infosec omtentamen Flashcards
? is the ability of a system to confirm that a sender cannot convincingly deny having sent something
Acountability
The risk that remains uncovered by security controls is called
Residual risk
In access control a ? could be described as a single or multi use ticket to access an objective or service
capability
? overflows often come from innocent programmer oversights or failures to documment and check for excessive data
buffer
? day attack: Active malware exploiting a product vulnerability for which the manufacturer has no countermeasure available.
zero
? can be used to detect altered content on a web site or in a file.
integrity checksums
complete the sentence:
(proxy,stateless, circuit, stateful) inspection firewalls judge according to information from multiple packets
Stateless inspection firewalls judge according to information from multiple packets
complete the sentence
The (echo-chargen. echo, teardrop. chargen, spoofing) attack involves sending IP fragments with overlapping, oversized payloads to the target machine.
Teardrop
. Which of the following properties are not related to the preservation of the integrity of an object?
Capacity
accuracy
unmodified
internal consistency
Capacity
In operating systems, (hypervisors, sandboxes, firewalls, honeypots,) can be used to lure an attacker into an enviroment that can be controlled and monitored.
honeypots
It is essential to conceal passwords when stored on a system. One way of concealing is by using(codes, hash, pepper, salt) which is user-specific component joined with the password. Such a practise help inhibit (guessing, dumpster diving, social engineering, rainbow table) attacks
Salt Rainbow table
Integrity is a security aspect that sometimes is more important that confidentiality. What tools derived from cryptography can detect changes in data? Error correction codes All of them Hash codes Error detection codes
All of them
Pfleeger, Pfleeger and Margulies (2015) describe a number of types of malicious code. Match the type of malicious code with the corresponding description
Codew or entire computer under control of a (usually remote) program.
Code that causes malicious behavior and propagates copies of itself to other programs
Code that triggers action when a predetermined condition occurs
Dropper Scareware Worm Logic bomb Virus zombie trapdor
- Zombie
- virus
- Logic bomb
Unfair use of a copyrighted item is called (piracy, privacy, lending, fair use)
Piracy
What word would best describe how an intrusion detection system operates? Proactive Reactive inductive reductive
Reactive
Intrusion detection and prevention are two broad terms describing application security practises used to mitigate attacks and block new threats.
The first is a reactive measure that identifies and mitigates ongoing attacks using an intrusion detection system
What is the benefits of using a viritual private network Increased lag Increased confidentiality Increased availablity Decreased lag
increased confidentiality
Which alternative would provide the best countermeassure against an on-line attack (active authentication) against a username and a password?
The use of a long password
The use of a firewall
To use the Diffie-hellman password exchange
To use a strict limit on login failures
To use a strict limit on login failures
Which of the following sentences describe the term asset best from an information security perspective?
Anything that an organization buys
Anything that is situated within an organization’s premises
anything that has a value to the organization
Anything that an organization sells
Anything that has a value to the organization
If integrity is preserved we may mean that the item is :
- unmodified
- accurate
- usable
Name three examples that could mean a failure of confidentiality
unauthorized person accesses data
unauthorized system or service accesses data
unauthorized person learns the existence of a piece of data
Availability
give three examples of service/ information that shows that availability is preserved
It is presented in a usable form
it has enough capacity to meet the services needs
the service is completed in a acceptable period of time
CIA triad
Explain confidentiality
The ability of a system to ensure than an asset is viewed only by authorized parties
CIA TRIAD
Explain intergrity
the ability of a system to ensure that an asset is modified only by authorized parties
CIA TRIAD
explain availability
the ability of a system to ensure that any authorized parties can use an asset
What does Risk mean
the possibility for harm to occur is called risk
what do you call the risk that remains uncovered by controlls?
residual risk
What is a buffer overflow attack?
the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the system to handle.
what is a ICMP flood?
leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network
what is a SYN flood?
Sends a request to connect to a server but never completes the handshake
A business continuity plan documents how a buisness will continue to function during or after a computer security incident.
what are the steps that are preformed in a business continuity plan?
assess the business impact of a crisis
develop a stratergy to control the impact
develop and implement a plan for the strategy
explain role based access control
role based access controll are based on a subjects role not their identity. subjects rights can change depending on their current role
explain, what is:
a virus
a trojan horse
a worm
a virus is a code that causes malicous behavior and propagates copies of itself to other programs
a trojan horse is code that contains unexpected, undocumented, additional functionality
a worm is a code that propagates copies of itself through a network: impact is usually degraded preformance
Explain what is:
A rabbit
a logic bomb
a time bomb
rabbit is a code that replicates itself without limit to exhaust recources
a logic bomb is code that triggers action when predetermined conditions occurs
a time bomb is code that triggers action when a predetermined time occurs
what is:
a dropper
spyware
bot
Dropper is tranfer agent code only to drop other malicous code, such as virus or trojan horse
spyware, program that intercepts and covertly communicates data on the user or the users activity
bot, semi-autonomous agent, under control of a usually remote controller or herder, not necessarily malicious
what is:
A zombie
a browser hijacker
rootkit
a zombie is code or entire computer under control of usually remote program
browser hijacker is code that changes broswer settings disalows access to certain sites, or redirects browser to others
rootkit is code installed in root or most privileged section of operating system, hard to detect
what is:
trapdoor or backdoor
tool or toolkit
scareware
Code feature that allows unnauthorized access to a machine or program bypasses normal access control and authentication
tool or toolkit is program containing a set of test for vulnerabilities not dangerous itself but each successful test identifies a vulnerable host that can be attacked
scareware. not code, false warning of malicous code attack
