exam 1 review Flashcards
Security mechanisms typically do not involve more than one particular algorithm or protocol (T/F)
false
The first step in devising security services and mechanisms is to develop a security policy (T/F)
true
To exploit any type of buffer overflow the attacker needs to identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker’s control (T/F)
true
Shellcode is not specific to a particular processor architecture
false
An attacker can generally determine in advance exactly where the targeted buffer will be located in the stack frame of the function in which it is defined.
false
It is possible to write a compiler tool to check any C program and identify all possible buffer overflow bugs.
false
The OpenSSL heartbleed vulnerability would have been prevented if OpenSSL had been implemented in Java (and the Java runtime environment works properly).
True
ASLR (if implemented correctly) can prevent return‐to‐libc attacks
True
_____ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Privacy
____ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
System Integrity
A loss of _______ is the unauthorized disclosure of information.
confidentiality
A flaw or weakness in a system?s design, implementation, or operation and management that could be exploited to violate the system?s security policy is a(n) ______.
vulnerability
An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) _____.
attack
A(n) ______ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.
countermeasure
An example of ______ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.
masquerade
The assurance that data received are exactly as sent by an authorized entity is _____.
data integrity
A consequence of a buffer overflow error is _____.
(all of the above)
- corruption of data used by the program
- unexpected transfer of control in the program
- possible memory access violation
The function of ______ was to transfer control to a user command‐line interpreter, which gave access to any program available on the system with the privileges of the attacked program.
shellcode
______ is a form of buffer overflow attack.
(all of the above)
- Heap overflows
- Return to system call
- Replacement stack frame
A buffer can be located ______.
(all of the above)
- in the heap
- on the stack
- in the data section of the process
Each layer of code needs appropriate hardening measures in place to provide appropriate security services.
True
It is possible for a system to be compromised during the installation process.
True
The default configuration for many operating systems usually maximizes security.
False
A malicious driver can potentially bypass many security controls to install malware.
True
Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data.
True
Many users choose a password that is too short or too easy to guess because it is hard for users to remember long and random passwords.
True
User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.
False
In a biometric scheme some physical characteristic of the individual is mapped into a digital representation.
True
Which of the following need to be taken into consideration during the system security planning process?
(all of the above)
- how users are authenticated
- the categories of users of the system
- what access the system has to information stored on other hosts
The following steps should be used to secure an operating system:
(all of the above)
- test the security of the basic operating system
- remove unnecessary services
- install and patch the operating system
_____ applications is a control that limits the programs that can execute on the system to just those in an explicit list.
White listing
The most important changes needed to improve system security are to _____.
(all of the above)
- disable remotely accessible services that are not required
- ensure that applications and services that are needed are appropriately configured
- disable services and applications that are not required
Security concerns that result from the use of virtualized systems include ______.
(all of the above)
- guest OS isolation
- guest OS monitoring by the hypervisor
- virtualized environment security
Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the _______.
verification step
Recognition by fingerprint, retina, and face are examples of _______.
static biometrics
Voice pattern, handwriting characteristics, and typing rhythm are examples _______.
dynamic biometrics
A _____ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.
reactive password checking
Each individual who is to be included in the database of authorized users must first be ______ in the system.
enrolled
Which of the following is an example of multi-factor authentication:
(all of the above)
- Enter both a group password and a user password
- Enter a pin number and put a finger on fingerprint reader
- Use an authentication token (e.g., a smartcard)
Incorrect
Which of the following is a threat to or concern of biometric authentication:
(all of the above)
- Inherent imprecision (e.g., two people may have their fingerprints digitally interpreted as the same)
- Impersonation (e.g., use a voice recording)
- Coercion (e.g., force the user to put his finger on the fingerprint reader)
The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.
True
Security labels indicate which system entities are eligible to access certain resources.
False
A user may belong to multiple groups.
True
An access right describes the way in which a subject may access an object.
True
Any program that is owned by, and SetUID to, the superuser potentially grants unrestricted access to the system to any user executing that program.
True
No write down is also referred to as the *-property.
True
A subject can exercise only accesses for which it has the necessary authorization and which satisfy the MAC rules.
True
One way to secure against Trojan horse attacks is the use of a secure, trusted operating system.
True
Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined.
True
The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria.
True
_____ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
Access control
_____ is the granting of a right or permission to a system entity to access a system resource.
Authorization
______ controls access based on comparing security labels with security clearances.
MAC
A(n) ______ is a named job function within the organization that controls this computer system.
role
_____ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.
Constraints
A multilevel secure system for confidentiality must enforce:
(all of the above)
- no read up
- ss-property
- no write down
The ______ Model was developed for commercial applications in which conflicts of interest can arise.
Chinese Wall
______ data are data that may be derived from corporate data but that cannot be used to discover the corporation’s identity.
Sanitized
The _____ is a hardware module that is at the heart of a hardware/software approach to trusted computing.
TPM
_____ is a process that ensures a system is developed and operated as intended by the system?s security policy.
Assurance
External attacks are the only threats to database security. T/F
False
A virus that attaches to an executable program can do anything that the program is permitted to do. T/F
True
It is not possible to spread a virus via an USB stick. T/F
False
A macro virus infects executable portions of code. T/F
False
In addition to propagating, a worm usually carries some form of payload.
True
_______ is the process of performing authorized queries and deducing unauthorized information from the legitimate responses received.
Inference
______ is a defense against SQL Injection attacks.
Input validation
To defense against database inference attacks, we can apply _______.
(All the above)
- Perturbation
- De-identification
- Anonymization
_______ are used to send large volumes of unwanted e-mail.
Spammer program
A _______ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met.
logic bomb
The _______ is what the virus does.
payload
______ is the first function in the propagation phase for a network worm.
Fingerprinting
_______ is malware that encrypts the user’s data and demands payment in order to access the key needed to recover the information.
Ransomware
