Chapter Five & Six

Question 1

Incident Response is…

Answer 1

Responding to a matter of organizational security following existing policy.

Question 2

Disaster Recovery is…

Answer 2

Policies that define how to recover stole data, mitigate damage, reclaim compromised systems, etc.

Question 3

Business Continuity is…

Answer 3

Continuing day-to-day business operations before, during, and after security breaches.

Question 4

Remediation is

Answer 4

recovery from a compromise

Question 5

Why do we not use
its native OS to analyze its content

Answer 5

This changes information on the hard drive

Question 6

To handle magnetic data…

Answer 6

Reading data: We generate a current if a coil of wire moves past a magnet

Writing data: We magnetize a surface if it moves past a coil of wire containing a current

Question 7

Data on a hard drive: What are sectors?

Answer 7

Each sector is an independent data block on the hard drive

– Typical drives have fixed-size sectors
* 512 bytes each, larger on some new drives
– Each sector has a unique address
* Drive may read or write each sector independently
– doesn’t affect other sectors

Question 8

Moore’s Law:

Answer 8

-– Named for Gordon Moore of Intel
– Noted that, by the mid-1960s, integrated
circuits double size and performance yearly
– Later refined the estimate:
* Doubles every 18 months

Question 9

True or false: The number of bits determines the maximum
size of any number

Answer 9

True

Question 10

Signed integers…

Answer 10

– Can be both positive and negative
– Range from [-2147483648 to 2147483647]
– Use a “sign bit” (first bit of a string) as a flag to indicate positive or negative (magnitude)

Question 11

Unsigned Integers…

Answer 11

– Can ONLY be positive
– Range from [0 to 4294967295]
– Do not have the capacity for negative sign flags to change internal binary interpretation

Question 12

Clusters are..

Answer 12

Each cluster is a series of sectors treated as a single block of data by the file system

Question 13

Parity bit…

Answer 13

binary flag which enforces
communication protocol between two computers

Question 14

Cyclic Redundancy Checks (CRCs)

Answer 14

– Can detect a “burst” of errors
* A series of all 0s replacing the real data
– More sensitive to a change of order
* Simple checksum won’t detect swaps

Question 15

Error Correcting Codes (ECC)

Answer 15

– Can detect larger-scale errors
– Can correct smaller errors
– Used on RAMs and DVDs

Question 16

The binary address size

Answer 16

number of bits in the
binary number that holds the address
– We use k bits to store addresses up to size n
k = log2(n)

Question 17

FAT… (file allocation table)

Answer 17

• A relatively simple and widely used file system
  – Introduced in Microsoft’s MSDOS
  – Supported in Windows, OS-X, Linux, etc.
  – Used in digital products like cameras, medical
  equipment, etc.
• Supports many modern features
  – Longer, mixed-case file names
  – Hierarchical directories
  – Individual files sized up to 4GB

Question 18

Boot blocks…

Answer 18

– Contain bootstrap program on bootable drive
– Contains details of the volume format

Question 19

True or False: FAT Locates free clusters and clusters in files

Answer 19

True

Question 20

Can we delete a file’s data?

Answer 20

No.
– Sometimes we can retrieve the file’s data if:
* The file’s clusters were all stored in
sequence on the hard drive
* Another file hasn’t overwritten its clusters

Question 21

– Application Programming Interface (API)

Answer 21

• A simple, standard way for programs to use I/O devices and files

Question 22

Device Independence

Answer 22

Converts API operations into specific
commands for individual devices

Question 23

File System

Answer 23

converts file operations into API
operations performed on the hard drive

Question 24

A compromised system has…

Answer 24

had defenses
weakened, and possibly no other damage

Question 25

Admissible evidence

Answer 25

This type only may be used in court proceedings

Question 26

NFTS (New Technology File System)

Answer 26

NTFS is the default file system for modern versions of Windows

Support for larger file sizes, improved file system reliability, enhanced security features like file and folder permissions, encryption, and compression

Question 27

The three authentication factors:

Answer 27

what you know,
you have, and you are

Question 28

What are The Three Roadblocks in Modern Cybersecurity?

Answer 28

1. Keyloggers
2. Rainbow tables
3. Social engineering

Question 29

Keyloggers…

Answer 29

Previously discussed as programs which undermine all levels and orders of C.S policy

Question 30

Rainbow tables…

Answer 30

Structures which contain computer hash
values for passwords up to {n…m} length
(precomputed hashes)

• Rainbow tables store hashed passwords as
  entries in a database
  – Simply look up the plaintext string and locate its hash value based on the security protocol
• Storage isn’t typically an issue…
  – An 8-character rainbow table can be up to 32 petabytes (2^50 bytes) of information!

Question 31

Passwords in rainbow tables are not stored as plaintext in a system (T/F)

Answer 31

False

Question 32

Defenses against rainbow tables…

Answer 32

– Key strengthening/lengthening
– Salts
– Nested encryption
– Innovative hashing algorithms
– and more!

Question 33

Authentication factors examples…

Answer 33

• Something you know
  – Password or PIN
• Something you have
  – Key or token
• Something you are
  – Personal trait

Question 34

(T/F) Rainbow tables are Not feasible to store on end-user computers

Answer 34

True

Question 35

Social engineering…

Answer 35

This is a technique used by attackers to manipulate individuals into divulging confidential information or performing actions that compromise security. It relies on psychological manipulation rather than technical exploits. For example, an attacker might impersonate a trusted authority figure or use pretexting to trick someone into revealing their password or other sensitive information

Question 36

Range of threats

Answer 36

– Weak threat – authentication is effective
– Strong threat – authentication may work
– Extreme threat – authentication not effective

Question 37

Search space…

Answer 37

– i.e., how many legal – or likely – passwords?
Two options
– Increase L – the length of passwords
– Increase A – the range of letters and other
characters in the password’s alphabet

Question 38

dictionary attack…

Answer 38

– Uses a list of likely passwords as the
password space
– There are far fewer likely passwords than
possible passwords

Question 39

Entropy…

Answer 39

in data indicates the likelihood that a
particular message may appear
– It considers the range of possible messages
and the likelihood of each one

Question 40

Passive tokens

Answer 40

– Stores an unchanging credential
– Examples: Card keys for hotel rooms,
magnetic stripes on credit cards

Question 41

Active Tokens…

Answer 41

the most secure
– Stores a secret that generates a different
credential for each login
– Examples: One-time password tokens,
smartphone authentication apps

Question 42

Protocol…

Answer 42

A challenge response. An exchange of data to yield a shared result

Question 43

False acceptance

Answer 43

incorrectly detects a
match with a credential and the database

Question 44

False rejection

Answer 44

fails to detect a match
between a credential and the database