Chapter 2 - Computer Systems Security Flashcards
A group of compromised computers that have software installed by a worm is known as which of the following? A.Botnet B.Virus C.Honeypot D.Zombie
A.A botnet is a group of compromised computers, usually working together, with malware that was installed by a worm or a Trojan horse.
What are some of the drawbacks to using HIDS instead of NIDS on a server? (Select the two best answers.)
A.A HIDS may use a lot of resources that can slow server performance.
B.A HIDS cannot detect operating system attacks.
C.A HIDS has a low level of detection of operating system attacks.
D.A HIDS cannot detect network attacks.
A and D.Host-based intrusion detection systems (HIDS) run within the operating system of a computer. Because of this, they can slow a computer’s performance. Most HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating system attack and will usually have a high level of detection for those attacks.
Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.) A.Virus B.Worm C.Zombie D.Malware
C.Zombies (also known as zombie computers) are systems that have been compromised without the knowledge of the owner. A prerequisite is the computer must be connected to the Internet so that the hacker or malicious attack can make its way to the computer and be controlled remotely. Multiple zombies working in concert often form a botnet. See the section “Computer Systems Security Threats” earlier in this chapter for more information.
Which of the following is the best mode to use when scanning for viruses? A.Safe Mode B.Last Known Good Configuration C.Command Prompt only D.Boot into Windows normally
A.Safe Mode should be used (if your AV software supports it) when scanning for viruses.
Which of the following is a common symptom of spyware? A.Infected files B.Computer shuts down C.Applications freeze D.Pop-up windows
D.Pop-up windows are common to spyware. The rest of the answers are more common symptoms of viruses.
What are two ways to secure the computer within the BIOS? (Select the two best answers.)
A.Configure a supervisor password.
B.Turn on BIOS shadowing.
C.Flash the BIOS.
D.Set the hard drive first in the boot order.
A and D.Configuring a supervisor password in the BIOS disallows any other user to enter the BIOS and make changes. Setting the hard drive first in the BIOS boot order disables any other devices from being booted off, including floppy drives, optical drives, and USB flash drives. BIOS shadowing doesn’t have anything to do with computer security, and although flashing the BIOS may include some security updates, it’s not the best answer.
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason? A.Virus B.Worm C.Zombie D.PHP script
B.A worm is most likely the reason that the server is being bombarded with information by the clients; perhaps it is perpetuated by a botnet. Because worms self-replicate, the damage can quickly become critical.
Which of the following is not an example of malicious software? A.Rootkits B.Spyware C.Viruses D.Browser
D.A web browser (for example, Internet Explorer) is the only one listed that is not an example of malicious software. Although a browser can be compromised in a variety of ways by malicious software, the application itself is not the malware.
Which type of attack uses more than one computer? A.Virus B.DoS C.Worm D.DDoS
D.A DDoS, or distributed denial of service, attack uses multiple computers to make its attack, usually perpetuated on a server. None of the other answers use multiple computers.
What are the two ways that you can stop employees from using USB flash drives? (Select the two best answers.) A.Utilize RBAC. B.Disable USB devices in the BIOS. C.Disable the USB root hub. D.Enable MAC filtering.
B and C.By disabling all USB devices in the BIOS, a user cannot use his flash drive. Also, the user cannot use the device if you disable the USB root hub within the operating system.
Which of the following does not need updating? A.HIDS B.Antivirus software C.Pop-up blockers D.Antispyware
C.Pop-up blockers do not require updating to be accurate. However, host-based intrusion detection systems, antivirus software, and antispyware all need to be updated to be accurate.
Which of the following are Bluetooth threats? (Select the two best answers.) A.Bluesnarfing B.Blue bearding C.Bluejacking D.Distributed denial of service
A and C.Bluesnarfing and bluejacking are the names of a couple Bluetooth threats. Another attack could be aimed at a Bluetooth device’s discovery mode. To date there is no such thing as blue bearding, and a distributed denial of service attack uses multiple computers attacking one host.
What is a malicious attack that executes at the same time every week? A.Virus B.Worm C.Bluejacking D.Logic bomb
D.A logic bomb is a malicious attack that executes at a specific time. Viruses normally execute when a user inadvertently runs them. Worms can self-replicate at will. And bluejacking deals with Bluetooth devices.
Which of these is true for active inception?
A.When a computer is put between a sender and receiver
B.When a person overhears a conversation
C.When a person looks through files
D.When a person hardens an operating system
A.Active inception (aka active interception) normally includes a computer placed between the sender and the receiver to capture information.
Tim believes that his computer has a worm. What is the best tool to use to remove that worm? A.Antivirus software B.Antispyware software C.HIDS D.NIDS
A.Antivirus software is the best option when removing a worm. It may be necessary to boot into Safe Mode to remove this worm when using antivirus software.