Intro to Cybersecurity - Exam 1
The fundamental job of every operating system is to run programs, and this relies on:
-process management -random access memory (RAM) management -input/output (I/O) management
The following risks are associated with a weak threat:
-Shoulder surfing -Simple trial and error password guessing -Searching for a written password
The following are fundamental strategies for authenticating people on computer systems
-Something you know -Something you have -Something you are NOT Something you make
____________ flaws in the software such as finger service are often exploited.
Buffer Overflow
As with CERT Advisories, the system relies on the discovery of vulnerabilities by vendors or other interested parties, and the reporting of these vulnerabilities through the ___________ process.
CVE
What is CIA?
Confidentiality, Integrity, Availability
______________ a person who has learned specific attacks on computer systems and can use those specific attacks.
Cracker
Information security architecture often relies on boundaries outside the computer to protect important information or programs from error prone or malicious programs.
False
Offline attacks are easily detected (True or False)
False
Part of the reason why the Morris worm was successful was that the finger process had Least Privilege instead of Most Privilege.
False
Steganography is a type of vault computer-based access control.
False
Tokens are favored over passwords as they are immune to sniffing and trial-and-error guessing. (True or False)
False
Victims can protect themselves against zero-day attacks.
False
When a system process starts another, the parent process often inherits the child's access rights.
False
When selecting a password, random collections of letters contain far less entropy than written words. (True or False)
False
When you are biased in selecting a password, you choose your password from the entire search space. (True or False)
False
Zero Day vulnerability is one that has been reported to the software's vendor and the general public.
False
Average attack space measures the time until success is certain. (True or False)
False "...until success is LIKELY"
Biometrics and tokens are a good choice for a household environment. (True or False)
False Household environment is ok to use biometrics but NOT tokens
Network-based guessing is the most powerful modern attack on passwords. (True or False)
False The offline attack is the most powerful modern attack on passwords
USB tokens are weak because if the public key becomes lost or stolen the private key can be derived from it. (True or False)
False The private key cannot be derived from the public key
Passive tokens are favored as they are immune to sniffing attacks. (True or False)
False They are not immune to sniffing attacks
True randomness is easily achieved with the random function of an application like excel. (True or False)
False random functions like that of excel are known as Pseudorandom numbers
Two factor authentication is using two passwords (True or False)
False - need to use two DIFFERENT factors of authentication, not two instances of the same factor.
Entropy refers to the strength of a password system. (True or False)
False: Entropy is a measure of the uncertainty in the value of a variable that takes on random variables
MD5 is one of the most recent forms of hash functions. (True or False)
False: SHA-224,SHA-256, SHA-384 and SHA-512 are more recent
The file system that organizes a volume's contents around five master files, such as the catalog file and the extents overflow file, is:
HFS+
The law that establishes security measures that must be taken on health-related information is:
HIPAA
When disclosing a security vulnerability in a system or software, the manufacturer should avoid:
Including enough detail to allow an attacker to exploit the vulnerability
An interpreter is a program that interprets the text of a program one word at a time, and performs the actions specified in the text. The following are examples of interpreters except:
Java
What is a worm?
Malware
The file system that uses a master file table is:
NTFS
The major file system used with Windows today is:
NTFS
To switch between two processes, the operating system maintains a collection of data called the ____________
Process State
In a hierarchical file system directory, the topmost directory is called the:
Root
The most recent listed hash algorithm is what?
SHA-512
In a password system, the total number of possible passwords is called the:
Search Space
An attack in which someone tries to trick a system administrator into divulging a password is called:
Social Engineering
A security analyst is performing a security assessment. The analyst should not:
Take actions to mitigate a serious risk
A security database that contains entries for users and their access rights for files and folders is:
an access control list (ACL)
The following are steps a digital forensic investigator takes when collecting evidence except:
analyze the evidence
CIA properties do not include:
authentication
The process of loading and running a program from a mass storage device like a hard drive or CD-ROM is called:
bootstrapping
The part of a FAT volume that stores files and subdirectories is the:
clusters
A type of security control that takes measures to help restore a system is referred to as:
corrective
The condition in which files automatically take on the same permissions as the folder in which they reside is called:
dynamic inheritance
A threat agent is a person who did attack our assets, an attacker might attack an asset.
false
The main purpose of a software patch is to:
fix a bug in a program
a zero-day exploit:
has no software patch
The sector(s) at the beginning of a hard disk that identify the starting block of each partition is called the:
master boot record
A typical hard drive has an arm, a read/write head, and:
platters
The type of computer-based access control that involves a process that uses secret or hidden information in order to retrieve particular data items is:
puzzle
The Fourth Amendment prevents arbitrary searches of areas where users expect their privacy to be protected. This is referred to as:
reasonable expectation of privacy
A rational security decision, such as locking your vehicle when not in use, is an example of:
reasoned paranoia
The term for recovering from computer-related attacks, incidents, and compromises is:
remediation
One of the vulnerabilities the Morris worm used was a networking service called finger. The purpose of the finger service is to:
report the status of the individual computer users
In Windows, when you MOVE (not COPY) a file from one folder to another and the folders have different access permissions, the file:
retains its original access rights
A primary use of event logs is to:
serve as an audit trail
In Windows, when you COPY (not MOVE) a file from one folder to another and the folders have different access permissions, the file:
takes on the access rights on the destination folder
Hashing
transforms readable text into gibberish
Security Category RMF begins with a high level estimate of the impact caused by cyber security failures.
true
The term "security theater" refers to security measures intended to make potential victims feel safe and secure without regard to their effectiveness.
true
An authentication system that requires the user to provide two different passwords and a fingerprint scan is an example of:
two-factor authentication
When collecting digital evidence from a crime scene, often the best strategy for dealing with a computer that is powered on is to:
unplug it
There are three types of tokens; they do not include which?
Token types -Passive tokens -challenge response tokens -one time password tokens Not a token type -Offensive tokens
16 character passwords seem out of range of current password cracking methods. (True or False)
True
A compromised computer is no longer trustworthy because it may have been subverted.
True
A computer's Basic Input/Output System (BIOS) is a computer program stored in read-only memory (ROM).
True
A stack provides a simple, structured way to give temporary storage to a procedure, including a place to save the return address.
True
ACL implementation in Microsoft windows provides flexible and sophisticated inheritance. Files and folders automatically inherent changes made to an enclosing folder access rights.
True
All modern systems use a hierarchical directory to organize files into groups.
True
Authentication associates an individual with an identity. (True or False)
True
Default permit: Everything is allowed except sites on the prohibited list.
True
Everything a computer does, right or wrong, results from running a computer program written by people.
True
If the "root" user accesses a file, the system grants full access.
True
Keyloggers can be hardware or software based (True or False)
True
Low-hanging fruit refers to the easiest targets in an attack. (True or False)
True
Never choose a password with a strong personal association. (True or False)
True
Regarding access permissions in Windows, the owner of a shared folder may read, modify, and delete other user's files.
True
Some challenge-response systems use a token as part of the user identification process. (True or False)
True
Some operating systems provide ways of temporarily granting administrative to people logged in to regular accounts.
True
The computer keeps record of what it does and those set of files are called the event log or the audit trail.
True
The one-way hash is a cryptographic function. (True or False)
True
The role of a hard drive controller is to operate the head assembly and select the correct sector.
True
The window of vulnerability is the period of time during which a system is unprotected from an exploit.
True
We call scripts macros, especially when we embed them in other documents.
True
When an attacker is attacking a password system, the average attack space estimates the number of guesses required before success is likely. (True or False)
True
What is a vulnerability?
a flaw
Biometrics are a favored form of authentication as they are immune to sniffing attacks. (True or False)
False
Authentication does what:
Associates an individual with an identity while ACCESS CONTROL will check and grant access rights
An attack that blocks access to a system by other users is called:
Denial of Service
A checksum can correct smaller errors in a sector and detect larger errors.
False
A compiler is a program that "interprets" the text of our program a word at a time.
False
A vulnerability is a security measure intended to protect an asset.
False
Application programs are the only executable files on a typical operating system.
False
As with threat agents, attacks do not affect non-cyber resources.
False
At a crime scene, the computer must be analyzed on the spot and documented after they are considered safe.
False
Authentication is a security service that ensures information is reliably available.
False
Biometric readers have a large allowance for error in reading and conditions of the body. (True or False)
False