Chapter 2 - Computer Systems Security Flashcards

1
Q
A group of compromised computers that have software installed by a worm is known as which of the following?
A.Botnet
B.Virus
C.Honeypot
D.Zombie
A

A.A botnet is a group of compromised computers, usually working together, with malware that was installed by a worm or a Trojan horse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some of the drawbacks to using HIDS instead of NIDS on a server? (Select the two best answers.)
A.A HIDS may use a lot of resources that can slow server performance.
B.A HIDS cannot detect operating system attacks.
C.A HIDS has a low level of detection of operating system attacks.
D.A HIDS cannot detect network attacks.

A

A and D.Host-based intrusion detection systems (HIDS) run within the operating system of a computer. Because of this, they can slow a computer’s performance. Most HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating system attack and will usually have a high level of detection for those attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.)
A.Virus
B.Worm
C.Zombie
D.Malware
A

C.Zombies (also known as zombie computers) are systems that have been compromised without the knowledge of the owner. A prerequisite is the computer must be connected to the Internet so that the hacker or malicious attack can make its way to the computer and be controlled remotely. Multiple zombies working in concert often form a botnet. See the section “Computer Systems Security Threats” earlier in this chapter for more information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which of the following is the best mode to use when scanning for viruses?
A.Safe Mode
B.Last Known Good Configuration
C.Command Prompt only
D.Boot into Windows normally
A

A.Safe Mode should be used (if your AV software supports it) when scanning for viruses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Which of the following is a common symptom of spyware?
A.Infected files
B.Computer shuts down
C.Applications freeze
D.Pop-up windows
A

D.Pop-up windows are common to spyware. The rest of the answers are more common symptoms of viruses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are two ways to secure the computer within the BIOS? (Select the two best answers.)
A.Configure a supervisor password.
B.Turn on BIOS shadowing.
C.Flash the BIOS.
D.Set the hard drive first in the boot order.

A

A and D.Configuring a supervisor password in the BIOS disallows any other user to enter the BIOS and make changes. Setting the hard drive first in the BIOS boot order disables any other devices from being booted off, including floppy drives, optical drives, and USB flash drives. BIOS shadowing doesn’t have anything to do with computer security, and although flashing the BIOS may include some security updates, it’s not the best answer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason?
A.Virus
B.Worm
C.Zombie
D.PHP script
A

B.A worm is most likely the reason that the server is being bombarded with information by the clients; perhaps it is perpetuated by a botnet. Because worms self-replicate, the damage can quickly become critical.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Which of the following is not an example of malicious software?
A.Rootkits
B.Spyware
C.Viruses
D.Browser
A

D.A web browser (for example, Internet Explorer) is the only one listed that is not an example of malicious software. Although a browser can be compromised in a variety of ways by malicious software, the application itself is not the malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Which type of attack uses more than one computer?
A.Virus
B.DoS
C.Worm
D.DDoS
A

D.A DDoS, or distributed denial of service, attack uses multiple computers to make its attack, usually perpetuated on a server. None of the other answers use multiple computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
What are the two ways that you can stop employees from using USB flash drives? (Select the two best answers.)
A.Utilize RBAC.
B.Disable USB devices in the BIOS.
C.Disable the USB root hub.
D.Enable MAC filtering.
A

B and C.By disabling all USB devices in the BIOS, a user cannot use his flash drive. Also, the user cannot use the device if you disable the USB root hub within the operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
Which of the following does not need updating?
A.HIDS
B.Antivirus software
C.Pop-up blockers
D.Antispyware
A

C.Pop-up blockers do not require updating to be accurate. However, host-based intrusion detection systems, antivirus software, and antispyware all need to be updated to be accurate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Which of the following are Bluetooth threats? (Select the two best answers.)
A.Bluesnarfing
B.Blue bearding
C.Bluejacking
D.Distributed denial of service
A

A and C.Bluesnarfing and bluejacking are the names of a couple Bluetooth threats. Another attack could be aimed at a Bluetooth device’s discovery mode. To date there is no such thing as blue bearding, and a distributed denial of service attack uses multiple computers attacking one host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
What is a malicious attack that executes at the same time every week?
A.Virus
B.Worm
C.Bluejacking
D.Logic bomb
A

D.A logic bomb is a malicious attack that executes at a specific time. Viruses normally execute when a user inadvertently runs them. Worms can self-replicate at will. And bluejacking deals with Bluetooth devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of these is true for active inception?
A.When a computer is put between a sender and receiver
B.When a person overhears a conversation
C.When a person looks through files
D.When a person hardens an operating system

A

A.Active inception (aka active interception) normally includes a computer placed between the sender and the receiver to capture information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Tim believes that his computer has a worm. What is the best tool to use to remove that worm? 
A.Antivirus software
B.Antispyware software
C.HIDS
D.NIDS
A

A.Antivirus software is the best option when removing a worm. It may be necessary to boot into Safe Mode to remove this worm when using antivirus software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Which of the following types of scanners can locate a rootkit on a computer?
A.Image scanner
B.Barcode scanner
C.Malware scanner
D.Adware scanner
A

C.Malware scanners can locate rootkits and other types of malware. These types of scanners are often found in antimalware software from manufacturers such as McAfee, Norton, Vipre, and so on. Adware scanners (often free) can scan for only adware. Always have some kind of antimalware software running on live client computers!

17
Q
Which type of malware does not require a user to execute a program to distribute the software?
A.Worm
B.Virus
C.Trojan horse
D.Stealth
A

A.Worms self-replicate and do not require a user to execute a program to distribute the software across networks. All the other answers do require user intervention. Stealth refers to a type of virus.

18
Q
Which of these is not considered to be an inline device?
A.Firewall
B.Router
C.CSU/DSU
D.HIDS
A

D.HIDS or host-based intrusion detection systems are not considered to be an inline device. This is because they run on an individual computer. Firewalls, routers, and CSU/DSUs are inline devices.

19
Q
Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat?
A.Spyware
B.Spam
C.Viruses
D.Botnets
A

B.Closing open relays, whitelisting, and blacklisting are all mitigation techniques that address spam. Spam e-mail is a serious problem for all companies and must be filtered as much as possible.

20
Q
How do most network-based viruses spread?
A.By CD and DVD
B.Through e-mail
C.By USB flash drive
D.By floppy disk
A

B.E-mail is the number one reason why network-based viruses spread. All a person needs to do is double-click the attachment within the e-mail, and the virus will do its thing, which is most likely to spread through the user’s address book. Removable media such as CDs, DVDs, USB flash drives, and floppy disks can spread viruses but are not nearly as common as e-mail.

21
Q

Which of the following defines the difference between a Trojan horse and a worm? (Select the best answer.)
A.Worms self-replicate but Trojan horses do not.
B.The two are the same.
C.Worms are sent via e-mail; Trojan horses are not.
D.Trojan horses are malicious attacks; worms are not.

A

A.The primary difference between a Trojan horse and a worm is that worms will self-replicate without any user intervention; Trojan horses do not self-replicate.

22
Q
Which of the following types of viruses hides its code to mask itself?
A.Stealth virus
B.Polymorphic virus
C.Worm
D.Armored virus
A

D.An armored virus attempts to make disassembly difficult for an antivirus software program. It thwarts attempts at code examination. Stealth viruses attempt to avoid detection by antivirus software altogether. Polymorphic viruses change every time they run. Worms are not viruses.

23
Q
Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user’s computer?
A.Worm
B.Virus
C.Trojan
D.Spam
A

C.A Trojan, or a Trojan horse, appears to be legitimate and looks like it’ll perform desirable functions, but in reality it is designed to enable unauthorized access to the user’s computer.

24
Q

Which of the following would be considered detrimental effects of a virus hoax? (Select the two best answers.)
A.Technical support resources are consumed by increased user calls.
B.Users are at risk for identity theft.
C.Users are tricked into changing the system configuration.
D.The e-mail server capacity is consumed by message traffic.

A

A and C.Because a virus can affect many users, technical support resources can be consumed by an increase in user phone calls and e-mails. This can be detrimental to the company because all companies have a limited amount of technical support personnel. Another detrimental effect is that unwitting users may be tricked into changing some of their computer system configurations. The key term in the question is “virus hoax.” If the e-mail server is consumed by message traffic, that would be a detrimental effect caused by the person who sent the virus and by the virus itself but not necessarily by the hoax. Although users may be at risk for identity theft, it is not one of the most detrimental effects of the virus hoax.

25
Q

To mitigate risks when users accesses company e-mail with their cell phone, what security policy should be implemented on the cell phone?
A.Data connection capabilities should be disabled.
B.A password should be set on the phone.
C.Cell phone data should be encrypted.
D.Cell phone should be only for company use.

A

B.A password should be set on the phone, and the phone should lock after a set period of time. When the user wants to use the phone again, the user should be prompted for a password. Disabling the data connection altogether would make access to e-mail impossible on the cell phone. Cell phone encryption of data is possible, but it could use a lot of processing power that may make it unfeasible. Whether the cell phone is used only for company use is up to the policies of the company.

26
Q
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this?
A.Anomaly-based IDS
B.Signature-based IDS
C.Behavior-based IDS
D.Heuristic-based IDS
A

B.When using an IDS, particular types of traffic patterns refer to signature-based IDS.

27
Q
You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution?
A.Device encryption
B.Remote wipe
C.Screen locks
D.AV software
A

A.Device encryption is the best solution listed to protect the confidentiality of data. By encrypting the data, it makes it much more difficult for a malicious person to make use of the data. Screen locks are a good idea but are much easier to get past than encryption. Antivirus software will not stop an attacker from getting to the data once the mobile device has been stolen. Remote sanitization doesn’t keep the data confidential, it removes it altogether! While this could be considered a type of confidentiality, it would only be so if a good backup plan was instituted. Regardless, the best answer with confidentiality in mind is encryption. For example, if the device was simply lost, and was later found, it could be reused (as long as it wasn’t tampered with). But if the device was sanitized, it would have to be reloaded and reconfigured before being used again.

28
Q
You are tasked with implementing a solution that encrypts the CEO’s laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement?
A.HSM
B.TPM
C.HIDS
D.USB encryption
A

B.A TPM or trusted platform module is a chip that resides on the motherboard of the laptop. It generates cryptographic keys that allow the entire disk to be encrypted, as in full disk encryption (FDE). Hardware security modules (HSMs) and USB encryption require additional hardware. A host-based intrusion detection system requires either additional software or hardware.

29
Q
One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user’s computer?
A.Worm
B.Logic bomb
C.Spyware
D.Trojan
A

D.A Trojan was probably installed (unknown to the user) as part of the keygen package. Illegal downloads often contain malware of this nature. At this point, the computer is compromised. Not only is it infected, but malicious individuals might be able to remotely access it.

30
Q
A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do?
A.Remote wipe
B.GPS tracking
C.Implement encryption
D.Turn on screen loc
A

A.If the device has been lost and you need to be 100% sure that data cannot be retrieved from it, then you should remotely sanitize (or remotely “wipe”) the device. This removes all data to the point where it cannot be reconstructed by normal means. GPS tracking might find the device, but as time is spent tracking and acquiring the device, the data could be stolen. Encryption is a good idea, but over time encryption can be deciphered. Screen locks can be easily circumvented.

31
Q

A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened?
A.The computer is infected with spyware.
B.The computer is infected with a virus.
C.The computer is now part of a botnet.
D.The computer is now infected with a rootkit.

A

C.The computer is probably now part of a botnet. The reason the system is running slowly is probably due to the fact that there are hundreds of outbound connections to various websites. This is a solid sign of a computer that has become part of a botnet. Spyware, viruses, and rootkits might make the computer run slowly, but they will not create hundreds of outbound connections.