Intro to Cybersecurity - Exam 1

The fundamental job of every operating system is to run programs, and this relies on:

-process management -random access memory (RAM) management -input/output (I/O) management

The following risks are associated with a weak threat:

-Shoulder surfing -Simple trial and error password guessing -Searching for a written password

The following are fundamental strategies for authenticating people on computer systems

-Something you know -Something you have -Something you are NOT Something you make

____________ flaws in the software such as finger service are often exploited.

Buffer Overflow

As with CERT Advisories, the system relies on the discovery of vulnerabilities by vendors or other interested parties, and the reporting of these vulnerabilities through the ___________ process.

CVE

What is CIA?

Confidentiality, Integrity, Availability

______________ a person who has learned specific attacks on computer systems and can use those specific attacks.

Cracker

Information security architecture often relies on boundaries outside the computer to protect important information or programs from error prone or malicious programs.

False

Offline attacks are easily detected (True or False)

False

Part of the reason why the Morris worm was successful was that the finger process had Least Privilege instead of Most Privilege.

False

Steganography is a type of vault computer-based access control.

False

Tokens are favored over passwords as they are immune to sniffing and trial-and-error guessing. (True or False)

False

Victims can protect themselves against zero-day attacks.

False

When a system process starts another, the parent process often inherits the child's access rights.

False

When selecting a password, random collections of letters contain far less entropy than written words. (True or False)

False

When you are biased in selecting a password, you choose your password from the entire search space. (True or False)

False

Zero Day vulnerability is one that has been reported to the software's vendor and the general public.

False

Average attack space measures the time until success is certain. (True or False)

False "...until success is LIKELY"

Biometrics and tokens are a good choice for a household environment. (True or False)

False Household environment is ok to use biometrics but NOT tokens

Network-based guessing is the most powerful modern attack on passwords. (True or False)

False The offline attack is the most powerful modern attack on passwords

USB tokens are weak because if the public key becomes lost or stolen the private key can be derived from it. (True or False)

False The private key cannot be derived from the public key

Passive tokens are favored as they are immune to sniffing attacks. (True or False)

False They are not immune to sniffing attacks

True randomness is easily achieved with the random function of an application like excel. (True or False)

False random functions like that of excel are known as Pseudorandom numbers

Two factor authentication is using two passwords (True or False)

False - need to use two DIFFERENT factors of authentication, not two instances of the same factor.

Entropy refers to the strength of a password system. (True or False)

False: Entropy is a measure of the uncertainty in the value of a variable that takes on random variables

MD5 is one of the most recent forms of hash functions. (True or False)

False: SHA-224,SHA-256, SHA-384 and SHA-512 are more recent

The file system that organizes a volume's contents around five master files, such as the catalog file and the extents overflow file, is:

HFS+

The law that establishes security measures that must be taken on health-related information is:

HIPAA

When disclosing a security vulnerability in a system or software, the manufacturer should avoid:

Including enough detail to allow an attacker to exploit the vulnerability

An interpreter is a program that interprets the text of a program one word at a time, and performs the actions specified in the text. The following are examples of interpreters except:

Java

What is a worm?

Malware

The file system that uses a master file table is:

NTFS

The major file system used with Windows today is:

NTFS

To switch between two processes, the operating system maintains a collection of data called the ____________

Process State

In a hierarchical file system directory, the topmost directory is called the:

Root

The most recent listed hash algorithm is what?

SHA-512

In a password system, the total number of possible passwords is called the:

Search Space

An attack in which someone tries to trick a system administrator into divulging a password is called:

Social Engineering

A security analyst is performing a security assessment. The analyst should not:

Take actions to mitigate a serious risk

A security database that contains entries for users and their access rights for files and folders is:

an access control list (ACL)

The following are steps a digital forensic investigator takes when collecting evidence except:

analyze the evidence

CIA properties do not include:

authentication

The process of loading and running a program from a mass storage device like a hard drive or CD-ROM is called:

bootstrapping

The part of a FAT volume that stores files and subdirectories is the:

clusters

A type of security control that takes measures to help restore a system is referred to as:

corrective

The condition in which files automatically take on the same permissions as the folder in which they reside is called:

dynamic inheritance

A threat agent is a person who did attack our assets, an attacker might attack an asset.

false

The main purpose of a software patch is to:

fix a bug in a program

a zero-day exploit:

has no software patch

The sector(s) at the beginning of a hard disk that identify the starting block of each partition is called the:

master boot record

A typical hard drive has an arm, a read/write head, and:

platters

The type of computer-based access control that involves a process that uses secret or hidden information in order to retrieve particular data items is:

puzzle

The Fourth Amendment prevents arbitrary searches of areas where users expect their privacy to be protected. This is referred to as:

reasonable expectation of privacy

A rational security decision, such as locking your vehicle when not in use, is an example of:

reasoned paranoia

The term for recovering from computer-related attacks, incidents, and compromises is:

remediation

One of the vulnerabilities the Morris worm used was a networking service called finger. The purpose of the finger service is to:

report the status of the individual computer users

In Windows, when you MOVE (not COPY) a file from one folder to another and the folders have different access permissions, the file:

retains its original access rights

A primary use of event logs is to:

serve as an audit trail

In Windows, when you COPY (not MOVE) a file from one folder to another and the folders have different access permissions, the file:

takes on the access rights on the destination folder

Hashing

transforms readable text into gibberish

Security Category RMF begins with a high level estimate of the impact caused by cyber security failures.

true

The term "security theater" refers to security measures intended to make potential victims feel safe and secure without regard to their effectiveness.

true

An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of:

two-factor authentication

When collecting digital evidence from a crime scene, often the best strategy for dealing with a computer that is powered on is to:

unplug it

There are three types of tokens; they do not include which?

Token types -Passive tokens -challenge response tokens -one time password tokens Not a token type -Offensive tokens

16 character passwords seem out of range of current password cracking methods. (True or False)

True

A compromised computer is no longer trustworthy because it may have been subverted.

True

A computer's Basic Input/Output System (BIOS) is a computer program stored in read-only memory (ROM).

True

A stack provides a simple, structured way to give temporary storage to a procedure, including a place to save the return address.

True

ACL implementation in Microsoft windows provides flexible and sophisticated inheritance. Files and folders automatically inherent changes made to an enclosing folder access rights.

True

All modern systems use a hierarchical directory to organize files into groups.

True

Authentication associates an individual with an identity. (True or False)

True

Default permit: Everything is allowed except sites on the prohibited list.

True

Everything a computer does, right or wrong, results from running a computer program written by people.

True

If the "root" user accesses a file, the system grants full access.

True

Keyloggers can be hardware or software based (True or False)

True

Low-hanging fruit refers to the easiest targets in an attack. (True or False)

True

Never choose a password with a strong personal association. (True or False)

True

Regarding access permissions in Windows, the owner of a shared folder may read, modify, and delete other user's files.

True

Some challenge-response systems use a token as part of the user identification process. (True or False)

True

Some operating systems provide ways of temporarily granting administrative to people logged in to regular accounts.

True

The computer keeps record of what it does and those set of files are called the event log or the audit trail.

True

The one-way hash is a cryptographic function. (True or False)

True

The role of a hard drive controller is to operate the head assembly and select the correct sector.

True

The window of vulnerability is the period of time during which a system is unprotected from an exploit.

True

We call scripts macros, especially when we embed them in other documents.

True

When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely. (True or False)

True

What is a vulnerability?

a flaw

Biometrics are a favored form of authentication as they are immune to sniffing attacks. (True or False)

False

Authentication does what:

Associates an individual with an identity while ACCESS CONTROL will check and grant access rights

An attack that blocks access to a system by other users is called:

Denial of Service

A checksum can correct smaller errors in a sector and detect larger errors.

False

A compiler is a program that "interprets" the text of our program a word at a time.

False

A vulnerability is a security measure intended to protect an asset.

False

Application programs are the only executable files on a typical operating system.

False

As with threat agents, attacks do not affect non-cyber resources.

False

At a crime scene, the computer must be analyzed on the spot and documented after they are considered safe.

False

Authentication is a security service that ensures information is reliably available.

False

Biometric readers have a large allowance for error in reading and conditions of the body. (True or False)

False