CIA triad are:

Confidentiality, Integrity, Availability

Define: Implementation

Creates a system that satisfies the design

A web server belongs on which network segment:

DMZ

A developer web server belongs on which network segment:

Development

A DMZ web server has a policy very similar to that of a development system.

False

A hash algorithm takes data and converts it to a unique numerical value in a way that makes it easy to recover back the original text.

False

A password manager is a person who keeps track of all of your passwords at work.

False

A security violation must actually occur for there to be a threat.

False

DMZ servers typically have a dynamic private IP address and are usually mapped for outbound traffic using Port Address Translation (PAT)

False

Detection mechanisms try to prevent violations of integrity.

False

Eradicating an attack means allowing the attack to continue in order to analyze it.

False

Firewalls should be configured to allow all traffic unless specifically denied.

False

Inside servers typically have a fixed public IP address, or are mapped to a public address using Network Address Translation.

False

Define: Masquerading/Spoofing

Impersonation of one entity by another

A disgruntled employee is an example of a _______________ threat.

Insider

A _______________ virus is a virus composed of a sequence of instructions that is interpreted, rather than executed directly.

Macro

Malicious logic, more commonly called _______________, is a set of instructions that cause a site's security policy to be violated.

Malware

A typical _______________ attack requires that the attackers create a web site displaying a page that looks like it belongs to a bank. Thus, when victims visit the web site, they will believe they are at the bank's web site and not the false one.

Phishing

_______________ is at the heart of every decision involving security.

Policy

Define: Transposition Cipher

Rearranges characters in the plaintext to form the cipher text. The letters are not changed

A "safe" environment where code can be executed to test its behavior is called a _______________.

Sandbox

Wiping files means ...

Securely deleting file data by overwriting with zeros, ones and/or other random characters

Principle of Economy of Mechanism

Security mechanisms should be as simple as possible

Principle of Least Astonishment

Security mechanisms should be design so that users understand the reason that the mechanism works the way it does, and that using the mechanism is simple

Principal of Psychological Acceptability

Security mechanisms should not make the resource more difficult to access if security mechanisms were not present

_______________ is when an attacker watches the target enter their password.

Shoulder Surfing

_______________ engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.

Social

Like adware, _______________ gathers information about a user, system, or other entity and transmits it or stores it for later retrieval. Unlike adware, its presence is supposed to be invisible to the user and system, so its function is truly covert.

Spyware

__________ analysis requires that something about the malware's structure be known, or be derivable; __________ analysis examines what the program does as it executes, and so can identify previously unknown malware if the malicious action occurs during the analysis.

Static, Behavioral

Behavioral signatures focus on the actions taken by the malware. The suspected malware is placed in an environment that emulates the one it will execute in, typically a sandbox of some kind. The suspected malware is then executed, and the execution monitored for some period of time. If the program does anything considered bad, it is identified as malware.

True

Firewalls should separate the Internet, the DMZ, and the internal network.

True

Humans are the weakest link in any information security environment.

True

It is considered best practice to maintain and review logs of all system activity, including user actions.

True

Jailing of attackers is an approach that allows the attackers to think that their attacks have succeeded, but places them in a confined area in which their observed behavior can be controlled and, if necessary, manipulated.

True

Longer passwords are harder to crack and therefore strong and better to use.

True

Many such antivirus programs exist for personal computers, but because each agent must look for particular characteristics or behaviors of virus or set of viruses, they cannot detect viruses with only characteristics or behaviors that have not yet been analyzed.

True

Once you identify your critical assets, you must determine which ones are at the most risk of being attacked by authorized insiders and how these assets should be protected and monitored.

True

Prevention mechanisms seek to maintain the integrity of the data by blocking any unauthorized attempts to change the data or any attempts to change the data in unauthorized ways.

True

Revealing a public key is safe because the functions used for encryption and decryption have a one way property. That is, telling someone the public key does not allow the person to forge a message that is encrypted with the private key.

True

Sometimes a Cost-Benefit analysis will determine that it's not worth protecting an asset.

True

Spearphishing is a phishing attack tailored for a particular victim.

True

A _______________ network in a wireless network system allows visitors to connect to the Internet while not allowing them to access corporate computing resources.

guest

A digital _______________ is a construct that authenticates both the origin and contents of a message in a manner that is provable.

signature