Exam 1 Review

Question 1

A data breach is one that ex-filtrates large amounts of sensitive data that was stored on some server

Answer 1

True

Question 2

Overflowing a global variable is considered a stack overflow

Answer 2

False

Question 3

A good example of a strongly typed language would be C

Answer 3

False

Question 4

In regards to overflow exploits, you only need to worry about “ints” not “strings”

Answer 4

False

Question 5

A “Canary Value” is used in the stack frame to keep track of overflow detection

Answer 5

True

Question 6

When done deliberately as part of an attack on a system, the transfer of control could be to code of the attacker’s choosing

Answer 6

True

Question 7

Buffer overflow exploits have been known since the SSL Heartbleed that occurred in 1971

Answer 7

False

Question 8

A programmer can tell the operating system to not allow programs to overflow memory

Answer 8

False

Question 9

Declaring variables as global stops all change of being able to overflow buffers

Answer 9

False

Question 10

In order to stop overflow exploits, you can use a simple data validation technique

Answer 10

True

Question 11

When using shell code or instructions that make up shell-code, who’s privileges will you be using?

Answer 11

Privileges of the host program.

Question 12

The buffer in an overflow exploit could be located in which of the following

Answer 12

On the Stack, On the Heap, and In the Data Section

Question 13

What moves addresses of stack, heap, and lib-c to make buffer overflow more difficult?

Answer 13

Address Space Layout Randomization

Question 14

Stacks are used for which of the following?

Answer 14

Allocating memory for Local Variables, Parameters, and Control Information

Question 15

The definition of shell code is:

Answer 15

Binary values corresponding to the desired machine instructions.

Question 16

What is a NOP sled?

Answer 16

A sequence of instructions that do nothing to control program flow.

Question 17

Best way to stop buffer/heap exploits?

Answer 17

Enforce boundary checking on all inputs

wrong answers - use pointers, tell the user how much data needs to be input

Question 18

A stack buffer overflow occurs when the targeted buffer is located on the stack, usually as a local variable in a function’s stack frame. This form of attack is also referred to as:

Answer 18

Stack Smashing

Question 19

____ is when a system is performing its intended functions without being degraded or impaired by changes or disruptions in its internal or external environments?

Answer 19

System Integrity

Question 20

Which of the following are the main threat resources of cyber assets?

Answer 20

Nation-States, Cybercriminals, Hacktivists

Question 21

Each layer of code needs appropriate hardening measures in place to provide appropriate security services

Answer 21

True

Question 22

The default configuration for many operating systems usually maximizes security.

Answer 22

False

Question 23

A very common configuration fault seen with Web and file transfer servers is for all the files supplied by the service to be owned by the same “user” account that the server executes as.

Answer 23

True

Question 24

Backup and archive processes are linked and manager together

Answer 24

True

Question 25

User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.

Answer 25

False. (answer: message authentication)

Question 26

Depending on the details of the overall authentication system, the registration authority issues some sort of electronic credential to the subscriber.

Answer 26

False. (credential provider)

Question 27

An individual’s signature is not unique enough to use in biometric applications.

Answer 27

False

Question 28

In a biometric scheme some physical characteristic of the individual is mapped to a digital representation.

Answer 28

True

Question 29

Keylogging is a form of host attack.

Answer 29

False. (form of eavesdropping)

Question 30

The first step in deploying new systems is ____.

Answer 30

planning

Question 31

The first critical step in securing a system is to secure the ____.

Answer 31

base operating system.

Question 32

The range of logging data acquired should be determined ____.

Answer 32

during the system planning stage.

Question 33

The need and policy relating to backup and archive should be determined ____.

Answer 33

during the system planning stage.

Question 34

_____ systems should not run automatic updates because they may introduce instability.

Answer 34

Change controlled.

Question 35

Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ____.

Answer 35

verification step

Question 36

The ____ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.

Answer 36

user education

Question 37

Each individual who is to be included in the database of authorized users must first be ___ in the system

Answer 37

enrolled.

Question 38

A _____ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored.

Answer 38

host attack.

Question 39

A _____ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path.

Answer 39

client attack.

Question 40

A policy rule base or policy store may consist of a number of policy rules, covering many subjects and objects within a security domain.

Answer 40

True

Question 41

The 3 A’s of access control are Authentication, Authorization, and Allowance.

Answer 41

False. (Authentication, Authorization, and Audit.)

Question 42

The rows of an Access Control Maxis are Capability Lists.

Answer 42

True.

Question 43

An object is said to have a security clearance of a given level;

where as a subject is said to have a security classification of a given level.

Answer 43

False.

An subject is said to have a security clearance of a given level.

An object is said to have a security classification of a given level.

Question 44

Conventional Discretionary Access Control systems define access rights based on the roles that users assume in a system, rather than the user’s identity.

Answer 44

False

Question 45

Which of the following support elements is not needed for enterprise-wide access control facility.

• Resource Management
• Privilege Management
• Policy Management
• Credential Management

Answer 45

Credential Management

Question 46

In an Attribute-Based Access Control (ABAC) model, entities such as files, tables, programs, and networks are considered:

• Subjects
• Objects
• Environments

Answer 46

Objects

Question 47

What classes is/are included in the traditional file access control approach?

Answer 47

Owner Class, Group Class, and Other Class.

Question 48

In the context of Role-Based Access Control Models, RBAC1 adds which of the following:

• Role Hierarchies
• Constraints
• Sessions
• Cardinality
• Mutually Exclusive Roles

Answer 48

Role Hierarchies

Question 49

RBAC0 - Hierarchies? Contraints?
RBAC1 - Hierarchies? Contraints?
RBAC2 - Hierarchies? Contraints?
RBAC3 - Hierarchies? Contraints?

Answer 49

RBAC0 - no, no
RBAC1 - yes, no
RBAC2 - no, yes
RBAC3 - yes, yes

Question 50

Based on assurance requirements, which type of analysis would you use to identify any potential means of bypassing security policy and mitigate these possibilities?

Answer 50

Covert Channel.

Question 51

A worm is a type of malware that may appear to have a useful function, but also contains hidden malicious functions.

Answer 51

False. (Trojan horse)

Question 52

Interfaces and APIs are not a likely point of attack on Cloud Services

Answer 52

False.

Question 53

Parameterized query insertion is an effective approach to prevent SQL injection attacks.

Answer 53

True.

Question 54

It is a commonly accepted best practice to store user’s passwords in a database table, so a website’s authentication program can validate a user trying to log into the site by verifying the characters entered in the login form matches exactly the characters stored in the table’s password field for that specific user.

Answer 54

False.

Question 55

In addition to propagating, a worm usually carries some form of payload.

Answer 55

True.

Question 56

A virus classification by target includes which of the following:

• Multipartite virus
• Metamorphic virus
• Polymorphic virus
• All of the above
• None of the above

Answer 56

Multipartite virus - infects files in multiple ways. Typically the multipartite virus is capable of infecting multiple types of files, so that virus eradication must deal with all possible sites of infection.

Question 57

____ infects a mater boot record or boot record and spreads when a system is booted from the disk containing the virus.

Virus classified by target.

Answer 57

Boot sector infector.

Question 58

_____ infects files that the operating system or shell considered to be executable.

Virus classified by target.

Answer 58

File infector.

Question 59

_____ infects files with macro or scripting code that is interpreted by an application.

Virus classified by target.

Answer 59

Macro virus.

Question 60

_____ a form of virus that uses encryption to obscure it’s contents.

Virus classified by concealment strategy.

Answer 60

Encrypted virus.

Question 61

_____ a form of virus explicitly designed to hide itself from detection by anti-virus software.

Virus classified by concealment strategy.

Answer 61

Stealth virus.

Question 62

_____ a form of virus that creates copies during replication that are functionally equivalent buy have distinctly different bit patterns.

Virus classified by concealment strategy.

Answer 62

Polymorphic virus.

Question 63

_____ rewrites itself completely after each iteration.

Virus classified by concealment strategy.

Answer 63

metamorphic virus.

Question 64

Bots can be user for which of the following:

• Distributed denial-of-service (DDoS) attacks
• Spamming
• Sniffing Traffic
• Spreading new malware
• All of the above
• Both A & C
• None of the above

Answer 64

All of the above

Question 65

In information security, a “logic bomb” generally refers to ______.

Answer 65

A program embedded in the malware that lies dormant until a predefined condition is met; it triggers an unauthorized act.

Question 66

____ detection methods for SQL Injection attacks are based on verifying distinct patterns. This approach must be routinely updated and may be unsuccessful against self-modifying attacks.

Answer 66

Signature based.

Question 67

____ will integrate with the operating system of a host computer and monitor program behavior in real time for malicious active.

Answer 67

Behavior-blocking software.

Question 68

___ email attachment that when opened will send itself to all people in the user’s book.

Answer 68

virus

Question 69

____ a login program with an undocumented option that will allow an attacker to supply any username and password to gain access to the computer.

Answer 69

trapdoor.

Question 70

____ use signatures of known viruses.

Answer 70

Simple scanners.

Question 71

____ integrity checking. Making sure the checksum is the same as before infection. This can be defeated by compressing the file to have the same size as the pre-infection file.

Answer 71

Heuristic scanners.

Question 72

_____ look for specific activities that malware performs.

Answer 72

Activity traps.

Question 73

____ state of the art anti-virus. It is host-based, network-based, and sandbox-based.

Answer 73

Full-feature analysis.