COP4360 Final Review Multiple Choice Flashcards
A __________ is any action that compromises the security of information owned by an organization.
security mechanism
security attack
security policy
security service
Security Attack
The assurance that data received are exactly as sent by an authorized entity is __________.
data integrity
access control
data confidentiality
authentication
Data Intgerity
A threat action in which sensitive data are directly released to an unauthorized entity is __________.
disruption
corruption
intrusion
exposure
Exposure
A loss of _________ is the unauthorized disclosure of information.
integrity
confidentiality
availability
authenticity
Confidentiality
__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Traffic routing
Traffic integrity
Traffic control
Traffic padding
Traffic Padding
A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
low
normal
moderate
high
high
Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.
deception
disruption
usurpation
unauthorized disclosure
deception
An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.
interception
repudiation
inference
masquerade
Masquerade
On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack
two-thirds
three-fourths
one-fourth
half
Half
A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.
secret key
digital signature
keystream
one way hash function
Digital Signature
The purpose of a __________ is to produce a “fingerprint” of a file, message, or other block of data.
keystream
secret key
digital signature
hash function
Hash Function
__________ is the scrambled message produced as output.
Cipher text
Secret key
Plain text
Cryptanalyst
Cipher Text
__________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.
DSS
SHA
RSA
AES
RSA
The original message or data that is fed into the algorithm is __________.
encryption algorithm
secret key
decryption algorithm
plain text
Plain Text
The __________ is the encryption algorithm run in reverse.
decryption algorithm
cipher text
plain text
encryption algorithm
Decryption Algorithm
The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________.
AES
DSS
RSA
SHA
AES
__________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.
Decryption
Collision resistance
Message authentication
Cryptanalysis
Message Authentication
If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to __________.
user more keys
use less keys
use shorter keys
user longer keys
user longer keys
Recognition by fingerprint, retina, and face are examples of __________.
face recognition
static biometrics
dynamic biometrics
token authentication
Static Biometrics
__________ defines user authentication as “the process of verifying an identity claimed by or for a system entity”.
RFC 2493
RFC 4949
RFC 2298
RFC 2328
RFC 4949
The most common means of human-to-human identification are __________.
retinal patterns
facial characteristics
signatures
fingerprints
Facial Recognition
Each individual who is to be included in the database of authorized users must first be __________ in the system.
authenticated
verified
enrolled
identified
Enrolled
Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________.
identification step
authentication step
verification step
corroboration step
Verification Step
A __________ is a password guessing program.
password cracker
password hash
password biometric
password salt
Password Cracker
__________ systems identify features of the hand, including shape, and lengths and widths of fingers.
Fingerprint
Hand geometry
Signature
Palm print
Hand Geometry
A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.
proactive password checking
user education
reactive password checking
computer-generated password
reactive password checking
The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.
reactive password checking
user education
computer-generated password
proactive password checking
User Education
To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.
challenge-response
eavesdropping
Trojan horse
denial-of-service
Challenge-Response
A concept that evolved out of requirements for military information security is ______.
open and closed policies
reliable input
mandatory access control
discretionary input
Mandatory Access Control
A __________ is an entity capable of accessing objects.
owner
subject
group
object
subject
A(n) __________ is a resource to which access is controlled.
object
owner
subject
world
Object
_________ is the granting of a right or permission to a system entity to access a system resource.
Authorization
Monitoring
Control
Authentication
Authorization
__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
Access control
Audit control
Resource control
System control
Access Control
__________ controls access based on comparing security labels with security clearances.
RBAC
MAC
MBAC
DAC
DAC
__________ is verification that the credentials of a user or other system entity are valid.
Authorization
Authentication
Adequacy
Audit
Authentication
The final permission bit is the _________ bit.
superuser
sticky
set user
kernel
Sticky
__________ is based on the roles the users assume in a system rather than the user’s identity.
RBAC
DAC
MAC
URAC
RBAC (Role Based Access Control)
__________ is the traditional method of implementing access control.
MAC
MBAC
DAC
RBAC
Mandatory Access Control (MAC)
__________ is the process of performing authorized queries and deducing unauthorized information from the legitimate responses received.
Partitioning
Perturbation
Compromise
Inference
Inference
A _________ is defined to be a portion of a row used to uniquely identify a row in a table.
data perturbation
primary key
query
foreign key
Primary Key
A ___________ is a person or organization that maintains a business relationship with cloud providers.
cloud consumer
cloud broker
cloud carrier
cloud auditor
Cloud Consumer
__________ encompasses intrusion detection, prevention and response.
Intrusion management
Data loss prevention
Database access control
Security assessments
Intrusion Management
An end user who operates on database objects via a particular application but does not own any of the database objects is the __________.
administrator
end user other than application owner
application owner
foreign key
end user other than application owner
A(n) __________ is a structured collection of data stored for use by one or more applications.
attribute
tuple
database
inference
Database
The basic building block of a __________ is a table of data, consisting of rows and columns, similar to a spreadsheet.
relational database
DBMS
perturbation
query set
Relational Database
A _________ is a virtual table.
tuple
view
query
DBMS
view
A(n) __________ is a user who has administrative responsibility for part or all of the database.
end user other than application owner
database relations manager
administrator
application owner
Administrator
The __________ cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
hybrid
public
private
community
hybrid
A __________ uses macro or scripting code, typically embedded in a document and triggered when the document is viewed or edited, to run and replicate itself into other such documents.
macro virus
boot sector infector
mulipartite virus
file infector
macro virus
A __________ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met.
trapdoor
trojan horse
worm
logic bomb
Logic Bomb
__________ are used to send large volumes of unwanted e-mail.
Spammer programs
Rootkits
Downloaders
Auto-rooter
Spammer Programs
Computer viruses first appeared in the early __________.
1970s
1960s
1900s
1980s
1980’s
The term “computer virus” is attributed to __________.
Charles Babbage
Fred Cohen
Herman Hollerith
Albert Einstein
Fred Cohen
The __________ is what the virus “does”.
infection mechanism
logic bomb
payload
trigger
Payload
The __________ is when the virus function is performed.
dormant phase
execution phase
propoagation phase
triggering phase
Execution Phase
A program that is covertly inserted into a system with the intent of compromising the integrity or confidentiality of the victim’s data is __________.
Adobe
malware
Animoto
Prezi
Malware
During the __________ the virus is idle.
triggering phase
propagation phase
dormant phase
execution phase
Dormant Phase
__________ is the first function in the propagation phase for a network worm.
Keylogging
Fingerprinting
Spear phishing
Propagating
Propagating
The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.
poison packet attack
basic flooding attack
DNS amplification attack
SYN spoofing attack
Basic Flooding Attack
A ______ triggers a bug in the system’s network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded.
flash flood
echo
poison packet
reflection
Poison Packet
A characteristic of reflection attacks is the lack of _______ traffic.
backscatter
botnet
three-way
network
Backscatter
_______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server.
Application-based
Amplification
System-based
Application Based
TCP uses the _______ to establish a connection.
zombie
directed broadcast
three-way handshake
SYN cookie
Three-Way Handshake
Bots starting from a given HTTP link and then following all links on the provided Web site in a recursive way is called _______.
spidering
trailing
spoofing
crowding
Spidering
Using forged source addresses is known as _________.
directed broadcast
a three-way address
random dropping
source address spoofing
Source Address Spoofing
______ relates to the capacity of the network links connecting a server to the wider Internet.
Network bandwidth
Application resource
Directed broadcast
System payload
Network Bandwidth
_______ is a text-based protocol with a syntax similar to that of HTTP.
SIP
RIP
DIP
HIP
SIP
______ attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete/
HTTP
SYN flooding
Slowloris
Reflection attacks
Slowloris
A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.
analysis sensor
inline sensor
passive sensor
LAN sensor
Inline Sensor
The _________ module analyzes LAN traffic and reports the results to the central manager.
central manager agent
architecture agent
host agent
LAN monitor agent
LAN Monitor Agent
A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.
intrusion detection
network-based IDS
security intrusion
host-based IDS
Network-Based IDS
__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
Threshold detection
Signature detection
Anomaly detection
Profile based detection
Signature Detection
The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria
direction
action
destination port
protocol
Action
A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits.
Master
Activist
Apprentice
Journeyman
Apprentice
The ________ is responsible for determining if an intrusion has occurred.
host
analyzer
user interface
sensor
Analyzer
A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so.
intrusion detection
criminal enterprise
security intrusion
IDS
Security Intrusion
The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager.
host agent
architecture agent
LAN monitor agent
central manager agent
Host Agent
_________ is a document that describes the application level protocol for exchanging data between intrusion detection entities.
RFC 4765
RFC 4766
RFC 4767
RFC 4764
RFC 4767
_________ involves the collection of data relating to the behavior of legitimate users over a period of time.
Anomaly detection
Threshold detection
Profile based detection
Signature detection
Anamoly Detection
A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way.
PEP
IDME
DDI
IDEP
DDI
The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.
analyzer
sensor
data source
operator
Analyzer
__________________are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes.
Activists
Cyber criminals
State-sponsored organizations
Others
Activists
A _________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.
security intrusion
host-based IDS
network-based IDS
intrusion detection
Host-Based IDS
An example of a circuit-level gateway implementation is the __________ package.
SMTP
SOCKS
application-level
stateful inspection
Application-Level
________ control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.
Behavior
User
Direction
Service
Direction
The _________ defines the transport protocol.
IP protocol field
source IP address
interface
destination IP address
IP Protocol Field
A _________ consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security.
stateful inspection firewall
UTM
VPN
proxy
Virtual Private Network (VPN)
Typically the systems in the _________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server.
DMZ
boundary firewall
IP protocol field
VPN
DMZ
A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.
stateful inspection firewall
distributed firewall
personal firewall
packet filtering firewall
Distributed Firewall Devices
________ control controls how particular services are used.
Service
Behavior
User
Direction
Behavior
_______ control controls access to a service according to which user is attempting to access it.
User
Service
Behavior
Direction
User
_________ control determines the types of Internet services that can be accessed, inbound or outbound.
Service
Direction
User
Behavior
Service
A __________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.
application-level
packet filtering
stateful inspection
circuit-level
circuit level
The _________ approach involves conducting a risk analysis for the organization’s IT systems that exploits the knowledge and expertise of the individuals performing the analysis.
detailed
informal
combined
baseline
Informal
_________ is choosing to accept a risk level greater than normal for business reasons.
Risk avoidance
Risk acceptance
Risk transfer
Reducing likelihood
Risk Acceptance
The intent of the ________ is to provide a clear overview of how an organization’s IT infrastructure supports its overall business objectives
corporate security policy
risk register
threat assessment
vulnerability source
Corporate Security Policy
The ________ has revised and consolidated a number of national and international standards into a consensus of best practice.
ISO
VSB
CSI
DBI
ISO
________ include management, operational, and technical processes and procedures that act to reduce the exposure of the organization to some risks by reducing the ability of a threat source to exploit some vulnerabilities.
Security controls
Risk controls
Risk appetite
None of these
Security Controls
The results of the risk analysis should be documented in a _________.
consequence
none of these
journal
risk register
Risk Register
The purpose of ________ is to determine the basic parameters within which the risk assessment will be conducted and then to identify the assets to be examined.
risk avoidance
combining
control
establishing the context
Establishing the Context
________ specification indicates the impact on the organization should the particular threat in question actually eventuate.
Threat
Likelihood
Risk
Consequence
Consequence
_________ ensures that critical assets are sufficiently protected in a cost-effective manner
IT discipline
IT security management
IT risk implementations
IT control
IT Security Management
A ________ is anything that might hinder or prevent an asset from providing appropriate levels of the key security services.
control
risk
threat
vulnerability
Threat
The advantages of the _________ approach are that it doesn’t require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems
baseline
informal
detailed
combined
baseline
_________ is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner.
IT security management
Detection and recovery control
Security compliance
Configuration management control
IT Security Management
Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.
none of these
cost analysis
benefit analysis
cost-benefit analysis
cost-benefit analysis
The follow-up stage of the management process does not include _________.
cost analysis
maintenance of security controls
security compliance checking
incident handling
Cost Analysis
The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.
information security incident management
asset management
physical and environmental security
business and continuity management
Business and Continuity Management
Periodically reviewing controls to verify that they still function as intended, upgrading controls when new requirements are discovered, ensuring that changes to systems do not adversely affect the controls, and ensuring new threats or vulnerabilities have not become known are all ________ tasks.
maintenance
security compliance
program management
incident handling
maintenance
A contingency plan for systems critical to a large organization would be _________ than that for a small business.
smaller, more detailed
larger, more detailed
larger, less detailed
smaller, less detailed
larger, more detailed
According to our text, an IT security plan should include details of _________.
recommended controls
risks
responsible personnel
all of these
All of these
The implementation process is typically monitored by the organizational ______.
technology officer
human resources
security officer
general counsel
Security Officer
The objective of the ________ control category is to avoid breaches of any law, statutory, regulatory, or contractual obligations, and of any security requirements.
asset management
business continuity management
access
compliance
Compliance
________ controls focus on the response to a security breach, by warning of violations or attempted violations of security policies.
Management
Detection and recovery
Technical
Preventative
Detection and Recovery
_______ controls are pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls.
Supportive
Operational
Preventative
Detection and recovery
Supportive
_______ controls focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization’s mission.
Supportive
Preventative
Technical
Management
Management
Identification and authentication is part of the _______ class of security controls.
operational
technical
management
verification
Technical
Maintenance of security controls, security compliance checking, change and configuration management, and incident handling are all included in the follow-up stage of the _________ process.
security awareness and training
management
maintenance
all of these
Management
________ need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness.
Executives
Analysts
Trainers
Managers
Executives
A _______ policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy.
standard of conduct
business use only
company rights
unlawful activity prohibited
Company Rights
Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees’ knowledge of their ________ and of potential penalties.
liability
accountability
incidents
regulations
accountability
________ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling.
Incident
Triage
Constituency
Handling
Triage
The _________ level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.
roles and responsibilities relative to IT systems
security basics and literacy
education and experience
security awareness
Education and Experience
The _______ category is a transitional stage between awareness and training.
education and experiences
roles and responsibilities relative to IT systems
security awareness
security basics and literacy
Security basics and literacy
CERT stands for ___________.
Compliance Emergency Response Technology
Compliance Error Repair Technology
Computer Error Response Team
Computer Emergency Response Team
Computer Emergency Response Team
________ is explicitly required for all employees.
Security awareness
Roles and responsibilities relative to IT systems
Security basics and literacty
Education and experience
Security Awareness
___________ scan critical system files, directories, and services to ensure they have not been changed without proper authorization.
System integrity verification tools
Network and host intrusion detection systems
Intrusion prevention systems
Log analysis tools
System Integrity Verification Tools
________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits.
Artifacts
Vulnerabilities
CSIRT
Constituencies
Artifacts
A _______ policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company.
business use only
policy scope
company rights
disciplinary action
disciplinary action
